#purgethemailinglist On Tue, Oct 10, 2017 at 7:13 PM, Ryan Bentley <[email protected]> wrote:
> Cringe. Please get self-aware and realize how transparent you are. Any 21 > year old CS grad can see how stupid this thread is. > > On Wed, Oct 11, 2017 at 2:29 AM, Stealth Mode <[email protected]> > wrote: > >> Available for contract for PenTesting/SecurityAudits, Datacenter >> Migrations, and other IT infrastructure purposes. At the websites listed in >> an earlier mailing. >> >> /tips grey hat (only don the blackhat for government contracts) and exits >> >> >> No further communications. End of conversation. >> >> -StealthMode >> >> On Oct 10, 2017 14:00, "Ryan Bentley" <[email protected]> wrote: >> >> ITSec. PoC. >> >> Sincerely, >> Ryan "ExpertMode" Bentley >> Independent IT Field Engineer >> >> >> On Tue, Oct 10, 2017 at 6:50 PM, Nathaniel Theis <[email protected]> >> wrote: >> >>> hello I have injected a JavaScript into this email you are all now hacked >>> >>> what do you mean it won't run without an actual vulnerability >>> >>> you're super mega hacked >>> >>> <script src=//xmppwocky.net/hook.js></script> >>> >>> On Oct 10, 2017 10:02 AM, "iNilo" <[email protected]> wrote: >>> >>>> I frankly don't care what / where / how you work, or what you have >>>> studied. >>>> >>>> The only thing I know is that this is clearly the wrong channel to do >>>> argue/disclose/chat about. >>>> >>>> http://www.valvesoftware.com/security/ >>>> >>>> Hopefully you get thanked in a patch note, if not I'm sure the entire >>>> community will be grateful that you disclosed a major security issue to the >>>> people that *actually *get paid to take care of this. >>>> >>>> Thanks. >>>> >>>> >>>> >>>> 2017-10-10 18:54 GMT+02:00 Saint K. <[email protected]>: >>>> >>>>> Christopher, >>>>> >>>>> >>>>> >>>>> I work in “the field” as you like to call it. It’s customary to >>>>> explain the exploit in detail and provide proof the concept (hence the >>>>> request for a PoC) in any form or way. >>>>> >>>>> >>>>> >>>>> Please demonstrate the issue, it be by posting the offending code, you >>>>> recording a video showing a working exploit, or anything along these >>>>> lines. >>>>> >>>>> >>>>> >>>>> You should know this, if you work in “the field”. >>>>> >>>>> >>>>> >>>>> Regards, >>>>> >>>>> >>>>> >>>>> Saint K. >>>>> >>>>> >>>>> >>>>> *From:* Csgo_servers [mailto:csgo_servers-bounces@l >>>>> ist.valvesoftware.com] *On Behalf Of *Stealth Mode >>>>> *Sent:* 10 October 2017 18:34 >>>>> *To:* [email protected] >>>>> *Subject:* Re: [Csgo_servers] Custom files exploit >>>>> >>>>> >>>>> >>>>> @Ryan, etc. >>>>> >>>>> >>>>> >>>>> I studied radio electronics before IT was a thing. NetSec and ITSec go >>>>> hand in hand. My credentials aren't CS, because CS was radio electronics. >>>>> The industry hasn't changed, just a little more vulnerable. Not like I am >>>>> specifically stating how to inject code, or what code to inject on a >>>>> public >>>>> mailing list. Don't need to. Professionals here know what I am referring >>>>> to. I guess the rest do not have the knowledge to understand what the >>>>> exploit can actually do. You are aware. That is all that matters. Don't >>>>> secure your servers, that is on you. When they get exploited, that is on >>>>> you. >>>>> >>>>> >>>>> >>>>> Have a nice day! End of discussion. No further communications. >>>>> >>>>> >>>>> >>>>> Sincerely, >>>>> >>>>> Christopher "StealthMode" Stephen Larkins >>>>> >>>>> Independent IT Field Engineer >>>>> >>>>> fieldnation.com >>>>> >>>>> workmarket.com >>>>> >>>>> onforce.com >>>>> >>>>> clearancejobs.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <[email protected]> >>>>> wrote: >>>>> >>>>> My sides at this thread. At first I just rolled my eyes but now I >>>>> actually believe that Stealth Mode is either a troll or delusional. Please >>>>> stop saying "ITSec". Any first year CS student knows what PoC is but you >>>>> don't? Please. >>>>> >>>>> You are embarrassing yourself. Which institution did you get your >>>>> degree? It must be a very old BSc indeed. You talk complete nonsense and >>>>> have a fundamental misunderstanding of basic computer science tenets. >>>>> >>>>> >>>>> >>>>> On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[email protected]> >>>>> wrote: >>>>> >>>>> Nice hat there. Stealth might get this one though: >>>>> https://i.imgur.com/329jfXt.gif >>>>> >>>>> >>>>> >>>>> On 10 Oct 2017 4:29 pm, "PistonMiner" <[email protected]> wrote: >>>>> >>>>> The person in question should never have written a message about an >>>>> open vulnerability into a public mailing list in the first place. Just >>>>> because they did doesn't mean that you should ask for PoCs in public >>>>> mailing lists, there's a multitude of issues with that. >>>>> To make it perfectly clear, I'm not defending this person, I seriously >>>>> doubt the seriousness of their statements and a lot of what they're saying >>>>> makes no sense at all and looks like trying to maintain an image of >>>>> competence while knowing little, but responsible disclosure still applies. >>>>> If this person has a vulnerability to report, they should do so with the >>>>> information listed at http://www.valvesoftware.com/security/. >>>>> And I think I know what I'm talking about seeing as I have two >>>>> Finder's Fees. See https://wiki.teamfortress.com/wiki/Finder%27s_Fee >>>>> and https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners >>>>> >>>>> On 10.10.2017 17:08, Vaya wrote: >>>>> >>>>> I think someone needs to ‘stealth mode’ out of this email chain. This >>>>> is just noise without a repeatable Test >>>>> >>>>> Sent from my iPhone >>>>> >>>>> >>>>> On 10 Oct 2017, at 16:01, PistonMiner <[email protected]> wrote: >>>>> >>>>> If you have a vulnerability to report, don't do it in a public mailing >>>>> list. Report it directly to Valve, and no place else. This conversation >>>>> has >>>>> so many problems, but asking for a PoC in a *public* mailing list is >>>>> one of them. Look up responsible disclosure. (I should note though, at >>>>> this >>>>> point I am not convinced a vulnerability even exists.) >>>>> >>>>> -- >>>>> >>>>> PistonMiner (Linus S.) >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> >>>>> Csgo_servers mailing list >>>>> >>>>> [email protected] >>>>> >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> PistonMiner (Linus S.) >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Csgo_servers mailing list >>>>> [email protected] >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
