Anti-Sec Crusade Against Full-Disclosure. "Imageshacked"

oh no

hackers on the itnenret

They said it themselves; they can't change the world. Any difference they make won't last forever and things will return to normal.

Quote:

---

Originally Posted by rossmum

Oh, that's alright then. As long as some upstart gets hold of my Steam account which is worth a few hundred by now (hypothetically speaking, nobody's been successful to date but most of my mates have fallen victim at least once) for a good cause!

The devs might be risking this by not patching, but I fail to see how telling all and sundry how to exploit the hole is not worse than the problem it's meant to alleviate. Now instead of a few determined malicious sorts trying to lift people's accounts, I see kids jacking accounts just because they don't get their own way in an online community. It's like amputating someone's arm because they have a mild skin rash, total overkill and far more of a menace.

---

If that were to happen, then Valve would have to immediately admit there was a massive security flaw and they would reverse all the changes instantly and patch their system.

If anything, it's better if you have hundreds of people hacking accounts with an exploit than only a handful. If you have a few, it would be difficult to say that you can't login one day and you think the account was stolen. If you have hundreds or thousands doing this to people's accounts, Valve has to say that hundreds of accounts are falling victim due to a security flaw that they knew of but ignored.

With haloboom, if a few servers just randomly started crashing, no one would think anything of it. But when the exploit was released and people were crashing servers left and right, Microsoft patched it!

Call me odd but I just don't like the idea of playing with other peoples' personal shit just to force somebody else into doing something at all...

Sorry duder, but that's how the world works. Everyone is lazy and/or focused on something else to care unless the security exploit is brought to the front.

Besides, in some cases of full disclosure, end users have the information they need to take steps in preventing the attacks from working. Remember when haloloop 1.07 was found? A community member patched up a quick workaround.

Hypothetically, what if there was a forum exploit where someone could somehow see your login credentials when you login on a certain type of page? Wouldn't you rather have that info out in the open so you know which page to not log in on?

Security through education (and yes, a little bit of blackmail). If there was no such thing as full disclosure, then the blackhat hackers who are really nothing more than script kiddies who got the exploit info from their best buds would be much more prominent.

Oh, I'm all for telling people ABOUT problems, just not how to exploit them.

but what your not getting ross is that THEY DONT GET FIXED UNTIL LOTS OF PEOPLE KNOW.

blame lazy dev's.
Alot of these things they find out before they're completely disclosed.

YAYAYAYA I get a new credit card

~snip~ :ohdear:

<3 SnaF

Making a patch for an exploit takes time, and remember kids: Time is money!