Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 49
  1. #16
    Join Date
    October 2010
    Location
    Germany
    Posts
    67
    Well, i think TeamSpeak must take a closer look to security in the future. The last exploit with avatars and now this - just annoying - and there are a couple more out there.

  2. #17
    Join Date
    February 2014
    Posts
    293
    Quote Originally Posted by FireEmerald View Post
    Well, i think TeamSpeak must take a closer look to security in the future. The last exploit with avatars and now this - just annoying - and there are a couple more out there.
    I agree, I think there should be security audits.

    Quote Originally Posted by numma_cway View Post
    According to what I heard, they did contact TeamSpeak right away.
    But still, why release a tool for people to exploit this?

  3. #18
    Join Date
    October 2012
    Location
    Germany
    Posts
    553
    Hypocrisy, self-delusion, there're choices Patrick
    Personally I'm rather puzzled by the motivation.
    Either they hate the software, then it doesn't make sense to put such energy into it.
    Or they don't, then it isn't rational to not act constructively in a white hat manner.
    I'm guessing the theory that makes sense the most would be desire of attention, if that's one's kind of thing.
    In that case one could come up with the idea that this monetarization would in fact be mostly a wall of protection to calm oneself down into a sorta greyish area and you know, the immense costs of hosting a forum to discuss stuff like piracy for educational purposes... is apparently enough for folks to make peace with their actions.
    Giving devs a notice, apparently early-ish, is nice - I'll give 'em that (and it sure helps to perceive oneself in a more fortunate light, doesn't it).
    But I'm not buying into this whole structure becoming morally justifiable just by that.
    Then again, the world tends to demonstrate it's not overcome by desire for conforming to my standards, so whatever *shrug*.

    Sure, TS needs to become more secure (although I would argue if a provoced crash is a security issue in the harder sense), but as it stands the same is true for my bank's app, Windows, OSX, Linux, the NASA network.. It's true for pretty much everything, today's norm. I'm not saying it's a justification to laying back, which I doubt is being done. Rather that I guess the reasonable expectation in today's world is stuff to be fixed in a responsibly fast manner, not that there never ever is anything to be found in the first place, as desirable as this would be.

  4. #19
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    It will upgrade to 24 by itself then.

  5. #20
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    The crash is not provoked. From what I heard, this program existed before 3.0.12 was released and did not crash these (and still doesn't). So it's a newly introduced server bug. After they found it, they reported it and asked TeamSpeak to fix it until Feb 5 or they will release the tool. TeamSpeak didn't fix the bug, so they released the tool.

    If they didn't release the tool, there would be a chance that TeamSpeak will never fix a serious issue in their software. So if a company tries to rely primarily on "security by obscurity", I think it's a valid reason to release such tool that takes away the obscurity and shows everyone that something is wrong.

  6. #21
    Join Date
    February 2014
    Posts
    293
    Quote Originally Posted by numma_cway View Post
    The crash is not provoked. From what I heard, this program existed before 3.0.12 was released and did not crash these (and still doesn't). So it's a newly introduced server bug. After they found it, they reported it and asked TeamSpeak to fix it until Feb 5 or they will release the tool. TeamSpeak didn't fix the bug, so they released the tool.

    If they didn't release the tool, there would be a chance that TeamSpeak will never fix a serious issue in their software. So if a company tries to rely primarily on "security by obscurity", I think it's a valid reason to release such tool that takes away the obscurity and shows everyone that something is wrong.
    Ah I see, originally they didn't say that they had notified TeamSpeak prior to the release of it. It kinda makes sense now, I guess TeamSpeak is a bit stubborn sometimes.

  7. #22
    Join Date
    October 2012
    Location
    Germany
    Posts
    553
    I dunno, numma_cway, releasing stuff to public is commonly used as a last resort if critical stuff doesn't get fixed in a reasonable amount of time under consideration of severity and active abuse.
    It'd go against that business model to give too much of a heads-up, as it'd potentially deny the ability to show sth. off to that "VIP" crowd for a couple of days. Bad "press" for TS is "good" press for such an entity.
    I'll continue to refrain from handing out that saint's halo.

  8. #23
    Join Date
    February 2016
    Posts
    9
    Quote Originally Posted by Patrick1164 View Post
    I cannot understand why they are giving a tool away to "VIP" members who are donating to them, yet they claim to be a security researcher team surely if they were in-fact that they would privately disclose a vulnerability not give people the tools to exploit it it's borderline blackhat.
    totally agree because this,
    "Keeep Server Down Every X seconds!"

    ...Security Research sure...
    Name:  Troll-Face-Dancing1.jpg
Views: 441
Size:  4.1 KB

  9. #24
    Join Date
    February 2016
    Posts
    3

    IP's to block

    If you for some reason don't have the option to downgrade your server again. Then here is a little list of known IP there are used to crash servers.
    Last edited by dante696; February 8th, 2016 at 08:22 AM. Reason: ips removed

  10. #25
    Join Date
    February 2014
    Posts
    293
    Quote Originally Posted by Gamle View Post
    If you for some reason don't have the option to downgrade your server again. Then here is a little list of known IP there are used to crash servers.

    ips removed
    It would be futile to even attempt to block these IPs, they will have lots of VPNs etc which is what's most infuriating about this. I've gone to the effort of downgrading because I've already been targeted multiple times.
    Last edited by dante696; February 8th, 2016 at 08:22 AM.

  11. #26
    Join Date
    February 2016
    Posts
    9
    my geoip & vpn script did block these kidz easy- so they used their real ips, lol..

    2016-02-06 02:38:41.275364|INFO |VirtualServerBase|5 |client connected 'Eva Braun'(id:24280) from 82.82.188.203:58171
    2016-02-06 03:12:43.334163|INFO |VirtualServerBase|5 |client connected '☠☂*.८Րคઽע੮૦คς੮૯Ր.*ൠ✔'(id:24281) from 91.4.63.1:60729
    2016-02-06 03:15:41.204336|INFO |VirtualServerBase|5 |client connected 'ANONYMOUS'(id:24282) from 37.24.143.108:23242
    2016-02-06 03:16:26.714939|INFO |VirtualServerBase|5 |client connected 'DrJhzeCpzh5k0h3'(id:24283) from 91.4.63.1:50698

    very smart

  12. #27
    Join Date
    December 2010
    Location
    United Kingdom
    Posts
    340
    Hello Guys

    Someone exploited my hosting and error appear after this crashed my all instances:

    2016-02-07 18:21:34.090094|CRITICAL|ServerParser | |Assertion "rID == REASON_NONE || rID == REASON_CLIENTDISCONNECT" failed at ../../../../s/deps/teamspeak_server_lib/src/ts_server/serverparser.cpp:962;

    every time.

  13. #28
    Join Date
    October 2014
    Posts
    10
    Just got attacked. Glad i did a backup right before updating. Rolled back to old version.

  14. #29
    Join Date
    May 2015
    Location
    Brazil
    Posts
    12

    Angry

    There is a tool in a forum to bring down the server

  15. #30
    Join Date
    June 2008
    Posts
    18,513
    Closed and will be discussed here
    http://forum.teamspeak.com/threads/1...-0-12-released
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Resolved] Crash 3.0.12.2 "serverparser.cpp:763"
    By uprate6 in forum Bug Reports [EN/DE]
    Replies: 3
    Last Post: March 4th, 2016, 08:12 AM
  2. [CRITICAL] Server crash (db_exec failed and assertion failed)
    By Slater in forum Bug Reports [EN/DE]
    Replies: 8
    Last Post: August 10th, 2010, 10:36 AM
  3. Server Crash - CRITICAL|Variables
    By War-Fusion in forum Windows
    Replies: 0
    Last Post: January 14th, 2010, 12:51 AM
  4. Critical | Client - Crash
    By Gubi1990 in forum Windows
    Replies: 1
    Last Post: December 21st, 2009, 06:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •