Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included And pay particular attention to the specific request, he did say, "fuck me over," so he asked for it alright. URL: http://forum.audiogames.net/viewtopic.php?pid=283169#p283169 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I would like to point out to anyone who may have missed it that Ivan said, and I quote, if you want to fuck me over, connect to this key, 123. He specifically instructed people to fuck him over, and Tiler seemingly did so. Why is it wrong? Oh yes, that's right! Because Tiler is the damn developer, that's why! Well, let me make 1 thing quite clear. If you specifically asked people to fuck you over, then there's nothing wrong with what Tiler did. So why are you posting a topic about how NVDA remote is insecure when you asked for it. I would like to refer you to post 67 of this thread.Chris wrote:Play stupid games, win stupid prizes. Need I say more? What's happening to the human race?While I do believe Chris's last statement is going a little overboard, I can agree with the main point. leave your car keys ou t in the open with a note that says, hey guys, if you want to fuck me over, take my car keys and rec my car into the nearest brick wall, and you find your car completely totaled in a Walmart parking lot, don't scream at the person who wrecked it, cause it's your own damn fault. URL: http://forum.audiogames.net/viewtopic.php?pid=283160#p283160 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Basically what happened is Ivan basically broadcasted his nvda remote key to the world, that's what started this whole thing. Whether Ivan disconnected in the midst of this or not, it doesn't matter. You just, don't, give, out, your, password, plain and simple. Nvda Remote has no terms of service, but do you honestly think that Microsoft, for example, would've stayed mute if someone had done that one Remote Desktop? No, in fact if any twerp were to do that they would've at the very least gotten a polite reminder not to. Yes, Tyler's lesson was a little harsh and, not entirely right, it was a lesson after all. And, for the last time, don't be your own vulnerability with passwords, ok? Just don't. 123, even if your intention was to broadcast your remote password out to the world, is about the least amount of effort you could put into a password, and normally, while I wouldn't actually be the one doing this, I wouldn't have one shred of sympathy if someone with a poor excuse for a password got hacked. Tie this to the unnecessary drama, and you've got a volatile mixture. *sigh* URL: http://forum.audiogames.net/viewtopic.php?pid=283048#p283048 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included That's the general idea, yes. We open the door and we let in the thieves and the house is bad. URL: http://forum.audiogames.net/viewtopic.php?pid=283046#p283046 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included So I just skimmed a bit. Are people giving out their passwords, then blaming the platform when the people they gave the passwords to aren't trustworthy after all? I sorta feel like I've seen this on other fronts of this drama that I've been unable to avoid, not just NVDA remote. But maybe I'm misremembering.So, uh, maybe we should keep private security information private from now on? Set up groups that require multiple people have access so that they don't put anything important at risk? URL: http://forum.audiogames.net/viewtopic.php?pid=283039#p283039 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Ah, I can always rely on this forum to provide me with some sort of blindy drama... Thanks Guys. URL: http://forum.audiogames.net/viewtopic.php?pid=283022#p283022 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included You said it, Chris. URL: http://forum.audiogames.net/viewtopic.php?pid=282869#p282869 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Play stupid games, win stupid prizes. Need I say more? What's happening to the human race? URL: http://forum.audiogames.net/viewtopic.php?pid=282828#p282828 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Well, as I don't know the Teamtalk server from where you were in the discussion that's so embarasing to me. If that happens again I will never use remote. URL: http://forum.audiogames.net/viewtopic.php?pid=282644#p282644 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I didn't read more than one in its entirety and decided it wasn't worth my time. Honestly, common sense really is necessary when dealing with any piece of software... Period. URL: http://forum.audiogames.net/viewtopic.php?pid=282476#p282476 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I didn't read more than one and decided it wasn't worth my time. Honestly, common sense really is necessary when dealing with any piece of software... Period. URL: http://forum.audiogames.net/viewtopic.php?pid=282476#p282476 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included *reads all 63 posts and facepalms* URL: http://forum.audiogames.net/viewtopic.php?pid=282452#p282452 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token getting stolen by an attacker, effectively allowing people to impersonate you on Twitter, no one even reacted or came to the forum to warn people (this issue was fixed in an update). However when a rather insignificant flaw like this one which started basically because people gave out their keys, they come here and tell everybody NVDA remote is the most insecure addon you could ever have installed. Now if they never gave out the key and Tyler just burst in and crashed them in the middle of a remote session, I would understand their anger, But no, from what I've been hearing, that absolutely didn't happen. Takeaway: if you are just the average guy trying to help your parents set up their computers, use strong keys, or use the generate key butt on, disconnect when your done, or perhaps host your own server if you want to autoconnect, and you'll be just fine. URL: http://forum.audiogames.net/viewtopic.php?pid=282429#p282429 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token getting stolen by an attacker, effectively allowing people to impersonate you on Twitter, no one even reacted or came to the forum to warn people (this issue was fixed in an update). However when an rather insignificant flaw like this one which started basically because people gave out their keys, they come here and tell everybody NVDA remote is the most insecure addon you could ever have installed. Now if they never gave out the key and Tyler just burst in and crashed them in the middle of a remote session, I would understand their anger, But no, from what I've been hearing, that absolutely didn't happen. Takeaway: if you are just the average guy trying to help your parents set up their computers, use strong keys, or use the generate key but ton, disconnect when your done, or perhaps host your own server if you want to autoconnect, and you'll be just fine. URL: http://forum.audiogames.net/viewtopic.php?pid=282429#p282429 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included As I put it on Twitter, this whole situation feels like a bunch of FUD (fear, uncertainty and doubt). This happened with the remote.ini flaw, now it's this. When TW Blue had a security issue that could result in your user token getting stolen by an attacker, effectively allowing people to impersonate you on Twitter, no one even reacted or came to the forum to warn people (this issue was fixed in an update). However went a rather insignificant flaw like this one which started basically because people gave out their keys, they come here and tell everybody NVDA remote is the most insecure addon you could ever have installed. Now if they never gave out the key and Tyler just burst in and crashed them in the middle of a remote session, I would understand their anger, But no, from what I've been hearing, that absolutely didn't happen. Takeaway: if you are just the average guy trying to help your parents set up their computers, use strong keys, or use the generate key butt on, disconnect when your done, or perhaps host your own server if you want to autoconnect, and you'll be just fine. URL: http://forum.audiogames.net/viewtopic.php?pid=282429#p282429 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Sam, I get what you mean. Hopefully the NVDA devs can fix the bug that allows the f11 hook to die, at least. Or perhaps NVDA remote could query NVDA's activity closely, and if the main program doesn't respond properly, within maybe 2 or so seconds to account for lag, program unresponsiveness, stuff like that, then maybe NVDA remote could automatically die. URL: http://forum.audiogames.net/viewtopic.php?pid=282402#p282402 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I get the issue that you're trying to point out. I think the blame lies much more on Tyler than it does NVDA Remote or NVDA. I'm glad Toth took the stance he did and looked into what can be done to resolve this problem, either on NVDA's side or Remote. If nothing else, maybe the issue with NVDA will be resolved or a patch will be put in Remote to avoid a similar situation in the future. I hope that there won't be a similar situation in the future though, and that nobody shares any more keys publicly. Nothing good can come of that.I do feel the topic title is a bit misleading though, and that is what I meant when I said that you were trying to attract attention to a problem that isn't as big of a deal as you made it out to be. When I see the title, I think of a security flaw. Something that would give someone unauthorized access to my computer, but that's not what happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282380#p282380 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying to point out. I think the blame lies much more on Tyler than it does NVDA Remote or NVDA. I'm glad Toth took the stance he did and looked into what can be done to resolve this problem, either on NVDA's side or Remote. If nothing else, maybe the issue with NVDA will be resolved or a patch will be put in Remote to avoid a similar situation in the future. I hope that there won't be a similar situation in the future though, and that nobody shares any more keys publicly. Nothing good can come of that.I do feel the topic title is a bit misleading though, and that is what I meant when I said that you were trying to attract attention to a problem that isn't as big of a deal as you made it out to be. When I see the ti tle, I think of a security flaw. Something that would give someone unauthorized access to my computer, but that's not what happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282380#p282380 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying to point out. I think the blame lies much more on Tyler than it does NVDA Remote or NVDA. I'm glad Toth took the stance he did and looked into what can be done to resolve this problem, either on NVDA's side or Remote. If nothing else, maybe the issue with NVDA will be resolved, or a patch will be put in Remote to avoid a similar situation in the future. I hope that there won't be a similar situation in the future though, and that nobody shares any more keys publicly. Nothing good can come of that.I do feel the topic title is a bit misleading though, and that is what I meant when I said that you were trying to attract attention to a problem that isn't as big of a deal as you made it out to be. When I see the t itle, I think of a security flaw. Something that would give someone unauthorized access to my computer, but that's not what happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282380#p282380 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I actually like the way this topic is going. I thought in the beginning that it would turn into a heated debate, but it's been perfectly civil. I do see where you're coming from Sam, and I understand the issue that you're trying to point out. I think the blame lies much more on Tyler than it does NVDA Remote or NVDA. I'm glad Toth took the stance he did, and looked into what can be done to resolve this problem, either on NVDA's side or Remote. If nothing else, maybe the issue with NVDA will be resolved, or a patch will be put in Remote to avoid a similar situation in the future. I hope that there won't be a similar situation in the future though, and that nobody shares any more keys publicly. Nothing good can come of that.I do feel the topic title is a bit misleading though, and that is what I meant when I said that you were trying to attract attention to a problem that isn't as big of a deal as you made it out to be. When I see the title, I think of a security flaw. Something that would give someone unauthorized access to my computer, but that's not what happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282380#p282380 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi. I thought I already said that it is my fault for connecting to a public key. If I didn't write that earlier like I thought I did (i'll check posts), I ment to. I could see how doing something like that could be stupid. And againi, if it wasn't the developer of the addon him self doing this, We wouldn't even be having this conversation right now. I think what's going on is I feel mis understood, and a lot of you guys feel like all that were trying to do is grab attention. It is true that we do want everyone to know what happened, but this isn't happening to make a scene. It's happening so that everything can be made streight. So far I think it's kind of been back forth yes no, but that's not how it's meant to be or how I intended this to be. And also, getting mad at RDP for a script that I ran opening it... Ok, here is the difference. This time the script was pretty much written by the developer him self. He even posted saying w e were idiots for trying to hack ivan, so he was defenatly trying not to mess with him. Lets use another sort of metiforical example. Though this time, still having to do with computers. It's like knowiong a flaw in windows, right? A flaw that if done, maybe you delete this thing, or send this string threw the network card, or something stupid that lets just say makes your screen go black. If I find a way to remotely execute this flaw, are you going to blame me, or the windows flaw. I can say maybe I am going a bit to hard on remote and maybe I should direct this more at tyler, it's just so insane that the dev of the remote software used that exact software to harm people. I find it very hard to understand your point of view. Just like mine doesn't make sence to you probably very clearly, yours doesn't very clearly. I personally take it as saying, if you run a batch file that calls the windows format function, instead of blaming the batch file you ran and the per son who created it, you blame the format function for existing in the first place. That's how i'm picking up your point of view. URL: http://forum.audiogames.net/viewtopic.php?pid=282376#p282376 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @54:You miss understood my message. Because it is impossible to hide a secret key in opensource software, it is impossible to implement such a thing by q or anyone else. It was ment to make you think about how you would do that, not as a bash on q or any other nvda remote contributor for not implementing such a feature. URL: http://forum.audiogames.net/viewtopic.php?pid=282373#p282373 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I think the reason Q told you off when asked about hiding the ini is because, it, just, can't, happen. Even if it's hidden, the sourcecode is still present, and anyone can go figure out how it's hidden. Even if key handling was done entirely via the server, people could still find the lines in the code that direct the client to look up the information, encrypted or otherwise, and change it up to, say, grab that key and store it as a n decrypted text file in appdata. There's simply no way, and it's why businesses tend to turn a blind eye to open source software, for this very reason. Security is about as good as the knowledge of the person behind the machine. For example, I'd have not one shred of sympathy for someone who got hacked who was using sissy 8character or less, repetitive passwords, or stored their passwords in a raw text file. That's their own fault, they subjected themselves to vulnerability. That's the same with Nvda remote. Whi le I understand what Tyler did wasn't exactly right, Ivan isn't entirely blameless in this situation either. Sure, the remote eventually disconnected, but the thing is the key's already out there, on the nvdaremote.com server no less. If that's not subjecting yourself to vulnerability I don't know what is. So if the key was never passed around, it's not nearly as likely this would've happened. Also, yes, you should definitely be saving your work at least every 5 minutes or so. It's as easy as one command, or program your own script to autosave. Damien from x-sight did that once. Not trying to defend what Tyler did, mind you it was still a pretty drastic way to teach a lesson, but just a general reminder to save often. And don't think for a second that Nvda Remote is singled out in this matter just because it's open sourced. Yes, it may be one of the few times where one of the devs actually did something like this, but shit goes down on Microsoft Remote Desktop/Teamviewer too, both closed source, in deed probably even less secure depending on how you use it since you're putting your trust in a company that you have no control over. Sure, Microsoft has a clause in their terms of service clearly warning users of getting banned if caught hacking computers with remote desktop, but what do you know? How do you know that Microsoft doesn't log packets? Nvda remote could be on the central server as well. Hell, if you're paranoid, just run your own server. I'm sure if you have this great and superior solution to running off the central server, you have enough money to pay the reasonable price for a server. URL: http://forum.audiogames.net/viewtopic.php?pid=282367#p282367 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Replying to 49. SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source? Create a false sense of security?With that out of the way, I see what you're saying about the keyhook Sam. That doesn't negate the fact that if you had been using NVDA Remote for its intended purpose, none of this would have happened. It also doesn't change the fact that the problem lies with NVDA. If NVDA hadn't crashed when seeing a long string, the keyhook wouldn't be causing a problem. It seems that you're still not willing to admit that connecting to a shared key may not have been a very smart idea. I think I know what you're going to say as a response. "But I didn't click allow control." Once again, you wouldn't have needed to allow control. Remote needs to speak what is se nt from the controlling machine, and Tyler used that to invoke the NVDA bug. That's a risk all of you took when you connected to a publicly posted key. URL: http://forum.audiogames.net/viewtopic.php?pid=282364#p282364 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included A few things here.I agree what Tyler did was a dick move, however...Here's a metaphorical situation. Ready?Let me give you a key to my house. You can walk on in, grab my laptop and a few externals before I could blink and knock me flying before running out.Essentially (or maybe not essentially, since Mason just said you didn't lose data) this is what happened. You quite literally brought this on yourselves. As amusing as the recording is (yes, I'm sorry, it was amusing), relax. I've actually seen this bug in NVDA (having nothing to do with remote whatsoever, I've crashed local machines).Here's hoping it will be fixed. One thing I'd also love to see is an NVDA remote server made publicly available (already compiled and ready for use). One of the nicest things is that you can step away from the nvdaremote.com if you truly wanted to if you know how to compile the source for the server. I myself haven't had any prob lems with it, though, and it's sad that the developer of this thing got himself involved in this. Not going to make a few people trust him or want to work with him though at the same time, it should teach some folks a lesson about how not to be a complete and utter idiot, and I'm sure he can be forgiven just a little. I certainly haven't had a problem with him with what little interaction I've had and all of this seems so completely overblown and attention grabbing.Wolf out for now. Please relax bros. URL: http://forum.audiogames.net/viewtopic.php?pid=282366#p282366 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I even talked to Tyler about this. Look at ssh. The average user most likely doesn't generate key pairs, but the more advanced user who is paranoid about security would. So add something. A checkbox, whatever. THat's on remote.ini. but to be honest, I can accept that. The biggest thing is in the way that he actually took time and added the crash clients option to remote. And on twitter, he said the following.First, @samtupy1 gave his key outpublically. Second, he had no secondary account to restart NVDA. NVDA 101. We're done here.Now, I'm not at all trying to bash him for everything, no way. And I truly understand that some just won't agree, and I will accept that. But honestly, how would a second user account be required? Where does it say this? Am I required to expect this to happen? I did not sign up to get hacked on my main computer, it was Ivan who did that. URL: http://forum.audiogames.net/viewtopic.php?pid=282365#p282365 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Replying to 49. SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source? Create a false sense of security?With that out of the way, I see what you're saying about the keyhook Sam. That doesn't negate the fact that if you had been using NVDA Remote for its intended purpose, none of this would have happened. It also doesn't change the fact that the problem lies with NVDA. If NVDA hadn't crashed when seeing a long string, the keyhook wouldn't be causing a problem. It seems that you're still not willing to admit that connecting to a shared key may not have been a very smart idea. I think I know what you're going to say as a response. "But I didn't click allow control." Once again, you wouldn't have needed to allow control. Remote needs to speak what is se nt from the controlling machine, and Tyler used that to invoke the NVDA bug. URL: http://forum.audiogames.net/viewtopic.php?pid=282364#p282364 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included My point still stands: you need to press f11 to disable the keyhook that remote starts by using events from nvda. Because nvda crashes, the keyhook can't be disabled, so that is still something that needs to be fixed in nvda, not remote. And if you want to do encryption on the file, the only slightly safer way to do it is to use an executable that handles the encryption which goes against the gpl and which could hide malicious code itself. Really, if someone has access to your nvda remote key, you need to ask yourself to what other info that person has read/write access. He will have write access to your startup programs as well, so he could just make a script which does that instead. What you're basically saying whith your key insecurity is: I ran a script from someone, that enabled windows remote desktop or whatever, and rdp is vulnerable because it allowed itself to be enabled by a malicious script that I ran myself. This just doesn't make sence at all. URL: http://forum.audiogames.net/viewtopic.php?pid=282363#p282363 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included SO why didn't you write something up? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source? Create a false sense of security?With that out of the way, I see what you're saying about the keyhook Sam. That doesn't negate the fact that if you had been using NVDA Remote for its intended purpose, none of this would have happened. It also doesn't change the fact that the problem lies with NVDA. If NVDA hadn't crashed when seeing a long string, the keyhook wouldn't be causing a problem. It seems that you're still not willing to admit that connecting to a shared key may not have been a very smart idea. I think I know what you're going to say as a response. "But I didn't click allow control." Once again, you wouldn't have needed to allow control. Remote needs to speak what is sent from the cont rolling machine, and Tyler used that to invoke the NVDA bug. URL: http://forum.audiogames.net/viewtopic.php?pid=282364#p282364 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included SO why didn't you? You want the NVDA Remote developers to code something that cannot be easily done, yet you refuse to contribute. How do you propose they fix it with the entire project being open source? Create a false sense of security?With that out of the way, I see what you're saying about the keyhook Sam. That doesn't negate the fact that if you had been using NVDA Remote for its intended purpose, none of this would have happened. It also doesn't change the fact that the problem lies with NVDA. If NVDA hadn't crashed when seeing a long string, the keyhook wouldn't be causing a problem. It seems that you're still not willing to admit that connecting to a shared key may not have been a very smart idea. I think I know what you're going to say as a response. "But I didn't click allow control." Once again, you wouldn't have needed to allow control. Remote needs to speak what is sent from the controlling machine, an d Tyler used that to invoke the NVDA bug. URL: http://forum.audiogames.net/viewtopic.php?pid=282362#p282362 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included no no rol, the key hook is not a bug in nvda. The bug in nvda is that long strings crash the program. The keyhook takes our keyboard input and sends it to remote clients. That's not in NVDA. That is in remote. When NVDA was crashed, it was impossible to disable the keyhook that was remote generated. URL: http://forum.audiogames.net/viewtopic.php?pid=282360#p282360 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included the key hook is a bug in nvda, not in nvda remote as previously stated. And how would you suppose to code a hidden file where key info is stored if the addon is opensource? URL: http://forum.audiogames.net/viewtopic.php?pid=282358#p282358 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @49 The last time we gave suggestions to that, we were told to in a way, shut up and code something ourselves. and how about the remote KeyHook? URL: http://forum.audiogames.net/viewtopic.php?pid=282356#p282356 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included So the topic title is total nonsense. Let me point out 2 things:1. The nvda remote file being stored as it is can not be hidden. If you know of a way to make it hidden, please say so and Q or whatever would probably be glad to implement it.2. This is not nvda remote's fault, it's nvda's, after all, nvda crashed.And Tylor maybe a dick I honestly don't know and don't care, I'm sure there are dicks who have contributed to opensource projects. So you should probably change your post/topic title to something like "tylor is a total dick, proven with recording!", would be far more accurate if that's what you believe. URL: http://forum.audiogames.net/viewtopic.php?pid=282347#p282347 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Just saw your last post stargate, and I can say that is fair enough. Keep this in mind though, if we hadn't threatened the hell out of tyler, we would have thought eo this day it was a remote thing. I understand differently, however consider this from a clients point of view rather than the coders. @liam, it's wayyy more complicated. A public key, but no one connected was set to allow this machine to be controled. So actually, it would be closer to, here is the key to my house. Everyone connects, then you kick us out. We all stay standing there with a key. Then basicly, we have to think futuristic here, tylers house appeared with the key to your house in the lock. The door was then opened from the inside, with tyler pointing a gun and owned us. Strong analigy for crashed NVDA, but again I must ask... the keyhook... Remote was used for more than a method to send the string. It was also used to block us from restarting NVDA, accessing the task manager, etc etc. If I get a valid reason that was an NVDA issue, i'd love to hear it. But plaaase explain the keyhook and how that is an NVDA only issue to me. URL: http://forum.audiogames.net/viewtopic.php?pid=282343#p282343 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I just saw your post about STW. To answer your question, If I played stw, I would stop playing if you made it break our NVDA. That's similar to how I would not Remote with someone who sends me long strings in order to break NVDA. I would blame you for being a dick since you caused the problem, similar to how you blame Tyler for doing it to you. If people asked me what I thought of STW, I'd tell them that the developer likes to abuse a bug in NVDA to cause problems. They'd probably avoid playing Survive the Wild, and nothing more would happen. Just like if you were given the option to NVDA Remote with Tyler, you'd say no. You're trying to make a comparison of two things that aren't very similar. You weren't using Remote for its intended use. If you were, none of this would have happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282340#p282340 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I can see what you mean there. I do understand what your coming from. The only reason I continue to hold my point of view is because were talking about the dev of the add on him self. Or at least one of them. I used to do shit bogged down, but similar to this about 2 years ago on stw. Now i'm really sensitive to it. And We didn't try to gamble. We were a bunch of kids being really stupid. I think we'll have to agree to disagree. I did what I felt was right to notify everyone and I don't have to keep pushing my point for much longer. If on stw I sent a really long that, it would technically be an NVDA issue. But as soon as I get down and modify the stw server and type the comma dn/crash playername, well... And also, I am again going to ask for an in depth explination of the keyhook. If I wasn't locked in it, I could just restart NVDA. But we were licked in the NVDA Remote Keyhook. So please, if you may, explain why that is an NVDA issue? I have this feeling that if I coded something very similar for stw, i'd be fucked. And if was someone other than the dev mind you, I could report it to the dev and get on with my life. But with Q telling me to shut up 4 months ago, getting and seeing people get hacked with remote 4 months ago, and now seeing it locking me into a keyhook crashing my NVDA, i've really had enough. URL: http://forum.audiogames.net/viewtopic.php?pid=282341#p282341 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I just saw your post about STW. To answer your question, If I played stw, I would stop playing if you made it break our NVDA. That's similar to how I would not Remote with someone who sends me long strings in order to break NVDA. I would blame you for being a dick since you caused the problem, similar to how you blame Tyler for doing it to you. NVDA Remote has nothing to do with what happened. It was just the method for sending a string for your NVDA to speak. URL: http://forum.audiogames.net/viewtopic.php?pid=282340#p282340 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included So let me sum this up. Please correct me if I'm missing something.There's a publicly available key that people use with NVDa remote.Someone connected to it. It being the publicly available key.They exploited a bug in NVDA which caused the machine to crash.And people are upset?Guys. It's a publicly available key. that's like me going. Hey. Here's the key to my house. Everyone. come on over. Then I get upset because someone came in and stole some DVD's.Way to solve this in future is simple.Private keys.thank you. URL: http://forum.audiogames.net/viewtopic.php?pid=282339#p282339 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how unacceptable it is will bring it back. You also keep saying that you didn't click allow this machine to be controlled. At no point were any of you being controlled. All that happened was your NVDA spoke a very long string which breaks things, and you had to hard reset. It seems to me that you're still trying to make this sound like a dangerous flaw in NVDA Remote, when in reality all that happened was a smart person new of a bug in NVDA and used it to cause problems for you. The exact same thing would have happened to you if he had sent you a very long message on Twitter, but because it happened through NVDA Remote, you're saying that it's different and a security flaw. You all set yourselves up for nefarious action when you connec ted to a publicly posted key. It doesn't matter who was connected as the controllable machine. What matters is that you were all connected to the same key, and that's not a risk you should take. You gambled, and you lost.I think Mason wrapped it up nicely. URL: http://forum.audiogames.net/viewtopic.php?pid=282337#p282337 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how unacceptable it is will bring it back. You also keep saying that you didn't click allow this machine to be controlled. At no point were any of you being controlled. All that happened was your NVDA spoke a very long string which breaks things, and you had to hard reset. It seems to me that you're still trying to make this sound like a dangerous flaw in NVDA Remote, when in reality all that happened was a smart person new of a bug in NVDA and used it to cause problems for you. The exact same thing would have happened to you if he had sent you a very long message on Twitter, but because it happened through NVDA Remote, you're saying that it's different and a security flaw. You all set yourselves up for nefarious action when you connec ted to a publicly posted key. It doesn't matter who was connected as the controllable machine. What matters is that you were all connected to the same key, and that's honestly not something you should risk doing with your computer. You gambled, and you lost.I think Mason wrapped it up nicely. URL: http://forum.audiogames.net/viewtopic.php?pid=282337#p282337 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how unacceptable it is will bring it back. You also keep saying that you didn't click allow this machine to be controlled. At no point were any of you being controlled. All that happened was your NVDA spoke a very long string which breaks things, and you had to hard reset. It seems to me that you're still trying to make this sound like a dangerous flaw in NVDA Remote, when in reality all that happened was a smart person new of a bug in NVDA and used it to cause problems for you. The exact same thing would have happened to you if he had sent you a very long message on Twitter, but because it happened through NVDA Remote, you're saying that it's different and a security flaw. You all set yourselves up for nefarious actions when you all c onnected to a publicly posted key. It doesn't matter who was connected as the controllable machine. What matters is that you were all connected to the same key, and that's honestly not something you should risk doing with your computer. You gambled, and you lost.I think Mason wrapped it up nicely. URL: http://forum.audiogames.net/viewtopic.php?pid=282337#p282337 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included The reason we keep saying that it's an NVDA problem is because that's exactly what it is. Nothing more. I'm going to repeat myself again. It sucks that you lost data, but it happened, and no amount of ranting about how unacceptable it is will bring it back. You also keep saying that you didn't click allow this machine to be controlled. At no point were any of you being controlled. All that happened was your NVDA spoke a very long string which breaks things, and you had to hard reset. It seems to me that you're still trying to make this sound like a dangerous flaw in NVDA Remote, when in reality all that happened was a smart person new of a bug in NVDA and used it to cause problems for you. The exact same thing would have happened to you if he had sent you a very long message on Twitter, but because it happened through NVDA Remote, you're saying that it's different and a security flaw.I think Mason wrapped it up nicely. URL: http://forum.audiogames.net/viewtopic.php?pid=282337#p282337 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included 42 not only that, but say "haha. Did it work? I just crashed your computer and guess what? restart your computer and call it a day, figure out how I crashed it." Just later, upon being threatened of this being posted, you tell us how it works. Now tel me this, wouldn't you suspect something? Wouldn't you think its strange as hell? And most of all, wouldn't you be suspicious of something else happening besides your computer doing that? Of corse you would have speculations, but nothing could be confirmed until your told by the person who did it, in this case Tyler.I think if this happened to you, you would take a totally different approach URL: http://forum.audiogames.net/viewtopic.php?pid=282327#p282327 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi. I know at least I should save some of that more often. For me at least, it's not the fact that the data is gone, but how it is gone. If I added a command in stw to force shutdown the computer of any player I wanted, or maybe even pass a long string to NVDA, I know for a fact people would be pissed at me. They wouldn't say oh, meh, it's sending long strings. I'd have 0 players in 2 minutes if I coded the stw server to send long ass strings of data to anyone I wanted. Because it's my program still doing it, even though it's an NVDA bug. So i'm curious. What would you guys do. If I made something that could crash NVDA and throw you in a keyhook like this, would you stop playing and just completely move on? If you would stop playing, what makes the remote situation different? And the fact that I connected doesn't work either, you connected to STW. I'm hoping to get a good answer to this, because then maybe I could understand your guyses point of view. URL: http://forum.audiogames.net/viewtopic.php?pid=282325#p282325 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @40I press ctrl S constantly, especially with code and school assignments. It's actually ridiculous you guys don't. Since you guys are programmers, why not make a script to periodically press ctrl s, if it's too much of a hassle, haha. URL: http://forum.audiogames.net/viewtopic.php?pid=282324#p282324 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Reply to what mason posted to twitter, and on this forum as well:*sighs* I really think its a matter of opinion at this point. but like was said before, anything could have happened. BlueScreen, HD failure… the list goes on. Then yes, nobody but you could be at fault. But when you don’t offer your computer up for control, and someone else does something like this, I really don’t think its my issue for not saving part of the code. And not saying all, but I really doubt many people press CTRL S extremely often, just to save something and expect something like this to happen to them. URL: http://forum.audiogames.net/viewtopic.php?pid=282319#p282319 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included OK guys, so here's what happened. They all connected through remote as control this machine, then Tyler just sent a string to that key, it spoke and NVDA just died. Nothing got compromized, nothing got stolen, people are just being rediculous. Cary on. URL: http://forum.audiogames.net/viewtopic.php?pid=282310#p282310 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Actually mason, it's more complicated than that. NVDA remote got stuck in the keyhook, so I had to hardboot and lose everything that wasn't save. For me, that was a lot at that particular moment. And guys, come on, what's all this about it being an NVDA issue. Is it a windows issue that killing the wrong process crashes the system and a program exploits it? Same with a unix processor? Remote was used to magnify an NVDA bug. I guess if I make a virus, it's now a harddrive bug when I delete a file. Right? As a remote client, I could care less how code wise I had to hard boot my computer. But I did. Maybe it is almost completely an NVDA issue. Not the keyhook, that wasn't and completely blocked me from restarting NVDA etc. So please combat this keyhook situation. If you guys all say this is an NVDA bug, then please explain why I couldn't restart NVDA with control alt n, or even go to the CMD to kill it? That's remotes little keyhook, and that's enough for me. URL: http://forum.audiogames.net/viewtopic.php?pid=282314#p282314 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included And also, lets not forget this. When our computers were crashed, and a couple still working, Tyler wrote in notepad for us to guess who it was. We of course guessed him immediately, but its still something to consider that he didn't want to tell us either that, or the method that was used against our computers. Only later was it that we were told about the character string, one reason all the more for the chaos in the recording. I'm not going to forget his apology though, and the fact that he said he was just being a dick, but still. It can't be left unnoticed. URL: http://forum.audiogames.net/viewtopic.php?pid=282308#p282308 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included And also, lets not forget this. When our computers were crashed, and a couple still working, Tyler wrote in notepad for us to guess who it was. We of course, but its still something to consider that he didn't want to tell us who it was specifically. I'm not going to forget his apology though, and the fact that he said he was just being a dick, but still. It can't be left unnoticed. URL: http://forum.audiogames.net/viewtopic.php?pid=282308#p282308 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Ok, there are a fiew things that need to get streightened out here, huge points that people sceme to not propperly understand in this situation. First one, this twitter key posting. Yes, ivan posted to twitter to connect to key 123. That was ivan. I didn't post that on twitter. You guys shouldn't get mad because anyone connected to it. We just followed a twitter tweat. After ivan disconnected, a VM of tylers connects and tells us that hacking can ruin peoples lives, he was defenatly against fucking up ivan. Then he crashes all the clients. So... Ivan posted the key and got his computer fucked up, but not the rest of us. And? If it was someone else that did this, then it could be a bug reported to the remote devs and done. But no, this was the dev him self connected to his own nvdaremote.com server, though the server doesn't matter. And everyone was connected as control another machine, not allow this amchine to be controled. So the only just reason for you guys talk ing about us connecting to a key posted publicly is that tyler was made aware of the key. URL: http://forum.audiogames.net/viewtopic.php?pid=282307#p282307 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @34Yeah, I agree. I listened for 10 minutes or so, then realized it wasn't getting anywhere. URL: http://forum.audiogames.net/viewtopic.php?pid=282305#p282305 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included After reading this thing more closely, me, Sam, or whoever should seriously upload a version that just takes the key points of what happened, and was learned. I imagine that'd be a lot easier to follow URL: http://forum.audiogames.net/viewtopic.php?pid=282304#p282304 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @JayBird - The way data was lost? Like Sam previously said, he was working on something that had to do with school work. I actually had a file open that contained code, which I could recreate, but its not easy, especially when it took me a while to work on.And yes, I understand that this data could have easily been destroyed by you said it, hard drive failure/fire/the blue screen of death... The possibilities are endless, but I don't see that having much of a effect. It was the way I lost data that is important here.@hhurstseth405 - Ok, unless you may want to explain a couple things, I don't see how this doesn't concern me, Sam, or anyone else on the server who was controlling another machine. And actually, its something that in a way, deals with anyone. URL: http://forum.audiogames.net/viewtopic.php?pid=282296#p282296 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Sam first of all I don't even leave my computers connected to the server that is stupid to leave computers connected on startup. Your a idiot. URL: http://forum.audiogames.net/viewtopic.php?pid=282285#p282285 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included ZOmg guys connect to my box so I can bitch about this like there's a flaw because one guy connected who knew what he was doing! You ask for people to connect for any reason on twitter and give out info for your machine: That's on you period. Hence why updates/OS security/account security, mentioned for good measure, is so important. Also, this recording is killing me guys: I don't miss my TT days after hearing this. Anyone who is wondering if this matters to their security of their NVDA remote sessions: This is just FUD unless you give someone you don't trust your key/private server URL, if you use it who was technically smart. Kids own people all the time. Sometimes, You shouldn't do stupid things. URL: http://forum.audiogames.net/viewtopic.php?pid=282282#p282282 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I don't why you guys are fighting its a good adon. Sam stay out of things that don't concern you. URL: http://forum.audiogames.net/viewtopic.php?pid=282283#p282283 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included ZOmg guys connect to my box so I can bitch about this like there's a flaw because one guy connected who knew what he was doing! You ask for people to connect for any reason on twitter and give out info for your machine: That's on you period. Hence why updates/OS security/account security, mentioned for good measure, is so important. Also, this recording is killing me guys: I don't miss my TT days after hearing this. URL: http://forum.audiogames.net/viewtopic.php?pid=282282#p282282 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I guess I don't totally understand, and from people's descriptions, I rather doubt the recording would enlighten things.Were the client machines actually controlled? How was data lost?And now for a rant. I've long believed that anyone who stores valuable/irreplaceable data in only one location is just asking for trouble. Something like this, or a virus, or even a good old fashioned hard drive failure could cause you to lose every last bit of data you've ever had, in an instant, with no warning, and with no way of ever getting any of it back.My personal backup strategy might seem to some a bit overkill, but it does insure that a lot of horrible things would have to happen in order for me to lose much of importance. Anything important goes to an external drive, connected to my computer. That hard drive is updated frequently to another hard drive, which in between updates is removed from the system and not connected to anything whatsoever, not even power. A few times a year, this information is also copied to a drive at an off-site location, again, not connected to anything in any way whatsoever while not in use. And if that's not enough, I also back up my stuff to CrashPlan online backup. URL: http://forum.audiogames.net/viewtopic.php?pid=282280#p282280 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it. You wouldn't be able to control the other computer otherwise. URL: http://forum.audiogames.net/viewtopic.php?pid=282274#p282274 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it. URL: http://forum.audiogames.net/viewtopic.php?pid=282274#p282274 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Also, you wouldn't have needed to click allow control. When controlling another computer, your NVDA still needs to speak what the machine being controlled sends to it, and this is how Spivey fed the string to your NVDA. URL: http://forum.audiogames.net/viewtopic.php?pid=282274#p282274 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Once again, it's sucks that you lost your data, but I think this is pretty much resolved. Toth is trying to find a fix and people know not to share their keys publicly. URL: http://forum.audiogames.net/viewtopic.php?pid=282273#p282273 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Seriously though, I think it's unacceptable what happened. We didn't click allow control. And while the bug was parcially NVDA, it was remote that used it. It's not windows that is to blame for crypto locker, it's the software, in this case remote. I'll recover from my data loss and that's not my issue. It's how it was lost. And I am very glad q is trying to take the initiative to fix things. URL: http://forum.audiogames.net/viewtopic.php?pid=282269#p282269 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Seriously though, I think it's unacceptable what happened. We didn't click allow control. And while the bug was parcially NVDA, it was remote that used it. It's not windows that is to blame for crypto locker, it's the software, in this case remote. I'll recover from my data loss and that's not my issue. It's how it was lost. And I am very glad q is tryint to gake the initiative to fix things. URL: http://forum.audiogames.net/viewtopic.php?pid=282269#p282269 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Also sorressean, tyler did agree that the screen probably went 8 Bit him self, and the person who said that went and got sighted proof, so that actually probably happened. URL: http://forum.audiogames.net/viewtopic.php?pid=282268#p282268 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I love it. That will always be a source of comedy now, the beginning of that recording. Roofl. I think remote.ini is an issue just because it's so easy to get the keys. It may not be able to be fixed, but it's a step away from leaving the key in the lock. The real issue is a developer fucking over his clients. URL: http://forum.audiogames.net/viewtopic.php?pid=282267#p282267 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I'm not really sure why remote.ini is the problem... or even a problem. You're complaining that someone who has access to your computer can get your keys. Which is really how things generally go. Don't allow people access to your computer. If the client "hid" them, it's open source and people would just know where it is. This isn't STW where it's okay to scatter files through people's harddrives to check if they're banned. If it was encrypted, you'd have to have a password to launch NVDA remote or it would have to be a uniform key, which again would be stored... you guessed it, in the source. Or maybe we should encrypt the encrypted data, then store it on an 8-bit screen before embedding the payload file in the matrix. URL: http://forum.audiogames.net/viewtopic.php?pid=282264#p282264 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @slender, this has nothing to do with remote.ini. I brought it up, but no, this is different, involving a developer of NVDA remote crashing there clients. At least read the text on the linked page which explains things. The recording is there for proof. URL: http://forum.audiogames.net/viewtopic.php?pid=282263#p282263 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I heard them mention payloads several times and it made me laugh. I paused the recording soon after he said that his login screen looked 8bit. I'm listening to some more now. URL: http://forum.audiogames.net/viewtopic.php?pid=282262#p282262 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @Sorressean I heard them mention payloads several times and it made me laugh. I paused the recording soon after he said that his login screen looked 8bit. I'm listening to the more now. URL: http://forum.audiogames.net/viewtopic.php?pid=282262#p282262 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included It's not through those words exactly, but yes. 8 bit login screen, a payload, someone mentioned the bios and recovery (which is after the bios), someone also mentioned embedding a file... just the random bits of technobabble that really made no sense. but yes. I was a bit confused why they thought their screen was ported to the NES. URL: http://forum.audiogames.net/viewtopic.php?pid=282261#p282261 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Ah, good old remote.ini, is this? Honestly I'd rather not listen to hour long recordings, because I'd really rather just hear the problem rather than a recording. But somebody bitched about remote.ini being a security flaw, however it's not like Cris can actually do anything to fix that, since the addon is open source. Anyone with access to the source can just get the encryption out. So please, everybody, this is just people making a big deal out of something and turning it in to something it's not. Or at least that's what it seems like to me. URL: http://forum.audiogames.net/viewtopic.php?pid=282260#p282260 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Sorressean, I didn't pay much attention after hearing him say that his login screen looked 8bit. I stopped listening soon after. But reading that made me laugh, so I'm gonna go find it in the recording now. URL: http://forum.audiogames.net/viewtopic.php?pid=282259#p282259 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included What I ment was the sound. It it was large enough and landed right, it could sound like a gunshot if the sight was not scene. And yeah, i'm sure it did. There were like 7 people in that TT channel all with computer problems with different ideas of what caused it. If you disect each thing from each person it won't sceme like were all as mentally retarded as what it scemes now, but etc. Wait, injecting an NSA payload into the nexass? I do not recall that, in fact I know that was not said at all. URL: http://forum.audiogames.net/viewtopic.php?pid=282258#p282258 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included My bad. I'll repost what I wrote. I felt I rambled too much and was going to re-write it; but since you responded to it I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost da ta, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Remote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is. URL: http://forum.audiogames.net/viewtopic.php?pid=282242#p282242 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included My bad. I'll repost what I wrote. I felt I rambled too much and was going to re-write it. Since you responded to it. I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Remote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is. URL: http://forum.audiogames.net/viewtopic.php?pid=282242#p282242 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Um.If someone were to drop a huge box onto someone's toe, they would presume that someone just dropped a box on someone's toe. I don't know why a terrorist would be mentioned.Also speculations is a big reach for those. They literally made no sense. It's like getting a bunch of village idiots to diagnose heart failure. URL: http://forum.audiogames.net/viewtopic.php?pid=282257#p282257 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Lol yeah, the beginning of that file is total chaos and speculations. You may as well skip it and wait until they start talking in notepad. I just wanted to be as honest as possible and include everything that happened. Come on, what would a huge croud do if there was the sound of someone dropping a huge box on the ground onto someones toe. How many terrorest speculations do you think there would be. URL: http://forum.audiogames.net/viewtopic.php?pid=282255#p282255 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included @stargate: that's the only question you had after listening to that? Did you happen to miss the line about someone injecting a NSA payload into the nexus through the matrix which then made the login screen look different? URL: http://forum.audiogames.net/viewtopic.php?pid=282254#p282254 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included SamFair enough. I do agree with you about how the remote.ini file needs to be hidden a bit better. URL: http://forum.audiogames.net/viewtopic.php?pid=282253#p282253 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Simba, you should be fine using it just like that unless someone gets the key, doubtful for a quiet and pieceful session. Stargate, that lock screen thing, no one was sure at that point. We wern't creating feer, we were trying to figure out what happens. If you keep listening till after tyler comes, we all realize that no one else was being controled, etc etc. URL: http://forum.audiogames.net/viewtopic.php?pid=282252#p282252 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi. Ross, of course I know what your getting at. Here is a point to consider. It is so easy to get someones NVDA remote key with remote.ini, that you hardly have to share keys. And lets not forget the keyhook which was remote. I guess I just feel that it was remote that conducted it, what was used to actually freez the system, I never saw that counting really. Like blaming oxygen for exploding and killing people, or feeding fires. Just my opinion on that particular matter. My biggest thing is tylers responce. He knew this for months yet didn't fix it. As a client, if I wasn't that good at programming etc, i'd think there was a huge ass flaw in remote. And if you want my honest opinion, NVDA is just being used in this situation to make one. URL: http://forum.audiogames.net/viewtopic.php?pid=282251#p282251 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Also, what was your friend talking about the login screen looking different? I'm fairly certain that didn't happen and he was just contributing to the fear mongering. URL: http://forum.audiogames.net/viewtopic.php?pid=282249#p282249 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi.Ok, one quick question.The only times I use NVDA remote is when someone needs to do something at my machine.We normaly do this the following way.We connect over skype so we have voice contact, and the person connects to my computer and does the stuff he needs to do, and after that, we just disconnect from each other.So, what could the person do to my files, please keep in mind that I am always sitting at the computer and have an eye on things when I am remotely connected. URL: http://forum.audiogames.net/viewtopic.php?pid=282250#p282250 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi sorressean. If you want just the part of the recording of tylers voice, I can post it. Also, it was not edited at all, but it was team talks recording feature cutting out. We were all pretty much freaking out at that point. URL: http://forum.audiogames.net/viewtopic.php?pid=282248#p282248 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I agree that what Tyler did was a dick move, and it's unfortunate that NVDA Remote was used to do it. It's even more unfortunate that Tyler was one of the developers of NVDA Remote.This doesn't have anything to do with the security of NVDA Remote though. I share Toth's opinion that when you make posts like this, people are going to jump to conclusions and assume that NVDA Remote has some giant security flaw in it that makes it unsafe to use. In truth though, as long as you use NVDA Remote for its intended purpose and don't go sharing keys, something like this won't happen. URL: http://forum.audiogames.net/viewtopic.php?pid=282247#p282247 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included SamI understand where you're coming from, but that's not the point. When you allow your machine to be connected to, that still allows a tiny bit of room for hackers to work; you of all people should know this. URL: http://forum.audiogames.net/viewtopic.php?pid=282246#p282246 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I want to write a few things here, because I have very mixed feelings about this.First, I don't care where the issue is or what caused it, Tyler or anyone who received money for writing this add-on should not be abusing it, regardless of how stupid it was to share a key and ask people to do something or connect to your computer. This is the point I've been trying to make on Twitter. I'm not sure why people rushed to Tyler's defense, because what he does is not really any different from what he's done before. This isn't a one time mistake.Now with all of that said, I do realize I was slightly unreasonable here, I was mostly irritated that something like this was taken advantage of. The recording does sound heavily edited and mostly really just consists of a bunch of kids screeching and yelling and throwing out buzzwords. The issue here is certainly a problem and I was unable to follow everything going on before I finally just gave it up as a lost cause. Tyler has mentioned that the issue is of taking control of people's synths, but if someone's system was controlled when it wasn't supposed to, which I think might have been what the recording might have been getting at, this needs to be brought to light.Otherwise, Thanks Chris for looking into this and trying to fix it and this has spun out. I do think that the add-on needs to be evaluated; I honestly don't trust that it is secure, especially the server portion which as far as I'm aware is not open source. Really Tyler's actions show some form of mallace and are not excusable; sadly, this brings the entire add-on into question for me. URL: http://forum.audiogames.net/viewtopic.php?pid=282245#p282245 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi ross. If you remember, first. We were connected to that key as listener, or controler. Ivan brought this on him self, not the people who chose to connect. And then ivan disconnected, and tyler connected with clear intensions to get us, not ivan. Sadly the conversation wasn't recorded, but everyone on the channel will agree with me. Tyler was dissing us about hacking ivan, even though he posted the key. And tyler is the dev of the addon, you'd not expect that from him. If I had said allow this machine to be controled, yeah then ok it's my fault. But no, I just happened to connect to 123 because ivan told us to. The dev of the addon then came and interrupted the session by crashing all the controlers, not hosts. URL: http://forum.audiogames.net/viewtopic.php?pid=282244#p282244 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Direct quote from Sam's recount: "Ivan soto posted on his twitter, everyone, if you want to fuck me over, connect to this key, 123. This resulted in over 10 people connecting to said key."So you're telling me that you're saying this program is unsafe, after he had 10 people connect to his computer. To add to this, he specifically asked people to fuck his computer over. Now, we have Tyler, an insanely good hacker, as well as the creator of the addon. Ivan specifically, willingly, and indirectly gave him permission to access his computer.Now, I'm not a programmer on the level your friend group is. However, I do know that if you allow people that you don't know to connect to your computer, shit is going to go down. Sure, Tyler shouldn't have done what he did, but cmon, you brought this on yourselves. URL: http://forum.audiogames.net/viewtopic.php?pid=282243#p282243 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included My bad Sam. I'll repost what I wrote. I felt I ranted too much and was going to re-write it. Since you responded to it. I'll put the original back.I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost da ta, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Remote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is. URL: http://forum.audiogames.net/viewtopic.php?pid=282242#p282242 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Edit: This was in responce to a now deleted post about how the code error was NVDA's and how remote is not to blame. This post has been deleted, but I will still keep my reply. Hi. I can see what you are saying to a certain extent. I think that we both have slightly different views on things. While NVDA is part of it, the keyhook I got locked into was indeed NVDA remote. This provented me from restarting my NVDA, shutting down safely, etc etc. And the way I look at it, He used remote to expand an NVDA issue. He didn't get crashed, everyone else did because he recoded / added to remote. And lets look at this from a different point of view. If I make some security software and someone uses it on there computer. The software has the ability to run system commands encase of maybe a hack or something. Well, in windows, if you kill csrss.exe, the system instantly bluescreens. So if I decide to be a dick and type that command and bluescreen the computer, is it windows fau lt? No, it's my fault and the software's fault, even though it is a windows issue. When I connected to that key, I clicked an option that says control another machine. This expressly implies that my computer is not to be controled or tampered with, that I am controling another machine. But a bunch of clients were crashed. Yes, it can be considered more of an NVDA thing, but it's still remote that caused it, thus in my opinion, is what to blame. Also, lets look at it from a clients point of view. Especially if I don't know much about computers and this happens, I ain't gonna give 2 shits who made the coding error because that's not what madders. The dev of the remote software I was using crashed me with it. Lets take the unix processer. You set the time to unix_timestamp-1 second, good buy to your system, at least in a way. So what if apple decided to be a dick and somehow remotely set some random iPhones to timestamp-1. Would you blame the unix processe r? Or apple. URL: http://forum.audiogames.net/viewtopic.php?pid=282241#p282241 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included Hi. I can see what you are saying to a certain extent. I think that we both have slightly different views on things. While NVDA is part of it, the keyhook I got locked into was indeed NVDA remote. This provented me from restarting my NVDA, shutting down safely, etc etc. And the way I look at it, He used remote to expand an NVDA issue. He didn't get crashed, everyone else did because he recoded / added to remote. And lets look at this from a different point of view. If I make some security software and someone uses it on there computer. The software has the ability to run system commands encase of maybe a hack or something. Well, in windows, if you kill csrss.exe, the system instantly bluescreens. So if I decide to be a dick and type that command and bluescreen the computer, is it windows fault? No, it's my fault and the software's fault, even though it is a windows issue. When I connected to that key, I clicked an option that says control another machine. This expre ssly implies that my computer is not to be controled or tampered with, that I am controling another machine. But a bunch of clients were crashed. Yes, it can be considered more of an NVDA thing, but it's still remote that caused it, thus in my opinion, is what to blame. Also, lets look at it from a clients point of view. Especially if I don't know much about computers and this happens, I ain't gonna give 2 shits who made the coding error because that's not what madders. The dev of the remote software I was using crashed me with it. Lets take the unix processer. You set the time to unix_timestamp-1 second, good buy to your system, at least in a way. So what if apple decided to be a dick and somehow remotely set some random iPhones to timestamp-1. Would you blame the unix processer? Or apple. URL: http://forum.audiogames.net/viewtopic.php?pid=282241#p282241 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Rem ote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is. URL: http://forum.audiogames.net/viewtopic.php?pid=282240#p282240 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Rem ote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is. URL: http://forum.audiogames.net/viewtopic.php?pid=282239#p282239 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Rem ote as it was intended, and not screw around on Twitter making the keys you're using to connect with public.Keep in mind I'm not defending Tyler at all. I'm just saying that I think you're trying to attract attention to an issue that isn't as much of a problem as you think it is, just like the ini thing a few months ago. URL: http://forum.audiogames.net/viewtopic.php?pid=282239#p282239 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you've lost data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise to use NVDA Rem ote as it was intended, and not screw around on Twitter making the keys you're using to connect with public. URL: http://forum.audiogames.net/viewtopic.php?pid=282239#p282239 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: NVDA remote unsecurity prooven, recording of dev included
Re: NVDA remote unsecurity prooven, recording of dev included I've been watching the Twitter conversation as it unfolded. You really must not like NVDA Remote, because this has nothing to do with it. It is an NVDA bug that Tyler took advantage of, and reported to the NVDA developers back in 2014. And yet, once again, you clame that NVDA Remote isn't secure, but this has nothing at all to do with security. What Tyler did was a dick move, but you're spreading false information. Not only that, but I see Toth showing nothing but professionalism to you, and he's already trying to figure out how to go about resolving the bug in NVDA that Tyler took advantage of. Yet, you still want him to do something more. You're not happy with him attempting to fix the bug that you're crying about, so what more would you have him do? I understand you lose data, and that's unfortunate, but to put it bluntly, shit happens and there's nothing that can be done about it now. In the future, it may be wise do use NVDA Remote as i t was intended, and not screw around on Twitter making the keys you're using to connect with public. URL: http://forum.audiogames.net/viewtopic.php?pid=282239#p282239 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
