Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 13:05

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
 Post subject: Regarding the sampfp
PostPosted: 03 Feb 2009 13:19 

Joined: 03 Feb 2009 13:06
Posts: 1
Hello aluigi. I've been following your progress, (especially on your "Fake_players_bug" projects) for quite a long time now. I've seen lots of your amazing achievements once you completed a request by your guests and members. I understood that your latest version of "Fake_players_bug" (for San Andreas Multiplayer) has been a success; it managed to penetrate through the small hole of the major sa-mp security update (0.2X). It's amazing how your tool work; the players really are invisible and it makes the server to full ignoring the available player slots. I must say I'm impressed by your work. You seems to figure out how the the security update for sa-mp (the version 0.2X); works, therefore continued your "Fake_players_bug" for the sa-mp. My request is; if possible; create a tool which can "crash" the server. You seems to know what this security update updated to the sa-mp server query mechanism. So I was hoping this request can be done somehow; with your specialty. I understand once you created this requested tool, it should not be a tool which is public due to it's power. If you managed to create this server, you could send me the tool via PM or some other way to prevent it from being leaked. You can trust me, but only if you want to. Thanks for reading this aluigi. Keep up the good work. I'm one of your fan.


Top
 Profile  
 
 
 Post subject: Re: Regarding the sampfp
PostPosted: 03 Feb 2009 17:48 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I think that on my website, in my stuff and in what I usually say it's enough clear that:

- everything I do is public (otherwise there is no reason to waste my time), the word "private" doesn't exist in my vocabulary and often the time between the research and the release of the information/code is so short that even I can't say to have something "private" for me for more than some hours

- a proof-of-concept is a demonstration of a vulnerability or of an experimental idea of bug/attack (like in the case of the fake players bug), the fact that then their are abused by some people doesn't change their clear nature (otherwise why loosing time defining them "proof-of-concept" instead of exploit/hack/blah?)

this is the same since when I found my first bug in Apache with notepad and netact (no laughs please ih ih ih) in the 2001.

now, if I ignore the last part of your message and convert it in my mind in something like a request to audit SA:MP for finding vulnerabilities to report to the developers (who are guys like us who develop that stuff for fun in their free time) I can answer that it's an excellent idea, except that I have left the security field from months due to the decreasing of my interest in it.


Top
 Profile  
 
 Post subject: Re: Regarding the sampfp
PostPosted: 04 Feb 2009 15:39 

Joined: 04 Feb 2009 15:37
Posts: 1
Yeah, I'd love to see some kind of SA-MP crasher aswell.
Luigi, if you would be so kind to give it a try, please PM me a link for a download :)
Regards
-A huge fan :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: