Author

Topic: Keep a low profile, and hide your identity to be safe. (Read 1291 times)

full member
Activity: 140
Merit: 100
1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ
The trick today is keeping a low profile.

I assume back in the day it was fairly easy to disappear. The loopholes are all plugged now...
hero member
Activity: 868
Merit: 1000
Many years ago when I was younger, I found a hole in a web application, not a very advanced exploit, it was merely a very bad web application. Basically the developer(s) had created a web application where you could just change the UID in a query string to sell the stocks of a specific member in a virtual stock market. There was also another hole whereby you could find the UID of basically any user in the system.

So I rung up one of the board members in the company and told him that I could sell anyone's stock. I basically just told him, give me your username, and I'll sell one of your shares. He just laughed and said it wasn't possible. Then I just manipulated the url, and sold one of his shares, then I asked him to refresh his portfolio. He went silent, and then said something like: "Holy fuck, I have to get in touch with IT, and I'll call you back!"

Later I learned that the head of IT wanted to sue the ass of this 'idiot'. But some other at the company said that since I had reported the security issue, this would not be necessary, so I actually was paid a decent sum for this discovery.

I guess, if they were assholes about it, they could have pressed charges ? I don't know what they could've put on me, but surely it wouldn't have been much fun.

This was many years ago though, I don't search for security holes these days, and I'm not sure what I would do if I found one today.
legendary
Activity: 1540
Merit: 1000
lolz Cheesy should be careful about that though because then it might just turn into a stupid popularity contest, I've always felt that the internet is one of the best resources you have as long as you check over things properly, I swear I've learned more here than I have in most 'official' places of learning, it's also helped me recognise the bullshit so I've found some pretty good teachers.
hero member
Activity: 868
Merit: 1000
lol I got that kind of bullshit when I was in primary school and onward, teachers don't like it when you make them look bad in front of their peers because of course the schools are all ranked etc. in how well they do and if they have to report cases of harassment etc. publicly to the government it won't go down well with their superiors, then later on I started getting really fed up with what I was being taught when I actually decided to learn about it properly.

In lectures there should be a system where all attendees could vote for how the lecturer performs. A lot of lecturers never improve, it's just the same old boring system, I'd rather read a book and do exercises. If the lecturer strive to keep the lecture good, and get the attention of the students however, that's good.
legendary
Activity: 1540
Merit: 1000
lol I got that kind of bullshit when I was in primary school and onward, teachers don't like it when you make them look bad in front of their peers because of course the schools are all ranked etc. in how well they do and if they have to report cases of harassment etc. publicly to the government it won't go down well with their superiors, then later on I started getting really fed up with what I was being taught when I actually decided to learn about it properly.
hero member
Activity: 868
Merit: 1000
Quote
The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

This kind of bullshit is precisely why I'm staying away from universities, internal politics have no place in learning and that's all this is, it's pretty obvious someone didn't like the blatant flaw he found in their coding.

Personally I was called to the headmasters office when I went to university. Simply because I was vocal of an issue I thought was important, nedless to say, I didn't participate in anything at all after that, I just did whatever was required in regards to academic work to finish it all and get my degree.
legendary
Activity: 1540
Merit: 1000
Quote
The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

This kind of bullshit is precisely why I'm staying away from universities, internal politics have no place in learning and that's all this is, it's pretty obvious someone didn't like the blatant flaw he found in their coding.
legendary
Activity: 2324
Merit: 1125
But now he's in this (shitty) situation he should fight with all his might. I would (and he seems to be taking the first step).
hero member
Activity: 868
Merit: 1000
Fun stories of other exploits, either reported or sold on the black market:

http://news.ycombinator.com/item?id=5090007

So the moral of the story could be; don't tell, sell!  Grin

Not that I'd advise it..
full member
Activity: 140
Merit: 100
1221iZanNi5igK7oAA7AWmYjpsyjsRbLLZ
Fun stories of other exploits, either reported or sold on the black market:

http://news.ycombinator.com/item?id=5090007
legendary
Activity: 1666
Merit: 1057
Marketing manager - GO MP
Who needs computer science anyway?  Roll Eyes
hero member
Activity: 868
Merit: 1000
This is a very good example of exactly what the topic says.

http://news.nationalpost.com/2013/01/20/youth-expelled-from-montreal-college-after-finding-sloppy-coding-that-compromised-security-of-250000-students-personal-data/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+NP_Top_Stories+%28National+Post+-+Top+Stories%29

Basically, never trust that other people will agree with you that what you do is a moral and good thing to do.

Also it was an apeshit move to have the professors vote whether he should be allowed to stay or not with his studies. A professor will most likely stay at the university for a long time to come, and is only interested in covering his or her own ass, so they're loyal to the administration.

The right thing to do would've been just to fix the issue, and thank the student. Sadly, not everyone reacts this way.

If you find a security hole, just report it anonymously if you feel like reporting it.
Jump to: