DoomServ security hole

[Guest fod_vile]

aurikan said:

fod - i think he caught you in your own lie

no, perhaps he caught you in yours?

[Guest fod_vile]

AFTERSHOCK said:

Gee, fodders, first you were mad because you didn't think Aurikan did a good enough job following the principles outlined in the full disclosure article. Now you're mad that he did follow them?

I quote from the restrictions section:

» When releasing the vulnerability details they should be released completely. The attackers usually have a lot of spare time to figure out the missing parts, but the busy administrators usually don't.

I'm wondering about how quickly you forgot that part...

AFTERSHOCK

no, and i agree , AFTER "vendor should be given reasonable" chance to patch, fix

[stphrz]

AFTERSHOCK said:

You're a fat cow!

Consider yourself flamed.

AFTERSHOCK

Yeah? Well you're an ugly......whatever the heck you are.

[GavinJCD]

fod_vile said:

not by a hacker just by someone proving a point

hmmm, ok and what point would that be?

[Guest fod_vile]

aurikan said:

this doesn't make a fucking shred of difference; just because i didn't doesn't mean it was intentional.

seeing as i spend most of my time in solaris/linux/unix, where a lot of the copy/paste is not integrated, (especially not between processes or with the mouse) i'm not surprised i didn't think of doing this.

well you will know next time :)

[GavinJCD]

Ok, I'd just like to say before I head off for a while that this is getting rather out of hand, and of what I have read, Toke and Fod have been caught in quite a few lies, many of which have raised some questions. I advise you bothe to quit while your behind and just leave it.

[aurikan]

fod_vile said:

No aurikan your missing something,
the whole start of this reply to your post was not that you exposed the insecurity, it is the instructions to all hackers on how to do it, instructions from a 3rd party. I have discovered
you were told how to do it , tried it and found it works, I found it works 2nd hand :)
TGO was not given a "reasonable" chance to fix it.You knew a v4 was due out, it took 2 yr for this flaw to be discovered and didn't you jump on that bandwaggon?
My only disgust with you is the instructions to hackers, your trial test on me, and the speed of disclosure
THIS HAS BEEN EDITED TO MAKE IT MORE COGNIZANT TO AURIKAN

i'll refer you again to the document regarding full disclosure. and if i mail the server programmer at the mail address on webpage for the service he programmed - newly set up on his own domain even - and the email bounces, what am i to assume but that the creator is unreachable? i certainly feel that was enough attempt to reach him - and it is my call.

please try making your posts readable. i can't even understand the rest of it. and i did not test on you - next time you reiterate that i did, please provide some proof, so that we can take this "discussion" somewhere.

[GavinJCD]

fod_vile said:

no, perhaps he caught he caught you in yours?

hahaha, dude WTF is that supposed to mean?
damnit drop it already, it's obvious you no longer have a defense

[Guest fod_vile]

AFTERSHOCK said:

Doomserv is for neither players nor hackers. Doomserv is for egotistical, foul-mouthed, misspelling, illogical fools with a serious need to go take their medication.

That my friend is a flame. You have received very few flames so far. You probably just assumed that all the others were flames because the logic in them was too hard for you to understand without a healthy dose of profanity to keep the big words apart.

AFTERSHOCK

oh don't you get shitty when theres no prozac in the house?
mispelling? oh dear perhaps i should go get a dictionary so my language may be as coloUrful as your's?

[aurikan]

fod_vile said:

no, perhaps he caught you in yours?

no no, reread it more carefully.

you claim in other posts that you have been 'hacked' and files deleted off your hard drive. then you claim you have been on doomserv for 2 year and just 'been lucky' and not been hacked. well, which is it?

[Guest fod_vile]

AFTERSHOCK said:

Doomserv is for neither players nor hackers. Doomserv is for egotistical, foul-mouthed, misspelling, illogical fools with a serious need to go take their medication.

That my friend is a flame. You have received very few flames so far. You probably just assumed that all the others were flames because the logic in them was too hard for you to understand without a healthy dose of profanity to keep the big words apart.

AFTERSHOCK

heheheh i notice msg was edited, didnt want to be one of your foul mouthed misspelling fools?

[Arioch]

fod_vile said:

in none of this discussion?, have i stated i am a moderator, someone earlier said Toke was one i have no knowledge of this
maybe he is

Which is why I inserted the word "allegedly" because in no way can any of us be sure who you are in the hierarchy.

If indeed you are a moderator, or even Toke, I see that my forced absence from DoomServ for almost a year was a good thing.

[aurikan]

fod_vile said:

well you will know next time :)

it's not that i didn't know. it's that i neglected to do it, with no intention to leave off such a vitally important part of the statement, which i inferred anyway (which is much different from blatantly misquoting the source like your post). why does this matter towards the larger issue anyway?!

all you are doing is showing anybody who reads this thread how much of an idiot && asshole you are.

[Guest AFTERSHOCK]

fod_vile said:

heheheh i notice msg was edited, didnt want to be one of your foul mouthed misspelling fools?

That is called PROOFREADING. It happens when one takes the time to THINK about what they have to say. Perhaps you should try it some time.

AFTERSHOCK

[Guest AFTERSHOCK]

stphrz said:

Yeah? Well you're an ugly......whatever the heck you are.

"I" am, or rather the face pic I use is, the hilt of a sword. It represents the sword that I wear in my photograph on doomer's pictures.

AFTERSHOCK

Maybe I need a catchy sig about swords?

[aurikan]

fod_vile said:

i only reacted with flames to people that were flaming me in the 1st place
gavin i excuse, he just gets overexcited
the ones who defend your actions i respond to
others just flame me or make assumptions and i flame back

actually, let me point you to toke's first post flaming me. it's a ways down there. then teppic's (somewhat snide) response in my defense. and then responding to that is your flame. i don't recall seeing any post by you which brings up a point that i have not yet addressed. if you still have concerns to which you believe i have not responded please post them in reply to the original message to everyone may see it clearly and i may respond to them in an orderly fashion. this "discussion" is sprawling without bound.

i'll thank you in advance for being co-operative

[aurikan]

i'd like to ask anybody that still has an issue with my actions that either has not been addressed, or has been not been addressed satisfactorily, please post it in an orderly reply to the original message. this discussion has become far too sprawling and disorganized, perhaps we can clear it all up painlessly and briefly.

[Toke]

Teppic said:

No we wouldnt, we would simply be living in ignorance which is no better.

IS WAS GONNA BE GONE IN 4 DAYS!!! ITS ALREADY GONE HE DIDNT SAVE ANYBODY!!!

[Toke]

Mantra said:

This whole post has turned into simply a place for a few select people to yell at eachother. There cannot be a reasonable solution that will cause one side to back down. So this whole think is gradually becoming totally futile. Maybe everyone so pissed off should calm down a little bit. I think that fixing doomserv would be a better way to spend time than posting here calling the other people names. And the rest of you should just kinda stop wasting your time here. Just my opinion. Ill probably get flamed now...

No side will win because all of aurikans little friends refuse to believe that he did this with malice. And doomserv people arent just going to take this quietly, now that the new server is up doomserv people are hearing about what aurikan did and starting to speak out mith me and fod, you all really pised off this half of the community, its not just me and fod, everyone else didnt know what happened. This is going to get alot bigger.

[Guest Templar]

Alright listen up you pukes
SHUT THE HELL UP

[Guest DykeAtana]

As Ling has said repeatedly, drop this.

I'll agree that DoomServ is probably a bug-ridden piece of crap.
I'd rather do manual connects like a real man would... DoomServ is AOL to the usual method's ISP.

Next, I'd call the whole issue of the security hole idiotic. If people want to do crap like that, there's not much you can do about it. People will find a way.

Finally, I'd just like to say that DoomServ probably could use a lot of work. That's just because, well... it's not in a final version. It may never be.

Oh, and Toke and fod: Learn to spell. I got sick of yore eleet speling misstakees al througout yore mesaggese, adn wile it my seam k00l, 17'5 n07 45 31337 45 y00 7h1nk 17 15, yyou sad basrads!

[jon^c]

Toke said:

No side will win because all of aurikans little friends refuse to believe that he did this with malice. And doomserv people arent just going to take this quietly, now that the new server is up doomserv people are hearing about what aurikan did and starting to speak out mith me and fod, you all really pised off this half of the community, its not just me and fod, everyone else didnt know what happened. This is going to get alot bigger.

How can it get bigger? All I see is insults coming from people now.

[prower]

This thread is biiiig....

[Jon]

Toke said:

No side will win because all of aurikans little friends refuse to believe that he did this with malice. And doomserv people arent just going to take this quietly, now that the new server is up doomserv people are hearing about what aurikan did and starting to speak out mith me and fod, you all really pised off this half of the community, its not just me and fod, everyone else didnt know what happened. This is going to get alot bigger.

Are you suggesting that the only people who believe what aurikan did was right are his friends? Perhaps you should take a step back and look at the big picture.

[GavinJCD]

Toke said:

No side will win because all of aurikans little friends refuse to believe that he did this with malice. And doomserv people arent just going to take this quietly, now that the new server is up doomserv people are hearing about what aurikan did and starting to speak out mith me and fod, you all really pised off this half of the community, its not just me and fod, everyone else didnt know what happened. This is going to get alot bigger.

Speaking out are they...../me looks through the thread...
where?

[aurikan]

Toke said:

No side will win because all of aurikans little friends refuse to believe that he did this with malice. And doomserv people arent just going to take this quietly, now that the new server is up doomserv people are hearing about what aurikan did and starting to speak out mith me and fod, you all really pised off this half of the community, its not just me and fod, everyone else didnt know what happened. This is going to get alot bigger.

If you've still got issues, why don't you take my suggestion and present them in an orderly fashion so that I can respond to them in a similar way. If all you're going to do is flame, then keep it to you and your DoomServ group.

[Toke]

GavinJCD said:

I'm not sure why Toke and Fodders are defending doomserv, there is a flaw which has thankfully been uncovered. It was a very dangerous security hole which could have and maybe already has lead to a lot of damage.
The fact is blaming Aurikan is very foolish and stupid, also stupid is the obvious fabrications about him deleting files of ppls hardrives. I do not know why TOKE and Fodders are so against him, he has helped everyone in the doom communith and instead of congratulating him for his efforts you are harassing him, and making up stories.
This whole ting has gotten out of hand. I personally am not going to touch doomserv again wheather the bug is fixed or not...I am not prepared to take the risk. Toke, you being a oomserv moderator and all should stop whining about what Aurikan has done and start wondering about the safety of your machine.

I am not a moderator, just a guy who loves doom and is seeing his place to play being destroyed. TGO is real close to shuting it down. He does not have time for this and the doomserv people dont want it to be atacked like this. Aurikan started this so why dont you get him to drop it instead of trying to hack it agin and posting more info on how he does it. I was about to shut up but he made another post on how he hacked it.

[Toke]

aurikan said:

Obviously you disagree with the philosophy of full disclosure, a philosophy i believe in as much as i believe in open-source software. So we disagree whether or not I should have publicized this information. Ultimately, it was my call (as TGO states far earlier) and I believe I made the right decision. So stop whining/flaming and go do something useful.

If tgo agrees with you so much howcome he banned you? Its because he didnt know you where messing with stuff and booting people.

[Toke]

aurikan said:

fod - i think he caught you in your own lie

Just because you deny it and we have no proof doesnt mean its a lie. How did fod get cought in a lie. Is that your only defense for those accusations?

You deleted files off my hard drive.

No he didnt.

You just got cought in a lie.

???

[Toke]

fod_vile said:

no, perhaps he caught you in yours?

He said we both got cought in lies. I would like to know what these lies are and how exactly we got cought in them.