Author Topic: Security Breach -Biggest in Trem History? (Read 30675 times)

Plague Bringer · « **Reply #30 on:** February 16, 2007, 09:47:51 pm »

notice how he (almost) completely avoided the topic and attempted to redirect all of the blame?

vcxzet · « **Reply #31 on:** February 16, 2007, 09:50:54 pm »

:evil:

benmachine · « **Reply #32 on:** February 16, 2007, 09:56:32 pm »

Guys, I have a terrible confession to make...

...it was me who told Polly how to fake GUIDs. I didn't do it maliciously, it was mostly out of curiousity, and I needed someone to test it. Now, of course, if what you're saying is true, it seems pretty stupid that I trusted them, and for that I'm sorry.
Personally I haven't used the knowledge since that night for testing, I've been using my qkey GUID (which Polly knows, btw). Also of note: I discovered how after someone with an anomalous GUID connected to Polly's server and he/she came to #tremulous to ask about it. It is therefore possible that neither I nor Polly were the first people to discover this method, and you might thank Polly for publicizing it and allowing it to be fixed.
To be fair, the bugzilla report on it does credit Polly for bringing the bug to the attention of the reporter, so if it were not for your accusations, I'd still be assuming good faith.

edit: I just got the IRC logs: #tremulous and PM with polly (edit: removed for discussion of hax)
The #tremulous log contains everything I said to polly that night, so you might want to skip to the double line breaks I inserted if you don't care much about what we discussed initially (and tbh don't know why you would).
edit two: it seems there are some erroneous characters in those logs, something to do with character encoding I'd guess. I cba to fix it though, it's still readable. Suffice to say they weren't in the original.

vcxzet · « **Reply #33 on:** February 16, 2007, 10:51:31 pm »

Quote from: "benmachine"

Also of note: I discovered how after someone with an anomalous GUID connected to Polly's server and he/she came to #tremulous to ask about it. It is therefore possible that neither I nor Polly were the first people to discover this method, and you might thank Polly for publicizing it and allowing it to be fixed.

DOH it was probably me with the anomalous guid. But I've never stolen anyone's guid (probably I would but I have no server)

Pol · « **Reply #34 on:** February 17, 2007, 12:19:25 am »

Nope, it wasn't you.

And S11.Info doesn't steal GUIDs.

Rawr · « **Reply #35 on:** February 17, 2007, 12:24:24 am »

Lies.

tuple · « **Reply #36 on:** February 17, 2007, 12:34:40 am »

Quote from: "Pol"

My side of the story?My side of the story is that it wouldn't really matter if I say it was me, not me, you, raWr, or anybody else. Who would ever know with 100% certainty ?

While it is true that we could in no way determine conclusively who was sitting behind the offending IP, the evidence that the source of the malicious behavior was in fact the IP that you use is pretty conclusive. The likelihood that there was someone else using your computer, using your computer as a proxy or spoofing your IP is extremely small. If that is in fact what has happened, you would have the proof that would clear your name.

Quote from: "Pol"

I am not rapt in acting maliciously against any of my server's guests, or those of another server, or other server admins.

We have no way of knowing this and it is irrelevant to the discussion.

Quote from: "Pol"

Tremulous's current GUID / ip userinfo system is obviously flawed. Even tjw's latest 'new guid per server' hack is hardly worthy of the effort.

This is irrelevant. If I leave my door unlocked, that does not give anyone permission to rob my house. That many, many people knew of this vulnerability is common knowledge among many in the tremulous community. That someone personally decided to take advantage of the vulnerability to act maliciously is in no way related. Someone made a decision to act maliciously, the identity of that individual is the question here.

Mario · « **Reply #37 on:** February 17, 2007, 02:37:17 am »

The following screenshots are from the S11 Info Server. As you can see in the following image, the user with blank GUID's & player 4 with a default GUID are him:

Pol also denied being there at the time the event took place on Dretch Storm. All admins were set to level 0 and random players were given level 5 due to a compromised GUID. But the server operator of D*S (GhostShell) tells me that the following people had level 5 at the time from the thread http://dretchstorm.com/node/93:

Mr. Gumby 66.63.211.173
[COL]Jose 201.220.86.99
The Me [banana] 70.174.101.101
FireHazard@ubuntu 69.37.19.142
Newbie#27 65.110.228.135 <--- 1st person using !setlevel

Match the last ip of Newbie#27 to the blank GUID in the !namelog and tell me who you see...[/url]

Ace1 · « **Reply #38 on:** February 18, 2007, 11:52:24 am »

lol thats kinda true

tuple · « **Reply #39 on:** February 18, 2007, 02:32:04 pm »

Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

David · « **Reply #40 on:** February 18, 2007, 02:45:06 pm »

Quote from: "tuple"

Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

preferably do both.

Plague Bringer · « **Reply #41 on:** February 18, 2007, 04:56:41 pm »

Quote from: "David"

Quote from: "tuple"
Ace1, quit posting stupid shit everywhere just to get you post count up, or at least get rid of that annoyingly large signature.

preferably do both.

yeah, lol

, who made that thing anyway? Deisel?

Ace1 · « **Reply #42 on:** February 18, 2007, 06:39:50 pm »

hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

Caveman · « **Reply #43 on:** February 18, 2007, 07:21:14 pm »

Quote from: "Ace1"

hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

Anyone up to translate this into a readable form?

AKAnotu · « **Reply #44 on:** February 18, 2007, 07:53:27 pm »

Quote from: "Caveman"

Quote from: "Ace1"
hey stfu and stop slabberin i am only tryin to help but use obusily dont like the compition

Anyone up to translate this into a readable form?

stfu and stop slobbering i am only trying to help but you obviously don't like the competition

Ace1 · « **Reply #45 on:** February 18, 2007, 11:07:46 pm »

lol guys i am just a bit ticked off that i cant get m pot forwarding problem fixed so guys plz help me i am in need of any helkp to get my server up and runnin

FooBar · « **Reply #46 on:** February 19, 2007, 12:20:33 am »

Ace, I'd be happy to help you with port forwarding in any spare time I have (not right now), but could you try to do a couple of things? First, learn to spell and form complete sentences, and also, use punctuation. Please! Second, only post on a thread when you have a real point to make; don't just post to say "i agree" or something like that.

You're a nice guy and very earnest, and I guarantee that if you do those two things everyone around here will love you, or at least like you a lot more.

Thank you!

benmachine · « **Reply #47 on:** February 19, 2007, 01:09:18 am »

Quote from: "Mario"

The following screenshots are from the S11 Info Server. As you can see in the following image, the user with blank GUID's & player 4 with a default GUID are him:

Sorry, please elaborate: as I can see? How can I see?
It could be anyone who knows the trick, unless I'm missing something...

Caveman · « **Reply #48 on:** February 19, 2007, 01:19:58 am »

The trick is that that statement is wrong.
All we can see is 2 clients connected from the same IP, one with a none legit guid...

Ace1 · « **Reply #49 on:** February 19, 2007, 12:35:51 pm »

Quote from: "FooBar"

Ace, I'd be happy to help you with port forwarding in any spare time I have (not right now), but could you try to do a couple of things? First, learn to spell and form complete sentences, and also, use punctuation. Please! Second, only post on a thread when you have a real point to make; don't just post to say "i agree" or something like that.

You're a nice guy and very earnest, and I guarantee that if you do those two things everyone around here will love you, or at least like you a lot more.

Thank you!

Yes FooBar I will try and complete these requests you have made, and yes i should get on with everyone around here as i am very approchable as you have learnt and many others have as well if they have played with me. So sry everyone if i was a bit cheky.

Pol · « **Reply #50 on:** February 21, 2007, 05:42:55 pm »

/s/approchable/approachable
/s/learnt/learned
/s/sry/sorry
/s/cheky/(cheeky|cheesy)
/s/Ace1/illiterate

BTW, Who the fuck is the moderator here?

...editing the content of my messages without my consent?

"NOPE! GUESS WHAT, I AM!"

...

Wtf is that shit?

Obviously this entire board is fucking moronic, being run by morons, and moderated by morons.

AND both the IRC channels on quakenet have the same exact problem.

The Tremulous community at large has to get it's fucking act together.

The game has potential, but you've certainly done your part in discouraging an intellectual contributor from wanting to even discuss it.

Take care, fuckers

Smokey · « **Reply #51 on:** February 21, 2007, 06:02:27 pm »

Quote from: "Pol"

/s/approchable/approachable
/s/learnt/learned
/s/sry/sorry
/s/cheky/(cheeky|cheesy)
/s/Ace1/illiterate

BTW, Who the fuck is the moderator here?

...editing the content of my messages without my consent?

"NOPE! GUESS WHAT, I AM!"

...

Wtf is that shit?

Obviously this entire board is fucking moronic, being run by morons, and moderated by morons.

AND both the IRC channels on quakenet have the same exact problem.

The Tremulous community at large has to get it's fucking act together.

The game has potential, but you've certainly done your part in discouraging an intellectual contributor from wanting to even discuss it.

Take care, fuckers

lol, anyone else remember that post with all his info? lewl.

Caveman · « **Reply #52 on:** February 22, 2007, 02:00:44 am »

Quote from: "Pol"

... intellectual contributor ...

If that was supposed to mean you, you phail. You can not even refrain from using fecal expressions and try to look down upon those that tried to help you.

Go outside and play with the rattlesnakes / cars in the traffic.

Stof · « **Reply #53 on:** February 22, 2007, 08:57:51 am »

Quote from: "Caveman"

Now, would you PLEASE stop that :evil:

vcxzet · « **Reply #54 on:** February 22, 2007, 09:09:29 am »

Quote from: "Stof"

Rawr · « **Reply #55 on:** February 23, 2007, 12:52:15 am »

Quote

TinMan · « **Reply #56 on:** February 23, 2007, 02:31:13 am »

BAN HIM!

Ace1 · « **Reply #57 on:** February 23, 2007, 04:36:47 pm »

lol tin. ban him incase he does it again.

Rawr · « **Reply #58 on:** February 25, 2007, 11:36:18 pm »

Pol is now stealing }MG{'s Bandwidth OH KNOZ!

khalsa · « **Reply #59 on:** February 26, 2007, 04:36:04 am »

ZOMG! Not my Bandwidths!

Somebody should do something!

Note: The }MG{ Map mirror is open to all for public use, feel free to set your auto-downloads cvars of your server to http://www.mercenariesguild.net and for individuals looking for maps see: http://www.mercenariesguild.net/base/

Khalsa

News:

Author Topic: Security Breach -Biggest in Trem History? (Read 30675 times)

vcxzet

vcxzet

Pol

Caveman

Caveman

Pol

Caveman

vcxzet