log☇︎
41000+ entries in 0.279s
mod6: I will not calm down, you are wasting my, and everyone who reads this channel's time.
mod6: I should not be subjected to have to read this.
douchebag: Fine I wont
mod6: Lords and Ladies of the Republic: I do not believe this chamber should be subjected to this abuse. I appeal to you.
douchebag: I just explained why
douchebag: I can
douchebag: "Do I want to read all of your testing bullsit?"
mod6: WHEN DID I INSULT?
douchebag: trinque told me I can test his bot. Some of the features don't work in PM
mod6: When did I insult? Link to log plz.
douchebag: and not say anything back. I'm not anyones bitch
douchebag: I'm not going to sit around and just get insulted
mod6: I demand public apologies for calling us all "jerkoffs" "faggots" etc.
mod6: I'm tired of this person.
douchebag: mod6: I'm not talking about you jerkoff
mod6: No. I don't.
mod6: Do I want to read all of your testing bullshit?
douchebag: ben_vulpes: fuck you, I'm doing it
douchebag: but sure I guess
douchebag: ben_vulpes: Usually I would figure if someone is offering money, they should be the one creating the contract or whatever
douchebag: I found the links myself
douchebag: Well I found both a php version
douchebag: trinque: Could I view deedbots source by any chance?
trinque: mk. understand I'll negrate you if you go back on our wager.
douchebag: Pretty sure I could easily exploit it
lobbes: Check out the logs for 'bot directory'; I think pete_dushenski's page is probably still up
lobbes: Btw jhvh1 isn't related to deedbot (and, as far as I know, is not on a box with any coin contained within)
jhvh1: douchebag: (unix ping [--c <count>] [--i <interval>] [--t <ttl>] [--W <timeout>] <host or ip>) -- Sends an ICMP echo request to the specified host. The arguments correspond with those listed in ping(8). --c is limited to 10 packets or less (default is 5). --i is limited to 5 or less. --W is limited to 10 or less.
ben_vulpes: mircea_popescu: going to nail down pricing for shells on this machine and then we can provision them, i expect that we can get hanbot a shell tomorrow ☟︎
douchebag: I'll do it
trinque: douchebag: ^ if you want honest work, I will pay you for a demonstration that you can discover the balance of an arbitrary deedbot wallet user, on the condition that if in one month you can't, you drop this web security herp and take a task from me and complete it.
asciilifeform: ^ no inbandbarf on any of the browsers i have in arm's reach
ben_vulpes: i'll look into this unordered sets thing later
ben_vulpes: asciilifeform: well yes i did find the error message but i am still banging my head on the why of it
trinque: nah, guess I assumed in charity that herr douchebag looked at the thing's output before.
trinque: oh lol, I'm already serving them up as txt.
trinque: the problem I was driving at was the sign of bad upbringing where I sit here and tell him where the vulns *certainly* are
mircea_popescu: consider something simple : i took pride publicly on how trilema doesn't load google analytics, thereby giving away the usual set of telemetrics to the usg. fine and good. but your site can be coaxed to load ???.burpcollaborator.net by 3rd party ? so every time a "normal" browser goes by it looks up wtf that doctype is and so on ?
trinque: at any rate I'm not questioning you to make you not diddle the XML holes. in your log reading you might've heard me refer to servers as outdoor toilets.
douchebag: trinque: I would reprogram deedbot to become self aware and take over the world
mircea_popescu: anyway, what we have here is a tacit miss-standard, and the discussion is probably of most interest to people who aim to make their own blog thing, phf spyked whoever was looking at lisping it. because on one hand there's the older trilema standard that's web compatible, and on the other hand there's the emerging no shits given approach like on the deedbot site say, "what am i going to do now, alter deeds to mitigate sht brow
douchebag: I would then look around and determine how it could be best leveraged
mircea_popescu: douchebag i was extending the discussion.
douchebag: The XML shit I am doing has nothing to do with the web browser
trinque: douchebag: so perhaps the feeds parser thing does, even. I have no idea. What happens next?
douchebag: mircea_popescu: You realize I signed it
douchebag: trinque: Because I haven't seen the source code so I don't know if dtd was disabled
douchebag: mircea_popescu: I was just shitposting sir, no need to explain
douchebag: I think you're projecting
douchebag: I just asked a question
douchebag: How am I kink shaming
douchebag: https://i.imgur.com/2Tn47SJ.png
ben_vulpes: mircea_popescu: i'd have settled for a plausible story of social engineering
a111: Logged on 2018-03-23 04:13 ben_vulpes: douchebag: what is the concept again that you have proven? i am still waiting for the explanation of what precisely this social engineering attack does.
ben_vulpes: i'll take a clue if you have one handy
mircea_popescu: no, i don't swing that way. the girls occasionally swoop in, but not commonly.
douchebag: mircea_popescu: I have an honest question for you
a111: Logged on 2018-03-23 04:12 douchebag: asciilifeform: I'm not here to argue or to social engineer you. I provided a VALID proof of concept. Stop bitching about it and fix it.
mircea_popescu: http://btcbase.org/log/2018-03-23#1789006 << i r entertaint. ☝︎
douchebag: Alright, I don't need the source code to pwn your shit
trinque: I don't like you.
douchebag: In that case, I'll get right to work
ben_vulpes: unlike the rest of the world i hold myself to the standard i hold it to
douchebag: So if I can pop any of your boxes and steal bitcoin - that's fair game?
douchebag: I read that, but I didn't think you were referring to yourselves
a111: Logged on 2017-08-31 19:11 mircea_popescu: can't say i've encountered that many ; and can say that from actual lived experience, the "thinks he's jeddi" heuristic is a fine indicator for "head so far up ass the net result of sufficient whipping will be soap", ie http://trilema.com/2015/the-anal-child/
douchebag: I have the feeling that even if I got remote code execution
asciilifeform: for that matter, why does douchebag settle for small change of www ? a remote ex for trb or even prb will easily bring in enuff loot to buy a battleship. without having to convince anybody, i'll note, of anything.
ben_vulpes: i'm clearly just an amateur, but an advanced security consultant like yourself should have no troubles explaining it to a civvy
ben_vulpes: douchebag: what is the concept again that you have proven? i am still waiting for the explanation of what precisely this social engineering attack does. ☟︎
douchebag: asciilifeform: I'm not here to argue or to social engineer you. I provided a VALID proof of concept. Stop bitching about it and fix it. ☟︎
asciilifeform: douchebag: go ahead and 'socially engineer' people who actually verify the pgp sigs on errything they touch. i'll interestedly watch.
douchebag: Listen, I understand that you're all upset that I made you look like an idiot for not sanitizing all user input. These are habits that are picked up after you learn about programming a secure web application.
ben_vulpes: or do i not understand how fake content works, because actually i'm certain that i don't understand what this gpg-signed fake content is.
douchebag: I'm not here to argue with you children about whether or not you would have fallen for the attack. I provided a valid proof of concept like any professional would do.
ben_vulpes: i'm going to need three rail cars of sugar and a fuckton of smallish pvc tubes
trinque: long as you clear it first, I'll come visit
ben_vulpes: trinque: i want northern california
douchebag: How am I supposed to know the site was static?
douchebag: Okay, I would be most useful if I could view the source of deedbot
trinque: I don't much give a fuck if someone puts a script tag in a deed.
ben_vulpes: i don't much give a shit, take some initiative and do something?
trinque: if he could discover where the wallet actually lives, I'd be mighty impressed.
ben_vulpes: i'm a softie what can i say
trinque: I seem to recall this kid being told to do things, came back with his snowflake personality and american dream.
a111: Logged on 2018-03-22 11:15 douchebag: If I understood it completely it would be no problem coding it.
a111: Logged on 2018-03-22 11:14 douchebag: I don't understand what a V is I have read about it, I have looked at examples and I still don't understand
a111: Logged on 2018-01-26 19:46 douchebag: Well, I'm just trying to figure out where my skillset could be best put to use, I would be more than capable of writing a V implementation or setting up an IRC bot. I'm trying to leave it to you guys to tell me where my skillset could best be put to use
mircea_popescu: i guess not huh!
ben_vulpes: lobbes: you should see the girls; i swear the only ones who aren't wholly corrupted by the anxiety machine are the 1st-generation ethnic imports who take care of my kid
mod6: BingoBoingo: re !!down that man. I don't have time to read through all this nonsense to pick out 3 important lines to pizarro.
douchebag: I could submit writeups
lobbes: Right? Sucks, because he has more knowledge at 20 than I do now at 30. Sadly, also moar cockroaches
ben_vulpes: although i suppose it comes with a decade of 'security community' baggage
a111: Logged on 2018-03-22 19:15 douchebag: asciilifeform: You're not even worth responding to at this point, I think you're the one who wouldn't know 'if it bit you'
lobbes: http://btcbase.org/log/2018-03-22#1788893 << you know this wasn't personal right? (Pantsuitism trains emotional response to criticism, I know). He's trying to lead you to realise an important point for yourself  (this is a true beauty of this place, incidentally; can meaningfully confront the Self, if you are willing) ☝︎
douchebag: I never said large companies require large codebases
douchebag: Because I've worked on pentesting both of them
douchebag: I can tell you Yahoo is a less secure company than Google
douchebag: I can tell you for instance