43900+ entries in 0.297s
a111: Logged on 2018-01-26 07:09 douchebag: Are there any sites any of you guys would like me to check out?
I'm a bit bored right now and
I am always up for a challenge :-)
lobbes:
http://btcbase.org/log/2018-01-26#1776736 << you really should do the homework trinque pointed you to, but if you are done with that and bored again, plox to look at logs.minigame.bz, lobbesblog.com and lobbesbot?
I'm a meganoob so you may find something.
I've no shame, so disclose whatever you can find here.
I'll toss a handful of satoshis your way if you do (and a wot rating)
☝︎ a111: Logged on 2018-01-26 08:59 douchebag: Well, since RSS is in XML format
I was testing a popular vulnerability that occurs in XML parsers which uses external entities, allowing an attacker to exfiltrate data
mircea_popescu: but
i thought they already had a perfect medium of exchange called the unified standard dosidoe!
douchebag:
I just learned about AngularJS XSS attacks
mircea_popescu:
i rated you, so now the bot will allow you to voice yourself. say /query deedbot and then !!up ; it will give you a thing to decrypt, give the result back to it as !!v <string>
emmylark: Wait are you serious?
I did that for you sir.
emmylark:
I'm talking to you through the Freenode server in my IRC client. It made me register a name and email.
mircea_popescu: emmylark it's very nice to get to choose ;
i choose to keep the second for my private collection of smutty selfies.
emmylark: How did
I do sir? Was it acceptable?
I sent a second one just in case the first wasnt enough.
I thought it might be nice to get to choose
douchebag:
I could grab the AWS Instances API keys lol
douchebag: IF
I were able to find a bot that essentially returned the content of that URL and it was hosted on Amazon AWS
douchebag: Honestly,
I bet a lot of boxes could be popped just from messing around with IRC bots lol
douchebag: Well, since RSS is in XML format
I was testing a popular vulnerability that occurs in XML parsers which uses external entities, allowing an attacker to exfiltrate data
☟︎ douchebag:
I wonder if any of the logs will pop an alert
mircea_popescu: anyway,
i suppose "the message chosen was $" is just bad webcoding on my part.
douchebag: It might be,
I'm not sure at the moment if this was added with mp-wp or if it was uploaded to trilema.com's webhost a later date
mircea_popescu: odd, neither archive bot not this testbox firefox
i have do it.
douchebag:
I was able to execute arbitrary Javascript on your site
douchebag: Is it alright if
I link you to a PoC of the vulnerability?
douchebag: mircea_popescu:
I have discovered a vulnerability :-)
douchebag: Where can
I find a copy of the source?
douchebag: Mhmmm
I already got it, thanks anyway though
trinque: might help you more to do that reading
I was talking about, and get a v-tron set up.
douchebag: Are there any sites any of you guys would like me to check out?
I'm a bit bored right now and
I am always up for a challenge :-)
☟︎ douchebag: ben_vulpes:
I found a vulnerability in your site, how would you like me to disclose it to you?
douchebag:
I suppose the point
I'm trying to get across is that there is a pretty good community involved with bug bounties,
I especially like the classic hacker additude of most of the people in the sense that they're all working together to learn more
mircea_popescu:
i know quite a few people whose iq is over 150. the internet is good at collecting similar things. sadly -- this does little for the intelligence of the race in general.
douchebag: Oh yes, that's very true. However,
I do know quite a few people who have been very successful with it
mircea_popescu:
i know a girl that made $30 million with her ass ; and you must admit that for the average girl's ass this is indeed generous.
douchebag: A relatively well known bug bounty hunter
I know has made $40k this month off of bug bounties, his goal is $50k for January
mod6:
i suppose we should be looking for: (--- |\+\+\+ ) instead of (---|\+\+\+)
douchebag: However, even though
I have to wait until they patch the bugs
I found before they reward me, they did reward me $150 on triage and will be rewarding the rest at a later date
douchebag: The other one
I discovered,
I would say probably somewhere between $200-$500
douchebag: Well,
I still have to wait until they patch them before they reward the bounty. They pay based on likelyhood/impact, now a friend of mine reported a vulnerability less serious than the one
I found and he was rewarded $2,000 total
douchebag:
I managed to find two vulnerabilities in Yahoo last night,
I highly suggest their bug bounty program for anyone who is interested in doing that sort of stuff.
mod6: and it goes back to the same thing as with diana_coman. having two '++' at the front of the line. the way the vdiff is written, when it passes the diffed file off to awk to pattern match the ---|+++ it adds that '+' in the front, then it matches, causing it to call sha512sum.. which is where the false comes from.
I think.
☟︎ mod6: ok here's what
I've learned.
mod6: ok lemme see if
i can do a bit of debugging on this mpwp and see if that really was the issue there.
mod6:
i gotta see this movie now
a111: Logged on 2018-01-26 00:33 mod6:
I'd like to make another positive mention here about TMSR~, if
I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming.
mircea_popescu: as the man said, "motherfucker, why didn't
i think of that!"
mircea_popescu:
i'm satisfied it doesn't work and not happy with this.
mod6:
I appreciate all your hard work / blood / sweat / tears on your trb adventure with deedbot. Your contributions are and will make a difference. This is why the republic is on top. We don't imagine the change we want to see in the world, WE MAKE THE CHANGE WE WANT TO SEE IN THE WORLD.
mircea_popescu: which is like "
i'm satisfied X", together with "hey, wait a minute, what if..."
mircea_popescu:
i think
i pointed out somewhere how boys that've never seen a cunt still get wet dreams, but with boobs instead. same thing here -- before networks were well understood people still thought about network-like problems. just... in roman numerals.
mod6:
I'd like to make another positive mention here about TMSR~, if
I may : one thing that really makes me smile is that all of us, no matter how busy, or whatever, are always willing to drop whatever it is to pitch in when the ship needs trimming.
☟︎ a111: Logged on 2018-01-25 21:28 NoSatoshisHear:
I worked on digital coin in 2001, but tried to find a non-net solution, and finally just gave up. When you head the wrong way, you don't get there. Still feel stupid for not buying in at $5, but
I had no interest in Silk Road.
mircea_popescu:
http://btcbase.org/log/2018-01-25#1776463 << hey,
i knew a guy who didn't finance (1980s!) porn ventures because "not interested in the loose women". bought "blue chip" fucking revlon and bs instead.
i'm sure there's even today ossified mind going "
i'm not into tmsr because
i'm not interested in terrorism". hurr durr, you never know what things are really about.
☝︎ mod6: Honestly,
I loved the homework for ffa_calc. That was awesome.
mod6:
I think so too,
I took a peek at it.
I'm actually excited that you put homework problems in there. And
I'll do 'em for sure.
mod6: yes.
I'm starting to love ada, at least, syntactically. The way you've used it, is very straight forward -- at least once one understands how array access / slices work.
mod6:
I'm gonna get this vtron stuff out of the way, then dive in.
I should be able to make it through the first 3 chapters pretty easily.
I even wrote my own unit tests for those parts.
mod6: Thankfully
I put the time in.
mod6: The good news is,
I started really digging into ada and your sneak-previews early last year.
mod6: <+asciilifeform> mod6:
i dun particularly disagree with any of this, but the pov that 'vetting ffa' is a 1time thing, that can be done and then 'is done', imho is mistake : each user must read it ~himself~. <<
I basically just mean for me & ben.
mod6:
I'd like to see the Republic continue to expand the number of trb nodes we have available this year. There are activities currently afoot that immensly support that. Getting FFA vetted and used as a base lib really will help get the ball rolling for any proposed trbi.
mod6:
I'm so excited right now tbh.
mod6: asciilifeform: by that
i mean, 'you should choose your own adventure' -- each man pulls in the vpatches he desires.
mod6: Yeah,
i agree, that 'releases' is kinda anti-V.
mod6: Some of this is my fault,
I've been trying to keep up here. Getting kinda swampped with a bunch of things at once. But! These are all good things. FFA, eucrypt, ada, vtron stuff, et. al.
mod6: <+asciilifeform> n00b wants to run trb. which trb will he run ? << n00b runs what is available at thebitcoin.foundation -- there are some recent vpatches that will become mainline once
I can get all of the things vetted more closely.
mircea_popescu:
i'm needling him about systems design matters because he's interested, and intelligent enough, and occasionally sparks from it.
mod6:
I think it's good that we're able to adjust to anything if need be. Tis' all.
mod6: nothing personal.
i feel like the foundation is a good thing ; maintaining all of the things re: trb.
mircea_popescu: mod6 dun take it personal ; for one thing
i'm hussling him not you.
mod6: <+mircea_popescu>
http://btcbase.org/log/2018-01-25#1776346 <<
i suspect his idea is "ideally, nothing". in any case foundation has not managed to keep up with the rest of the pie despite periodic prodding. << hmm. well whatever it is we do,
I spend a lot of time doing it. happy to shut it down if it's not needed any more.
☝︎ NoSatoshisHear: well per loper,
I may have missed it, but
I don't think that was covered in 1-8.
NoSatoshisHear: Just find the pseudo named people to be fun, and
I am looking for fun. That and code fun. You have provided both.
NoSatoshisHear: exactly.
I don't have any idea. Yup, looked up lots of folx with real names. Not like
I hide much either.