The thing that probably rubbed people the wrong way was that his first response to asking for clarification and proof that this even is a problem (the guy literally writes, "Don't take this the wrong way"), was a condescending and aggressive tone of:
" Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image." Or another goodie: "No disrespect intended but you have no idea what you are speaking about." <- kinda hard to not take offense to that for some people. Since then, every single response has been an escalation and reflection of that aggressiveness. Also the fact that he tries to show he knows his "thing" by giving himself "Professional" "Independent" labels, as if those justify/strengthen his stance. I'm familiar with what he's saying, but the reason why I didn't take him seriously is because he's thinking at a too theoretical of a level. If you think of a problem at a high-enough level, it makes sense. But, like any major/professional project people work on, the devil is always in the details. I'm more keen to trust the developers and engineers at Valve to have figured out that detail than an email about an exploit that makes sense at a theoretical level but has provided no proof or reason that this actually can be exploited. Basically asking for some preliminary results since it seemed under-prepared. - Don On Thu, Oct 12, 2017 at 12:35 PM, Nathaniel Theis <[email protected]> wrote: > honestly this is the funniest this list has been in years and I approve > > although I do want to see some sweet looking stock photos of hackers in > trenchcoats or ski masks > > On Oct 12, 2017 9:31 AM, "Michael Loveless" <[email protected]> > wrote: > >> Seriously man, please stop with the spam. You provided the information >> you felt was necessary and while Valve rarely responds here, they see the >> things reported here. If they feel it holds any credibility, they will look >> into it. Sourcemod devs frequent this as well, and always do anything they >> can to provide security for their users. Your original thread served it's >> purpose, time to move on. >> >> On Thu, Oct 12, 2017 at 12:21 PM, Hasser Css <[email protected]> >> wrote: >> >>> You had your fun already, now stop wasting everyone's time, Mister >>> PoC-in-security-means-Point-Of-Contact, amongst other funny things. :) >>> >>> On Thu, Oct 12, 2017 at 5:48 PM, Stealth Mode <[email protected] >>> > wrote: >>> >>>> Alfred, please have whoever is moderating these lists monitor the list >>>> better. >>>> >>>> A recent topic posted about the custom file exploit vulnerability has >>>> demonstrated a problem with list management/administration/moderation. >>>> >>>> A number of persons on this list do not have a lot of education in >>>> cybersecurity. In their ignorance they attack/harass some of the more >>>> experienced IT professionals on this list. >>>> >>>> Some of them I recognize from hlds, and Cs 1.0-1.6 days. >>>> >>>> Thanks in advance. Watch this thread on the go list, I bet they even >>>> harass on this topic. Even One Warrior Nation Ryan surprised me with his >>>> attacks (funny because he got into computer science in Baltimore because of >>>> conversations we used to have on owns 1.0-1.6 servers). Some of these >>>> members need suspended, or banned outright for harassing persons on this >>>> list. >>>> >>>> Sincerely, >>>> Christopher "StealthMode" Stephen Larkins >>>> HL Mod server professional since 1999 >>>> Professional CS competitor, and beta tester since 1998 >>>> Independent IT Field Engineer >>>> >>>> _______________________________________________ >>>> Csgo_servers mailing list >>>> [email protected] >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>>> >>> >>> >>> _______________________________________________ >>> Csgo_servers mailing list >>> [email protected] >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >>> >> >> >> _______________________________________________ >> Csgo_servers mailing list >> [email protected] >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
