BearShare Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > BearShare (Windows) > BearShare Open Discussion
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

BearShare Open Discussion Open topic discussion for BearShare users

Preview this popular software (BearShare Beta v5 "Download")


Reply
 
LinkBack Thread Tools Display Modes
  #11 (permalink)  
Old May 26th, 2001
BearShare Developer
 
Join Date: May 25th, 2001
Posts: 163
Vinnie is flying high
Default Tard

wanker or yanker or whatever, that post was copied from BearShare.Net
Reply With Quote
  #12 (permalink)  
Old May 26th, 2001
Administrator
 
Join Date: May 28th, 2000
Posts: 894
CycloCide is flying high
Default Re: Who is this?

Quote:
Originally posted by Yanker
What happend to the finger flipping, threatening person who has slammed everyone who doesn't do what he wants?
I asked him to tone it down, and I'd appreciate it if the rest of you did too.
Reply With Quote
  #13 (permalink)  
Old May 27th, 2001
Serious
Guest
 
Posts: n/a
Exclamation Hacking packets

So lets see what we could do with a encrypted control packet if I was "in control".

I could send out a command that would:
- erase your hard drive
- remove my program because I am mad at everyone
- stop use of my program because I am not getting any $$ from some lame spyware company I signed up with like a idiot
- stop use of my program because I don't like you (ID via IP address)
- make it go and download a "plug in", but oops! I had a virus in that plug in so everyone on the network gets infected all at once, oh well! Read the EULA!
- erase your hard drive because you posted something against me on my forum
- erase your hard drive because you run another more popular client and I don't like losing control
- erase your hard drive because I just haven't grown up yet and think it's fun
- be cleaver and throw a few random bytes in a random number of downloads you have done just to drive you crazy, because I don't like you
- turn on a packet blasting sending thing that floods the network because lamewire 2.3.5 doesn't do what I wanted it to do, if I can't have it, no one will!
- send all your addressbook entries to the RIAA for personal identification along with a list of all the mp3 files on your system, drive C and D and E and....
- send out yourname@cookie.txt files so everyone knows who you are (note: already implemented in this version)
- turn your house lights on and off randomly via any connected X10 remote I can identify
- hang up and dial 911 over and over all day
- hang up and dial 1-900-bear-income over and over so I get paid
- hang up and dial the DOD computer over and over with a script that looks like you are trying to hack into DOD secrets, you get arrested and so I now don't have you posting complaints about my spyware
- email everyone you know and tell them they are a jerk and you never want to talk to them again
- email important people and make threats
- send any PGP private keys to me so I can black mail you
- anything I want to, whenever I want to because I like having total and complete control, trust me

WE DON'T KNOW WHAT THESE PACKETS DO!

Encrypted, closed control packets are a bad idea. What will it take for newbee programmers to wake up? How much political pressure does it take to get through a thick skull? After this, whats next?

Now think what I could do with this information if I was a hacker and de-compiled the software so I could make up my own packets and send them out over the network! Not that hard to do.

All Gnutella clients need to be open source!

Don't trust any client that isn't open source!

TRUST NO ONE!
Reply With Quote
  #14 (permalink)  
Old May 27th, 2001
Unregistered
Guest
 
Posts: n/a
Default You have to trust someone

>WE DON'T KNOW WHAT THESE PACKETS DO!

Actually, we do. Well, sort of. We know what Vinnie says the packets do. And his explaination seems perfectly reasonable. Tell me, how would YOU handle upate notifications without encryption? Better yet, how would you do so SECURELY?

>Now think what I could do with this information if I was a hacker
>and de-compiled the software so I could make up my own
>packets and send them out over the network! Not that hard to
>do.

The most you could do woud be to spoof a higher version number and maybe screw around with the horizon statistics. At least you would have to work to do it.

As for open source clients, would you examine every line of code before compiling the client yourself? Did you examine the compiler code to be sure that it's not introducing rogue instructions? Have you examined your processor's hardware to make sure that every machine instruction is executed as planned, and there isn't some "erase hard drive" instruction lurking in there somewhere? If not, you'd have to trust SOMEONE.

And really, any of the possibilies you mentioned would spell disaster for Vinnie. Would probably get him into a whole HEAP of legal trouble as well. Would also alienate his user base. None of these would be in his self interest. You may not like his attitude, but even you would have to admit that he's not THAT much of an idiot.
Reply With Quote
  #15 (permalink)  
Old May 27th, 2001
Unregistered
Guest
 
Posts: n/a
Wink Stupid is as stupid does.

I'm still trying to figure out what that means.
Reply With Quote
  #16 (permalink)  
Old May 28th, 2001
Unregistered
Guest
 
Posts: n/a
Question

What I don't get...

I installed Bearshare about two months ago and cannot remeber any mention of installing three other programs on my system during the install process ??

Do these programs sit in memory waiting for web browser activity?

I use my internet connection for more than surfing and file sharing and I need ever nano of performance I get when Im hooked upto the on-line gaming server's!

Do these programs run even if I don't use my web browser or p2p sharing, but I still have my connection active ?

Now Im really confused.
Reply With Quote
  #17 (permalink)  
Old May 28th, 2001
Novicius
 
Join Date: May 25th, 2001
Posts: 4
Wonko is flying high
Default Re: You have to trust someone

Originally posted by Unregistered
>WE DON'T KNOW WHAT THESE PACKETS DO!

Quote:
Actually, we do. Well, sort of. We know what Vinnie says the packets do. And his explaination seems perfectly reasonable. Tell me, how would YOU handle upate notifications without encryption? Better yet, how would you do so SECURELY?
I wouldn't make them fully distributed. Either use a pre-determined central server the servent knows about (Problematic for ovbious reasons) or with public-key cryptography.

Quote:
>Now think what I could do with this information if I was a hacker
>and de-compiled the software so I could make up my own
>packets and send them out over the network! Not that hard to
>do.

The most you could do woud be to spoof a higher version number and maybe screw around with the horizon statistics. At least you would have to work to do it.
It's an issue of trust. Do you trust Vinnie? After the OnFlow faux pas, I don't.

Quote:
As for open source clients, would you examine every line of code before compiling the client yourself? Did you examine the compiler code to be sure that it's not introducing rogue instructions? Have you examined your processor's hardware to make sure that every machine instruction is executed as planned, and there isn't some "erase hard drive" instruction lurking in there somewhere? If not, you'd have to trust SOMEONE.
Of course. But I trust the open source community more than I trust Vinnie, for instance.

Quote:
And really, any of the possibilies you mentioned would spell disaster for Vinnie. Would probably get him into a whole HEAP of legal trouble as well. Would also alienate his user base. None of these would be in his self interest. You may not like his attitude, but even you would have to admit that he's not THAT much of an idiot.
He doesn't seem to care too much about alienating his current userbase. At least the part of it that actually cares about anything but the download rates. And why's that? Because that part is a) small, and b) vocal. And can cause him no end of trouble. The less attention people like that pay to BearShare, the better. What he (Like any p2p developer, actually, but that's besides the point ) is after is the Napster hordes. And they are hardly bothered by a lot of the nasty stuff he can do. Or unable to connect it with him. Or both.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
What happens to unrecognised packets? mckerrell General Gnutella Development Discussion 4 January 13th, 2002 09:32 PM
Bearshare hides criticism of new.net and Savenow God BearShare Open Discussion 15 December 25th, 2001 06:56 PM
Network bad packets LordChaos General Gnutella Development Discussion 0 November 3rd, 2001 09:19 PM
Bearshgre and SaveNow Chrisp BearShare Open Discussion 7 October 14th, 2001 05:44 AM
*BEWARE of the Bear (Onflow Warning) Rat Rage Kid BearShare Open Discussion 7 May 23rd, 2001 06:15 PM


All times are GMT -7. The time now is 08:51 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.