Vault - Security Flaw

Vault › General › DDO-Specific Discussion › Security Flaw

(Moderator: Strakeln)

‹ Previous Topic | Next Topic ›

Page Index Toggle

Pages: [1] 2

Normal Topic

Security Flaw (Read 9722 times)

stainer Arkat's Bitch Offline Gawna's big sexy crony! Posts: 12345 Location: gawna's nuts Joined: Jan 28^th, 2010 Gender:	Security Flaw Oct 1^st, 2011 at 5:10pm	Print Post
	If I found a significant security flaw in MyDDO that exposes your personal information and reported the flaw to Turbine, how long should I wait for Turbine to fix it before I release it into the wild? I am at 24 hrs right now.
	« Last Edit: Oct 1^st, 2011 at 5:13pm by stainer »
	Nilazgrc: For all those familiar with loreseekers/sentinels.... Dont run with Stainer.... Guy is a tool. Black list his toons. kmack can drive the tractor. The Vault donates to charity. JDollar wrote on Apr 25^th, 2013 at 4:47pm: Stainer likes tractors
	IP Logged

stainer Arkat's Bitch Offline Gawna's big sexy crony! Posts: 12345 Location: gawna's nuts Joined: Jan 28^th, 2010 Gender:	Re: Security Flaw Reply #1 - Oct 1^st, 2011 at 5:17pm	Print Post
	To clarify, this flaw allows me (or whoever looks at the right place) to to see your (another persons) personal info. It isn't a hack. It is a built in feature.

	Nilazgrc: For all those familiar with loreseekers/sentinels.... Dont run with Stainer.... Guy is a tool. Black list his toons. kmack can drive the tractor. The Vault donates to charity. JDollar wrote on Apr 25^th, 2013 at 4:47pm: Stainer likes tractors
	IP Logged

Soul Shroud Slacker Offline I Love Drama! Posts: 1121 Joined: Nov 10^th, 2010	Re: Security Flaw Reply #2 - Oct 1^st, 2011 at 5:18pm	Print Post
	puts on thinking cap lets see if I can find it.


	IP Logged

Soul Shroud Slacker Offline I Love Drama! Posts: 1121 Joined: Nov 10^th, 2010	Re: Security Flaw Reply #3 - Oct 1^st, 2011 at 5:24pm	Print Post
	I'm not seeing it. Majormalphunktion will probably say you're wrong and it doesn't exist.


	IP Logged

stainer Arkat's Bitch Offline Gawna's big sexy crony! Posts: 12345 Location: gawna's nuts Joined: Jan 28^th, 2010 Gender:	Re: Security Flaw Reply #4 - Oct 1^st, 2011 at 5:25pm	Print Post
	Soul wrote on Oct 1^st, 2011 at 5:24pm: I'm not seeing it. Majormalphunktion will probably say you're wrong and it doesn't exist. There is a flaw. I am not pulling a fast one here. It is pretty significant.

	Nilazgrc: For all those familiar with loreseekers/sentinels.... Dont run with Stainer.... Guy is a tool. Black list his toons. kmack can drive the tractor. The Vault donates to charity. JDollar wrote on Apr 25^th, 2013 at 4:47pm: Stainer likes tractors
	IP Logged

Kimberlite Shroud Slacker Offline I Love Drama! Posts: 1074 Joined: Aug 30^th, 2010	Re: Security Flaw Reply #5 - Oct 1^st, 2011 at 5:41pm	Print Post
	stainer wrote on Oct 1^st, 2011 at 5:10pm: If I found a significant security flaw in MyDDO that exposes your personal information and reported the flaw to Turbine, how long should I wait for Turbine to fix it before I release it into the wild? I am at 24 hrs right now. Personal information? Are you just talking about the info that dumb people might have entered into their my.ddo profiles (voluntary stuff like name, icq address), or can you pull info on the turbine account? I think that one has one of my real email addresses. The former isn't a big deal for me, the latter would be more of a problem because that is tied to a billing system.

	Memnir wrote on Jun 14^th, 2013 at 10:59am: Note to any Turbine staffers reading this, and one I genuinely hope you share around the office: DDO has become a shit game because y'all have made it a shit game. Once it was great. Now, it's a festering puddle of monkey diarrhea. No matter how you try to justify it, or pat yourselves on the back for doing great jobs... it's a shit game now because of you. Y'all keep on giving the players the middle finger, and you keep expecting us to reward you for the abuse. I've had it with you narcissistic fuckwads and your myopic policies of ineptitude.
	IP Logged

JDollar Completionist (i.t.p.) Offline Swarthy as fuck Posts: 5380 Location: Uttering "death threats"! Joined: Jun 24^th, 2011 Gender:	Re: Security Flaw Reply #6 - Oct 1^st, 2011 at 5:42pm	Print Post
	stainer wrote on Oct 1^st, 2011 at 5:25pm: There is a flaw. I am not pulling a fast one here. It is pretty significant. Pm me the info and I will confirm btw my credit card is maxed so no point in swiping it

	Quote: J$ can take great pride that I think he's too revolting for words and will probably post "gtg cat on fire" if he joins a group I'm in. Quote: JD is easily the most genuinely mean person I've known Quote: SNAP!� Point for the Canadian! notajedi wrote on Mar 14^th, 2013 at 6:47pm: JonnyD has had way better exploits.
	IP Logged

popejubal Completionist (i.t.p.) Offline fnord Posts: 6364 Location: Argo Joined: Aug 6^th, 2010 Gender:	Re: Security Flaw Reply #7 - Oct 1^st, 2011 at 5:53pm	Print Post
	stainer wrote on Oct 1^st, 2011 at 5:10pm: If I found a significant security flaw in MyDDO that exposes your personal information and reported the flaw to Turbine, how long should I wait for Turbine to fix it before I release it into the wild? I am at 24 hrs right now. Before you release the flaw, could you release the list of info that it exposes so that we can go in and change that list to silly made-up shit before people start looking at our MyDDO profiles?

	fnord
	IP Logged

Osharan Tregarth Horoluth Raider Offline I'm an ass... Deal with it. Posts: 2663 Location: Fresno Joined: Aug 23^rd, 2011 Gender:	Re: Security Flaw Reply #8 - Oct 1^st, 2011 at 6:40pm	Print Post
	popejubal wrote on Oct 1^st, 2011 at 5:53pm: Before you release the flaw, could you release the list of info that it exposes so that we can go in and change that list to silly made-up shit before people start looking at our MyDDO profiles? This please...

	I'm the 'sharans(Osharan, Asharan, Osharina, Asharina, etc.) And Epoxy.� And Notverysexy. Dovie'andi se tovya sagain
	IP Logged

Soul Shroud Slacker Offline I Love Drama! Posts: 1121 Joined: Nov 10^th, 2010	Re: Security Flaw Reply #9 - Oct 1^st, 2011 at 6:44pm	Print Post
	stainer wrote on Oct 1^st, 2011 at 5:25pm: There is a flaw. I am not pulling a fast one here. It is pretty significant. Oh I believe you. I'm just saying,that's what he would say since he's said it twice now.


	IP Logged

stainer Arkat's Bitch Offline Gawna's big sexy crony! Posts: 12345 Location: gawna's nuts Joined: Jan 28^th, 2010 Gender:	Re: Security Flaw Reply #10 - Oct 1^st, 2011 at 8:38pm	Print Post
	It isn't anything you can change.

	Nilazgrc: For all those familiar with loreseekers/sentinels.... Dont run with Stainer.... Guy is a tool. Black list his toons. kmack can drive the tractor. The Vault donates to charity. JDollar wrote on Apr 25^th, 2013 at 4:47pm: Stainer likes tractors
	IP Logged

Oakianus Troleplayer Offline I Really Do Love Drama! Posts: 5466 Joined: May 20^th, 2011 Gender:	Re: Security Flaw Reply #11 - Oct 1^st, 2011 at 9:25pm	Print Post
	I would respectfully request that you sit on it as long as necessary and keep us posted.


	IP Logged

rev Jim American Azog Offline I GOT VEINS Posts: 3627 Location: South Alabama Joined: Jun 9^th, 2010 Gender:	Re: Security Flaw Reply #12 - Oct 1^st, 2011 at 9:35pm	Print Post
	huh, that was quick for turdbine.

	Quote: Rev. Jim. He is the only guy here that posts quality, you should all learn from him.
	IP Logged

Strakeln Completionist (i.t.p.) Offline Lumberjack Posts: 12345 Joined: Jun 27^th, 2009	Re: Security Flaw Reply #13 - Oct 1^st, 2011 at 10:02pm	Print Post
	I'd say the only reason to sit on it is to figure out how to release it in a fashion that allows serious damage to occur before Turdbine gets wind of it.

	┌∩┐(◣_◢)┌∩┐
	IP Logged

Soul Shroud Slacker Offline I Love Drama! Posts: 1121 Joined: Nov 10^th, 2010	Re: Security Flaw Reply #14 - Oct 1^st, 2011 at 10:53pm	Print Post
	They don't moderate on the weekends right?


	IP Logged

Schmoe Epic Poster Offline One world, one soul Posts: 4219 Location: A chair Joined: Jun 9^th, 2010	Re: Security Flaw Reply #15 - Oct 2^nd, 2011 at 7:02pm	Print Post
	Good question. I PMed the web team over a month ago pointing out some areas of the compendium that are subject to vandalism, and there have still been no changes. Considering what I pointed out was arguably of more immediate commercial interest to Turbine, I doubt they'll jump on a fix any time soon.

	"As my windshield melts, and my tears evaporate, Leaving only charcoal to defend - Finally I understand the feelings of the few, Ashes and diamonds, foe and friend, we were all equal in the end." -Waters
	IP Logged

Kimberlite Shroud Slacker Offline I Love Drama! Posts: 1074 Joined: Aug 30^th, 2010	Re: Security Flaw Reply #16 - Oct 3^rd, 2011 at 11:24am	Print Post
	Is this an example of the vulnerability?

	Memnir wrote on Jun 14^th, 2013 at 10:59am: Note to any Turbine staffers reading this, and one I genuinely hope you share around the office: DDO has become a shit game because y'all have made it a shit game. Once it was great. Now, it's a festering puddle of monkey diarrhea. No matter how you try to justify it, or pat yourselves on the back for doing great jobs... it's a shit game now because of you. Y'all keep on giving the players the middle finger, and you keep expecting us to reward you for the abuse. I've had it with you narcissistic fuckwads and your myopic policies of ineptitude.
	IP Logged

ScaredyCat Ex Member	Re: Security Flaw Reply #17 - Oct 12^th, 2011 at 1:29am	Print Post
	I just remembered this thread. And the forums are still down. I wonder if the two are connected? Interesting.


	IP Logged

Kimberlite Shroud Slacker Offline I Love Drama! Posts: 1074 Joined: Aug 30^th, 2010	Re: Security Flaw Reply #18 - Oct 12^th, 2011 at 1:34am	Print Post
	Quote: I just remembered this thread. And the forums are still down. I wonder if the two are connected? Interesting. Lotro forums are down too.

	Memnir wrote on Jun 14^th, 2013 at 10:59am: Note to any Turbine staffers reading this, and one I genuinely hope you share around the office: DDO has become a shit game because y'all have made it a shit game. Once it was great. Now, it's a festering puddle of monkey diarrhea. No matter how you try to justify it, or pat yourselves on the back for doing great jobs... it's a shit game now because of you. Y'all keep on giving the players the middle finger, and you keep expecting us to reward you for the abuse. I've had it with you narcissistic fuckwads and your myopic policies of ineptitude.
	IP Logged

GreyMouser Korthos Resident Offline I Love Drama! Posts: 70 Joined: Jul 17^th, 2011	Re: Security Flaw Reply #19 - Oct 12^th, 2011 at 8:05am	Print Post
	This 'flaw' is no longer there.


	IP Logged

Arkat Chonus Christ Offline Hola Bienvenido Posts: 12345 Location: Wyoming Joined: Jul 13^th, 2009 Gender:	Re: Security Flaw Reply #20 - Oct 12^th, 2011 at 8:21am	Print Post
	GreyMouser wrote on Oct 12^th, 2011 at 8:05am: This 'flaw' is no longer there. Good. Where are the DDO Forums then?

	Stand on hills of long-forgotten yesterdays... Looking for a sign that the Universal Mind has written you into the Passion Play.
	IP Logged

ScaredyCat Ex Member	Re: Security Flaw Reply #21 - Oct 12^th, 2011 at 8:34am	Print Post
	GreyMouser wrote on Oct 12^th, 2011 at 8:05am: This 'flaw' is no longer there. I am relieved to hear this. Why Stainer couldn't have just contacted you in a discrete way idk...


	IP Logged

rest One Man Wolfpack Offline Posts: 7223 Joined: Aug 13^th, 2010 Gender:	Re: Security Flaw Reply #22 - Oct 12^th, 2011 at 10:22am	Print Post
	Quote: I am relieved to hear this. Why Stainer couldn't have just contacted you in a discrete way idk... He did. stainer wrote on Oct 1^st, 2011 at 5:10pm: If I found a significant security flaw in MyDDO that exposes your personal information and reported the flaw to Turbine, how long should I wait for Turbine to fix it before I release it into the wild? I am at 24 hrs right now.


	IP Logged

rest One Man Wolfpack Offline Posts: 7223 Joined: Aug 13^th, 2010 Gender:	Re: Security Flaw Reply #23 - Oct 12^th, 2011 at 10:24am	Print Post
	Arkat wrote on Oct 12^th, 2011 at 8:21am: Good. Where are the DDO Forums then? Removing the 'flaw' completely broke the forums.


	IP Logged

stainer Arkat's Bitch Offline Gawna's big sexy crony! Posts: 12345 Location: gawna's nuts Joined: Jan 28^th, 2010 Gender:	Re: Security Flaw Reply #24 - Oct 12^th, 2011 at 10:24am	Print Post
	Quote: I am relieved to hear this. Why Stainer couldn't have just contacted you in a discrete way idk... Suck it. I did.

	Nilazgrc: For all those familiar with loreseekers/sentinels.... Dont run with Stainer.... Guy is a tool. Black list his toons. kmack can drive the tractor. The Vault donates to charity. JDollar wrote on Apr 25^th, 2013 at 4:47pm: Stainer likes tractors
	IP Logged

Page Index Toggle

Pages: [1] 2

‹ Previous Topic | Next Topic ›

« Board Index ‹ Board Top

Top

Vault » Powered by YaBB 2.6.11!
YaBB Forum Software © 2000-2024. All Rights Reserved.

Valid XHTML

Valid CSS

Powered by Perl

Source Forge