#16 Colloquy Vuln

6 views
Skip to first unread message

William A. Carrel

unread,
Jan 17, 2007, 3:12:07 AM1/17/07
to moab...@googlegroups.com
Good show by the Colloquy team getting a fix out in short order!

Colloquy -> Check for updates... if you happen to be a user.
--
wac

alfre...@aol.com

unread,
Jan 17, 2007, 3:25:45 AM1/17/07
to MOAB Fixes
> Colloquy -> Check for updates... if you happen to be a user.

It seems that Colloquy General preference "automatically check for new
versions" is on by default. I didn't even know about #16, but when
Colloquy launched, it found new version, and, with a single click of
myacceptance, downloaded the new version, installed it, put old version
in trash, and relaunched. Nice.

Rosyna

unread,
Jan 17, 2007, 3:27:25 AM1/17/07
to moab...@googlegroups.com, William A. Carrel
They actually fixed it before the exploit was even published because
lhm/kf were actively using it on IRC to disconnect users.

--


Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug

Unsanity: Unsane Tools for Insanely Great People

It's either this, or imagining Phil Schiller in a thong.

st...@info-pull.com

unread,
Jan 17, 2007, 3:53:25 AM1/17/07
to MOAB Fixes

On Jan 17, 9:27 am, Rosyna <ros...@gmail.com> wrote:
> They actually fixed it before the exploit was even published because
> lhm/kf were actively using it on IRC to disconnect users.

You should be very careful before going around like an internet tough,
accusing people with nothing more than your own speculation. Unless you
can prove that (that is, using proofs you can't tamper with, which
makes pasting something out of your Text Edit window plain invalid), we
request you to keep away of any future claims like these.

It's the second time we ask you politely to stop the malicious
non-sense you're getting into. We aren't going to enter any
claims/counter-claims cycle with you, given that you are neither
technically nor personally qualified for keeping good manners (that
excludes insulting, fallacies and false claims like these, without any
supporting argument other than your personal issues).

There are many people out there interested on making a fool out of
yourself and complicating your day. We aren't the only ones you've been
insulting, but you obviously know that. The fact that someone has
targeted the IRC channel where you rant is just another proof.

Given your skill base, lack of care of any type and definitive
malicious attitude, developing more hostilities with people out there
isn't really the best thing for you. It's a suicidal path, literally.
And this is sincere, friendly advice. We have nothing personal against
you, besides being a malicious retard from times to times.

Anyway, back on topic (Rosyna, you manage to include a rant in every
e-mail you send): the Colloquy development team has done a *great* job
on the fix (preventing that prank from continuing). Probably one of the
most timely fixes released during the MoAB, including OmniGroup's one.
None credited their finding, though. Certainly better than Apple, for
instance.

Cheers.

Rosyna

unread,
Jan 17, 2007, 4:40:15 AM1/17/07
to moab...@googlegroups.com
Ack, at 1/17/07, st...@info-pull.com said:

>On Jan 17, 9:27 am, Rosyna <ros...@gmail.com> wrote:
>> They actually fixed it before the exploit was even published because
>> lhm/kf were actively using it on IRC to disconnect users.
>
>You should be very careful before going around like an internet tough,
>accusing people with nothing more than your own speculation. Unless you
>can prove that (that is, using proofs you can't tamper with, which
>makes pasting something out of your Text Edit window plain invalid), we
>request you to keep away of any future claims like these.
>

Here's the proof. http://tachibanalabs.com/tmp/MOAB-16-01-2007.html
Compare and contrast to the current
http://projects.info-pull.com/moab/MOAB-16-01-2007.html Notice the
missing pieces?

The first link is hosting the original unmodified file. It's also why
thinks like CSS don't show up. Nothing about it was modified. Also,
it's not being hosted by me or anyone affiliated with me.

Furthermore, there's about 20+ people that can verify that the
tachibanalabs.com link has the original text of the advisory.

FWIW, the original Ruby file's header said "the great #macdev raid".

>There are many people out there interested on making a fool out of
>yourself and complicating your day. We aren't the only ones you've been
>insulting, but you obviously know that.

That kind of seems a little like a threat.

> The fact that someone has
>targeted the IRC channel where you rant is just another proof.

That's funny, I don't seem to remember ever mentioning the IRC
channel or the fact I was on such an IRC channel....

>Given your skill base, lack of care of any type and definitive
>malicious attitude, developing more hostilities with people out there
>isn't really the best thing for you. It's a suicidal path, literally.
>And this is sincere, friendly advice. We have nothing personal against
>you, besides being a malicious retard from times to times.

Again, this seems like a threat...

purr...@gmail.com

unread,
Jan 17, 2007, 4:44:16 AM1/17/07
to MOAB Fixes
I seen the original post. That is exactly what it was. They DID modify
it shortly after they realized what they had posted.

Rosyna

unread,
Jan 17, 2007, 5:02:46 AM1/17/07
to moab...@googlegroups.com
Ack, at 1/17/07, st...@info-pull.com said:

>Unless you
>can prove that (that is, using proofs you can't tamper with, which
>makes pasting something out of your Text Edit window plain invalid),

Also, there's a screenshot.
http://farm1.static.flickr.com/123/360396261_05ca8f43b9_b.jpg

Jens Ayton

unread,
Jan 17, 2007, 5:40:20 AM1/17/07
to moab...@googlegroups.com
st...@info-pull.com:
> Rosyna:

>> They actually fixed it before the exploit was even published because
>> lhm/kf were actively using it on IRC to disconnect users.
>
> You should be very careful before going around like an internet tough,
> accusing people with nothing more than your own speculation. Unless you
> can prove that (that is, using proofs you can't tamper with, which
> makes pasting something out of your Text Edit window plain invalid), we
> request you to keep away of any future claims like these.

As you are well aware, the concept of "proof" is essentially
inapplicable to something as ephemeral as internet communications.
However, I witnessed the events to which Rosyna refers and can attest
to the following:

* At or about 0800 this morning (Wed Jan 17 2007), Central European
time, several persons on the #macdev channel on Freenode IRC were
repeatedly disconnected with unusual quit messages.
* Several of these persons attested they were using Colloquy.
* It was established that the disconnects were immediately preceeded
by invitations to channels with names along the lines of #%n%n%n%n.
* At least one of these persons was able to catch the name of the
person sending the invitation.
* The whois command (or possibly whowas) showed that said person's
host mask was kfinisterre@..., a name that is familiar to watchers of
the MoAB spectacle.
* There was a small amount of speculation at the time as to whether
this was in fact a MOAB crew stunt, or someone attempting to dirty Mr.
Finisterre's name.
* The bug was quickly identified and fixed; offhand, I believe this
was done by Alexander Strange.
* At approximately 0845 CET I saw the MOAB-16 advisory. At that time,
the page included a list of people "pwned" using this exploit. The
list closely matched those who had been disconnected using the very
vulnerability described in the advisory.

Unfortunately I am missing some details as I do not currently have
access to my IRC logs. This can be rectified in an hour or so.


--
Jens Ayton

Sed quis custodiet ipsos custodes?

Colin Barrett

unread,
Jan 17, 2007, 1:27:36 PM1/17/07
to moab...@googlegroups.com

On Jan 17, 2007, at 12:53 AM, st...@info-pull.com wrote:

> Probably one of the most timely fixes released during the MoAB,
> including OmniGroup's one.
> None credited their finding, though. Certainly better than Apple, for
> instance.

If you expect Apple, a huge corporation, to release patches every time
you publish an exploit, you're more deranged than I thought -- I had
you pegged as the type to include annoying sounds on his web page for
no good reason, and to overuse internet cliché's like PWN.

Hubris indeed.

Seriously, LMH, you're not winning any hearts OR minds by posting
here. Your overly defensive attitude towards Rosyna on this pretty
much solidifies it in my mind that you WERE in fact using it to
disconnect users.

Why do you bother posting here except to troll, anyway?

-Colin

Remy Porter

unread,
Jan 17, 2007, 1:32:53 PM1/17/07
to moab...@googlegroups.com
Children, please. Let's ignore everyone's extra-curricular activities
and focus on our main goal- contributing to a more secure and reliable
operating system.

I love this mailing list, but it's rapidly decaying into LMH posturing
and people getting offended. Let's please keep it technical?

William A. Carrel

unread,
Jan 17, 2007, 1:43:39 PM1/17/07
to moab...@googlegroups.com
I'm going to take this opportunity to interject with the charter of this group:

"This group serves as a gathering place to discuss the technical and
coding issues for MOAB bug fixes."

This conversation has taken a turn which doesn't have anything to do
with the work required analyzing or preparing fixes. People are
welcome to engage in conversations about who is or isn't trying to
attacking who and who hates who's freedom... somewhere else. Please do
not bait each other (or be baited) into attacks and accusations here,
there are plenty of other forums for the circus sideshow antics of all
sides.

Eric Hall

unread,
Jan 17, 2007, 1:50:06 PM1/17/07
to moab...@googlegroups.com

Indeed. I was just getting ready to write something similar...
The only addition is:

Please remember that others may not follow short-circuits in your
logic/thinking, and that others may say (write) things in a way that
doesn't match the way you would. Keep a more open mind to what people
are saying and, if you don't think they're on the right track, indicate
so rather than saying they just don't get it or that they're morons.
Cut the absolutes and you might just find that people are smarter and
more aware than you think they are.


-eric

Alexander Strange

unread,
Jan 17, 2007, 2:01:27 PM1/17/07
to MOAB Fixes

On Jan 17, 5:40 am, "Jens Ayton" <jens.ay...@gmail.com> wrote:
> * The bug was quickly identified and fixed; offhand, I believe this
> was done by Alexander Strange.

I wish to disclaim responsibility for this; Timothy Hatcher, the author
of Colloquy, fixed it and I just linked to the trac changeset.

Landon Fuller

unread,
Jan 17, 2007, 2:06:07 PM1/17/07
to moab...@googlegroups.com
Let's close down this thread. There is very little to be gained in
recriminations besides acrimony and tumult.

-landonf

PGP.sig
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages