Bitcoin Forum
March 29, 2024, 02:39:39 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Keep a low profile, and hide your identity to be safe.  (Read 1263 times)
Herodes (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 21, 2013, 07:01:07 AM
 #1

This is a very good example of exactly what the topic says.

http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+NP_Top_Stories+%28National+Post+-+Top+Stories%29

Basically, never trust that other people will agree with you that what you do is a moral and good thing to do.

Also it was an apeshit move to have the professors vote whether he should be allowed to stay or not with his studies. A professor will most likely stay at the university for a long time to come, and is only interested in covering his or her own ass, so they're loyal to the administration.

The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

If you find a security hole, just report it anonymously if you feel like reporting it.
1711679979
Hero Member
*
Offline Offline

Posts: 1711679979

View Profile Personal Message (Offline)

Ignore
1711679979
Reply with quote  #2

1711679979
Report to moderator
1711679979
Hero Member
*
Offline Offline

Posts: 1711679979

View Profile Personal Message (Offline)

Ignore
1711679979
Reply with quote  #2

1711679979
Report to moderator
1711679979
Hero Member
*
Offline Offline

Posts: 1711679979

View Profile Personal Message (Offline)

Ignore
1711679979
Reply with quote  #2

1711679979
Report to moderator
"With e-currency based on cryptographic proof, without the need to trust a third party middleman, money can be secure and transactions effortless." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1711679979
Hero Member
*
Offline Offline

Posts: 1711679979

View Profile Personal Message (Offline)

Ignore
1711679979
Reply with quote  #2

1711679979
Report to moderator
ElectricMucus
Legendary
*
Offline Offline

Activity: 1666
Merit: 1057


Marketing manager - GO MP


View Profile WWW
January 21, 2013, 07:05:32 AM
 #2

Who needs computer science anyway?  Roll Eyes
sounds
Full Member
***
Offline Offline

Activity: 140
Merit: 100

1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ


View Profile
January 21, 2013, 07:06:33 AM
 #3

Fun stories of other exploits, either reported or sold on the black market:

http://news.ycombinator.com/item?id=5090007
Herodes (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 21, 2013, 07:28:04 AM
 #4

Fun stories of other exploits, either reported or sold on the black market:

http://news.ycombinator.com/item?id=5090007

So the moral of the story could be; don't tell, sell!  Grin

Not that I'd advise it..
wachtwoord
Legendary
*
Offline Offline

Activity: 2324
Merit: 1125


View Profile
January 21, 2013, 07:43:14 AM
 #5

But now he's in this (shitty) situation he should fight with all his might. I would (and he seems to be taking the first step).
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
January 21, 2013, 07:44:42 AM
 #6

Quote
The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

This kind of bullshit is precisely why I'm staying away from universities, internal politics have no place in learning and that's all this is, it's pretty obvious someone didn't like the blatant flaw he found in their coding.
Herodes (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 21, 2013, 08:05:01 AM
 #7

Quote
The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

This kind of bullshit is precisely why I'm staying away from universities, internal politics have no place in learning and that's all this is, it's pretty obvious someone didn't like the blatant flaw he found in their coding.

Personally I was called to the headmasters office when I went to university. Simply because I was vocal of an issue I thought was important, nedless to say, I didn't participate in anything at all after that, I just did whatever was required in regards to academic work to finish it all and get my degree.
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
January 21, 2013, 08:13:52 AM
 #8

lol I got that kind of bullshit when I was in primary school and onward, teachers don't like it when you make them look bad in front of their peers because of course the schools are all ranked etc. in how well they do and if they have to report cases of harassment etc. publicly to the government it won't go down well with their superiors, then later on I started getting really fed up with what I was being taught when I actually decided to learn about it properly.
Herodes (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 21, 2013, 08:18:08 AM
 #9

lol I got that kind of bullshit when I was in primary school and onward, teachers don't like it when you make them look bad in front of their peers because of course the schools are all ranked etc. in how well they do and if they have to report cases of harassment etc. publicly to the government it won't go down well with their superiors, then later on I started getting really fed up with what I was being taught when I actually decided to learn about it properly.

In lectures there should be a system where all attendees could vote for how the lecturer performs. A lot of lecturers never improve, it's just the same old boring system, I'd rather read a book and do exercises. If the lecturer strive to keep the lecture good, and get the attention of the students however, that's good.
Lethn
Legendary
*
Offline Offline

Activity: 1540
Merit: 1000



View Profile WWW
January 21, 2013, 08:20:50 AM
 #10

lolz Cheesy should be careful about that though because then it might just turn into a stupid popularity contest, I've always felt that the internet is one of the best resources you have as long as you check over things properly, I swear I've learned more here than I have in most 'official' places of learning, it's also helped me recognise the bullshit so I've found some pretty good teachers.
Herodes (OP)
Hero Member
*****
Offline Offline

Activity: 868
Merit: 1000


View Profile
January 21, 2013, 09:39:54 AM
 #11

Many years ago when I was younger, I found a hole in a web application, not a very advanced exploit, it was merely a very bad web application. Basically the developer(s) had created a web application where you could just change the UID in a query string to sell the stocks of a specific member in a virtual stock market. There was also another hole whereby you could find the UID of basically any user in the system.

So I rung up one of the board members in the company and told him that I could sell anyone's stock. I basically just told him, give me your username, and I'll sell one of your shares. He just laughed and said it wasn't possible. Then I just manipulated the url, and sold one of his shares, then I asked him to refresh his portfolio. He went silent, and then said something like: "Holy fuck, I have to get in touch with IT, and I'll call you back!"

Later I learned that the head of IT wanted to sue the ass of this 'idiot'. But some other at the company said that since I had reported the security issue, this would not be necessary, so I actually was paid a decent sum for this discovery.

I guess, if they were assholes about it, they could have pressed charges ? I don't know what they could've put on me, but surely it wouldn't have been much fun.

This was many years ago though, I don't search for security holes these days, and I'm not sure what I would do if I found one today.
sounds
Full Member
***
Offline Offline

Activity: 140
Merit: 100

1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ


View Profile
January 21, 2013, 11:35:33 AM
 #12

The trick today is keeping a low profile.

I assume back in the day it was fairly easy to disappear. The loopholes are all plugged now...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!