How dare you say our site's insecure!
-
"... oh, hey, our site's insecure."
"The operator of a website that accepts subscriber logins only over unencrypted HTTP pages has taken to Mozilla's Bugzilla bug-reporting service to complain that the Firefox browser is warning that the page isn't suitable for the transmission of passwords."
Subsequently (at least according to Reddit, so make of that what you will) the users table was dropped via a SQL injection exploit; that could probably be seen as a public service given that passwords were also (unsurprisingly) stored in plaintext.
-
As several commenters have pointed out, the site's subscription page transmits credit card information over plain-vanilla HTTP pages as well.
-
@RaceProUK
Did someone tell MasterCard/Visa/...? Because I'm sure they'd love to know that.
-
@RaceProUK said in How dare you say our site's insecure!:
As several commenters have pointed out, the site's subscription page transmits credit card information over plain-vanilla HTTP pages as well.
Well, yeah, but they have their own security system!
By which I assume they mean they have to unlock the office in the morning or something.
-
@RaceProUK The guy was running an outdated, insecure version of ASP.NET, no password hashing, trivial SQL injection, error pages set to show the full code where it happened, and a public-facing MySQL server.
Yeah, something tells me he's not a security expert.
-
@anonymous234 said in How dare you say our site's insecure!:
Yeah, something tells me he's not
a securityan expert in anything computer-related.
-
On previous episodes of "stupid person gets angry":
That last one is particularly bad because:I am computer literate! I have 22 years in computer systems engineering and operation.
-
@anonymous234 said in How dare you say our site's insecure!:
I am computer literate! I have 22 years in computer systems engineering and operation.
22 years of clicking your way in Windows doesn't make you computer literate
-
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
-
@anonymous234 said in How dare you say our site's insecure!:
On previous episodes of "stupid person gets angry":
https://www.theregister.co.uk/2006/03/24/tuttle_centos/does not onebox; summary: hosting does some maintenance, apache on CentOS ends bad configured, the stock apache error configuration page displays, mentioning CentOs -> major "22 years computer experience" demands CentOS revert it's hacking.
Hilarius!!!
-
@heterodox said in How dare you say our site's insecure!:
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
I've only made it to comment 13 so far and already I'm dying from laughter. He's invoicing Mozilla for the time he spent?
-
Trying to access the site now only results in a 500 error. Seems the admin finally woke up.
-
@Hans_Mueller Or it got hacked and nuked.
-
@heterodox said in How dare you say our site's insecure!:
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
Wasn't that Constellation9 page the OP seemed to run posted here at one point for laughs?
-
@pydsigner Not that I recall... but given the quality of my recollection, probably.
-
@anonymous234 said in How dare you say our site's insecure!:
On previous episodes of "stupid person gets angry":
Well, I think that if God started reporting bugs in my apps I'd damn well fix them.
That last one is particularly bad because:
I am computer literate! I have 22 years in computer systems engineering and operation.
Previously discussed (err, well, noted) here:
https://what.thedailywtf.com/topic/581/centos-vs-city-of-tuttle-oklahomaFollow up:
https://what.thedailywtf.com/topic/617/stupidity-to-the-power-of-two
-
@Fox I've found more hilarious rantings of this "YHWH" person, who also likes to style themself "Melchizedek", "Elijah John Israel", and "An Ordained & Confirmed Lifetime Enemy of satan":
https://www.goodreads.com/book/show/20797414-the-opposite-is-true#
-
@pydsigner said in How dare you say our site's insecure!:
@heterodox said in How dare you say our site's insecure!:
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
Wasn't that Constellation9 page the OP seemed to run posted here at one point for laughs?
I hope so. It's a barrel of laughs.
-
@Fox said in How dare you say our site's insecure!:
@heterodox said in How dare you say our site's insecure!:
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
I've only made it to comment 13 so far and already I'm dying from laughter. He's invoicing Mozilla for the time he spent?
Apparently he never made it to court, because his website has a list of all of his court cases, including a lengthy "Prophecy" foretelling curses upon the lawyers opposing him in one of the cases, and a rant about having to sign a settlement in another, so I don't think he's shy about listing failed cases. Mozilla isn't listed among any of the plaintiffs he's gone against.
-
The site's 404 now.
-
@Fox said in How dare you say our site's insecure!:
including a lengthy "Prophecy" foretelling curses upon the lawyers opposing him in one of the cases
That's the sort of thing that tends to be evidence to encourage courts to declare a person to be a Vexatious Litigant. Not a good move.
-
@dkf This seems a lot more fitting
-
Best part of all this: the Ars commenter who wrote:
Well now I know what to do the next time I need free crowd-sourced penetration testing services.
-
@dkf said in How dare you say our site's insecure!:
@Fox said in How dare you say our site's insecure!:
including a lengthy "Prophecy" foretelling curses upon the lawyers opposing him in one of the cases
That's the sort of thing that tends to be evidence to encourage courts to declare a person to be a Vexatious Litigant. Not a good move.
More material can be found by reading the sole entry on his "discussion forum" for the book I linked above.
3 internetzz to whomever can figure out who wrote it.
-
"The fear of the LORD is the beginning of wisdom:
and the knowledge of the holy is understanding."He obviously doesn't fear the lord enough.
-
@Fox said in How dare you say our site's insecure!:
@pydsigner said in How dare you say our site's insecure!:
@heterodox said in How dare you say our site's insecure!:
@anonymous234 I don't know, the comments on the first one were particularly great. Quoting Scripture is always a good way to get people to do what you want? And so does registering as "YHWH", which I imagine would have to be considered blasphemous.
Wasn't that Constellation9 page the OP seemed to run posted here at one point for laughs?
I hope so. It's a barrel of laughs.
https://what.thedailywtf.com/topic/9509/we-haven-t-done-one-of-these-in-awhile-constellation-seven
-
@Fox I dunno, I kinda feel bad for the guy.
Religious obsession would probably be considered a mental disorder if it wasn't for the shitstorm this would cause.
-
@anonymous234 said in How dare you say our site's insecure!:
@Fox I dunno, I kinda feel bad for the guy.
Religious obsession would probably be considered a mental disorder if it wasn't for the shitstorm this would cause.
I would not be surprised if it would be classified as a mental disorder. However, mental disorders are not an excuse for causing harm to others. This guy published a book which at least 3 people claim to have read and dozens more claim to want to read, and that book contains epic shittons of misinformation, bigotry, and lies, if the description and list of "truths" is anything to go by. There's also a nonzero chance that he explicitly threatened to harm those lawyers, rather than simply implying a threat with his "Prophecy". I don't have patience for people who refuse to help themselves and instead use their delusions to attack others.
-
@dkf said in How dare you say our site's insecure!:
That's the sort of thing that tends to be evidence to encourage courts to declare a person to be a Vexatious Litigant. Not a good move.
In general, if a litigant is, indeed, vexatious, it's a good move for the courts to declare him to be one.
-
@Steve_The_Cynic I think @dkf was saying that it's not a good move to do vexatious stuff as a litigant.
-
@anonymous234 said in How dare you say our site's insecure!:
@Fox I dunno, I kinda feel bad for the guy.
Religious obsession would probably be considered a mental disorder if it wasn't for the shitstorm this would cause.
IMO, religion is a mental disorder.
-
@Planar said in How dare you say our site's insecure!:
IMO,
religionBlindly following an ancient belief system without thinking about what the beliefs are and what their implications are is a mental disorder.Fixed that for me.
This way Politics AND nationality/culture can apply too!
no sense leaving them out!
:-)
-
@accalia said in How dare you say our site's insecure!:
@Planar said in How dare you say our site's insecure!:
IMO,
religionBlindly following an ancient belief system without thinking about what the beliefs are and what their implications are is a mental disorder.Fixed that for me.
This way Politics AND nationality/culture can apply too!
no sense leaving them out!
:-)
What if I think about the implications and then do it anyway?
-
@ben_lubar said in How dare you say our site's insecure!:
@accalia said in How dare you say our site's insecure!:
@Planar said in How dare you say our site's insecure!:
IMO,
religionBlindly following an ancient belief system without thinking about what the beliefs are and what their implications are is a mental disorder.Fixed that for me.
This way Politics AND nationality/culture can apply too!
no sense leaving them out!
:-)
What if I think about the implications and then do it anyway?
well then that would possibly make you an asshole (or not depending on the circumstance and implementation) but since you actually used your brain instead of letting long dead people use your brain for their own purposes it would not be a mental disorder.
-
@accalia said in How dare you say our site's insecure!:
mental disorder
Someone on a certain Steam game's forum said something along the lines of "well, they could be planning to add microtransactions or paid DLC, but I don't think anyone on the dev team is autistic like that".
I am not sure what they think autism is, but it's not what I think it is.
-
@ben_lubar 'autistic' is unfortunately commonly used as an insult. It's the new 'retarded'. Yet more words to have slang meanings.
-
@LB_ said in How dare you say our site's insecure!:
@ben_lubar 'autistic' is unfortunately commonly used as an insult. It's the new 'retarded'.
That's autistic.
-
@accalia said in How dare you say our site's insecure!:
no sense leaving them out!
But you left out modern belief systems.
-
@antiquarian said in How dare you say our site's insecure!:
@accalia said in How dare you say our site's insecure!:
no sense leaving them out!
But you left out modern belief systems.
that's a different entry in the DSM
-
@ben_lubar said in How dare you say our site's insecure!:
I am not sure what they think autism is, but it's not what I think it is.
That's a sentence with some interesting possible interpretations. For example, it leaves open the possibility that you think autism is a kind of chocolate syrup, despite the definitions given in dictionaries and the DSM.
-
...
-
@Planar Well, it's not, simply because it demonstrably appears in the vast majority of humans (independently of culture), which makes it the opposite of a disorder.
It is, however, irrational.
-
@anonymous234 Religion is what happens when an organization manipulates superstition to it's own benefit. Superstition is common in humans, religion should be punished as a crime.
-
@groo I think you just upset a Bible thumper :)
-
@groo said in How dare you say our site's insecure!:
@anonymous234 Religion is what happens when an organization manipulates superstition to it's own benefit. Superstition is common in humans, religion should be punished as a crime.
Please explain to me which "organization" created Christianity and how it benefited from it during the first three centuries of heavy state persecution.
-
@marczellm
All part of the plan to take over the world
-
@marczellm My guess is it started as superstition, then a cult leader got to feed his narcissim with it. I don't really care, it's just another scam.
-
@ben_lubar said in How dare you say our site's insecure!:
@accalia said in How dare you say our site's insecure!:
@Planar said in How dare you say our site's insecure!:
IMO,
religionBlindly following an ancient belief system without thinking about what the beliefs are and what their implications are is a mental disorder.Fixed that for me.
This way Politics AND nationality/culture can apply too!
no sense leaving them out!
:-)
What if I think about the implications and then do it anyway?
Or if I think about the implications and then decide that they're right (and so do it)?
(The way you worded it implies that you concluded it was wrong, and then went against your conscience.)
-
@djls45 said in How dare you say our site's insecure!:
@ben_lubar said in How dare you say our site's insecure!:
@accalia said in How dare you say our site's insecure!:
@Planar said in How dare you say our site's insecure!:
IMO,
religionBlindly following an ancient belief system without thinking about what the beliefs are and what their implications are is a mental disorder.Fixed that for me.
This way Politics AND nationality/culture can apply too!
no sense leaving them out!
:-)
What if I think about the implications and then do it anyway?
Or if I think about the implications and then decide that they're right (and so do it)?
(The way you worded it implies that you concluded it was wrong, and then went against your conscience.)Someone doing something malicious intentionally is less bad than someone doing that same malicious thing by accident because in the latter case one additional person was wronged.
-
I think you fine gentlemen and ladies are looking for the Garage at this point.