Re: NVDA remote unsecurity prooven, recording of dev included
And pay particular attention to the specific request, he did say, "fuck me over," so he asked for it alright.
URL: http://forum.audiogames.net/viewtopic.php?pid=2831
Re: NVDA remote unsecurity prooven, recording of dev included
I would like to point out to anyone who may have missed it that Ivan said, and I quote, if you want to fuck me over, connect to this key, 123. He specifically instructed people to fuck him over, and Tiler seemingly did so. Why
Re: NVDA remote unsecurity prooven, recording of dev included
Basically what happened is Ivan basically broadcasted his nvda remote key to the world, that's what started this whole thing. Whether Ivan disconnected in the midst of this or not, it doesn't matter. You just, don't, give, out
Re: NVDA remote unsecurity prooven, recording of dev included
That's the general idea, yes. We open the door and we let in the thieves and the house is bad.
URL: http://forum.audiogames.net/viewtopic.php?pid=283046#p283046
___
Audiogames
Re: NVDA remote unsecurity prooven, recording of dev included
So I just skimmed a bit. Are people giving out their passwords, then blaming the platform when the people they gave the passwords to aren't trustworthy after all? I sorta feel like I've seen this on other fronts of this drama
Re: NVDA remote unsecurity prooven, recording of dev included
Ah, I can always rely on this forum to provide me with some sort of blindy drama... Thanks Guys.
URL: http://forum.audiogames.net/viewtopic.php?pid=283022#p283022
___
Audiogames
Re: NVDA remote unsecurity prooven, recording of dev included
You said it, Chris.
URL: http://forum.audiogames.net/viewtopic.php?pid=282869#p282869
___
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin-gucukoglu.com
https
Re: NVDA remote unsecurity prooven, recording of dev included
Play stupid games, win stupid prizes. Need I say more? What's happening to the human race?
URL: http://forum.audiogames.net/viewtopic.php?pid=282828#p282828
___
Audiogames
Re: NVDA remote unsecurity prooven, recording of dev included
Well, as I don't know the Teamtalk server from where you were in the discussion that's so embarasing to me. If that happens again I will never use remote.
URL: http://forum.audiogames.net/viewtopic.php?pid=282644#p282644
Re: NVDA remote unsecurity prooven, recording of dev included
I didn't read more than one in its entirety and decided it wasn't worth my time. Honestly, common sense really is necessary when dealing with any piece of software... Period.
URL: http://forum.audiogames.net/viewtopic.php?pid
Re: NVDA remote unsecurity prooven, recording of dev included
I didn't read more than one and decided it wasn't worth my time. Honestly, common sense really is necessary when dealing with any piece of software... Period.
URL: http://forum.audiogames.net/viewtopic.php?pid=282476#p282476
Re: NVDA remote unsecurity prooven, recording of dev included
*reads all 63 posts and facepalms*
URL: http://forum.audiogames.net/viewtopic.php?pid=282452#p282452
___
Audiogames-reflector mailing list
Audiogames-reflector@sabahattin
Re: NVDA remote unsecurity prooven, recording of dev included
As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token
Re: NVDA remote unsecurity prooven, recording of dev included
As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token
Re: NVDA remote unsecurity prooven, recording of dev included
As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token
Re: NVDA remote unsecurity prooven, recording of dev included
Sam, I get what you mean. Hopefully the NVDA devs can fix the bug that allows the f11 hook to die, at least. Or perhaps NVDA remote could query NVDA's activity closely, and if the main program doesn't respond properly, within
Re: NVDA remote unsecurity prooven, recording of dev included
I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I get the issue that you're trying
Re: NVDA remote unsecurity prooven, recording of dev included
I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying
Re: NVDA remote unsecurity prooven, recording of dev included
I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying
Re: NVDA remote unsecurity prooven, recording of dev included
I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying
Re: NVDA remote unsecurity prooven, recording of dev included
Hi. I thought I already said that it is my fault for connecting to a public key. If I didn't write that earlier like I thought I did (i'll check posts), I ment to. I could see how doing something like that could be stupid
Re: NVDA remote unsecurity prooven, recording of dev included
@54:You miss understood my message. Because it is impossible to hide a secret key in opensource software, it is impossible to implement such a thing by q or anyone else. It was ment to make you think about how you would do
Re: NVDA remote unsecurity prooven, recording of dev included
I think the reason Q told you off when asked about hiding the ini is because, it, just, can't, happen. Even if it's hidden, the sourcecode is still present, and anyone can go figure out how it's hidden. Even if key handling
Re: NVDA remote unsecurity prooven, recording of dev included
Replying to 49. SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being
Re: NVDA remote unsecurity prooven, recording of dev included
A few things here.I agree what Tyler did was a dick move, however...Here's a metaphorical situation. Ready?Let me give you a key to my house. You can walk on in, grab my laptop and a few externals before I could blink and knock
Re: NVDA remote unsecurity prooven, recording of dev included
I even talked to Tyler about this. Look at ssh. The average user most likely doesn't generate key pairs, but the more advanced user who is paranoid about security would. So add something. A checkbox, whatever. THat's
Re: NVDA remote unsecurity prooven, recording of dev included
Replying to 49. SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being
Re: NVDA remote unsecurity prooven, recording of dev included
My point still stands: you need to press f11 to disable the keyhook that remote starts by using events from nvda. Because nvda crashes, the keyhook can't be disabled, so that is still something that needs to be fixed in nvda
Re: NVDA remote unsecurity prooven, recording of dev included
SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source
Re: NVDA remote unsecurity prooven, recording of dev included
SO why didn't you? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source? Create a false sense
Re: NVDA remote unsecurity prooven, recording of dev included
no no rol, the key hook is not a bug in nvda. The bug in nvda is that long strings crash the program. The keyhook takes our keyboard input and sends it to remote clients. That's not in NVDA. That is in remote. When NVDA
Re: NVDA remote unsecurity prooven, recording of dev included
the key hook is a bug in nvda, not in nvda remote as previously stated. And how would you suppose to code a hidden file where key info is stored if the addon is opensource?
URL: http://forum.audiogames.net/viewtopic.php?pid
Re: NVDA remote unsecurity prooven, recording of dev included
@49 The last time we gave suggestions to that, we were told to in a way, shut up and code something ourselves. and how about the remote KeyHook?
URL: http://forum.audiogames.net/viewtopic.php?pid=282356#p282356
Re: NVDA remote unsecurity prooven, recording of dev included
So the topic title is total nonsense. Let me point out 2 things:1. The nvda remote file being stored as it is can not be hidden. If you know of a way to make it hidden, please say so and Q or whatever would probably be glad
Re: NVDA remote unsecurity prooven, recording of dev included
Just saw your last post stargate, and I can say that is fair enough. Keep this in mind though, if we hadn't threatened the hell out of tyler, we would have thought eo this day it was a remote thing. I understand differently
Re: NVDA remote unsecurity prooven, recording of dev included
I just saw your post about STW. To answer your question, If I played stw, I would stop playing if you made it break our NVDA. That's similar to how I would not Remote with someone who sends me long strings in order to break NVDA
Re: NVDA remote unsecurity prooven, recording of dev included
I can see what you mean there. I do understand what your coming from. The only reason I continue to hold my point of view is because were talking about the dev of the add on him self. Or at least one of them. I used to do shit
Re: NVDA remote unsecurity prooven, recording of dev included
I just saw your post about STW. To answer your question, If I played stw, I would stop playing if you made it break our NVDA. That's similar to how I would not Remote with someone who sends me long strings in order to break NVDA
Re: NVDA remote unsecurity prooven, recording of dev included
So let me sum this up. Please correct me if I'm missing something.There's a publicly available key that people use with NVDa remote.Someone connected to it. It being the publicly available key.They exploited a bug in NVDA which
Re: NVDA remote unsecurity prooven, recording of dev included
The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how
Re: NVDA remote unsecurity prooven, recording of dev included
The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how
Re: NVDA remote unsecurity prooven, recording of dev included
The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how
Re: NVDA remote unsecurity prooven, recording of dev included
The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how
Re: NVDA remote unsecurity prooven, recording of dev included
42 not only that, but say "haha. Did it work? I just crashed your computer and guess what? restart your computer and call it a day, figure out how I crashed it." Just later, upon being threatened of this being posted,
Re: NVDA remote unsecurity prooven, recording of dev included
Hi. I know at least I should save some of that more often. For me at least, it's not the fact that the data is gone, but how it is gone. If I added a command in stw to force shutdown the computer of any player I wanted, or maybe
Re: NVDA remote unsecurity prooven, recording of dev included
@40I press ctrl S constantly, especially with code and school assignments. It's actually ridiculous you guys don't. Since you guys are programmers, why not make a script to periodically press ctrl s, if it's too much
Re: NVDA remote unsecurity prooven, recording of dev included
Reply to what mason posted to twitter, and on this forum as well:*sighs* I really think its a matter of opinion at this point. but like was said before, anything could have happened. BlueScreen, HD failure… the list goes
Re: NVDA remote unsecurity prooven, recording of dev included
OK guys, so here's what happened. They all connected through remote as control this machine, then Tyler just sent a string to that key, it spoke and NVDA just died. Nothing got compromized, nothing got stolen, people are just
Re: NVDA remote unsecurity prooven, recording of dev included
Actually mason, it's more complicated than that. NVDA remote got stuck in the keyhook, so I had to hardboot and lose everything that wasn't save. For me, that was a lot at that particular moment. And guys, come on, what's all
Re: NVDA remote unsecurity prooven, recording of dev included
And also, lets not forget this. When our computers were crashed, and a couple still working, Tyler wrote in notepad for us to guess who it was. We of course guessed him immediately, but its still something to consider that he
Re: NVDA remote unsecurity prooven, recording of dev included
And also, lets not forget this. When our computers were crashed, and a couple still working, Tyler wrote in notepad for us to guess who it was. We of course, but its still something to consider that he didn't want to tell us who
Re: NVDA remote unsecurity prooven, recording of dev included
Ok, there are a fiew things that need to get streightened out here, huge points that people sceme to not propperly understand in this situation. First one, this twitter key posting. Yes, ivan posted to twitter to connect to key
Re: NVDA remote unsecurity prooven, recording of dev included
@34Yeah, I agree. I listened for 10 minutes or so, then realized it wasn't getting anywhere.
URL: http://forum.audiogames.net/viewtopic.php?pid=282305#p282305
___
Audiogames
Re: NVDA remote unsecurity prooven, recording of dev included
After reading this thing more closely, me, Sam, or whoever should seriously upload a version that just takes the key points of what happened, and was learned. I imagine that'd be a lot easier to follow
URL: http
Re: NVDA remote unsecurity prooven, recording of dev included
@JayBird - The way data was lost? Like Sam previously said, he was working on something that had to do with school work. I actually had a file open that contained code, which I could recreate, but its not easy, especially when
Re: NVDA remote unsecurity prooven, recording of dev included
Sam first of all I don't even leave my computers connected to the server that is stupid to leave computers connected on startup. Your a idiot.
URL: http://forum.audiogames.net/viewtopic.php?pid=282285#p282285
Re: NVDA remote unsecurity prooven, recording of dev included
ZOmg guys connect to my box so I can bitch about this like there's a flaw because one guy connected who knew what he was doing! You ask for people to connect for any reason on twitter and give out info for your machine: That's
Re: NVDA remote unsecurity prooven, recording of dev included
I don't why you guys are fighting its a good adon. Sam stay out of things that don't concern you.
URL: http://forum.audiogames.net/viewtopic.php?pid=282283#p282283
___
Audiogames
Re: NVDA remote unsecurity prooven, recording of dev included
ZOmg guys connect to my box so I can bitch about this like there's a flaw because one guy connected who knew what he was doing! You ask for people to connect for any reason on twitter and give out info for your machine: That's
Re: NVDA remote unsecurity prooven, recording of dev included
I guess I don't totally understand, and from people's descriptions, I rather doubt the recording would enlighten things.Were the client machines actually controlled? How was data lost?And now for a rant. I've long believed
Re: NVDA remote unsecurity prooven, recording of dev included
Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it. You wouldn't be able to control the other computer otherwise
Re: NVDA remote unsecurity prooven, recording of dev included
Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it.
URL: http://forum.audiogames.net/viewtopic.php?pid=282274
Re: NVDA remote unsecurity prooven, recording of dev included
Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it, and this is how Spivey fed the string to your NVDA.
URL
Re: NVDA remote unsecurity prooven, recording of dev included
Once again, it's sucks that you lost your data, but I think this is pretty much resolved. Toth is trying to find a fix and people know not to share their keys publicly.
URL: http://forum.audiogames.net/viewtopic.php?pid=282273
Re: NVDA remote unsecurity prooven, recording of dev included
Seriously though, I think it's unacceptable what happened. We didn't click allow control. And while the bug was parcially NVDA, it was remote that used it. It's not windows that is to blame for crypto locker, it's the software
Re: NVDA remote unsecurity prooven, recording of dev included
Seriously though, I think it's unacceptable what happened. We didn't click allow control. And while the bug was parcially NVDA, it was remote that used it. It's not windows that is to blame for crypto locker, it's the software
Re: NVDA remote unsecurity prooven, recording of dev included
Also sorressean, tyler did agree that the screen probably went 8 Bit him self, and the person who said that went and got sighted proof, so that actually probably happened.
URL: http://forum.audiogames.net/viewtopic.php?pid
Re: NVDA remote unsecurity prooven, recording of dev included
I love it. That will always be a source of comedy now, the beginning of that recording. Roofl. I think remote.ini is an issue just because it's so easy to get the keys. It may not be able to be fixed, but it's a step
Re: NVDA remote unsecurity prooven, recording of dev included
I'm not really sure why remote.ini is the problem... or even a problem. You're complaining that someone who has access to your computer can get your keys. Which is really how things generally go. Don't allow people access
Re: NVDA remote unsecurity prooven, recording of dev included
@slender, this has nothing to do with remote.ini. I brought it up, but no, this is different, involving a developer of NVDA remote crashing there clients. At least read the text on the linked page which explains things
Re: NVDA remote unsecurity prooven, recording of dev included
I heard them mention payloads several times and it made me laugh. I paused the recording soon after he said that his login screen looked 8bit. I'm listening to some more now.
URL: http://forum.audiogames.net/viewtopic.php?pid
Re: NVDA remote unsecurity prooven, recording of dev included
@Sorressean I heard them mention payloads several times and it made me laugh. I paused the recording soon after he said that his login screen looked 8bit. I'm listening to the more now.
URL: http://forum.audiogames.net
Re: NVDA remote unsecurity prooven, recording of dev included
It's not through those words exactly, but yes. 8 bit login screen, a payload, someone mentioned the bios and recovery (which is after the bios), someone also mentioned embedding a file... just the random bits of technobabble
Re: NVDA remote unsecurity prooven, recording of dev included
Ah, good old remote.ini, is this? Honestly I'd rather not listen to hour long recordings, because I'd really rather just hear the problem rather than a recording. But somebody bitched about remote.ini being a security flaw
Re: NVDA remote unsecurity prooven, recording of dev included
Sorressean, I didn't pay much attention after hearing him say that his login screen looked 8bit. I stopped listening soon after. But reading that made me laugh, so I'm gonna go find it in the recording now.
URL: http
Re: NVDA remote unsecurity prooven, recording of dev included
What I ment was the sound. It it was large enough and landed right, it could sound like a gunshot if the sight was not scene. And yeah, i'm sure it did. There were like 7 people in that TT channel all with computer problems
Re: NVDA remote unsecurity prooven, recording of dev included
My bad. I'll repost what I wrote. I felt I rambled too much and was going to re-write it; but since you responded to it I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must
Re: NVDA remote unsecurity prooven, recording of dev included
My bad. I'll repost what I wrote. I felt I rambled too much and was going to re-write it. Since you responded to it. I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must not like
Re: NVDA remote unsecurity prooven, recording of dev included
Um.If someone were to drop a huge box onto someone's toe, they would presume that someone just dropped a box on someone's toe. I don't know why a terrorist would be mentioned.Also speculations is a big reach for those
Re: NVDA remote unsecurity prooven, recording of dev included
Lol yeah, the beginning of that file is total chaos and speculations. You may as well skip it and wait until they start talking in notepad. I just wanted to be as honest as possible and include everything that happened. Come
Re: NVDA remote unsecurity prooven, recording of dev included
@stargate: that's the only question you had after listening to that? Did you happen to miss the line about someone injecting a NSA payload into the nexus through the matrix which then made the login screen look different?
URL
Re: NVDA remote unsecurity prooven, recording of dev included
SamFair enough. I do agree with you about how the remote.ini file needs to be hidden a bit better.
URL: http://forum.audiogames.net/viewtopic.php?pid=282253#p282253
Re: NVDA remote unsecurity prooven, recording of dev included
Simba, you should be fine using it just like that unless someone gets the key, doubtful for a quiet and pieceful session. Stargate, that lock screen thing, no one was sure at that point. We wern't creating feer, we were trying
Re: NVDA remote unsecurity prooven, recording of dev included
Hi. Ross, of course I know what your getting at. Here is a point to consider. It is so easy to get someones NVDA remote key with remote.ini, that you hardly have to share keys. And lets not forget the keyhook which was remote. I
Re: NVDA remote unsecurity prooven, recording of dev included
Also, what was your friend talking about the login screen looking different? I'm fairly certain that didn't happen and he was just contributing to the fear mongering.
URL: http://forum.audiogames.net/viewtopic.php?pid=282249
Re: NVDA remote unsecurity prooven, recording of dev included
Hi.Ok, one quick question.The only times I use NVDA remote is when someone needs to do something at my machine.We normaly do this the following way.We connect over skype so we have voice contact, and the person connects to my
Re: NVDA remote unsecurity prooven, recording of dev included
Hi sorressean. If you want just the part of the recording of tylers voice, I can post it. Also, it was not edited at all, but it was team talks recording feature cutting out. We were all pretty much freaking out at that point
Re: NVDA remote unsecurity prooven, recording of dev included
I agree that what Tyler did was a dick move, and it's unfortunate that NVDA Remote was used to do it. It's even more unfortunate that Tyler was one of the developers of NVDA Remote.This doesn't have anything to do
Re: NVDA remote unsecurity prooven, recording of dev included
SamI understand where you're coming from, but that's not the point. When you allow your machine to be connected to, that still allows a tiny bit of room for hackers to work; you of all people should know this.
URL: http
Re: NVDA remote unsecurity prooven, recording of dev included
I want to write a few things here, because I have very mixed feelings about this.First, I don't care where the issue is or what caused it, Tyler or anyone who received money for writing this add-on should not be abusing
Re: NVDA remote unsecurity prooven, recording of dev included
Hi ross. If you remember, first. We were connected to that key as listener, or controler. Ivan brought this on him self, not the people who chose to connect. And then ivan disconnected, and tyler connected with clear intensions
Re: NVDA remote unsecurity prooven, recording of dev included
Direct quote from Sam's recount: "Ivan soto posted on his twitter, everyone, if you want to fuck me over, connect to this key, 123. This resulted in over 10 people connecting to said key."So you're telling me that you
Re: NVDA remote unsecurity prooven, recording of dev included
My bad Sam. I'll repost what I wrote. I felt I ranted too much and was going to re-write it. Since you responded to it. I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must
Re: NVDA remote unsecurity prooven, recording of dev included
Edit: This was in responce to a now deleted post about how the code error was NVDA's and how remote is not to blame. This post has been deleted, but I will still keep my reply. Hi. I can see what you are saying to a certain
Re: NVDA remote unsecurity prooven, recording of dev included
Hi. I can see what you are saying to a certain extent. I think that we both have slightly different views on things. While NVDA is part of it, the keyhook I got locked into was indeed NVDA remote. This provented me from
Re: NVDA remote unsecurity prooven, recording of dev included
I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back
Re: NVDA remote unsecurity prooven, recording of dev included
I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back
Re: NVDA remote unsecurity prooven, recording of dev included
I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back
Re: NVDA remote unsecurity prooven, recording of dev included
I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back
Re: NVDA remote unsecurity prooven, recording of dev included
I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back
1 - 100 of 101 matches
Mail list logo
