| Pages: [1] 2 3 :: one page |
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Two step
Aperture Harmonics
No Holes Barred
4557
   |
Posted - 2014.04.09 14:16:00 -
[1] - Quote
Some of you might have heard about the Heartbleed bug found in openSSL. Most larger sites are fixed, but siggy is not. If you are still using siggy, you might want to stop until it is fixed, as you are basically broadcasting your location to anyone who cares to find out. For example, I just discovered that "Maes Trent" in AdAstra is in Tar in a Cerberus. If anyone knows the siggy dude, please ask him to fix his server. I also can currently see his private SSL key.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Rengas
AQUILA INC
Verge of Collapse
337
|
Posted - 2014.04.09 16:01:00 -
[2] - Quote
Can confirm that Siggy has been compromised and is leaking personal information.
Went through my online checking account bank statements this morning and discovered some suspicious payments to HungCollegeHunks and BackdoorBandits.com. |
Two step
Aperture Harmonics
No Holes Barred
4561
|
Posted - 2014.04.09 17:16:00 -
[3] - Quote
Rengas wrote:Can confirm that Siggy has been compromised and is leaking personal information.
Went through my online checking account bank statements this morning and discovered some suspicious payments to HungCollegeHunks and BackdoorBandits.com.
Pretty sure those are just your normal subscriptions.
I'm not saying it is leaking personal information, though it is entirely possible to see someone's api info and email if they happen to be registering for the out of game access. I am more concerned about session hijacking, it is trivially easy to see other corps/alliances maps.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Hidden Fremen
Lazerhawks
355
|
Posted - 2014.04.09 17:37:00 -
[4] - Quote
Tripwire?
Snipped signature for inappropriate language - CCP Eterne |
Rall Mekin
End-of-Line
Sky Syndicate
299
|
Posted - 2014.04.09 17:46:00 -
[5] - Quote
Two step wrote:Rengas wrote:Can confirm that Siggy has been compromised and is leaking personal information.
Went through my online checking account bank statements this morning and discovered some suspicious payments to HungCollegeHunks and BackdoorBandits.com. Pretty sure those are just your normal subscriptions.
Wrong, I'm the forum troll that's normal for.
http://imgur.com/yEQqAeb |
Glyndi
Doom Generation
THE H0NEYBADGER
193
|
Posted - 2014.04.09 17:49:00 -
[6] - Quote
Confirmed as a better option  |
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.09 18:10:00 -
[7] - Quote
Appears to not be vulnerable to this bug (note that I have not used it)
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Longinius Spear
Doom Generation
THE H0NEYBADGER
257
|
Posted - 2014.04.09 19:29:00 -
[8] - Quote
Does this mean I'll get more gud fights?
Co-host of Down The Pipe Podcast
Read more of my ramblings on my blog. |
Eric 72826
Doom Generation
THE H0NEYBADGER
3
|
Posted - 2014.04.09 19:38:00 -
[9] - Quote
Glyndi wrote:Confirmed as a better option
I demand to know who you are and why your endorsement should be heeded. |
Winthorp
1453
|
Posted - 2014.04.09 19:43:00 -
[10] - Quote
Can confirm i to have been looking in windows and "Maes Trent" was wearing Sesame street pyjamas.
(Insert witty signature here) |
Tetsuo Tsukaya
Doom Generation
THE H0NEYBADGER
350
|
Posted - 2014.04.09 20:59:00 -
[11] - Quote
Am I in the right place for the Badger CTA? I checked and there's nothing on siggy  |
Bane Nucleus
Sky Fighters
Sky Syndicate
1430
|
Posted - 2014.04.09 21:00:00 -
[12] - Quote
I am waiting for a color response from the siggy rep. haha
No trolling please |
Jack Miton
Sky Fighters
Sky Syndicate
3222
|
Posted - 2014.04.09 21:08:00 -
[13] - Quote
Does that mean people will fight us now?
Stuck In Here With Me:-á http://sihwm.blogspot.com.au/ |
Ayeson
Hard Knocks Inc.
482
|
Posted - 2014.04.09 21:10:00 -
[14] - Quote
Siggy keeps bleeding, keep keeps bleedin love
Ask me about Rengas-dar, HRDKX's Most recent, groundbreaking, game-changing, wormhole-collapsing research endeavour.
|
Bane Nucleus
Sky Fighters
Sky Syndicate
1431
|
Posted - 2014.04.09 21:13:00 -
[15] - Quote
Jack Miton wrote:Does that mean people will fight us now?
Not when we have 60 people in fleet waiting on a wormhole 
No trolling please |
Rengas
AQUILA INC
Verge of Collapse
346
|
Posted - 2014.04.09 21:22:00 -
[16] - Quote
According to Siggy I am sitting in a cloaked Ishtar in Vlillirier in the Medium Outpost waiting for this Caracal to come in and start farmer pigging his LP. |
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.09 21:25:00 -
[17] - Quote
Just a quick update, Halaro Elshona from THE EXOGEN CONSORTIUM (someone needs to lay off the caps key), is in an Omen named "Poik" in Kaaputenen.
Also, Maes Trent looks like they made it to their hole (or got blown up), as they are now in a capsule in J165940, in case anyone was worried about them getting in.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Glyndi
Doom Generation
THE H0NEYBADGER
193
|
Posted - 2014.04.09 21:36:00 -
[18] - Quote
In other traffic related news, I'm in Phoenix waiting on a corner for Proc to give me a handy. |
Daimian Mercer
Deep Core Mining Inc.
Caldari State
30
|
Posted - 2014.04.09 22:02:00 -
[19] - Quote
First:
I tried to warn Siggy's creator about some of the security flaws months ago...
Second:
I'm sorry for the delay for all those who were requesting access to Tripwire - got kind of flooded with requests :) I am nearly caught up and will be available for further pummeling for the next 6 hours.
And for the record Tripwire is now used by over 150 corps/alliances. Some big names in that list are testing it.
Creator of Tripwire
https://forums.eveonline.com/default.aspx?g=posts&t=320030&find=unread |
GRIM SOAR
Black Spiral Dancers
0
|
Posted - 2014.04.09 22:51:00 -
[20] - Quote
Slander. Interesting.
I've used both. I prefer siggy.
|
Terrorfrodo
Renegade Hobbits for Mordor
633
|
Posted - 2014.04.09 23:20:00 -
[21] - Quote
Two step wrote:as you are basically broadcasting your location to anyone who cares to find out.
That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population.
Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.
. |
Daimian Mercer
Deep Core Mining Inc.
Caldari State
30
|
Posted - 2014.04.09 23:27:00 -
[22] - Quote
Terrorfrodo wrote:Two step wrote:as you are basically broadcasting your location to anyone who cares to find out. That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population. Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.
There is a firefox plugin that can do all the "hacking" for you - though calling it hacking isn't accurate because there is nothing illegal about just listening to what a server is broadcasting the the world.
Also this did not require most secure servers to have to change or update anything, it was not a very big vulnerability... most tech news sites never even posted anything about it.
Lastly - Siggy has had major security issues for years... and I'm talking about JUST web server security, not the creator handing out personal data to friends.
Creator of Tripwire
https://forums.eveonline.com/default.aspx?g=posts&t=320030&find=unread |
Hidden Fremen
Lazerhawks
355
|
Posted - 2014.04.09 23:34:00 -
[23] - Quote
GRIM SOAR wrote:Slander. Interesting.
I've used both. I prefer siggy.
Lolrip
Snipped signature for inappropriate language - CCP Eterne |
Hidden Fremen
Lazerhawks
355
|
Posted - 2014.04.09 23:37:00 -
[24] - Quote
Double post...
Snipped signature for inappropriate language - CCP Eterne |
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.10 01:16:00 -
[25] - Quote
Terrorfrodo wrote:Two step wrote:as you are basically broadcasting your location to anyone who cares to find out. That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population. Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.
As was mentioned, it is quite easy to exploit it.
He isn't doing it "fpr fun", he is being paid by the corps and alliances that are using it.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Rengas
AQUILA INC
Verge of Collapse
349
|
Posted - 2014.04.10 01:24:00 -
[26] - Quote
I for one would like to thank Two Step Snowden for bravely exposing the creator of Siggy as a fiendish treacherous mastermind.
Too long have we suffered under the vindictive rule of Mess Who Shall Not Be Named. |
Jack Miton
Sky Fighters
Sky Syndicate
3223
|
Posted - 2014.04.10 02:12:00 -
[27] - Quote
Siggy's security has been lacking since it got released, it's nothing new.
That said, there are no alternatives to it that are anywhere close so people don't care.
Stuck In Here With Me:-á http://sihwm.blogspot.com.au/ |
Alundil
Sky Fighters
Sky Syndicate
462
|
Posted - 2014.04.10 02:31:00 -
[28] - Quote
Jack Miton wrote:Siggy's security has been lacking since it got released, it's nothing new.
That said, there are no alternatives to it that are anywhere close so people don't care.
w-space is actually pretty decent imo. We had a private instance in our last corp.
Clone mechanics enchancements
Deep Space Probe Revival |
Jack Tronic
borkedLabs
163
|
Posted - 2014.04.10 02:56:00 -
[29] - Quote
1. Give me the private key :P
2. The packages I needed to update the server were released late last night, they have been applied now.
Quote:
Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.
see #2.
At no point was any real data vulnerable, just http query data, which If I supposed you just spent the last 2 days writing some sort of bastardized script to scrap in laughable futility. Any attempts to access data outside the http process would have just resulted in an immediate seg fault. The actual script language for the site is isolated in its own process from the server via fastcgi. |
Ayeson
Hard Knocks Inc.
483
|
Posted - 2014.04.10 03:57:00 -
[30] - Quote
Daimian Mercer wrote:
Lastly - Siggy has had major security issues for years... and I'm talking about JUST web server security, not the creator handing out personal data to friends.
get off your high horse, there is no "Backdoor" into siggy for bros
While we're slandering, Tripwire makes me want to vomit the UI is atrocious and Its lack of customizability makes me want to abort it with a coathanger.
Yes i'm in a bad mood.
Ask me about Rengas-dar, HRDKX's Most recent, groundbreaking, game-changing, wormhole-collapsing research endeavour.
|
| |
|
| Pages: [1] 2 3 :: one page |
| First page | Previous page | Next page | Last page |