Can confirm that Siggy has been compromised and is leaking personal information.

Went through my online checking account bank statements this morning and discovered some suspicious payments to HungCollegeHunks and BackdoorBandits.com.

Pretty sure those are just your normal subscriptions.

Confirmed as a better option

Does that mean people will fight us now?

as you are basically broadcasting your location to anyone who cares to find out.

That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population.

Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.

Slander. Interesting.

I've used both. I prefer siggy.

That might be a slight exaggeration. I for one have no idea how to exploit this bug to hack Siggy and the same is true for probably 99.7% of the rest of the EVE population.

Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.

Siggy's security has been lacking since it got released, it's nothing new.
That said, there are no alternatives to it that are anywhere close so people don't care.

Also, that one guy developing a gaming tool for fun has not yet fixed his tool two days after the most severe vulnerability in the history of the real-life internet has been discovered, might maybe be forgiven. Even if it allowed poor Maes Trent to be exposed as a Cerberus pilot.

Lastly - Siggy has had major security issues for years... and I'm talking about JUST web server security, not the creator handing out personal data to friends.

get off your high horse, there is no "Backdoor" into siggy for bros

While we're slandering, Tripwire makes me want to vomit the UI is atrocious and Its lack of customizability makes me want to abort it with a coathanger.

Yes i'm in a bad mood.

I honestly don't know why Two Step would be a douche and post this on a public forum first? Did you even approach the siggy guy to tell them what is possible and ask that it be fixed before you spurged it over here for everyone to see?

Seems to me that you have some personal issue with this guy and you have done this spurge to ruin the in game business he has going for a lot of work invested by him regardless of peoples views on siggy (personally i don't like siggy) It just seemed a douche way to go about this Two Step.

In other traffic related news, I'm in Phoenix waiting on a corner for Proc to give me a handy.

Also this did not require most secure servers to have to change or update anything, it was not a very big vulnerability... most tech news sites never even posted anything about it.

well we used tripwire for about 3 hours before switching back to siggy, buggy or not.
tripwire... yeah... >_<

well we used tripwire for about 3 hours before switching back to siggy, buggy or not.
tripwire... yeah... >_<

Literally they started toying with it while i was moving in... by time i logged they had decided it was **** and we would just deal with siggy.

I honestly don't know why Two Step would be a douche and post this on a public forum first? Did you even approach the siggy guy to tell them what is possible and ask that it be fixed before you spurged it over here for everyone to see?

Seems to me that you have some personal issue with this guy and you have done this spurge to ruin the in game business he has going for a lot of work invested by him regardless of peoples views on siggy (personally i don't like siggy) It just seemed a douche way to go about this Two Step.

Honestly, I didn't know who to approach about siggy. If you go to the site, it doesn't give you an email or even an eve username to get in touch with (unless I missed it).

I also checked most of the w-space groups I knew about, and when I found issues (which were with like 2 of the 10 I checked), I got in touch with the owners ASAP. Hell, no-ho.com was vulnerable for 12 hours or so.

As I said, I gave the site 36 hours or so to get fixed, and only posted here because I didn't see an alternative. I have nothing to gain or lose by siggy doing well, NOHO is currently a customer of theirs, and I don't want to see my alliancemates spied upon.

evemail bugs/issues/complaints

EVEMAIL!!!! bugs/issues/complaints

Literally they started toying with it while i was moving in... by time i logged they had decided it was **** and we would just deal with siggy.

Honestly, I didn't know who to approach about siggy. If you go to the site, it doesn't give you an email or even an eve username to get in touch with (unless I missed it).

I also checked most of the w-space groups I knew about, and when I found issues (which were with like 2 of the 10 I checked), I got in touch with the owners ASAP. Hell, no-ho.com was vulnerable for 12 hours or so.

As I said, I gave the site 36 hours or so to get fixed, and only posted here because I didn't see an alternative. I have nothing to gain or lose by siggy doing well, NOHO is currently a customer of theirs, and I don't want to see my alliancemates spied upon.

It was a douchie move. Your thread title is damaging beyond repair for those that A: don't know siggy, and B: don't have a clue what heart bleed is. You started this thread with clear intent to do damage.

Your post lacks character and supports the main stream message that standards are low for CSM members afterall.

Siggy.borkedlabs.com

http://evewho.com/corp/borkedLabs/

Google fu!

As for my intent, it was always to get siggy fixed. I don't *want* people to be able to know where people were. I don't want them to possibly be able to get other people's API keys, if people were registering for out of game access. I'm sorry if your feelings were hurt by me caring about that sort of stuff.

siggy says Y790 WH is 1bil, it's not.

Edit: Yeah the default webpage is just an apache landing page, you should probably get on that JACK.

That default domain landing page is on a different server. I have 4 different servers under the domain for different purposes.

Why dont you just put a "contact us" page on the siggy.borkedlabs.com site then?

Or even just your name/email, I would totally have reached out that way first!

Honestly, I didn't know who to approach about siggy. If you go to the site, it doesn't give you an email or even an eve username to get in touch with (unless I missed it).

I also checked most of the w-space groups I knew about, and when I found issues (which were with like 2 of the 10 I checked), I got in touch with the owners ASAP. Hell, no-ho.com was vulnerable for 12 hours or so.

As I said, I gave the site 36 hours or so to get fixed, and only posted here because I didn't see an alternative. I have nothing to gain or lose by siggy doing well, NOHO is currently a customer of theirs, and I don't want to see my alliancemates spied upon.

Out of curiosity. Isn't hacking a website in the states a federal offence?

Personally I don't care but if it is I sure wouldn't be publicly admitting to it.

If you look back at my forum posting history, I have always been like this, sorry if you got tricked into voting for me.

Out of curiosity. Isn't hacking a website in the states a federal offence?

Personally I don't care but if it is I sure wouldn't be publicly admitting to it.

get off your high horse, there is no "Backdoor" into siggy for bros

While we're slandering, Tripwire makes me want to vomit the UI is atrocious and Its lack of customizability makes me want to abort it with a coathanger.

Yes i'm in a bad mood.

Nope, all you have to do is put #NSA somewhere in your code then its all legal.

I am a victim


There are people hate being compared to criminals. They use their knowledge and make it either for good causes or to show that they are able. Do not think about the destruction of systems and sites help repair their faults. But I my Cross Scripting Style victim .... all the isk donation is the well came (ships or ISK) for damages suffered. Thanks!


And Dont forget, The Earth is a Triangle;)