You can help CodeWalrus stay online by donating here. | New CodeWalrus | Old (dark mode) | Old (light) | Discord server

WalrusIRC disabled until further notice

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

1 2 »
0
b/[Completed] CodeWalrus Tools (Web/Android/PC) publicado por u/Dream of Omnimaga April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
16 Replies 16 Views
Inicia sesión o crea una cuenta para dejar un comentario
Sign up Log in
u/novenary April 11, 2015, 04:42:34 PM
Juju disabled the exploitable code for now. Re-enabling.
0
u/DarkestEx April 11, 2015, 04:43:00 PM
Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
Sorry, @DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know :(
Hopefully I don't get banned for that or anything...
0
u/Yuki April 11, 2015, 04:46:05 PM
Yeah, please don't abuse security issues next time, told ya to not use alert()...

EDIT: Nope you're not getting banned :P
Last Edit: April 11, 2015, 04:47:40 PM by Juju
0
u/Dream of Omnimaga April 11, 2015, 04:47:31 PM
Quote from: DarkestEx on April 11, 2015, 04:43:00 PM
Quote from: DJ Omnimaga on April 11, 2015, 04:41:45 PM
Due to a security exploit, WalrusIRC has been disabled until further notice. Please use OmnomIRC for the time being instead (go to profile->Group Membership then join the "OmnomIRC mode" usergroup).

WalrusIRC will be re-enabled once the bug has been fixed and that anything that can disrupt your CodeWalrus browsing experience has been deleted from the OIRC/WIRC logs.
Sorry, @DJ Omnimaga for finding, that javascript exploit. I just wanted to let you know :(
Hopefully I don't get banned for that or anything...
It's ok, thanks for letting us know at least :). Just make sure to not actually use the exploit next time unless it's not harmful or anything :P (in the current case, it was more annoying than harmful, with random alerts popping up, but that could have scared some users away)
0
u/DarkestEx April 11, 2015, 05:21:31 PM
This issue becomes its own logo:


Lets call it Derpywalrus exploit
0
u/Yuki April 11, 2015, 05:29:52 PM
The linkifier has been disabled until further notice until we have a fix (which should be quite simple). The exploit is also on OmnomIRC.
0
u/DarkestEx April 11, 2015, 05:33:11 PM
I wonder if the chat software could have problems aswell.

EDIT: It seems fine to me.
0
u/Yuki April 11, 2015, 06:03:54 PM
It's been fixed on both WalrusIRC and OmnomIRC, on both CodeWalrus and Omnimaga, as of OmnomIRC version 2.9.0.5 and WalrusIRC version 0.0.3.
0
u/DarkestEx April 11, 2015, 06:10:25 PM
Sounds great!

For everybody who missed the thing, this was basically a way to sneak in javascript into links, like this:


Mouse-hovering over them executed (possible malicious) javascript.
0
u/Yuki April 11, 2015, 06:13:53 PM
Yep. On WalrusIRC, it also worked with image tags, which also support onload, which could lead to even more disastrous results.
0
u/Dream of Omnimaga April 11, 2015, 06:34:26 PM
Hopefully you can fix the bug soon since being able to click links in WIRC is very convenient, especially from New post notifications. On Cemetech we can't (anymore) so I always have to copy/paste them.
0
u/Yuki April 12, 2015, 06:00:12 AM
Come to think, this bug's been there since at least 2013, maybe even since 2010-2011. Omnimaga's (and also CodeWalrus and a bunch of other sites) been vulnerable since all this time, kind of weird when you think about it. If we were a big company such as Google or Facebook, we would have given @DarkestEx something like $5000, but sadly we are not a big company. Please accept 5000 internet points instead. Oh well, it was fun while it lasted.
0
u/Snektron April 12, 2015, 09:29:10 AM
Maybe give him "the Honor of finding a bug" :P
0
u/Duke "Tape" Eiyeron April 12, 2015, 11:13:03 AM
Quote from: Cumred_Snektron on April 12, 2015, 09:29:10 AM
Maybe give him "the Honor of finding a bug" :P

Bug-tracker rank? ;)
0
1 2 »
Start a Discussion

b/[Completed] CodeWalrus Tools (Web/Android/PC)

The sub-forum for WalrusIRC, an IRC-linked shoutbox, as well as DarkestEx and Cumred_Snektron's post notifiers. Other major site browsing tools might be discussed here when applicable.

17
Topics
Explore Board
Website statistics


MyCalcs | Ticalc.org | Cemetech | Omnimaga | TI-Basic Developer | MaxCoderz | TI-Story | Casiocalc.org | Casiopeia | The Museum of HP Calculators | HPCalc.org | CnCalc.org | Music 2000 Community | TI Education | Casio Education | HP Calcs | NumWorks | SwissMicros | Sharp Calculators
Powered by EzPortal