Better go complain on some 18-year-old!

Hey G33ks,

So, in my previous post I talked about those shitty developers remember?
Ye, so they decided to call my boss :’) (how pathetic)
They also complained that I had links to their website in my exploits :’)
Ye, because you know…
A simple search on the internet wouldn’t have those sites exposed as well…
oh, wait…
They do!
I mean, yes, your link is in my exploit, so what?
Do you really think thousands of people’s are looking at that specific exploit, for that small site, that barely anybody will ever visit, instead of looking at some major exploit on a major site, that millions of people visit each day?

I mean c’mon guys, don’t you have something better to do than complaining to me?
like…
you know…
FIXING THE ACTUAL EXPLOITS!?

Go read THN, Tons of exploits and stuff that are there in major software..
this is software used by millions of people, then why do you complain when some 18-year-old dude finds an exploit in your development site.
Heck, why is your development site even live for everybody?
If you want to prevent these kinds of accidents, then don’t put your sites live, or require passwords, or whatever…
If you put your site on the web, you are literally open for everybody…
If you decide to make it available for everybody, then grow a pair and don’t start crying when somebody finds a little problem and reports it.

 
 

You guys want to educate web developers right?
Well, instead of crying, you should thank me, I just gave an important lesson to you!
Instead of complaining, start learning. (shouldn’t security have been lesson 1 already?)
Your students have been shook for sure (so have I been after I have been hacked a few months ago),
but instead of hating, making other people’s life worse etc. start to think about what you could have done to prevent it all.
Instead of trying to push me away like I’m a criminal, hire me, ask me to help you improve your lessons like normal people would (if you ask nicely and pay my travel fee, I’m even nice enough to help you out for free, you know, because I actually care).

Remember Kevin Mitnick?
Yes, that guy has been convicted since he actually did bad stuff, however, that guy now runs Mitnick Security Consulting LLC.
People didn’t hate him, instead, they hired him!
Then why hate on me?
Because you guys don’t understand me? (something with: “people fear what they don’t understand”?)

This is called development.
Development is a constant battle between defenders and attackers.
Be glad that I was a kind attacker.
I reported the issue nicely (tho, the message itself might have been a little nicer I guess? I just used a generic message, to be honest :mrgreen:)

Instead of being nice, and asking me to help to resolve the issue, you threatened me without even knowing what was going on.
Yes, I should maybe have asked for permission, though I actually got that from one of your students.
She said (though I’ve translated this): “Maybe you could look around on the other sites and see if you can do the same stuff there”
So… there is no blame on me.

Now we could finish this properly in one of either way:
– I can help you improve your lessons, to prevent more of these cases later down the road.
– We can both just part ways as is, and you can continue your bad practices (but don’t blame me if somebody less nice than me comes along).

your choice.

G33k Out!

Leave a reply