Fwd: Re: Did everyone else's BM starting freezing up

[chan] bitmessage
Feb 9 11:17 [raw]

Whoever the OP of that DoS was - GET A CLUE and learn Full Disclsoure and "Ethical Hacking" Discipline FFS *GROW UP* and LEARN from Internet history. I could have done far more damage. As could many others. But I would not behave that way, whatever the provocation. Just because you CAN do something, and are bursting with desire to show off your "skills"... It does not mean you SHOULD Something that as a parent you have to teach under 5s if they ever wish to have a social future and a decent life. There are unintended consequences to live posting low hanging fruit DoS "exploits" to working groups. DONT DO THAT HERE I had to clear a couple of running systems with different Offline Period offsets that I use to gather stats. A range of snapshots that WILL be taken out by this. On remote RDPs that I cannot get at easily. WASTED TIME and LOST DATA I will not recover. So maybe I'll be far less inclined to provide my own time and research back to the community in future. It also cost ME credibility and the ability to recruit other volunteers and resources that I need for whitehat research. Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might have been of a lot more utility value to the community as a whole. Please POST A PATCH to fix ALL previous versions of running GUIs. Cant do that? SO WHY THE FUCK DID YOU EMBARK ON THIS JUVENILE PRANK IN THE FIRST PLACE??? -------------------------------------------------------------------------------------------------------------- Yes, "denial of service message", inside is a URL made of %XX pieces that other people said trips up the regex parser. As far as I can tell, it is a new exploit. It freezes when I click on them, so it is not possible for me to delete them. I wait for a new message so it does not open them when I click the inbox.

BM-NBrDXCwTKJsuw763PdDGXYPuVmcyZHCb <<Ext>>
Feb 9 11:54 [raw]

I completely understand your point and support it's notion, but you're really expecting too much from a platform where a huge amount of jerkoffs and trolls roam, who derive pleasure from people raging or getting fucked over. > Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might have been of a lot more utility value to the community as a whole. You can't, because for sane people there isn't, but for trolls, your post is the most delicious feast.

[chan] bitmessage
Feb 9 11:55 [raw]

Bazinga!

BM-NB2ZA6j4adztqUKXsqwxh2M7HrQAck72
Feb 9 15:01 [raw]

>> Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might >> have been of a lot more utility value to the community as a whole. > You can't, because for sane people there isn't, but for trolls, your post is the most delicious feast. Sane. And VERY intelligent, known for playing a long term game. If it is who I think it is... ( retired academic. Well published security reseacher ). No. Its more likely reverse Psych. Stupid people like that cannot resist going active to have the last word. THIS:: Low volume chan. refugee from a busy chan (over)full of nasty idiots when its harder to nail any one person. Open public chan post using both published keys. Researcher gathering "stats" has access to peering backbone NOC folks. Did I say LOW VOLUME chan? nothng to do with caps speak ;-) Traffic analysis. Delayed bitmessage posts are discoverable here. colleague researchers with early research into peer discovery, paid for by Big Media Corp. Who went wrong? (re)Poster likely had ulterior motive. Feedline Bait more like. Be Afraid. Very Afraid.

BM-2cWe1ED92yLw3KYD5mWYtEkd56aRbWmfeR
Feb 9 17:40 [raw]

> Whoever the OP of that DoS was - GET A CLUE and learn Full > Disclsoure and "Ethical Hacking" Discipline > > FFS *GROW UP* and LEARN from Internet history. I could have done far > more damage. As could many others. > > But I would not behave that way, whatever the provocation. > > Just because you CAN do something, and are bursting with desire to > show off your "skills"... > It does not mean you SHOULD > > Something that as a parent you have to teach under 5s if they ever > wish to have a social future > and a decent life. > > There are unintended consequences to live posting low hanging fruit > DoS "exploits" to working groups. > > DONT DO THAT HERE > > I had to clear a couple of running systems with different Offline > Period offsets that I use to gather > stats. A range of snapshots that WILL be taken out by this. On > remote RDPs that I cannot get at easily. > > WASTED TIME and LOST DATA I will not recover. So maybe I'll be far > less inclined to provide my own time > and research back to the community in future. It also cost ME > credibility and the ability to recruit > other volunteers and resources that I need for whitehat research. > > Cant see any amusing side to this at all. Now I have to abandon work > on leading edge stuff that might > have been of a lot more utility value to the community as a whole. > > Please POST A PATCH to fix ALL previous versions of running GUIs. > Cant do that? SO WHY THE FUCK DID YOU > EMBARK ON THIS JUVENILE PRANK IN THE FIRST PLACE??? > > -------------------------------------------------------------------------------------------------------------- > > Yes, "denial of service message", inside is a URL made of %XX pieces > that other people said trips up the regex parser. As far as I can > tell, it is a new exploit. It freezes when I click on them, so it is > not possible for me to delete them. I wait for a new message so it > does not open them when I click the inbox. > > ------------------------------------------------------ > Saw a couple of oddly written subject lines, everytime one was > clicked on, shit froze up...deleted them and it seems to be working > well again. you wrong. all i wanted is a quick fix. this message posted to large chan's just to show how dangerous it is. and this done after issue reported and basic research is done. also this will stimulate users to keep up to date. note what this problem is already fixed and windows binary builds is available alongside with source code to build on unix systems.

[chan] bitmessage
Feb 9 20:37 [raw]

And now try wording it again in a way that most people would agree to be "comprehensible english"

[chan] bitmessage
Feb 9 23:13 [raw]

Procedure by inverse selecting: If it freezes when you select the folder, do not select it when BM starts, but either wait for a new message or send one to yourself. The BM client freezes, not the OS, so kill or End Task on the client. Select the folder. Ctrl+A to Select All messages. Hold Ctrl and click on each non-DoS message to deselect them until only the DoS messages remain selected. Select one newer message. If there isn't a newer message, wait for one or send one to yourself. Press Delete key. Select Trash folder. Ctrl+A to Select All messages. Press Delete key. DoS is gone. End procedure. > GET A CLUE and learn Full Disclsoure and "Ethical Hacking" Discipline > bursting with desire to show off your "skills" > JUVENILE PRANK > for trolls, your post is the most delicious feast. The subject said "WARNING! denial of service message" Without further information or a good command of the English language, "Warning!" could mean "Do not click this." It was posted to the Bitmessage developer chan, not to social-centric chans. Therefore, it was not entirely intended to be malicious and definitely was not a prank. > There are unintended consequences to live posting low hanging fruit DoS "exploits" to working groups. Absolutely. Live-posting an active exploit causes collateral damage and is bad form, but it definitely attracts attention to be quickly patched.

[chan] bitmessage
Feb 10 01:26 [raw]

Offline fix, no client wrestling required: sqlite> update inbox set folder='quarantine' where message like '%http%(\%_0\%%' escape '\'; Cheers

BM-2cWe1ED92yLw3KYD5mWYtEkd56aRbWmfeR
Feb 10 13:54 [raw]

> Offline fix, no client wrestling required: > > sqlite> update inbox set folder='quarantine' where message like > '%http%(\%_0\%%' escape '\'; > > Cheers > > ------------------------------------------------------ > Procedure by inverse selecting: > > If it freezes when you select the folder, do not select it when BM > starts, but either wait for a new message or send one to yourself. > The BM client freezes, not the OS, so kill or End Task on the > client. > > Select the folder. Ctrl+A to Select All messages. Hold Ctrl and > click on each non-DoS message to deselect them until only the DoS > messages remain selected. Select one newer message. If there isn't a > newer message, wait for one or send one to yourself. Press Delete > key. > > Select Trash folder. Ctrl+A to Select All messages. Press Delete > key. DoS is gone. > > End procedure. > good solution. also do not forget what problem is already fixed.

[chan] bitmessage <<Ext>>
Feb 11 03:54 [raw]

What problem?

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
hyperboria node [fc5b:acf7:9762:439c:394d:02bb:d603:05de]:8444 May 22 16:44 2
Feature request: delete all messages from user May 22 10:46 2
Now, following my own advice, adding channel bitmessage and general to the blacklist May 22 07:05 8
(no subject) May 22 06:46 7
Github Wiki complaint May 21 08:49 12
EFAIL?! May 21 08:25 26
ERROR - Error Processing May 21 08:25 3
Curious May 21 02:17 32
Is bitmessage within whonix bad? May 20 21:24 14
Duplicate messages May 20 21:08 1
Download of Windows binary from Bitmessage.org May 20 07:25 3
How to create a "send only" bitmessage address May 20 04:35 1
/join #bitmessage on eris.us.ircnet.net :6667 May 19 21:46 3
hey - why not make pyBM as shitty as "Signal-App" by Marlinspike ? May 19 20:30 7
use Claws mail-App with pyBM and python May 19 20:28 5
A question May 18 23:24 2
A Few Bitmessage Internals for New Users May 18 23:08 5
May 18 17:33 1
Ideas for countering trolls and spam May 18 12:54 98
DARKNET DIRECTORY ASSISTANCE May 18 02:25 1
Broadcast messages May 17 23:24 24
2018 : Der junge Karl Marx -- youtube.com/watch?v=AbM76KUm4IM -- 2 hours "Le Jeune Karl Marx" May 17 20:24 1
Signal-App is complete shit May 17 20:24 13
May 17 19:49 2
OTR interception May 17 18:00 3
auto renew one's canary using broadcast or [chan] ? May 17 10:51 1
latest in the spy world May 16 14:14 3
Curious -- GUIfied pyBM-CLI May 16 13:47 1
efail vulns May 16 13:21 1
how does the namecoin feature work? May 16 07:24 3
Email campaign to promote Bitmessage? May 15 18:09 1
NSA doesn't joke, folks May 14 23:26 2
Beaker May 14 19:27 1
Bitmessage Bug - Re: Now, following my own advice, adding channel bitmessage and general to the blacklist May 14 16:21 3
Ideas for countering trolls and spam - technology. May 14 16:21 9
BITMESSAGE May 14 14:58 2
BM in firejail May 14 14:24 1
Team Revenge May 14 09:54 1
What are these messages? May 13 07:57 8
Bitmessage Bug? May 10 19:59 1
TOR -> VPN -> TOR May 10 14:57 2
Bitmessage on Raspi May 10 09:32 2
Bloom Filter for Routing May 10 09:04 1
Alternative treatment of Bitmessage addresses for use as public channels May 9 16:12 4
deterministic passphrases May 8 16:54 21
nothing wrong with suicide these days May 8 10:30 2
What's Peter Todd's public key? May 8 10:27 7
BMinstallMenu - easy download + run Bitmessage from py source in one single menu May 8 08:46 1
BMinstallMenu - easy download + run Bitmessage from py source in one single menu May 7 18:38 2
Why there are so many alternative Bitmessage implementations? May 7 18:31 14
modding pyBM May 7 18:17 4
bm hidden service settings May 7 10:48 1
bitmessage feature proposal May 7 10:38 1
This shit world May 7 07:22 2
Outgoing connections May 7 04:53 2
"time to live" ? May 7 03:27 2
OTR on Bitmessage May 7 02:06 31
Newbies! READ ME! (Bitmessage Primer) May 7 00:43 1
For Bitmessage Devs - GUI Interface Design May 6 23:18 1
O M E G A May 6 19:14 14
Bitmessage being sandbagged? May 6 05:55 3
Is Peter Surda around? Why stop signing technical messages? May 5 22:40 3
How to decrypt past objects? May 5 08:18 14
PyBM Error - no sufficient space in / partition but /home have lot's of free space May 4 13:42 3
Anybody seen this error before? May 4 12:58 4
<h1>HTML tags are enabled in subject tooltips</h1> May 3 22:17 3
is that right? May 3 07:33 6
RE: pyinstaller binaries do not run May 2 07:37 1
RE: hidden chan? May 1 06:05 1
hidden chan? Apr 30 16:15 2
bitmessage takes long to connect and finds only few peers Apr 29 10:54 2
pyinstaller binaries do not run Apr 29 09:43 4
ready-made Linux distro with BM included via TOR : "Merlot" Apr 29 09:27 1
landing page - better looks Apr 26 23:45 1
BMinstallMenu - easy download + run Bitmessage from py source in one single menu Apr 26 07:02 1