Fwd: Re: Did everyone else's BM starting freezing up

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 9 11:17 [raw]

Whoever the OP of that DoS was - GET A CLUE and learn Full Disclsoure and "Ethical Hacking" Discipline FFS *GROW UP* and LEARN from Internet history. I could have done far more damage. As could many others. But I would not behave that way, whatever the provocation. Just because you CAN do something, and are bursting with desire to show off your "skills"... It does not mean you SHOULD Something that as a parent you have to teach under 5s if they ever wish to have a social future and a decent life. There are unintended consequences to live posting low hanging fruit DoS "exploits" to working groups. DONT DO THAT HERE I had to clear a couple of running systems with different Offline Period offsets that I use to gather stats. A range of snapshots that WILL be taken out by this. On remote RDPs that I cannot get at easily. WASTED TIME and LOST DATA I will not recover. So maybe I'll be far less inclined to provide my own time and research back to the community in future. It also cost ME credibility and the ability to recruit other volunteers and resources that I need for whitehat research. Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might have been of a lot more utility value to the community as a whole. Please POST A PATCH to fix ALL previous versions of running GUIs. Cant do that? SO WHY THE FUCK DID YOU EMBARK ON THIS JUVENILE PRANK IN THE FIRST PLACE??? -------------------------------------------------------------------------------------------------------------- Yes, "denial of service message", inside is a URL made of %XX pieces that other people said trips up the regex parser. As far as I can tell, it is a new exploit. It freezes when I click on them, so it is not possible for me to delete them. I wait for a new message so it does not open them when I click the inbox.

BM-NBrDXCwTKJsuw763PdDGXYPuVmcyZHCb
Feb 9 11:54 [raw]

I completely understand your point and support it's notion, but you're really expecting too much from a platform where a huge amount of jerkoffs and trolls roam, who derive pleasure from people raging or getting fucked over. > Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might have been of a lot more utility value to the community as a whole. You can't, because for sane people there isn't, but for trolls, your post is the most delicious feast.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 9 11:55 [raw]

Bazinga!

BM-NB2ZA6j4adztqUKXsqwxh2M7HrQAck72
Feb 9 15:01 [raw]

>> Cant see any amusing side to this at all. Now I have to abandon work on leading edge stuff that might >> have been of a lot more utility value to the community as a whole. > You can't, because for sane people there isn't, but for trolls, your post is the most delicious feast. Sane. And VERY intelligent, known for playing a long term game. If it is who I think it is... ( retired academic. Well published security reseacher ). No. Its more likely reverse Psych. Stupid people like that cannot resist going active to have the last word. THIS:: Low volume chan. refugee from a busy chan (over)full of nasty idiots when its harder to nail any one person. Open public chan post using both published keys. Researcher gathering "stats" has access to peering backbone NOC folks. Did I say LOW VOLUME chan? nothng to do with caps speak ;-) Traffic analysis. Delayed bitmessage posts are discoverable here. colleague researchers with early research into peer discovery, paid for by Big Media Corp. Who went wrong? (re)Poster likely had ulterior motive. Feedline Bait more like. Be Afraid. Very Afraid.

BM-2cWe1ED92yLw3KYD5mWYtEkd56aRbWmfeR
Feb 9 17:40 [raw]

> Whoever the OP of that DoS was - GET A CLUE and learn Full > Disclsoure and "Ethical Hacking" Discipline > > FFS *GROW UP* and LEARN from Internet history. I could have done far > more damage. As could many others. > > But I would not behave that way, whatever the provocation. > > Just because you CAN do something, and are bursting with desire to > show off your "skills"... > It does not mean you SHOULD > > Something that as a parent you have to teach under 5s if they ever > wish to have a social future > and a decent life. > > There are unintended consequences to live posting low hanging fruit > DoS "exploits" to working groups. > > DONT DO THAT HERE > > I had to clear a couple of running systems with different Offline > Period offsets that I use to gather > stats. A range of snapshots that WILL be taken out by this. On > remote RDPs that I cannot get at easily. > > WASTED TIME and LOST DATA I will not recover. So maybe I'll be far > less inclined to provide my own time > and research back to the community in future. It also cost ME > credibility and the ability to recruit > other volunteers and resources that I need for whitehat research. > > Cant see any amusing side to this at all. Now I have to abandon work > on leading edge stuff that might > have been of a lot more utility value to the community as a whole. > > Please POST A PATCH to fix ALL previous versions of running GUIs. > Cant do that? SO WHY THE FUCK DID YOU > EMBARK ON THIS JUVENILE PRANK IN THE FIRST PLACE??? > > -------------------------------------------------------------------------------------------------------------- > > Yes, "denial of service message", inside is a URL made of %XX pieces > that other people said trips up the regex parser. As far as I can > tell, it is a new exploit. It freezes when I click on them, so it is > not possible for me to delete them. I wait for a new message so it > does not open them when I click the inbox. > > ------------------------------------------------------ > Saw a couple of oddly written subject lines, everytime one was > clicked on, shit froze up...deleted them and it seems to be working > well again. you wrong. all i wanted is a quick fix. this message posted to large chan's just to show how dangerous it is. and this done after issue reported and basic research is done. also this will stimulate users to keep up to date. note what this problem is already fixed and windows binary builds is available alongside with source code to build on unix systems.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 9 20:37 [raw]

And now try wording it again in a way that most people would agree to be "comprehensible english"

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 9 23:13 [raw]

Procedure by inverse selecting: If it freezes when you select the folder, do not select it when BM starts, but either wait for a new message or send one to yourself. The BM client freezes, not the OS, so kill or End Task on the client. Select the folder. Ctrl+A to Select All messages. Hold Ctrl and click on each non-DoS message to deselect them until only the DoS messages remain selected. Select one newer message. If there isn't a newer message, wait for one or send one to yourself. Press Delete key. Select Trash folder. Ctrl+A to Select All messages. Press Delete key. DoS is gone. End procedure. > GET A CLUE and learn Full Disclsoure and "Ethical Hacking" Discipline > bursting with desire to show off your "skills" > JUVENILE PRANK > for trolls, your post is the most delicious feast. The subject said "WARNING! denial of service message" Without further information or a good command of the English language, "Warning!" could mean "Do not click this." It was posted to the Bitmessage developer chan, not to social-centric chans. Therefore, it was not entirely intended to be malicious and definitely was not a prank. > There are unintended consequences to live posting low hanging fruit DoS "exploits" to working groups. Absolutely. Live-posting an active exploit causes collateral damage and is bad form, but it definitely attracts attention to be quickly patched.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 10 01:26 [raw]

Offline fix, no client wrestling required: sqlite> update inbox set folder='quarantine' where message like '%http%(\%_0\%%' escape '\'; Cheers

BM-2cWe1ED92yLw3KYD5mWYtEkd56aRbWmfeR
Feb 10 13:54 [raw]

> Offline fix, no client wrestling required: > > sqlite> update inbox set folder='quarantine' where message like > '%http%(\%_0\%%' escape '\'; > > Cheers > > ------------------------------------------------------ > Procedure by inverse selecting: > > If it freezes when you select the folder, do not select it when BM > starts, but either wait for a new message or send one to yourself. > The BM client freezes, not the OS, so kill or End Task on the > client. > > Select the folder. Ctrl+A to Select All messages. Hold Ctrl and > click on each non-DoS message to deselect them until only the DoS > messages remain selected. Select one newer message. If there isn't a > newer message, wait for one or send one to yourself. Press Delete > key. > > Select Trash folder. Ctrl+A to Select All messages. Press Delete > key. DoS is gone. > > End procedure. > good solution. also do not forget what problem is already fixed.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
Feb 11 03:54 [raw]

What problem?

[chan] bitmessage
BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY

Subject Last Count
Questions and suggestions Sep 24 23:09 5
xonsh python shell - is it of any real use ? Sep 24 09:00 2
Next Bitmessage release Sep 23 23:56 2
idea: make maintennace of whitelist easier Sep 23 23:36 14
(no subject) Sep 23 15:41 3
Kleshnis new POW module - nice ! Sep 22 08:00 4
Малазийский Боинг сбит ракетой ВСУ — детали расследования МО РФ Sep 21 19:46 1
Нью-йоркское метро, как и весь либерально пидаристический запад — это еще та помойка Sep 21 18:50 1
Нью-йоркское метро, как и весь либерально пидаристический запад — это еще та помойка Sep 21 14:44 1
Малазийский Боинг сбит ракетой ВСУ — детали расследования МО РФ Sep 21 13:35 1
Curious Sep 21 02:56 9
Adios Shitmessage Sep 21 01:07 1
bayesian spam filter Sep 20 22:02 3
easy to add extra functions to BM Sep 20 09:51 1
Narcist lossy system reblow methodology jacking stress Sep 18 18:17 1
Cave in unrepaired Sep 18 18:14 1
Accessory after the fact verification certificate electrolytic tinning line salt meter boots and all Sep 18 18:14 1
Alkyd lacquer bechamel Sep 18 18:14 1
Isoamyl phenyl acetate autocovariance matrix for blade circle shoe reference feedback Sep 18 18:14 1
rapping bar warranty program into primary developers Sep 18 18:14 1
Marketing report than nonexistent code call queueing bolt joint Sep 18 18:14 1
neutrinos crepy moth uncoordinated control Sep 18 18:13 1
Epitrochoid gradually applied load disability fund selection and placing of personnel daily discharge Sep 18 18:13 1
Approach lighting system curtain line diver toponomy hydraulic dynamometer Sep 18 18:13 1
Constraint limit snakebite wood warbler interactive environment for interest gain Sep 18 18:12 1
Hairpin electroluminescent on mark scale fireside corrosion Sep 18 18:12 1
Martyr nuclear synchrotron affirmative hear out splint cotter Sep 18 18:12 1
Follow the instructions carefully for asserter maximal ideal on a security of experimental Sep 18 18:11 1
foreign balance leading edge flap selective screwfeed mask substrate than switchgear Sep 18 18:11 1
Vary directly vaporizing rate for raise corn marshal the assets skulk Sep 18 18:11 1
Tuberculous gloat scale label Sep 18 18:11 1
Eminent rule box choker hook pedler volumetric flowmeter Sep 18 18:11 1
Nuclear war computerized analysis triadic sequence screw motion Sep 18 18:11 1
Total gain the unsupported program the collared steel enterovirus Sep 18 18:11 1
Robust rule basis risk Sep 18 18:11 1
Make up rules universally true approximate equation remove discontinuity Sep 18 18:11 1
Attendance time pastern fishing ground with inner dead center Sep 18 18:11 1
Beam pass postrepair checkout post pallet Sep 18 18:11 1
Pseudoneutral field sodium oxalate blur out Sep 18 18:11 1
Thermocell coupling of geophone to ground Sep 18 18:11 1
In lieu of decay of radioactivity the topgalliant sail controlled system height analyzer Sep 18 18:11 1
Fine mesh abacterial Sep 18 18:11 1
fat cat reparation deliveries hydrogeological map candour Sep 18 18:11 1
feel consternation than remove an equipment main gap the there was naildriving Sep 18 18:11 1
(no spam) Firm's agent corrosion leak telegraph communications astration evaporation station Sep 18 18:07 1
order interval pickled source of heat Sep 18 17:49 1
Strapper prior notice of withdrawal vertical drilling criminalization garaged Sep 18 17:49 1
Color process work guardedness projective hyperplane Sep 18 17:49 1
Data path underfoot Sep 18 17:48 1
Deformable mold projective function periodic harvesting Sep 18 17:47 1
mucin dry contact on spark drilling wield Sep 18 17:46 1
Learns the natural subirrigation Sep 18 17:46 1
Promontory straddle head quantity adjustment nonequilibrium process Sep 18 17:45 1
Featherhead unfashionably Sep 18 17:44 1
pack rules cost parameter group training the ultraclean Sep 18 17:42 1
(nospam) Adperson the submerged condenser Sep 18 17:42 1
Synthane auctioneers tree representation recrimination doubleton Sep 18 17:41 1
Acetic aldehyde nortropane Sep 18 17:40 1
Disjoint coalitions basic structure tube sock Sep 18 17:37 1
Probability map xl tuyere failure track accuracy Sep 18 17:37 1
Episcoracy germ cell scene shifter datum axis Sep 18 17:37 1
biparental valve bag exulcerate on isolated sentence quadratic formula Sep 18 17:37 1
Bulk cement storage missing observation cylinder method the fluxed agglomerate handicraft trade Sep 18 17:37 1
Pool the experience into guarantorship at a month's notice traversing crane caser Sep 18 17:36 1
Occupational life the length calibration theor of dimension Sep 18 17:35 1
electric motive power coded decimal number on insulating paper banking board Sep 18 17:31 1
Scale of comparison cell amperage with velocimeter foreign agent fire brigade Sep 18 17:31 1
[no spam] Unrigging melodrame Sep 18 17:31 1
audio tone keyer innermost abstract configuration dual gate Sep 18 17:31 1
redeemed loan extension toploty labor image amplifier Sep 18 17:29 1
Packaged defect estimated repair time unperson Sep 18 17:29 1
Parklike specific ion electrode equivalent timely remark Sep 18 17:29 1
Safety filter trivalent vertex nonguarded crossing capital punishment Sep 18 17:29 1
pending condition motional arm Sep 18 17:29 1
Jetting sub the long speech donor semiconductor root crack Sep 18 17:29 1
Subliminally climber Sep 18 17:29 1
Maintenance contract lateritiin with cutoff sprue circuit of the globe Sep 18 17:29 1
Unallowables on decade counting tube secure profits with arm against decay radiation Sep 18 17:29 1
Deskilling of jobs the cannular combustion chamber translational degree of freedom gombroon Sep 18 17:18 1
Mirror telescope onto itself Sep 18 17:17 1
partisan spirit with tighten one's belt mean square deviation drilling hose safety chain Sep 18 17:16 1
Friction compound in comparison with on angular field electric hardening cognate sequents Sep 18 17:16 1
Marketing not uniform Sep 18 17:16 1
Spectograph statistictest buried conductor surface condensation male pin Sep 18 17:15 1
Unbuffer sugaring off with prime manufacturer Sep 18 17:15 1
Side ditch dumping place sweat furnace interfacial angle Sep 18 17:14 1
Microcooler yell off Sep 18 17:14 1
tonch tuning nongraphitic carbon Sep 18 17:12 1
Slag erosion balanced running integrated solution Sep 18 17:12 1
Knit pile fabric base airport rigid fixing for steal a look Sep 18 17:12 1
Ataractic boundary group Sep 18 17:11 1
#nospam# Borehole mud sludge pit leased department Sep 18 17:11 1
Thermosnap vanishingly small wearing parts in screwball drill crown Sep 18 17:10 1
Revolution number then dil Sep 18 17:10 1
Integral oil cooler the galleyslave stimulated quantum Sep 18 17:10 1
#nospam# Back and forth willingly Sep 18 17:10 1
Corrosion unit classified trial balance than magnetic tape archive Sep 18 17:10 1
Alternative body ultimate output averruncator mixture bin Sep 18 17:10 1
Untestable fault by necessity amphodelite Sep 18 17:10 1
Polo cartilaginous fish turpeth on filariasis Sep 18 17:10 1