Go ahead, I'm here to piss people off, it's amusing. It's called trolling.

What if I'm not civilized? I'm using 4chan logic, good luck having a civilized conversation with me, fag.

And who the hell would ever let reaver run its full course nowadays? Oh yeah, dumb fucks that don't have a clue what they are talking about.

Are you retarded? Is this comment for real? Oh yeah, I forgot, you work as a construction worker.

Okay okay okay okay. Calm down ladies.

@HTTP, why do you like this one better? Security concerns or design/features?

@DeepCopy, I appreciate the trust you have in me, but even I can make mistakes. And there are some valid points here. Closed source and security has rarely ended well. But 'alpha' is not closed source, there have been many eyes on it and there will continue to be. We might even make it open source ish at some point. But I dont think it is a good idea to make it public open source just yet. It is still very much unfinished and unpolished.

PDO does take care of most database related vulnerabilities, but not all. There are queries that needs to be done in a different way than PDO wants, but thing is I am very much aware of these, and they are few.

As far as XSS goes I am fairly sure we are up to date.

DDoS has nothing to do with software. Unless you are speaking of a software DoS flaw, which there have been a few of in alpha but most of them have been corrected, and future ones will be fixed swiftly if discovered.

You are all more than welcome to go bug hunting as long as you report what you find I would very much appreciate in fact.

There has been some time since the alpha GIT was updated because of lack of interest, from me and others. Do tell if you are interested and we'll see what we can do about that.


EDIT: Ps: I just realized this reply might be slightly offending. That was not my intention. <3

Style, I've never done any vulnerability hunting on this site

Looks good ande

@HTTP
You have no idea how much improvement alpha has over SMF. the biggest being a custom forum software which will make it very difficult for people to attack. For example, skiddy gets 0day SMF exploit and pwns EZ, with alpha, only evilzone is using it. No vBulletin, no SMF, no phpBB, no etc. This already makes it more secure by leaps and bounds.

Also if problems and bugs arise they can be addressed by the creators of alpha and not rely on some hack patches. Furthermore additional services and APIs can enable for beautiful uniform integrated parts of evilzone (ie services that used to have a link in the previous alpha)

Change isn't always accepted, however I believe alpha is going to be one of the best things that has happened to EvilZone in a LONG time.

I would love to see a full CMS for other sites to use xD

It might be harder, but finding a vulnerability I wouldn't think would be too difficult if you put time and energy into it. And the custom coded forum might not have the greatest security.

There could be SQLi, XSS vulnerabilities, if you dig deep enough into the site. Also, DDoS could also be a huge pain in the ass for ande.

Link?

https://m.youtube.com/watch?v=0osZuafJuB0 Its 1/6, a lot of that info is in the later ones AS well.

These days, WiFi hacking is a very big issue. Especially Rogue AP's. There will be always ways for black-hat's to find new ways to attack you over wireless, there is no way to fully stay safe and anonymous online. You are at big risk when using free or even paid access points.


You should always use a VPN, this is an obvious one. This will encrypt your traffic, making it harder for the hacker to decipher the information being sent to him, if the attacker is performing a MiTM attack on the network. You'll also stay more anonymous on the network, always use the most advanced encryption algorithm available to you. OpenVPN per say.


Be aware of information you are providing. Do not ever, not even with a VPN, do banking or log into social media on networks. There is a large chance you are on a rogue access point, at least these days. You may not even know it, the hacker might have performed a de-authentication attack, and automatically logging you into the rogue access point. Making you oblivious to the fact your information is being recorded.


When using an access point, check if the headers of your websites are using HTTPS, and not HTTP. If a site like facebook is displaying a HTTP, don't log in. Someone is likely recording your information. Obviously, some attacks like SSLSTRIP makes it so it says SSL on there, and changing it to HTTPS. But you are mostly safe from SSL stripping, as most sites uses TLS these days.


Is it redirecting you or asking for information when using the access point? Someone is probably doing a Evil Twin attack on the network if this is happening, as I stated above, do not ever give out credit card information. The attacker, if using evil twin, might have setup a page asking for credit card information, automatically giving you errors like, "Please use a different card, that card is not supported." But storing the data, and having you put in more credit cards, and therefor storing more information. It's a very damaging and dangerous attack.


This is just the very basics, just wanted to make "some" aware.

Would there be any significant downsides to code malware in VB, except for the dependencies?