Re: WCS Exploit

[/<itty=^..^=]

Maybe if a certain someone would have referred to this site and have R§WCS available for download here the hosts using wcs would be more receptive to it. Instead of going from room to room like a peddler trying to sell your modified version of wcs and saying you can crash people's rooms doesn't lend much credibility to you. I didn't even know who you were until someone told me, doh! Then I put two and two together and came here. It would make you alot more believable and not put people off right from the start when you tell people who you are and where to go to get info about that supposed bug in WCS. Put an article on here detailing the nature of this bug and make your R§WCS server available on this site for download. Then, when you go into rooms tell them to come here and get it, don't tell them you can crash their rooms.
You went about it all wrong and you shouldn't be surprised at the reactions of people and hosts banning you from their rooms, tsk tsk.

[ñòóKýçrÕôK]

First I should say that no program itself should be posted to the site without prior approval from say tigs or Me_Here or Quicks. Second I know I'm not alone when I ask that you not use a thread about which chat servers log to pedal you program Rock. If you have one I'd appreciate maybe a link to some kind of faq about rswcs and maybe somewhere where users have commented on the program. Not to mention that noone on this site will show support for anyone who has been using gangster tactics to attempt to intimidate users into using their software. So until I can do some reading I'll ask that you refrain from pushing your server program on this site. If any of that is unclear or you would like to discuss this you can find me in the help room. If I'm not just getting off work or about to head to work I'll be more than happy to discuss it. And let me just say that I know there is always 2 sides to every story so before you go thinking I'm just taking Kitty's word for it I'd like to ask you to give me the benefit of the doubt in that I am a fair person and more than willing to listen to your side of the whole "room closing" threats Rock.

[Røçkåfë££ë® §kåñK]

My side of the story? I have no side, but ill let you read this:
1st of i pm'ed her trying to warn her of a bug in WCS (i tried to keep it private to avoid panic) then
{<-=|¥|6|¥|=->/<ítt¥=^..^=262_24341} I don't know who you are anyways and we don't accept programs from unknown sources
{<-=|¥|6|¥|=->/<ítt¥=^..^=262_24341} '][']-[ä/V/<§ anyways
{´]ίì) ·R§WCS· (í¯Î[`000_38521} er WCS has a bug
{´]ίì) ·R§WCS· (í¯Î[`000_38521} lÖl
{<-=|¥|6|¥|=->/<ítt¥=^..^=262_24341} so you say, how do I know?
{´]ίì) ·R§WCS· (í¯Î[`000_38521} open a test room ill show you
{´]ίì) ·R§WCS· (í¯Î[`000_38521}
{<-=|¥|6|¥|=->/<ítt¥=^..^=262_24341} do you have any other proof?
{<-=|¥|6|¥|=->/<ítt¥=^..^=262_24341} I haven't had ANY problems with wcs
{´]ίì) ·R§WCS· (í¯Î[`000_38521} other than the fact i can crash the room? wot more prove do u need than that
{´]ίì) ·R§WCS· (í¯Î[`000_38521} LÃÛ6]-[ïÑg {V}Ý ÅS§ Ôff

So i never actually threatened her room, i even suggested i show her the bug in a TEST ROOM. She got pissy and banned me at that point. But who asks someone "do you have proof" if they are warning you about a bug that crashes the room? "Hey heres my car keys, how do u steal a car again?"

Also i have not posted the program on wmw previously for the exact reason nooks states in his 1st sentance. and i do not think at any point in this thread i have actually advertised R§WCS i merely answered the questions that were asked!

so, yeah, 2 sides to the story. me warning hosts about a flaw in the program they are using! LOL @ put an article on here detailing the bug? oh so then everyone knows the bug and those that decide not to change over know the exploit and can go round crashing rooms? Now i think even nooks would agree that that is not in everyones interests.

[ñòóKýçrÕôK]

First let me say thanks for replying Rock. I appreciate that you were willing to discuss it. What I don't like is that you feel you need to warn your friends but feel no other obligation to take a responcibility as to talking to the right people about it so it can be resolved propperly. I will leave Quicks a private message on the matter but tigs and I looked on mxstuff site about the newest version of wcs put out by bide and he clearly states that there was a bug in one of the versions you said were bugged and it's one of the versions he based his worked on. Apparently it's been fixed already. We'll find out regardless but what I find disturbing is the individual attitude you take towards something that involves the entire community and the willingness you have to hurting another coder's reputation with the claim of the bug without the good natural nature to at the least fully investigate it or even appear to care. I'll say here that I no longer believe that were threatening users into changing to your chat server but apparently you were just acting out of mere selfishness.

[Røçkåfë££ë® §kåñK]

Well perhaps wmw would actually want to find out for themselves rather than accept my word on it. if i can find it then so could you lot, seeing as wmw have had km's source for much longer than me, according to many of the admin. im not a wmw admin, i merely attempt to help. im not about to go digging through every wcs source code to check for bugs wen i have fixed it in my server, and it does not affect me! i am helping the community by continuing a already good server. wmw are meant to be the help group for winmx, so feel free to actually find out information yourselves rather than relying on people telling you.  ive known about this bug, and fixed it, before xmas, so if you guys still dont even know wot it is or how to fix it even now...

im more than happy to help, but i will not go millions of miles out my way to sort something that i have already fixed! call that selfish if you like! you learn C or C++ and make a program for the community nooks, and then you can actually tell me about my attitude. i do this for fun as a hobby, if you dont like how i do it then dont use my stuff. else quit moaning about it.

[GhostShip]

You could of course have done the decent thing namely informing myself or one of those on the mxstuff site so someone could reissue a fixed version of WCS, many will believe your actions are underhand and designed to gain more users to use RSWCS , something that appears to be true.

As your the only person who has spotted this alleged "bug" and your sources are closed I think the majority of folks will be best to continue using their normal program and look to blame you if word of a bug leaks out, after all if your the only one who has found it in KM's soruces after over a year I think we can rest safely in the knowledge its something thats obscure.

For those who may not know what a buffer overflow is its when something like a text string is too long for the space a program has alloted it and so an error is created, many chatservers suffer from these bugs and hardly anyone but lamers exploit them.

I think we can all agree Ritchy has helped no one but himself here, and as to why anyone here would be working on WCS when its KMs and he didnt authorise us to use or posses his source is something thats beyond the mind of certain folk.

[Mr.Snicky]

Where abouts is this bug, richy, so people whom have sources can take a look at it as well?

[Røçkåfë££ë® §kåñK]

GS, you are not the guardian of all things WinMX im afraid so therefore i have no obligation to report anything to you! see it as selfish or w/e you want but surprisingly i look out for friends before i look out for wmw!?!

The bug ive spotted, is not in MY sources but in the actual source of WCS. As you are creating a client and therefore must have a detailed knowledge of the protocol and how to program why dont you take a look? Firstly you say i should tell you and mxstuff so they can re-issue WCs then at the end of your post you say WCS should be left alone? Please let me know which you mean as i appears you are contradicting yourself in a single post!

The bug, for those that are interested is located in the word replacement used in WCS. That will give you a stepping stone GS for investigating this "issue" that many believe i have made up.

[Mr.Snicky]

The more simple way about going on with this would be to just simply copy and paste what you spotted as the bug, then also inserting the fix to help the rest of the people.

Complaining and going around about a bug is not helpful, actually sharing the snippet to fix it is.

[Mr.Snicky]

As KM wanted it to remain Open...........

[Røçkåfë££ë® §kåñK]

If i was to post the problem code and the fixed code then where would be the "development opportunity" for others?

QS stated not to play with the WCS source in his opinion, yet wants a bug fixed version?
Either we fix or we dont. Im happy with the fix i have in place, I managed to figure out the bug and the solution. If you want to fix it i have pointed you to the correct place, its down to you to learn how to debug something.

[..Ñøßߥ..]

I can't believe we are yet again talking about a potential issue with WCS, wtf? My stance remains anyone using an app written by coder with a history such as KM's is asking for problems.

Please can folks apply common sense and move their rooms to a different client, its not rocket science, and pleeeease no posts about how wcs is the best with the most features etc, it doesn't change history and/or the past actions of the author, and the risks you take if you use his stuff.

Rock, if i were you, i would simply post on all Winmx related forums of the issue, and offer several links to alternative chat clients, yours and 1 or 2 others for balance. This will ensure folks have the information to make a decision, those who take no notice may or may not find they have a problem with their wcs room, and will soon find one of the forum posts with the solution.

The alternative is ofc to do what the author of WCS would do and HAS done in the past and a release a poison to crash chat rooms, anyone wanna go back to that?

[Mr.Snicky]

Oh so now just bashing on the author of the problem is the solution? If that was the case you should also bash on the creator of WinMX for supposedly bothering the R.I.A.A.

A hint: That is not the solution. Just because you don't like the author doesn't mean it's a bad program. It's infact just like any other program.. it has its ups and downs. The author is the author.


What I'm wanting to see, is the snippet that fixed this issue, as well as the original bug snippet.

I'm getting tired of people taking KMs source codes and using them for their own good and not sharing the wealth, especially when it was open source to begin with, and you don't share the source from the modifications that you made? That's just down right disrespectful when you release your own version to the public.

I've offered to Richy several times to take his source and compile it to Linux, but he's too greedy to let anyone have his "modifications." And from when I was picking on him earlier, I'm changing it to truth, You are an immature programmer Richy, and should not be handling WCS like the way you've been doing. Not contributing back to other coders, and the rest of the community is not in great respects to the author of the program (KM).

[Røçkåfë££ë® §kåñK]

Im afraid i agree with Snick on the issue of the program! The author is the author, he created a program which many have loved, whether you like him or not the program has always been at the forefront of WinMX chat servers.

However, as i stated previously Snick i will not post the exact code for you, else where would be the incentive for you to go and learn? Ive had to learn this all from scratch without any help whatsoever. I dont see many people asking FXS or ES sources to be published? The whole problem of making something open source like this well used server is someone will find a bug or a loophole to exploit. Did bide publish his source about the mods he has made? Why arent you bugging him about it?

Go ask KM what he thinks about what i am doing? once you have his comments and opinion on it, then you can call me disrepectful. many coders have the same WCS source i had to start with. The difference is i actually have actually done something with it! Dont hate on me for actually being actively interested in developing the community!

[Mr.Snicky]

FX, ES, Etc... we don't want those source codes because there is no need to have them. Nor have they been stated as open source material. So no point in even asking.

But when you make such a stir about the bug, people get interested.


You are right, you had no help - Maybe because you were rude to everyone. Simple as that.

And if what you are saying you are staying with that - Then you are no better than some of the other programmers I know. On their high-horse and can't see the real grounds below. (That's just one of the examples of why no one would help you - Because you are very secretive, and lazy).

[Lagerlout666]

Right calm down folks, thier is no point blowing your tops. Ill be checking over the WCS source asap and contacting bide to confirm that his versions of wcs are patch once i find the issue and ill try get a new wcs bug plugged released asap. Till now users using wcs please let it be know that as to now it seems only richie knows what the bug is so any attacks on rooms can be pointed to his attention and ill try get something sorted for you ASAP.

Thanks

ps. topic locked any other posts will result in tempory ban, you have been warned, im not having this place go back to warring and fighting.

[tig]

I am sorry I dont comment on this stuff very much however, it wasnt until a few hours ago this so called bug came to light... I recall that zcs and es are not part of this thread. Since it has been brought into it I would like to say this.... they are both good servers and I have used all servers since i have started with winmx.

Right back on topic... this so called bug was brought winmxworld supervisors attention a few hours ago now... I have seen a few peoples point of view on it... however 1. it should of been told to everyone involved before this as the bug has been and 2. to the community please use whatever you are comfortable with what ever chat server please keep an eye out for updates as it is important to update the server and most of the time configs just need to be transfered over.

We have now been told about the bug however, Røçkåfë££ë® §kåñK only told us were it is and not how to fix it, but this would help to those people that do not want to change servers. If he wants to keep that to himself well we just all have to keep an eye on updates.

Please keep in mind of what ghostship has said

For those who may not know what a buffer overflow is its when something like a text string is too long for the space a program has alloted it and so an error is created, many chatservers suffer from these bugs and hardly anyone but lamers exploit them.

I am sure that if it was any another sort of bug you all would have been informed by now.