Latest posts of: wraith808 - DonationCoder.com
Welcome Guest.   Make a donation to an author on the site May 29, 2015, 03:21:25 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 ... 100 101 102 103 104 [105] 106 107 108 109 110 ... 250 Next
2601  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 22, 2013, 07:40:28 AM
@Mouser - FWIW I am on record a few posts back for saying I thought the response seemed unusually harsh and possibly excessive based on the facts made public so far.

Which is pretty much where this keeps going in a circle:
Everyone seems to agree that the punishment was excessive.
Everyone seems to agrees that he totally screwed up.

Yet we're debating what exactly?

Exactly  Grin

Good point. I think we should get on to what students SHOULD do. i.e.

  • Report vulnerabilities
  • Don't report vulnerabilities
  • Sell exploits to pay for books & tuition
  • Publish the exploit on Twitter & PasteBin then watch the SHTF? tongue

Grin

I'm voting for #4 as it would be the most entertaining~! tongue  Thmbsup


Relevant:



(Although in all reality, I still don't condone that type of stuff.  No matter how douchey one person (or part of the organization) may be, that kind of stuff gets people fired, harms totally unrelated people, and is just evil)
2602  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 22, 2013, 07:39:45 AM
Having said that if the university had any sense they would have invited him to help with checking the hole wa fixed after he reported it initially.

They wouldn't do that because they were already in CYA mode.
2603  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 09:28:36 PM
^ And it's not like kick him to the curb and let him go somewhere else.  This has real academic and financial ramifications that are definitely disproportionate.
2604  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 09:20:37 PM
I believe all agree the given punishment is not the right thing to do.

That's my point.  No one's arguing that what he did was wrong-headed and/or ill-advised, if not arguably wrong.  So why are we arguing that point?
2605  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 03:29:35 PM
Going in again is where he made his mistake.

No one is saying what he did wasn't a mistake- he should have been informed as to such, and perhaps punitive measures taken based on the fact that he violated university rules, if indeed there was such in place.  But there is intent, and reasoned response.  That's what's being questioned.  The argument over whether running it was the wrong move is a straw man, IMO.
2606  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 03:27:04 PM
Quote
When reached for comment Mr. Taza acknowledged mentioning police and legal consequences, but denied having made any threats, and suggested that Mr. Al-Khabaz had misunderstood his comments.

This is what makes me want to BBQ them instead.  This wasn't because of hacking or even running the software.  They were in CYA mode, and the uni is helping them to CYA.  What I'd like to see is the complaint that the professors voted on.  It wasn't as simple as this guy ran this... should we expel.  There's still CYA going on.  And that's the big problem that I see- this guy is getting crushed in the machinery of maintain contracts and CYA.
2607  News and Reviews / Official Announcements / January 2013 Giveaway Winners! on: January 21, 2013, 01:54:00 PM
Winners of the January 2013 Giveaway


January 2013 Giveaway

Supporting Members, you've got until the last day of the month to take advantage of this month's Discounts..

This Month's Special Discounts and Giveaways:



Winners of 'Page Four' (3):
  • sunlitlaz
  • Gretch68
  • longrun
Winners of 'Hard Disk Sentinel Pro' (10):
  • Ath
  • 4wd
  • Floppy
  • Phil White
  • Mongoplus
  • mdl
  • TurboJosh
  • jdakpiglet
  • Isaac Patch
  • Joe Hone
Winners of 'CintaNotes' (3):
  • erikts
  • Target
  • gno
Winners of 'Start Menu X' (5):
  • edbro
  • rno2
  • Kapiti
  • phillthefluter
  • JoTo
Winners of 'HippoEDIT' (5):
  • cacoder
  • peteg05
  • FranckW
  • DarkStar57
  • tkh7819


All winners are now being notified by email to their forum email address.  If you haven't received an email but your name is listed above, check spam filters and forum email address, and then mail prizes@donationcoder.com and let us know you never got any mail.  It can take a few days for companies to send you your serial number; if a few days pass and you haven't received it - send a reminder to the company email as noted in your winning notification email, or to us by replying to the email you received or to us directly.

Curious about how we award prizes?  See http://www.donationcoder....bb/index.php?topic=1684.0 for a discussion about our custom prize optimizer utility. Winning something one month reduces your chances of winning the next month, and being helpful on the forum slightly increases your chances.
2608  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 12:08:07 PM
All I'm responding to is the fact of it being illegal
The difference between scanning for publicly available information (domain owner, email addresses listed on web pages, administrative contacts, etc.) and vulnerability scanning is that information gathering is passive when you talk about publicly available information. Scanning a server can have real consequences on the server if the tool is not configured properly and is NOT passive.

All I'm saying is saying it was illegal, then using said threat to make him sign an NDA wasn't right by any means.  It's not illegal in and of itself, and trying to prosecute him for such would be legal handwaving.  Not saying a prosecutor wouldn't do it, but that's what it would be.
2609  Main Area and Open Discussion / Living Room / Re: Computer science student expelled for testing university software security on: January 21, 2013, 10:08:58 AM
Renegade, unless he was specifically granted permission to re-check the system, it is an illegal scan of the system. Many professional penetration testers have lost their jobs because of such an act.

The utility in question (Acunetix) scans for publicly available information about the system. It wasn't the smartest thing to do, but neither is it illegal- you can get the same information in other ways, and it's a white hat utility.  And the way they bullied him with incorrect information about the legality to get an NDA signed, then backed off... yeah...
2610  Main Area and Open Discussion / Living Room / Re: PowerPwn: Power strip by day, Hacking device by night! on: January 21, 2013, 10:06:46 AM
Ok... that's just evil.  Grin
2611  Main Area and Open Discussion / Living Room / Re: PowerPwn: Power strip by day, Hacking device by night! on: January 20, 2013, 11:38:24 PM
I'd hate to be a sysadmin right about now...
2612  Main Area and Open Discussion / Living Room / Re: PowerPwn: Power strip by day, Hacking device by night! on: January 20, 2013, 08:46:23 PM
The former.  That's why I think it would be so insidious.
2613  Main Area and Open Discussion / Living Room / Re: PowerPwn: Power strip by day, Hacking device by night! on: January 20, 2013, 11:58:12 AM
That is true... but there's a more insidious way to do it if you have inside help- one that's harder to trace.  Bridge the network connection on a legitimately connected computer...
2614  Main Area and Open Discussion / Living Room / Re: Random question for all you Doconians! on: January 20, 2013, 09:16:09 AM
I work from home (at times), and could probably at this point do it permanently given enough justification, as many people where I work do it.  And I think it really depends on the employer; it took a while for them to get to this point, and a couple of the reasons were certain key people moving, and the fact that they have offices overseas, so one location just wasn't a viable argument anymore.

Of course, it also depends on the infrastructure and whether it will securely support remote work, and their IT department.  Not big technical hurdles to cross, but if they're not already in place, that business hurdle can be insurmountable.
2615  Main Area and Open Discussion / Living Room / Re: PowerPwn: Power strip by day, Hacking device by night! on: January 20, 2013, 09:11:24 AM
Of course there's the simple piratebox that could be set up with this- a separate wireless network in the same building as your standard network...
2616  Main Area and Open Discussion / Living Room / Re: MEGA Almost Online - Misses Deadline on: January 19, 2013, 12:58:05 PM
What is this?
2617  Main Area and Open Discussion / General Software Discussion / Re: WinPatrol Plus or AnVir Task Manager? on: January 18, 2013, 12:10:31 PM
Well, yes and no.  A developer can create such obfuscation, but why bother when there's no rationale for it?  While it's entirely possible I'm loading four (4) malware elements, I'm a bit doubtful.

You don't even have to intentionally do it.  You can have your process started by rundll32 or svchost and not sign it, and then, though you can see something appear in the ROT, you don't have any idea of what it was.  Of course, none of these might be the reason- it's just that the question of it's as simple as extracting it from the process name or such information is not the be all to everything that runs.  I guess in the end, mwb said it best:

Have you let BillP (WinPatrol's author) know about the problem?  I have the impression that he's pretty responsive to feedback.

Because only he'd know how he was doing it and could only fix it if it was reported.
2618  Main Area and Open Discussion / General Software Discussion / Re: WinPatrol Plus or AnVir Task Manager? on: January 18, 2013, 10:42:07 AM
Now, I know the program name can be either extracted from the application or from the system.

Incorrect.  Depending on how it's starting, those can be obfuscated.  It's one of the ways that malicious programs keep themselves out of the running objects table and out of task manager.
2619  Main Area and Open Discussion / General Software Discussion / Re: WinPatrol Plus or AnVir Task Manager? on: January 18, 2013, 10:05:37 AM
I think the inability to provide information about programs isn't related to WinPatrol PLUS, but the program in question.  The information provided is an opt-in sort of thing from the developer; they have to provide that information.  There's some information that can be retrieved from your system, but a lot of it comes from the application in question.
2620  Main Area and Open Discussion / Living Room / Re: TOO AWESOME FOR WORDS! on: January 17, 2013, 11:03:16 PM
The one not so awesome thing about the conclusion yet to come- I wonder if he's going to spend some time and money in court. Sad
2621  Main Area and Open Discussion / Living Room / Re: TOO AWESOME FOR WORDS! on: January 17, 2013, 09:12:21 PM
I saw an analysis on another site and a talk to the auditors that caught him- they said he could have gotten away with it with one minor change to his scheme.  Set up a server at home, and have them vpn into the server, then connect from there.
2622  Main Area and Open Discussion / Living Room / Re: TOO AWESOME FOR WORDS! on: January 17, 2013, 10:03:45 AM
Let those who advocate for the "new service and information economy" ponder deeply the implications in this. tellme Grin

Inside of the "service" sector, we do need to point out the difference between PHYSICAL services and INTELLECTUAL services.

e.g. A lawyer provides both, but his physical presence is still required in court. A coder? Not so much. Those are purely intellectual services.

There's a big difference there in "services".

-- Just in case that wasn't already apparent/explicit/implicit/understood/whatever for anyone. Wink



Nice article-- and even nicer clarification. smiley
2623  Other Software / Announce Your Software/Service/Product / Re: The MagicRAR Drive Press Challenge on: January 15, 2013, 10:15:23 AM
And yes, there are limits for the reason you stated.  It's an int (16 or 32-bit depending on the version of comctrl32.dll [ref].
That reference mentions 64k limit - I wonder if comctrl uses signed or unsigned integers? It's been ages, but I seem to recall doing 32k clamping?

I think they're signed, but don't quote me on that; it's been ages for me too other than dabbling here and there.
2624  Main Area and Open Discussion / General Software Discussion / Re: MagicRAR Drive Press - worth anything? on: January 15, 2013, 10:11:55 AM
^ +1 and well said!  Thmbsup
2625  Other Software / Announce Your Software/Service/Product / Re: The MagicRAR Drive Press Challenge on: January 15, 2013, 07:40:57 AM
Oh, and one last thing: your progress bars are severely bugged - they reached 100% several minutes before the actual operation was done (bugged both in analyze as well as compress phase). Looks like you use Delphi, and I haven't touched that since Delphi2, so dunno if there's limits on it's current/max values... but iirc the win32 controls are/were clamped to pretty low values, meaning you definitely shouldn't be using currentBytes/maxBytes - or even currentNumFiles/maxNumFiles for modern filesystems.

Could also be C++ builder.  And yes, there are limits for the reason you stated.  It's an int (16 or 32-bit depending on the version of comctrl32.dll [ref].
Pages: Prev 1 ... 100 101 102 103 104 [105] 106 107 108 109 110 ... 250 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.08s | Server load: 0.08 ]


Share on Facebook
submit to reddit