|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 13:05
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 3 posts ] |
|
Author |
Message |
Murd0c
|
Post subject: Regarding the sampfp Posted: 03 Feb 2009 13:19 |
|
Joined: 03 Feb 2009 13:06 Posts: 1
|
Hello aluigi. I've been following your progress, (especially on your "Fake_players_bug" projects) for quite a long time now. I've seen lots of your amazing achievements once you completed a request by your guests and members. I understood that your latest version of "Fake_players_bug" (for San Andreas Multiplayer) has been a success; it managed to penetrate through the small hole of the major sa-mp security update (0.2X). It's amazing how your tool work; the players really are invisible and it makes the server to full ignoring the available player slots. I must say I'm impressed by your work. You seems to figure out how the the security update for sa-mp (the version 0.2X); works, therefore continued your "Fake_players_bug" for the sa-mp. My request is; if possible; create a tool which can "crash" the server. You seems to know what this security update updated to the sa-mp server query mechanism. So I was hoping this request can be done somehow; with your specialty. I understand once you created this requested tool, it should not be a tool which is public due to it's power. If you managed to create this server, you could send me the tool via PM or some other way to prevent it from being leaked. You can trust me, but only if you want to. Thanks for reading this aluigi. Keep up the good work. I'm one of your fan.
|
|
Top |
|
|
|
|
|
|
|
aluigi
|
Post subject: Re: Regarding the sampfp Posted: 03 Feb 2009 17:48 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I think that on my website, in my stuff and in what I usually say it's enough clear that:
- everything I do is public (otherwise there is no reason to waste my time), the word "private" doesn't exist in my vocabulary and often the time between the research and the release of the information/code is so short that even I can't say to have something "private" for me for more than some hours
- a proof-of-concept is a demonstration of a vulnerability or of an experimental idea of bug/attack (like in the case of the fake players bug), the fact that then their are abused by some people doesn't change their clear nature (otherwise why loosing time defining them "proof-of-concept" instead of exploit/hack/blah?)
this is the same since when I found my first bug in Apache with notepad and netact (no laughs please ih ih ih) in the 2001.
now, if I ignore the last part of your message and convert it in my mind in something like a request to audit SA:MP for finding vulnerabilities to report to the developers (who are guys like us who develop that stuff for fun in their free time) I can answer that it's an excellent idea, except that I have left the security field from months due to the decreasing of my interest in it.
|
|
Top |
|
|
Justdiespawn
|
Post subject: Re: Regarding the sampfp Posted: 04 Feb 2009 15:39 |
|
Joined: 04 Feb 2009 15:37 Posts: 1
|
Yeah, I'd love to see some kind of SA-MP crasher aswell. Luigi, if you would be so kind to give it a try, please PM me a link for a download :) Regards -A huge fan :)
|
|
Top |
|
|
|
Page 1 of 1
|
[ 3 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|