1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pending [Suggestion] Actual rule enforcement or rule change

Discussion in 'Suggestions' started by Razz, Jan 7, 2016.

Thread Status:
Not open for further replies.
  1. Razz

    Razz Dedicated Supporter Dedicated Donor

    There's this awesome rules that is defined as follows:
    Yet here we have: https://ccplz.net/resources/release-avoid-pic-upon-login-security-flaw.408/

    It's come to my attention that no action has been taken against this, which is pretty much neglectance of the forum rules. In my opinion it would be different if there would be some form of responsible disclosure, like setting an ultimatum for Nexon and releasing the details of the exploit when Nexon fails to fix it before the ultimatum is reached.

    You can downtalk this exploit all you want, but it directly affects the MapleStory playerbase, which isn't know for their strong passwords and password policies.

    Suggestion
    Either change the rules, or act upon them.
     
    • Agree Agree x 4
  2. Robert

    Robert lol Moderator Dedicated Donor

    Agreed, although Razz couldn't know this was being discussed internally, and while awaiting the final judgement, i've removed the packets for the time being.
     
    • Like Like x 1
    • Informative Informative x 1
  3. DiaRiven

    DiaRiven Banned Banned

    Why is the poster of that thread not banned permanently without question?
     
  4. Nickerian

    Nickerian Well-Known Member Coder Donor

    Because he is one of the people who actually do things and he release this to make it patched and prevent people form abusing it. if it never goes public people can abuse this for months before anyone notice.
     
    • Made me laugh! Made me laugh! x 1
    • Solved my problem! Solved my problem! x 1
  5. DiaRiven

    DiaRiven Banned Banned

    That's true but rules are rules and they should be followed and he should face the consequences... the staff has to follow the rules.
     
    • Agree Agree x 1
  6. Nickerian

    Nickerian Well-Known Member Coder Donor

    There is expectations, why did he do it and what did he do.
    That rule was created to ban who who scammed people and tried to send keyloggers to steal peoples information. not to ban a user for mention securityflaws nexon have made. He clearly did not abuse this and steal accounts, he clearly only show an error nexon made.
     
  7. Razz

    Razz Dedicated Supporter Dedicated Donor

    Your argument is a fallacy... You're assuming that the publication of an severe security flaw will always lead to a fast fix of it, which is not true. This exploit was released on November 18 2015, we're 6 weeks later now and I have yet to find a change in the login sequence.
     
  8. Nickerian

    Nickerian Well-Known Member Coder Donor

    Doesnt really change anything. Melv found a securityflaw, he releases it to get it fixed. He did not create this error he did not abuse it. Just because Nexon made an error doesnt mean melv should be punished.

    Would be different if he release a script where you can get users username, password or simular an actually way to steal their account info. he is just pointing out an error nexon have made. Place the blame where it supposed to be
     
  9. Razz

    Razz Dedicated Supporter Dedicated Donor

    So if someone finds an exploit in the web interface of your bank that allows them transfer money from any bank account to their own it should be just released so it gets fixed? The only difference between this example and the exploit Melv posted is the chance that it will affect you. If such a case would ever be brought to court the person that released it would be most likely charged with complicity.
     
    • Agree Agree x 1
  10. DiaRiven

    DiaRiven Banned Banned

    Dude u don't get it it. He is assisting people who hack accounts with this exploit. You think noone on this forum has malicious intentions?

    The rule says that people who assist in hacking accounts get banned permanently without question.

    The staff should ban him permanently WITHOUT QUESTION.
     
    • Agree Agree x 1
  11. Nickerian

    Nickerian Well-Known Member Coder Donor

    "exploit in the web interface of your bank that allows them transfer money from any bank account to their own"
    Lets say that would happen and there is 1 guy that is sitting home and using it. he could steal money from 1 by 1 just a small amount so that noone would think about it or care because the value is too small. he could keep going for years without being noticed.

    Or he simply steal from 1 at the time everything on your account and you cant prove that you didnt do the transaction so you cant get your money back.

    If it was released it would endup in the news and the bank would need to do a rollback and fix the issue permanently and everyone that was affected would get their money back
     
    • Disagree Disagree x 1
    • Great work Great work x 1
  12. Robert

    Robert lol Moderator Dedicated Donor

    Any user partaking in or assisting in hacking accounts, creating malware, or scamming will be permanently banned without question.

    Hence, the 'we're discussing this internally'

    Let's not jump on the barricades until we've decided what's best. I've asked Tryst, and will ask Kent what they have to say on the matter. For the time being, i've taken the following steps.

    1.) Remove the packets, so not everyone can BAN ME! characters.
    2.) Left the thread, to spread the awareness an exploit like this is here.
    3.) Opened a discussion for the mods/admins on how to deal with Melv publishing this.

    In addition, i'd like @Melv 's own reaction here as well.
     
    • Like Like x 1
    • Agree Agree x 1
  13. Nickerian

    Nickerian Well-Known Member Coder Donor

    No he is not, nexon did by adding the function witch allows you to login without details
     
  14. Razz

    Razz Dedicated Supporter Dedicated Donor

    Okay, I just hope you won't be calling the shots when something like this happens.
     
  15. Robert

    Robert lol Moderator Dedicated Donor

    I've closed the thread, since we're all aware of the facts, there's not much left to dicuss here.

    I will keep you all updated.
     
    • Like Like x 1
  16. Thanks @Robert, a small addition here.

    Read the rules regarding drama. And try to act upon those. You can all decide for yourself whether something will provoke unnecessary drama.
     
    • Made me laugh! Made me laugh! x 1
  17. Tryst

    Tryst (✿O‿O) http://maple.watch Administrator Moderator Dedicated Donor

    FWIW today is the first time I've seen that thread and nobody has reported it thus far. I've now gone ahead and deleted it. I'm on my phone at the moment so can't really post more on this matter just yet.
     
    • Like Like x 1
    • Heart-warming Heart-warming x 1
Thread Status:
Not open for further replies.

Share This Page