| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Two step
Aperture Harmonics
No Holes Barred
4557
   |
Posted - 2014.04.09 14:16:00 -
[1] - Quote
Some of you might have heard about the Heartbleed bug found in openSSL. Most larger sites are fixed, but siggy is not. If you are still using siggy, you might want to stop until it is fixed, as you are basically broadcasting your location to anyone who cares to find out. For example, I just discovered that "Maes Trent" in AdAstra is in Tar in a Cerberus. If anyone knows the siggy dude, please ask him to fix his server. I also can currently see his private SSL key.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4561
|
Posted - 2014.04.09 17:16:00 -
[2] - Quote
Rengas wrote:Can confirm that Siggy has been compromised and is leaking personal information.
Went through my online checking account bank statements this morning and discovered some suspicious payments to HungCollegeHunks and BackdoorBandits.com.
Pretty sure those are just your normal subscriptions.
I'm not saying it is leaking personal information, though it is entirely possible to see someone's api info and email if they happen to be registering for the out of game access. I am more concerned about session hijacking, it is trivially easy to see other corps/alliances maps.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.09 18:10:00 -
[3] - Quote
Appears to not be vulnerable to this bug (note that I have not used it)
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.09 21:25:00 -
[4] - Quote
Just a quick update, Halaro Elshona from THE EXOGEN CONSORTIUM (someone needs to lay off the caps key), is in an Omen named "Poik" in Kaaputenen.
Also, Maes Trent looks like they made it to their hole (or got blown up), as they are now in a capsule in J165940, in case anyone was worried about them getting in.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4562
|
Posted - 2014.04.10 01:16:00 -
[5] - Quote
Terrorfrodo wrote:Two step wrote:as you are basically broadcasting your location to anyone who cares to find out. That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population. Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.
As was mentioned, it is quite easy to exploit it.
He isn't doing it "fpr fun", he is being paid by the corps and alliances that are using it.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4563
|
Posted - 2014.04.10 12:45:00 -
[6] - Quote
Winthorp wrote:I honestly don't know why Two Step would be a douche and post this on a public forum first? Did you even approach the siggy guy to tell them what is possible and ask that it be fixed before you spurged it over here for everyone to see?
Seems to me that you have some personal issue with this guy and you have done this spurge to ruin the in game business he has going for a lot of work invested by him regardless of peoples views on siggy (personally i don't like siggy) It just seemed a douche way to go about this Two Step.
Honestly, I didn't know who to approach about siggy. If you go to the site, it doesn't give you an email or even an eve username to get in touch with (unless I missed it).
I also checked most of the w-space groups I knew about, and when I found issues (which were with like 2 of the 10 I checked), I got in touch with the owners ASAP. Hell, no-ho.com was vulnerable for 12 hours or so.
As I said, I gave the site 36 hours or so to get fixed, and only posted here because I didn't see an alternative. I have nothing to gain or lose by siggy doing well, NOHO is currently a customer of theirs, and I don't want to see my alliancemates spied upon.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4563
|
Posted - 2014.04.10 13:46:00 -
[7] - Quote
GRIM SOAR wrote:
It was a douchie move. Your thread title is damaging beyond repair for those that A: don't know siggy, and B: don't have a clue what heart bleed is. You started this thread with clear intent to do damage.
Your post lacks character and supports the main stream message that standards are low for CSM members afterall.
Oh awesome, so not only do some idiots expect CSM members to adhere to some sort of magic standards, now even a year after I was on the CSM I still have to live by them? Can you please tell me what these magic standards are, nobody told me before I ran for CSM. If you look back at my forum posting history, I have always been like this, sorry if you got tricked into voting for me.
I am also so sorry I might have hurt siggy's clearly spectacular security reputation by revealing that it was in fact insecure for 3 days or so. I also am sorry I may have posted something that would have required the most cursory of google searches (or even to turn on the news) for people to learn what heartbleed was (though I have no idea why most people would care about the details, the issue was that information they thought was secure was not).
As for my intent, it was always to get siggy fixed. I don't *want* people to be able to know where people were. I don't want them to possibly be able to get other people's API keys, if people were registering for out of game access. I'm sorry if your feelings were hurt by me caring about that sort of stuff.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4563
|
Posted - 2014.04.10 13:47:00 -
[8] - Quote
Ayeson wrote:Two step wrote:
Honestly, I didn't know who to approach about siggy. If you go to the site, it doesn't give you an email or even an eve username to get in touch with (unless I missed it).
I also checked most of the w-space groups I knew about, and when I found issues (which were with like 2 of the 10 I checked), I got in touch with the owners ASAP. Hell, no-ho.com was vulnerable for 12 hours or so.
As I said, I gave the site 36 hours or so to get fixed, and only posted here because I didn't see an alternative. I have nothing to gain or lose by siggy doing well, NOHO is currently a customer of theirs, and I don't want to see my alliancemates spied upon.
Siggy. borkedlabs.com http://evewho.com/corp/borkedLabs/Google fu!
Clearly you are a smarter man than I. I went to www.borkedlabs.com in the hopes that I would find something and just got an error.
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
Two step
Aperture Harmonics
No Holes Barred
4563
|
Posted - 2014.04.10 16:33:00 -
[9] - Quote
Ayeson wrote:Jack Tronic wrote:
That default domain landing page is on a different server. I have 4 different servers under the domain for different purposes.
Why dont you just put a "contact us" page on the siggy.borkedlabs.com site then?
Or even just your name/email, I would totally have reached out that way first!
CSM 7 Secretary
CSM 6 Alternate Delegate
@two_step_eve on Twitter
My Blog
|
| |
|