RE: Atheism +
December 28, 2012 at 7:08 pm
(This post was last modified: December 28, 2012 at 7:17 pm by Autumnlicious.)
Is it possible that the morons at FTB added him to their list but didn't properly remove him?
REF: http://freethoughtblogs.com/dispatches/2...obsession/
Site tech? Security loop hole?
Are you fucking kidding me?
Apparently I'm supposed to believe:
1) The "site tech" (I use that term generously) is, against all odds, a security conscious guy who keeps logs
2) Thunderf00t, a man known not for his technical skills, has found an exploit in MAILING list software, one of the most ancient and well-tested of software families.
3) Said site tech was able to figure out that was an exploit through reading the logs.
For a large business or a security expert like Fyodor, I'd expect exactly that.
For everyone else, and especially some off-the-path shitty blogging network, I'd normally expect the lousiest "techs" given that all the net-sec guys I know from college work for large multinationals.
It is possible FTB's has a magical tech who can efficiently figure this out on his own but never updates his software (?), that Thunderf00t is gifted enough to find an exploit and use it, etc,.
It's more likely that Ed Brayton didn't use the software correctly or the software reverted to an earlier configuration (or there was an integrity loss in the servers/cloud and caused a rollback of a transaction meant to deauthorize Thunderf00t)
Really -- the entire presentation makes it sound like FTB is incredibly vulnerable to script kiddies (digging into the DB? really? That's usually a TREMENDOUS fuck up when someone can insert new entries into the users table) or Thunderf00t is an excellent hacker.
Ok FTB, show us the logs. Where's your proof? These are hefty allegations.
Oh, and I notice the metablogging about blogging there. Quite a masturbatory indulgence...
One of Thunderf00t's responses:
REF: http://thunderf00tdotorg.wordpress.com/2...-a-pariah/
REF: http://freethoughtblogs.com/dispatches/2...obsession/
Quote:A few hours later, I received an email from a longtime commenter on the site telling me that “your email distribution list is not secure. Take the time to verify that only the people who are supposed to be on the list are actually members, as messages have been leaked.” Prompted by those messages, I went into the admin panel of our mailing list software, did some checking and discovered that Thunderfoot had somehow managed to get back on the mailing list after he was removed from it on July 1, when the decision was made to close his blog and remove him from the network. I double checked to make sure that he had been removed from the list at that time and he was (I have email confirmation from the system at the time). I then had our site tech do some digging into the database and he discovered that Thunderfoot had used a security loophole (now fixed) to regain admission to the list only a few minutes after he was removed from it on July 1 and had been receiving all of the email traffic between everyone else from that moment forward, without our knowledge. When that fact was discovered, he was, of course, removed from the list a second time and the settings were changed to close the loophole in our security that allowed him that access; over the next half hour he tried multiple times to get back on the list again but failed.
Site tech? Security loop hole?
Are you fucking kidding me?
Apparently I'm supposed to believe:
1) The "site tech" (I use that term generously) is, against all odds, a security conscious guy who keeps logs
2) Thunderf00t, a man known not for his technical skills, has found an exploit in MAILING list software, one of the most ancient and well-tested of software families.
3) Said site tech was able to figure out that was an exploit through reading the logs.
For a large business or a security expert like Fyodor, I'd expect exactly that.
For everyone else, and especially some off-the-path shitty blogging network, I'd normally expect the lousiest "techs" given that all the net-sec guys I know from college work for large multinationals.
It is possible FTB's has a magical tech who can efficiently figure this out on his own but never updates his software (?), that Thunderf00t is gifted enough to find an exploit and use it, etc,.
It's more likely that Ed Brayton didn't use the software correctly or the software reverted to an earlier configuration (or there was an integrity loss in the servers/cloud and caused a rollback of a transaction meant to deauthorize Thunderf00t)
Really -- the entire presentation makes it sound like FTB is incredibly vulnerable to script kiddies (digging into the DB? really? That's usually a TREMENDOUS fuck up when someone can insert new entries into the users table) or Thunderf00t is an excellent hacker.
Ok FTB, show us the logs. Where's your proof? These are hefty allegations.
Oh, and I notice the metablogging about blogging there. Quite a masturbatory indulgence...
One of Thunderf00t's responses:
REF: http://thunderf00tdotorg.wordpress.com/2...-a-pariah/
Slave to the Patriarchy no more
