|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
dexington
Caldari Baconoration
|
Posted - 2011.04.12 02:52:00 -
[1]
Original post...
Originally by: William Loire
Of what Catari told us:
-He petitioned his findings with CCP.
-He realized he could not only pose as any character, but edit any post, login in as a GM, access moderator controls and see invisible forums such as the private CSM forums.
-He was taunted by one SHC member to prove it. Which he did by posting as said SHC member. Said customer then proceeded to say "brilliant" and showed no issue with the post.
- Looked over CSM topics related to the forums. (Worthy of a temp ban)
- Received his ban. Then upon the return of the forums following the hotfix, he posted in the dev thread showing that he could easily skirt his IP ban. - He never received an explanation for his ban or a time frame for how long it will last. He probably received a permanent ban even though he deserves a medal from CCP for revealing such a obvious hole that could have literally ****ed over thousands of customers.
- He never revealed how either exploit works to anyone on SHC or EVEO.
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 03:05:00 -
[2]
Originally by: Dr BattleSmith However I thought CCP would be morons and respond in this way to someone doing the testing they obviously failed to do.
On one hand i feel they should give him a break and just remove the ban, the bugs was very obvious, had be not found them someone else would have. On the other hand he did decide to exploit the security flaws, which was pretty stupid when he knew CCP would be looking into the issues.
You can't both petition a problem and at the same time use it to get access to off limit areas, and not except it to have some consequence.
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 03:31:00 -
[3]
Originally by: Sam Akiga Look at this way, if you left your door unlocked and I decided to call/text you to tell you that your door is unlocked. You wouldn't be happy to come home to me sitting in your sofa watching tv.
depends.. are you a hot chick who likes to watch tv naked?
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 03:38:00 -
[4]
Originally by: Elyssa MacLeod
Right! they can even permaban someone for something thats become commonplace since sreegs told us his name (used to be if you posted a RL name of a CCP on the forums you got permabanned and yer name stricken from the forums for years afterwards)
They have the right to ban anyone without any given reason, they don't have to follow any "rules". The rules are there to tell you what you should and should'nt do, not who they can or can't ban.
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 03:49:00 -
[5]
Originally by: Elyssa MacLeod Sticking up for them for breaking their own rules... lol
They can't break the rules, when the rules don't apply to them.
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 04:22:00 -
[6]
He found a security flaw, told CCP about it and used it to do thing he shouldn't be doing...
Had this happend in-game, eg. someone finds an exploit tells ccp about it and at the same time use it to blow up some titans, then people would be screaming for his head on a stick. When he decided to access parts of the forums he shouldn't have access to, he knew he was doing something he shouldn't be doing.
|
dexington
Caldari Baconoration
|
Posted - 2011.04.12 04:51:00 -
[7]
Originally by: Q Command
Hint #2: You should hire a reputable firm to do a code review as that is what real companies do these days
lulz
|
|
|
|