|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
Chick
Member
 Offline
Activity: 70
Merit: 10
|
 |
June 30, 2011, 12:59:47 AM |
|
Too bad I don't have a VirWoX account... |
|
|
|
|
|
|
cuddlefish (OP)
|
|
June 30, 2011, 01:07:02 AM |
|
Just, why?
Damn, sorry to see you banned (because that is what should happen, I thought that unemployed guy was bad, you have posts built up just to try and steal Bitcoin I don't have through a site I don't use)
i'm reporting this. not stealing anything. 1. It's only 0.05 BTC that comes to me IF you manually remove the link-breaking text 2. I deliberately broke the link with descriptive text |
|
|
|
|
|
BitcoinPorn
|
|
June 30, 2011, 01:08:22 AM |
|
i'm reporting this. not stealing anything.
1. It's only 0.05 BTC that comes to me IF you manually remove the link-breaking text
2. I deliberately broke the link with descriptive text
I would make a strong argument on how this is not a way to test that shit, especially knowing what it does and knowing the intelligence of all the users, including myself  Seriously, bullshit like that should be instant banning. The general Bitcoin Discussion forums should not be used to experiment with (don't shit where you eat) |
|
|
|
|
cuddlefish (OP)
|
|
June 30, 2011, 01:11:04 AM |
|
i'm reporting this. not stealing anything.
1. It's only 0.05 BTC that comes to me IF you manually remove the link-breaking text
2. I deliberately broke the link with descriptive text
I would make a strong argument on how this is not a way to test that shit, especially knowing what it does and knowing the intelligence of all the users, including myself Seriously, bullshit like that should be instant banning. The general Bitcoin Discussion forums should not be used to experiment with (don't shit where you eat) I've reported it to them, they've sat on it; I assumed they read these forums. |
|
|
|
|
|
BitcoinPorn
|
|
June 30, 2011, 01:12:17 AM |
|
I've reported it to them, they've sat on it; I assumed they read these forums.
So is this what programming is now in days for everyone? Fuck patience and waiting on others... but also fuck making things for yourself, instead just break other peoples shit until they do something? What a world  |
|
|
|
|
cuddlefish (OP)
|
|
June 30, 2011, 01:15:40 AM |
|
I've reported it to them, they've sat on it; I assumed they read these forums.
So is this what programming is now in days for everyone? Fuck patience and waiting on others... but also fuck making things for yourself, instead just break other peoples shit until they do something? What a world So you'd prefer I just wait until they fix it, hoping nobody else discovers it before they do? |
|
|
|
|
|
BitcoinPorn
|
|
June 30, 2011, 01:24:18 AM |
|
So you'd prefer I just wait until they fix it, hoping nobody else discovers it before they do?
As opposed to how you handled this, of course. You could have put a detailed post, said what this link you are providing does and why and how it is wrong and I really could go on all day on how many different ways you could have made that same post, added just a little text, and it would have made the whole world of a difference. |
|
|
|
datguywhowanders
Member
Offline
Activity: 112
Merit: 10
|
|
June 30, 2011, 01:50:53 AM |
|
The few security "experts" that post on this forum have tons of knowledge, but they lack social skills and common sense.
My two bitcents.
|
Donations Welcome: 163id7T8KZ6MevqT86DjrBF2kfCPrQsfZE
|
|
|
|
elggawf
|
|
June 30, 2011, 01:52:25 AM |
|
As opposed to how you handled this, of course.
You could have put a detailed post, said what this link you are providing does and why and how it is wrong and I really could go on all day on how many different ways you could have made that same post, added just a little text, and it would have made the whole world of a difference.
A broken link, where you have to read "REMOVE THIS TO GIVE ME 0.5BTC", before removing it, in a thread that says "CSRF" in it... and you're complaining he wasn't transparent enough? So much for other people claiming that the Bitcoin forums were mostly composed of smart folks - you'd have to be dumb as a box of rocks to fall for this post. If they did indeed sit on it as OP said, kudos for him to disclosing it. Full disclosure works with non-responsive vendors, so fuck them. |
^_^
|
|
|
|
BitcoinPorn
|
|
June 30, 2011, 01:58:21 AM |
|
A broken link, where you have to read "REMOVE THIS TO GIVE ME 0.5BTC", before removing it, in a thread that says "CSRF" in it... and you're complaining he wasn't transparent enough?
So much for other people claiming that the Bitcoin forums were mostly composed of smart folks - you'd have to be dumb as a box of rocks to fall for this post.
If they did indeed sit on it as OP said, kudos for him to disclosing it. Full disclosure works with non-responsive vendors, so fuck them. I was beyond dumb, I knew it was something bad and still went in just to see what it was  Still, those lesser than me are idiots too, and no one deserves to be fucked with in this subforum. Keep it in development and etc. Forcing it to break in public is not the way to fix things, it drops confidence overall, when cuddlefish obviously knew of this exploit for a while, I guess couldn't fix it but only manipulate it and use it to fuck around with general users (also, I have seen his link in another thread without the remove text, still does not matter). Look, I can't hate the guy for finding out an exploit, but if his choice was to not make this thread or make it, well he could have did a billion things more productive for this particular situation other than make this thread in the manner that he did. |
|
|
|
ribuck
Donator
Hero Member
Offline
Activity: 826
Merit: 1039
|
|
June 30, 2011, 11:08:28 AM |
|
Cuddlefish didn't "break the other guy's website", because the other guy's website was already broken.
Also, posting publicly serves as a cautionary tale for every other website owner to re-check their own websites.
|
|
|
|
|
lemonginger
Full Member
Offline
Activity: 210
Merit: 100
firstbits: 121vnq
|
|
June 30, 2011, 05:41:10 PM |
|
Virwox response please?
[If VirWox does not respond quickly, I would urge all BTC folks to take business elsewhere.]
|
|
|
|
|
gentakin
Member
Offline
Activity: 98
Merit: 10
|
|
June 30, 2011, 05:50:00 PM |
|
The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do. Now we are all aware of the fact that virworx is vulnerable right now. [Also, this is the kind of coding error only very unexperienced web developers would create.. So much for Virwox]
|
1HNjbHnpu7S3UUNMF6J9yWTD597LgtUCxb
|
|
|
joan
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 30, 2011, 07:44:45 PM |
|
The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do.
He didn't mention that he had contacted them. @cuddlefish: Could you please clarify if you contacted them prior to the full disclosure, and how long. Thanks! |
|
|
|
|
|
elggawf
|
|
June 30, 2011, 07:59:46 PM |
|
The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do.
He didn't mention that he had contacted them. @cuddlefish: Could you please clarify if you contacted them prior to the full disclosure, and how long. Thanks! See: I've reported it to them, they've sat on it; I assumed they read these forums.
|
^_^
|
|
|
lemonginger
Full Member
Offline
Activity: 210
Merit: 100
firstbits: 121vnq
|
|
June 30, 2011, 09:10:21 PM |
|
I contacted them, they said they "fixed it promptly" after being contacted by OP. Can someone confirm that it is fixed or not?
|
|
|
|
|
|
cuddlefish (OP)
|
|
June 30, 2011, 11:00:29 PM |
|
I contacted them, they said they "fixed it promptly" after being contacted by OP. Can someone confirm that it is fixed or not?
It is now fixed. |
|
|
|
|
lemonginger
Full Member
Offline
Activity: 210
Merit: 100
firstbits: 121vnq
|
|
July 01, 2011, 01:40:18 AM |
|
I contacted them, they said they "fixed it promptly" after being contacted by OP. Can someone confirm that it is fixed or not?
It is now fixed. Exposure works every time. Thanks OP. |
|
|
|
|
|
