Tilted Forum Project Discussion Community  

Go Back   Tilted Forum Project Discussion Community > Interests > Tilted Technology


 
 
LinkBack Thread Tools
Old 08-04-2007, 09:47 AM   #1 (permalink)
We work alone
 
LoganSnake's Avatar
 
Location: Cake Town
Looking for crackers/hackers.

Hey guys. My friend wrote his own verification sequence for his forums and needs hackers/crackers to test the security of it. If you are interested in trying to bypass it, please reply either here or send me a PM.

Thanks!
__________________
Maturity is knowing you were an idiot in the past. Wisdom is knowing that you'll be an idiot in the future. Common sense is knowing that you should try not to be an idiot now. - J. Jacques
LoganSnake is offline  
Old 08-04-2007, 10:16 AM   #2 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
do we get access to the source code?
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 08-04-2007, 12:46 PM   #3 (permalink)
We work alone
 
LoganSnake's Avatar
 
Location: Cake Town
No, source code will not be provided.
__________________
Maturity is knowing you were an idiot in the past. Wisdom is knowing that you'll be an idiot in the future. Common sense is knowing that you should try not to be an idiot now. - J. Jacques
LoganSnake is offline  
Old 08-04-2007, 01:08 PM   #4 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
security through obfuscation is not security.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 08-04-2007, 01:33 PM   #5 (permalink)
We work alone
 
LoganSnake's Avatar
 
Location: Cake Town
That's great, but he simply wanted me to ask for people to try and get around it as a normal user would if he wanted to create a spambot. I doubt he'd have access to the source code then.
__________________
Maturity is knowing you were an idiot in the past. Wisdom is knowing that you'll be an idiot in the future. Common sense is knowing that you should try not to be an idiot now. - J. Jacques
LoganSnake is offline  
Old 08-04-2007, 05:29 PM   #6 (permalink)
I am Winter Born
 
Pragma's Avatar
 
Location: Alexandria, VA
Out of curiosity, why did your friend write his own code instead of using some freely available spambot proof forum code? Basic rule of thumb is that if you think you're clever and will come up with your own verification / encryption algorithm ... you're not. Tried and true really does tend to be the best option.

That being said: if the algorithm is at all good, publishing it won't diminish the security of the application.
__________________
Eat antimatter, Posleen-boy!
Pragma is offline  
Old 08-04-2007, 05:44 PM   #7 (permalink)
Devils Cabana Boy
 
Dilbert1234567's Avatar
 
Location: Central Coast CA
if you can stand up and say, "here is my code, here is how it works, you can't beat it, you can't stop it, you can't disrupt it," only then do you have a good algorithm. if you feel that you have to hide it, there is probably a reason you need to hide it.
__________________
Donate Blood!

"Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen
Dilbert1234567 is offline  
Old 08-04-2007, 06:01 PM   #8 (permalink)
We work alone
 
LoganSnake's Avatar
 
Location: Cake Town
I'll summarize what he replied with.

He got a custom script because loopholes are always found in open source software and he didn't want to be exposed to those. His company's PHPBB board has been hacked before. As soon as he removed the line that shows the PHBB version, there hasn't been an attempt to hack it. He says it's a very simple algorithm and that there are no problems within it. What he's looking for is to see if somebody could read the image verification, not bypass it (I guess that was my mistake). And for that, you don't need the source code.
__________________
Maturity is knowing you were an idiot in the past. Wisdom is knowing that you'll be an idiot in the future. Common sense is knowing that you should try not to be an idiot now. - J. Jacques
LoganSnake is offline  
Old 08-04-2007, 07:27 PM   #9 (permalink)
Watcher
 
billege's Avatar
 
Location: Ohio
Quote:
Originally Posted by LoganSnake
... loopholes are always found in open source software ...
First let me say that I'm sorry it feels like I'm going to help "gang up" on you, when you just want one thing, and everyone's taking a slightly different tact on this question instead of what you actually asked for.

Second, I'd be happy to simply help, if I was any kind of hacker/cracker; but, I'm not.

I'm compelled to add a comment about your friend's possible mis-understanding of open source software. The idea that "loopholes are always found in open source" software indicates either a poor or deliberate mis-understanding of what open source is, and also why mistakes are found in it.

Open source software is not inherently flawed, except in the sense that it's written by human beings. If the software source is found to have flaws, they're known, identified, and fixed. If open source software is thought to have "more errors" than closed source, it's because the flaws in open source are talked about openly. Closed source flaws are not talked about, and often are unknown.

With the same similarly flawed closed-source software; no one identifies flaws and shares them, they are not dealt with. Often, they're only discovered by those exploiting them and kept secret.

Closed-source anything is a bad philosophy which only came about because of an economic system that prized secrecy. It's a foolish system of thought and should go away.

Somewhat generally speaking, anyone who thinks open source software "always has loopholes" is wrong, and is making a public display of how little they know about the subject matter.
__________________
I can sum up the clash of religion in one sentence:
"My Invisible Friend is better than your Invisible Friend."
billege is offline  
Old 08-05-2007, 05:26 AM   #10 (permalink)
We work alone
 
LoganSnake's Avatar
 
Location: Cake Town
The thing is that he's using an older version of PHPBB with very well known exploits that he does not want to be subjected to.
__________________
Maturity is knowing you were an idiot in the past. Wisdom is knowing that you'll be an idiot in the future. Common sense is knowing that you should try not to be an idiot now. - J. Jacques
LoganSnake is offline  
Old 08-05-2007, 07:43 AM   #11 (permalink)
Watcher
 
billege's Avatar
 
Location: Ohio
Aye sea.

Word up.
__________________
I can sum up the clash of religion in one sentence:
"My Invisible Friend is better than your Invisible Friend."
billege is offline  
Old 08-05-2007, 10:28 AM   #12 (permalink)
Psycho
 
Location: North America
open source has spoiled the children, the thought that openly viewable code somehow makes for better security due to flaw identification and the update that comes afterwards is foolish. While it's true that flaws are found and updated by the public or the creator the time from identification to fix leaves the software knowingly at risk and even after the fix the users of the software are still at risk until they get the patch/update. Closed source is better secured, yes obscurity is good security, so long as it's not forgotten and checked/updated every so often. Put it this way is it better that the whole world knows you keep a spare key to your home under your doormat or if only a few people in the world know? I mean sure if everyone on earth knows your key is under your doormat someone can tell you that you need to get rid of the spare under the doormat but if your at work you have to wait to get home all the meanwhile everyone knows that your key is under the doormat unless you fixed the situation. So is that more secure than just a few people knowing and no one really telling you you shouldn't have it there.
catback is offline  
 

Tags
crackers or hackers


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -8. The time now is 05:33 AM.

Tilted Forum Project

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360