Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   Bridgetown Botanicals Bridgetown Botanicals   Left Coast Kratom Buy Kratom Capsules   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: < Back | 1 | 2  [ show all ]
InvisibleEllisDSox
King Hella!

Registered: 01/22/07
Posts: 25,730
Re: I'm Out [Re: John Nada] * 2
    #23668340 - 09/22/16 02:47 PM (7 years, 5 months ago)

You're fucking out, I'm fucking in.


--------------------
Disclaimer: If you have any kind of heart condition, my posts are not for you. You could literally die from reading the first couple of words in any one of them. Scroll down the page, live your life and prosper, but don't read my posts because your heart will probably explode. I am not joking.

Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery

Registered: 08/08/97
Posts: 18,803
Loc: NY/MA/VT Borderlands Flag
Last seen: 9 hours, 52 minutes
Re: I'm Out [Re: falsereality] * 2
    #23668482 - 09/22/16 03:26 PM (7 years, 5 months ago)

Thanks a lot for taking the time to explain. It's always nice to get a vulnerability report from someone who knows what they're talking about! I do wish you'd approached me about it directly, we're not stingy with our bug bounties and we're always looking for opportunities to partner with talented programmers to further develop the site. But, I understand you may not be looking for more professional obligations, and it can be hard to resist poking at a site's code. I've certainly been guilty of this myself over the years. I wouldn't trust a programmer who's never been curious enough to poke around where they don't belong!

So basically, we don't seem to be leaking privileged information, this comes down to the fact that we typically only have ~100 - 300 registered members online at any one time, and using historical data it's possible to narrow that pool by correlating the timestamp of anonymous posts with the timestamp of non-anonymous posts, and figuring out both the common times a user is likely to post and also how much time tends to elapse between them posting. With this information it can be possible to make an informed guess at the identity of an anonymous poster, although it wouldn't be possible to confirm.

I'm not convinced this is as effective as you claim. For example, these are the top five threads in the Anon forum at the moment:
https://www.shroomery.org/forums/showflat.php/Number/23663667#23663667
https://www.shroomery.org/forums/showflat.php/Number/22390595#22390595
https://www.shroomery.org/forums/showflat.php/Number/23491387#23491387
https://www.shroomery.org/forums/showflat.php/Number/23448803#23448803
https://www.shroomery.org/forums/showflat.php/Number/23643081#23643081

You've said you have a proof-of-concept, but are you actually able to identify the OP in any one of those threads with reasonable confidence? (Obviously, if so, please only reveal them to me privately.) I feel like I understand your description, but I can't get your reported results with my implementation (even with full access to our metadata, and the ability to check my accuracy and iterate based on the results). If you have working code we might want to buy it from you, if for no other reason than to help test our remediation efforts. But it'd have to work a lot better than my own attempt. In the past I've played around with similar concepts for puppet detection, and they were never anywhere close to accurate enough to put into service.

As far as the ratings go, you definitely exposed an example where our algorithm could be manipulated, and we need to fix it (by changing our formula, not by banning people who try to take advantage of it :tongue:). I've adjusted things so your exploit is no longer viable, but I'll need to set aside some time to pursue a better formula which more accurately reflects our intentions.

Also, I want to thank you because your post got me looking through our code more closely and I did find one vulnerability which could directly reveal any anonymous poster. But our members should know that's fixed now, it was due to a decomissioned script in a non-standard location, and in the access logs we've retained, I don't see any hits which might have revealed sensitive data.

Extras: Filter Print Post Top
Offlinesprinkles
otd president
Other User Gallery

Registered: 10/13/12
Posts: 21,527
Loc: washington state Flag
Last seen: 3 years, 1 month
Re: I'm Out [Re: Ythan]
    #23668614 - 09/22/16 04:12 PM (7 years, 5 months ago)

:blah: castle of words I understand not.


nerds will rule the land when virtual reality hits mainstream.  no one will live in reality anymore.  people will find it easier to manipulate a false reality than real reality to attain what they want.  Just jam in a feeding tube, urinary catheter, and butt irrigation thingie and hook me up to the virtual land please.

Thank goodness the end of the church age is coming (the Armageddons).  I'll be raptured the fuck out while yawl deal with atomic war and stuff like that.  :haha:


--------------------
welcome to my world http://www.shroomery.org/forums/postlist.php/Board/326

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: sprinkles]
    #23669611 - 09/22/16 10:05 PM (7 years, 5 months ago)

Hey if you ever need someone to design a new site feature, I've been programming for about a decade, and am always looking for new revenue streams and business partners :wink:. I think with the right search engine optimization, social media marketing, and a touch of asymmetrical cyber-warfare this site could easily become the dominant drug forum on the internet, increasing the profitability of this site by a significant margin.

As far as poking around where I don't belong, man, I could tell you some crazy stories.

I believe your implementation didn't work that well because not enough data was collected. The accuracy of the exploit is logarithmically proportional to the amount of data analyzed. I wrote the code specifically for romper-room usage because there's such a huge pool of data to pull from (not that I actually used it to de-anon people, that would be hella sacrilegious imo). I'll take a look at those links and shoot you an email if I can de-anon the posters, no promises though.

I have a few ideas on how to improve the puppet tracker via language style analysis, however it might be overkill to bust a puppet :lol:.

I also think that moving the site/hosting/legal-entity to a different country could drastically reduce potential legal liability. A few nuclear bunkers converted into data centers in europe/asia spring to mind...

Not to mention DDOS-proof IRC channels accessible over TOR.

Thank you for taking the time to respond in-depth Ythan, it is highly appreciated and I'm glad we could reach a mutually beneficial agreement.

Extras: Filter Print Post Top
Offlinesprinkles
otd president
Other User Gallery

Registered: 10/13/12
Posts: 21,527
Loc: washington state Flag
Last seen: 3 years, 1 month
Re: I'm Out [Re: falsereality] * 2
    #23672905 - 09/24/16 02:28 AM (7 years, 5 months ago)

you can program and design web pages but you cant use the "reply" feature?  oh ok. 


false claims


--------------------
welcome to my world http://www.shroomery.org/forums/postlist.php/Board/326

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: sprinkles]
    #23673701 - 09/24/16 11:37 AM (7 years, 5 months ago)

Quote:

sprinkles said:
you can program and design web pages but you cant use the "reply" feature?  oh ok. 


false claims




:lol: I use the reply function when it's not obvious who I'm replying to.

Extras: Filter Print Post Top
Offlinesprinkles
otd president
Other User Gallery

Registered: 10/13/12
Posts: 21,527
Loc: washington state Flag
Last seen: 3 years, 1 month
Re: I'm Out [Re: falsereality] * 1
    #23674191 - 09/24/16 02:34 PM (7 years, 5 months ago)

you're too cool.  will you be my friend? will you tell me how to be cool cause I also want to be cool.  I wanna be like them uber cool kids.  not the ones who probably arent cool in real life but they are really cool here.


--------------------
welcome to my world http://www.shroomery.org/forums/postlist.php/Board/326

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: sprinkles] * 1
    #23674256 - 09/24/16 03:05 PM (7 years, 5 months ago)

Quote:

sprinkles said:
you're too cool.  will you be my friend? will you tell me how to be cool cause I also want to be cool.  I wanna be like them uber cool kids.  not the ones who probably arent cool in real life but they are really cool here.




Yah sure, I need some bitch-work to be done to redo the graem panel so it loads faster. All the hard parts are done, I need each category of graems to be organized in xml files like so:

Code:

<?xml version="1.0"?>
<emotions>
<emotion>um</emotion>
<emotion>smile</emotion>
<emotion>laugh</emotion>
<emotion>grin</emotion>
<emotion>biggrin</emotion>
<emotion>cool</emotion>
<emotion>evil</emotion>
<emotion>wowz</emotion>
<emotion>uhoh</emotion>
<emotion>hehehe</emotion>
<emotion>naughty</emotion>
<emotion>uptosomething</emotion>
<emotion>meanlaugh</emotion>
<emotion>suckit</emotion>
<emotion>finger</emotion>
<emotion>wink</emotion>
<emotion>smirk</emotion>
<emotion>crazy</emotion>
<emotion>lol</emotion>
<emotion>lolz0rz</emotion>
<emotion>lmafo</emotion>
<emotion>laugh2</emotion>
<emotion>rotfl</emotion>
<emotion>rofl2</emotion>
<emotion>dielaughing</emotion>
<emotion>yesnod</emotion>
<emotion>geordinod</emotion>
<emotion>handth</emotion>
<emotion>super</emotion>
<emotion>tongue2</emotion>
<emotion>imslow</emotion>
<emotion>moneyeyes</emotion>
<emotion>loveeyes</emotion>
<emotion>inlove2</emotion>
<emotion>flowers</emotion>
<emotion>kiss</emotion>
<emotion>love</emotion>
<emotion>inlove</emotion>
<emotion>hotidea</emotion>
<emotion>undecided</emotion>
<emotion>lipsrsealed</emotion>
<emotion>confused</emotion>
<emotion>ooo</emotion>
<emotion>shocked</emotion>
<emotion>blush</emotion>
<emotion>tongue</emotion>
<emotion>whistling</emotion>
<emotion>rofl</emotion>
<emotion>stars</emotion>
<emotion>ashamed</emotion>
<emotion>doh</emotion>
<emotion>foreheadslap</emotion>
<emotion>facepalm</emotion>
<emotion>bored</emotion>
<emotion>evil2</emotion>
<emotion>mad</emotion>
<emotion>mad2</emotion>
<emotion>enraged</emotion>
<emotion>grrr</emotion>
<emotion>doublefu</emotion>
<emotion>crankey</emotion>
<emotion>gc</emotion>
<emotion>psycrankey</emotion>
<emotion>vaped</emotion>
<emotion>cuss</emotion>
<emotion>smile2</emotion>
<emotion>bomb</emotion>
<emotion>rant</emotion>
<emotion>razz</emotion>
<emotion>nonono</emotion>
<emotion>shake</emotion>
<emotion>cuckoo</emotion>
<emotion>noway</emotion>
<emotion>nono</emotion>
<emotion>snub</emotion>
<emotion>rolleyes</emotion>
<emotion>whatever</emotion>
<emotion>boring</emotion>
<emotion>yawn</emotion>
<emotion>drool2</emotion>
<emotion>drooling</emotion>
<emotion>dead</emotion>
<emotion>shiftyeyes</emotion>
<emotion>paranoid</emotion>
<emotion>oogle</emotion>
<emotion>eek</emotion>
<emotion>what</emotion>
<emotion>what2</emotion>
<emotion>argh</emotion>
<emotion>crazyeyes</emotion>
<emotion>weirdeyes</emotion>
<emotion>nut</emotion>
<emotion>unbelievable</emotion>
<emotion>shocked2</emotion>
<emotion>wow</emotion>
<emotion>crazy2</emotion>
<emotion>whoa</emotion>
<emotion>omgz</emotion>
<emotion>whoah</emotion>
<emotion>cloud9</emotion>
<emotion>jawdrop</emotion>
<emotion>frown</emotion>
<emotion>sad</emotion>
<emotion>crying</emotion>
<emotion>emocry</emotion>
<emotion>bitch</emotion>
<emotion>cryariver</emotion>
<emotion>hissyfit</emotion>
<emotion>schoolsout</emotion>
<emotion>hangovershades</emotion>
<emotion>tinfoil</emotion>
<emotion>sadyes</emotion>
<emotion>tearchalice</emotion>
<emotion>cellphone</emotion>
<emotion>tunnel</emotion>
<emotion>phreaklove</emotion>
<emotion>awesome</emotion>
<emotion>awesomenod</emotion>
<emotion>awesanta</emotion>
<emotion>tensegrin</emotion>
<emotion>lmao</emotion>
<emotion>pressure</emotion>
<emotion>excitingthread</emotion>
<emotion>thathurts</emotion>
<emotion>dontdothat</emotion>
<emotion>sadanddisappointed</emotion>
<emotion>fangirl</emotion>
<emotion>godno</emotion>
<emotion>bluegirl</emotion>
<emotion>flop</emotion>
<emotion>regretthumbsup</emotion>
</emotions>



Just do that and then I'll discuss terms with Ythan for the complete code, SVS's ban being overturned is term numero uno, and I'll cut you in if we can reach an agreement that involves cash/btc payment.

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: Ythan]
    #23675257 - 09/24/16 09:03 PM (7 years, 5 months ago)

Quote:

Ythan said:
https://www.shroomery.org/forums/showflat.php/Number/22390595#22390595





I have the real name of this poster, his DOB, age, address and mugshot along with the the guy anon#1 was posting about. Although I used data mining, and not an exploit.

Also shot you an email Ythan, although not with the posters' info, unless you want me to send it to you. DOXXing people is kind of a step beyond finding someone's user name.

Extras: Filter Print Post Top
OfflineMagenta
I care!!
Male User Gallery

Registered: 06/14/09
Posts: 20,322
Loc: The land of plenty Flag
Last seen: 3 months, 7 days
Re: I'm Out [Re: Ythan] * 7
    #23676131 - 09/25/16 09:07 AM (7 years, 5 months ago)

Quote:

Asante said:
I applaud how you handled this falsereality. Thumbs up :thumbup:




Dude!
https://www.shroomery.org/forums/showflat.php/Number/23674256#23674256

He's hanging shit on you, don't take that shit!


For real though, I think the staff should be concerned about Falsereality.

"This site has slowly become worthless to me, its design is outdated, the general populace is retarded, the ratings system is broken, the anon feature is useless (...) and legitimate discussion of vendors is prohibited due to a profit incentive because smoothly integrated monetization is apparently too difficult a concept to implement for you guys."

Then he goes on to say:
"Additionally, the vast majority of my non-automated ratings were positive"

He thinks the community is crap and yet he has rated most people positively. How does this make sense? Who cares, it's ratings. My point is that he's full of shit. I think that's obvious as he's still regularly participating in this horrible forum because his beautiful ratings were given back to him.

https://www.shroomery.org/forums/showflat.php/Number/23673891#23673891
Quote:

falsereality said:
I have an ace up my sleeve that would completely compromise access to the site for a decent period of time. I like this site though :shrug:, and I'm saving this for a black-swan event where I need to reverse a mod/admin's decision.

Calling the site worthless was a bluff (ergo, poker gif), this site is a cool place to talk to chill people and I legitimately want to help to make it better, not only from a security perspective, but also improving/adding user features and decreasing legal liability.

I can't share email correspondences with Ythan, but I would say there is a good chance SVS will get unbanned soon.




I decided to make this post after reading the above post of Falsereality's. This guy talks like a terrorist. They also seem like someone that gets off on other's fear. He's liar and admits to deliberately using such conniving tactics to get what he does not deserve. He did post the above post in the Romp though, so i don't expect him to be banned for such a thing, but considering the recent circumstances i wanted to mention this post to make sure that the admins take all of this into consideration because he seems very legit and unshroomy to me.

Edit: rephrased a bad sentence, and fixed the reply to

Edited by Magenta (09/26/16 06:41 PM)

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: Magenta]
    #23677276 - 09/25/16 04:34 PM (7 years, 5 months ago)

Quote:

Magenta said:
blahblahblaah




I'm predominantly a businessman magenta. I have no legal obligation to point out exploits I have found, and testing theoretical exploits in a foreign blackbox environment is dangerous, especially if you care about the site you've found a *potential* exploit for.

As far as my quid-pro-quo attitude, yeah, if I can deliver a service to someone in exchange for something other than money, I'm happy to do so, as the costs are simply turned into virtual changes.

If you would please fuck off from this conversation that would be great, I'm currently writing a response to ythan on this exact subject, and I started writing said email before you posted this bullshit.

As far as "speaking like a terrorist" :rofl:. I've been around the block quite a few times handling business negotiations, forgive me if I offered up a much faster graem panel for reduced ban time for SVS's. What the fuck is so terroristic about that? I wasn't even asking to get paid, just a reduction of his ban.

Ythan rejected my proposal and in-turn, I'm just going to give him the new graem panel for free, no strings attached.

As far as the exploit I mentioned in the RR, it's still in early development. Not like I can just hand over an unfinished project. BTW, I would never maliciously attack the site like that regardless of circumstances.

Anyways, I'm done defending myself over nothing to a person that knows absolutely nothing about this situation.

Extras: Filter Print Post Top
OfflinePLURAL
PLUR
Male

Registered: 01/16/14
Posts: 31,320
Loc: PLUR
Last seen: 10 days, 23 hours
Re: I'm Out [Re: falsereality] * 1
    #23677626 - 09/25/16 06:45 PM (7 years, 5 months ago)

Never? That's not what you just recently said.


--------------------
PLUR

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: PLURAL]
    #23677636 - 09/25/16 06:50 PM (7 years, 5 months ago)

Quote:

Treana said:
Never? That's not what you just recently said.




:confused: I would be happy to clarify anything I have said.

Extras: Filter Print Post Top
Offlinekoods
Ribbit
Male User Gallery


Registered: 05/26/11
Posts: 106,493
Loc: Maryland/DC Burbs
Last seen: 10 hours, 20 minutes
Re: I'm Out [Re: falsereality] * 7
    #23679574 - 09/26/16 11:33 AM (7 years, 5 months ago)

You may be a great coder and security expert, but you seem incapable of rendering assistance without bragging about it.


--------------------
NotSheekle said
“if I believed she was 16 I would become unattracted to her”

Extras: Filter Print Post Top
Invisiblefalsereality


Registered: 04/01/13
Posts: 4,112
Re: I'm Out [Re: koods]
    #23679588 - 09/26/16 11:39 AM (7 years, 5 months ago)

Quote:

koods said:
You may be a great coder and security expert...




Thanks koods!

Extras: Filter Print Post Top
Offlinesprinkles
otd president
Other User Gallery

Registered: 10/13/12
Posts: 21,527
Loc: washington state Flag
Last seen: 3 years, 1 month
Re: I'm Out [Re: falsereality]
    #23689174 - 09/29/16 02:23 AM (7 years, 5 months ago)

you can safely secure my crap so my man cop doesnt get into it?  i have my suspicions.  :ifyoucanawe:


--------------------
welcome to my world http://www.shroomery.org/forums/postlist.php/Board/326

Extras: Filter Print Post Top
Jump to top Pages: < Back | 1 | 2  [ show all ]

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   Bridgetown Botanicals Bridgetown Botanicals   Left Coast Kratom Buy Kratom Capsules   PhytoExtractum Buy Bali Kratom Powder   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* Idea for anonymous forum
( 1 2 all )
Disco Cat 3,511 24 04/13/08 10:47 AM
by Ythan
* No more anonymous lurkers here? PinkFloyd 3,107 17 02/07/03 06:09 AM
by sever
* why dont anonymous threads come up in our own threads list? SneezingPenis 656 4 08/05/08 09:44 AM
by automan
* Anonymous on ignore? DieCommie 896 3 09/09/07 07:45 PM
by DieCommie
* anonymous grow logs *DELETED*
( 1 2 all )
phrozendata 5,337 22 08/19/02 05:03 PM
by pleezr
* The anonymous forum was such a good idea lIllIIIllIlIIlIlIIllIllIIl 986 8 09/28/08 10:01 PM
by sui
* An "Anonymous" forum
( 1 2 3 all )
RandalFlagg 3,909 46 09/10/07 05:37 PM
by sui
* Anonymous Forum Suggestion Fungi_x 1,279 12 02/28/08 02:25 PM
by Thin White Duke

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Ythan, Thor, Seuss, geokills
1,716 topic views. 0 members, 0 guests and 6 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.023 seconds spending 0.006 seconds on 13 queries.