I frankly don't care what / where / how you work, or what you have studied.
The only thing I know is that this is clearly the wrong channel to do argue/disclose/chat about. http://www.valvesoftware.com/security/ Hopefully you get thanked in a patch note, if not I'm sure the entire community will be grateful that you disclosed a major security issue to the people that *actually *get paid to take care of this. Thanks. 2017-10-10 18:54 GMT+02:00 Saint K. <[email protected]>: > Christopher, > > > > I work in “the field” as you like to call it. It’s customary to explain > the exploit in detail and provide proof the concept (hence the request for > a PoC) in any form or way. > > > > Please demonstrate the issue, it be by posting the offending code, you > recording a video showing a working exploit, or anything along these lines. > > > > You should know this, if you work in “the field”. > > > > Regards, > > > > Saint K. > > > > *From:* Csgo_servers [mailto:[email protected]] *On > Behalf Of *Stealth Mode > *Sent:* 10 October 2017 18:34 > *To:* [email protected] > *Subject:* Re: [Csgo_servers] Custom files exploit > > > > @Ryan, etc. > > > > I studied radio electronics before IT was a thing. NetSec and ITSec go > hand in hand. My credentials aren't CS, because CS was radio electronics. > The industry hasn't changed, just a little more vulnerable. Not like I am > specifically stating how to inject code, or what code to inject on a public > mailing list. Don't need to. Professionals here know what I am referring > to. I guess the rest do not have the knowledge to understand what the > exploit can actually do. You are aware. That is all that matters. Don't > secure your servers, that is on you. When they get exploited, that is on > you. > > > > Have a nice day! End of discussion. No further communications. > > > > Sincerely, > > Christopher "StealthMode" Stephen Larkins > > Independent IT Field Engineer > > fieldnation.com > > workmarket.com > > onforce.com > > clearancejobs.com > > > > > > On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <[email protected]> wrote: > > My sides at this thread. At first I just rolled my eyes but now I actually > believe that Stealth Mode is either a troll or delusional. Please stop > saying "ITSec". Any first year CS student knows what PoC is but you don't? > Please. > > You are embarrassing yourself. Which institution did you get your degree? > It must be a very old BSc indeed. You talk complete nonsense and have a > fundamental misunderstanding of basic computer science tenets. > > > > On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[email protected]> wrote: > > Nice hat there. Stealth might get this one though: https://i.imgur.com/ > 329jfXt.gif > > > > On 10 Oct 2017 4:29 pm, "PistonMiner" <[email protected]> wrote: > > The person in question should never have written a message about an open > vulnerability into a public mailing list in the first place. Just because > they did doesn't mean that you should ask for PoCs in public mailing lists, > there's a multitude of issues with that. > To make it perfectly clear, I'm not defending this person, I seriously > doubt the seriousness of their statements and a lot of what they're saying > makes no sense at all and looks like trying to maintain an image of > competence while knowing little, but responsible disclosure still applies. > If this person has a vulnerability to report, they should do so with the > information listed at http://www.valvesoftware.com/security/. > And I think I know what I'm talking about seeing as I have two Finder's > Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and > https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners > > On 10.10.2017 17:08, Vaya wrote: > > I think someone needs to ‘stealth mode’ out of this email chain. This is > just noise without a repeatable Test > > Sent from my iPhone > > > On 10 Oct 2017, at 16:01, PistonMiner <[email protected]> wrote: > > If you have a vulnerability to report, don't do it in a public mailing > list. Report it directly to Valve, and no place else. This conversation has > so many problems, but asking for a PoC in a *public* mailing list is one > of them. Look up responsible disclosure. (I should note though, at this > point I am not convinced a vulnerability even exists.) > > -- > > PistonMiner (Linus S.) > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > > Csgo_servers mailing list > > [email protected] > > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > -- > > PistonMiner (Linus S.) > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
