Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Who is behind Localhost.re? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Who is behind Localhost.re?

2

Comments

  • joepie91joepie91 Member, Patron Provider

    @ryanarp said:
    Like I said this was e-mail response to asking if they would be doing one. However I have not seen a public announcement.

    More evasiveness here:

  • MaouniqueMaounique Host Rep, Veteran

    What a load of ....
    So, if it was not put in public does not mean if wasnt done, jesus, such clowns...

  • joepie91joepie91 Member, Patron Provider

    @Maounique said:
    What a load of ....
    So, if it was not put in public does not mean if wasnt done, jesus, such clowns...

    Note how they never actually say that an audit took place. They just said "you don't know whether an audit has happened", implying that one has taken place, but being vague enough to be able to backtrack on that statement later.

  • MaouniqueMaounique Host Rep, Veteran

    Yeah, I noted, hence my post...
    Double negation to imply an affirmation nobody will be able to hold them to.

  • How nice too see that nobody except @Maounique, @Zen and @Frost actually commented on the topic (who is behind localhost.re) but rather vented their opinion about the guy/gal/team behind that and if what they do is morally correct.

  • MaouniqueMaounique Host Rep, Veteran

    @Raymii said:
    How nice too see that nobody except Maounique, Zen and Frost actually commented on the topic (who is behind localhost.re) but rather vented their opinion about the guy/gal/team behind that and if what they do is morally correct.

    Expecting anything else from LET is pure insanity :P

  • DroidzoneDroidzone Member
    edited October 2013

    @Raymii said:
    Site itself doesn't tell a lot and code is quite generic. Do we know who is behind the website?

    A guy who specializes in this has obviously done his homework. Even if somehow you found out the address from the registrar or Cloudflare, you'd probably find it registered with a bogus address and leaked credit card. You arent going to find out who he is unless you have a lot of tech and legal clout. Since he obviously doesnt attract the kind of attention like Snowden, he'll probably be staying in the shadows..for now.

  • Off topic but does anyone know what software his website runs?

  • @darknyan said:
    Off topic but does anyone know what software his website runs?

    It looks like Wordpress to me.

  • @IxamHosting said:
    It looks like Wordpress to me.

    It's not.

  • IxamHosting said: It looks like Wordpress to me.

    He wouldn't have any business calling himself someone working in InfoSec if he knowingly used a shell that has a side function of blogging.

    That said, it's probably some sort of a static content generator, Jekyll comes to mind.

    Thanked by 1Raymii
  • vedranvedran Veteran
    edited October 2013

    @jarland said:
    He doesn't expose vulnerabilities alone. He provides the less intelligent with an easy to use script to exploit others. Motive is everything. His motive is anything but respectable. He is not playing a positive role because of this one detail.

    People have been warning about poor WHMCS coding in the past and no one has ever done much about it. Perhaps it was the only way.

    You don't have to be a genius to find what he found, you just have to decode the code. What really scares me is who knows how many times these vulnerabilities have been used before without anyone knowing?

    So what he did wrong is providing the exploit script. But without the script I doubt everyone would see the seriousness of the situation, instead of shutting down their installation they'd just wait for the update.

    I think his motivation was a wake up call, and it apparently worked.

    Thanked by 1Maounique
  • MaouniqueMaounique Host Rep, Veteran

    vedran said: I think his motivation was a wake up call, and it apparently worked.

    At least in the case of Solus it did, probably WHMCS needs a few more disclosures before they sit down and review the code.

  • jvnadrjvnadr Member
    edited October 2013

    You guys (some of you) demand more transparency from localhost.re or him do not publish whmcs exploits, instead of demanding full transparency for a product you buy with a lot of $$$, for a product that can even shut down your company (if, for example, a leak of db destroy your nodes or hack your clients)? I'm not in hosting industry, hosting and design are my hobbies. But, as a journalist (that's my job) I have to say that: don't shot the source of a story, he just tries to reveal hidden clues - even for his own reasons. Go against the "bad" guys of every story. Last but not least: history proves that people get in trouble for their acts by sources who just show to public facts and problems, are usually try to muzzle sources, rather than explain to the public what happened or fix the problems they caused.

  • perennateperennate Member, Host Rep
    edited October 2013

    @jvnadr said:
    You guys (some of you) demand more transparency from localhost.re or him do not publish whmcs exploits, instead of demanding full transparency for a product you buy with a lot of $$$, for a product that can even shut down your company (if, for example, a leak of db destroy your nodes or hack your clients)?

    Um, no? Anyone who criticized localhost.re has almost certainly expressed their disappointment to WHMCS already.

    I'm not in hosting industry, hosting and design are my hobbies. But, as a journalist (that's my job) I have to say that: don't shot the source of a story, he just tries to reveal hidden clues - even for his own reasons. Go against the "bad" guys of every story. Last but not least: history proves that people get in trouble for their acts by sources who just show to public facts and problems, are usually try to muzzle sources, rather than explain to the public what happened or fix the problems they caused.

    He's not revealing clues. He's providing a script that can grab all clients' data from anyone using WHMCS, or worse, cause data loss on a client's server (by resetting client passwords, logging in, and cancelling immediately; or cracking md5sum).

  • perennate said: Anyone who criticized localhost.re has almost certainly expressed their disappointment to WHMCS already.

    Just saying that localhost.re is not the problem (if not the solution). He just speed up things showing the issues to the public

  • perennateperennate Member, Host Rep

    jvnadr said: Just saying that localhost.re is not the problem (if not the solution). He just speed up things showing the issues to the public

    I don't think anyone thinks he's the problem. Just that he could have handled things differently, for example, at the very least not release with his vulnerability a working exploit script. Or release a working script but with a non-serious SQL injection.

  • MaouniqueMaounique Host Rep, Veteran
    edited October 2013

    @jvnadr said:

    Even more...
    He FORCES WHMCS to act, if he did not post those exploits, do you think they would ? Eh it is fairly complex, just a few people will exploit those, we can wait till the next major version, no rush.
    Probably now they will knowing he is capable of posting the scripts, but probably just had the typical corporate reaction when someone is telling them the have a flaw: how do you know, who is your accomplice, you will suffer dearly for trying to bring our good name into mud.
    Leaving only the governments and criminals know about the exploits is not a good idea, he could also download databases and sell them as many others are doing.
    Perhaps he didnt do it perfectly clean, but he did us a favour by forcing whmcs to close the backdoors.

    Thanked by 1Infinity
  • jvnadrjvnadr Member
    edited October 2013

    Maounique said: Perhaps he didnt do it perfectly clean, but he did us a favour by forcing whmcs to close the backdoors.

    I agree! Even if his motors are driven because, e.g. he could maybe work for a competitor, I'm saying again that transparency never hurts. In this case, is a motor for whmcs to give a better product.

  • c0yc0y Member

    So...

    WHMCS must be well aware their codebase contains exploits 101. That the localhost guy can locate those without even having the source code means he's a good engineer.

    Now, I expect WHMCS to know that even an uni teacher could have pointed out all the vulns localhost showed if that teacher were to see the original source.

    So WHMCS is obviously trying to get rid of localhost guy (private contract to fuck off, lawsuit, feds, anything that works for them)

    OR...

    WHMCS Matt is seriously mentally challenged if he actually wants to hire an engineer at the other side of the world while anyone with the unobfuscated source code and basic knowledge about SQLi can do it

  • Frost said: That the localhost guy can locate those without even having the source code means he's a good engineer.

    How can we assume he does not have the source code? Time after time he posts snippets of the code on his website. If using a ioncube decoding mechanism does not count as having the source code, what does?

    I would also like to point out the last two posts were on a timer, according to the RSS feed, there has been some speculation that it is "Vlad C. and NetSec Interactive." as this guy finds exploits on whmcs as well as blesta.

  • c0yc0y Member

    @WebSearchingPro said:
    How can we assume he does not have the source code? Time after time he posts snippets of the code on his website. If using a ioncube decoding mechanism does not count as having the source code, what does?

    Engineer as in either Reverse Engineer or Social Engineer.

    I mean that he probably spent more time decompiling the source than finding the actual exploits. (who thinks he blindly bruteforced variables until he found an SQLi are stupid :-P)

    @WebSearchingPro said:
    I would also like to point out the last two posts were on a timer, according to the RSS feed, there has been some speculation that it is "Vlad C. and NetSec Interactive." as this guy finds exploits on whmcs as well as blesta.

    That reminds me an awkward lot of @vld (cnst)

  • vldvld Member

    WebSearchingPro said: I would also like to point out the last two posts were on a timer, according to the RSS feed, there has been some speculation that it is "Vlad C. and NetSec Interactive." as this guy finds exploits on whmcs as well as blesta.

    Not sure where you're going with that. We've been reporting the vulnerabilities we find and know about directly to the WHMCS developers.

    Thanked by 1tchen
  • @vld said:
    Not sure where you're going with that. We've been reporting the vulnerabilities we find and know about directly to the WHMCS developers.

    Thats cool, I just saw your name referenced before (can't remember where though). Thanks for clearing that up :)

  • kontamkontam Member
    edited October 2013

    @vld said:
    Not sure where you're going with that. We've been reporting the vulnerabilities we find and know about directly to the WHMCS developers.

    Which is the right thing to do. Finding a house with a window open doesn't give you the right to tell the whole neighborhood to loot it to teach the owner a lesson to lock his house next time.

    In a virtual world everything is more accessible and also harder to track down due to potential hundreds of millions of internet users unlike in the physical world where the number is shrunk down to local area residents. But a crime is still a crime. Name it all you want, put beautiful stories behind it, paint it with noble excuses, but in the end it's still illegal.

    Thanked by 1marrco
  • MaouniqueMaounique Host Rep, Veteran
    edited October 2013

    I disagree, it is illegal if he broke the window, not that he goes around in the neigbourhood telling people dont do like the Smiths. Besides, I suspect he told the Smiths before that they have an open door and they said we dont care or watch it, we will send the sheriff after you...
    It can be interpreted as being an accomplice, however, first you need the actual perpetrator and the crime to be reported. In this case, WHMCS will be accessory too, by providing a substandard product with known problems they were only trying to hide.
    If your security company is planting a 2 digits code that will unlock the door for their own use and someone enters using that code and steals your jewels and burns your house down to cover the tracks, they will have to pay at least in part for it.

    Thanked by 1Raymii
  • LOL It makes zero sense what you just said and I **strongly **suggest you create another account for personal needs if you're going to be blurting stuff out like that. It makes me wonder what kind of people work for Prometheus.

  • The unfortunate thing is if he doesn't post the scripts there will be no urgency for the vendors to secure the code ASAP.

  • DroidzoneDroidzone Member
    edited October 2013

    @kontam said:
    LOL It makes zero sense what you just said and I **strongly **suggest you create another account for personal needs if you're going to be blurting stuff out like that. It makes me wonder what kind of people work for Prometheus.

    It is his personal account. What does working with Prometeus have anything to do with what he wishes to talk about? His username isnt Prometeus, or Prometeus-Mao.

    It's called an academic discussion. People may have different personal opinions, that's why discussing is interesting. What makes zero sense to one guy makes a lot of sense to others.

  • Let's all dress sweatpants while handing out business cards.

Sign In or Register to comment.