View Poll Results: How much will you contribute to this bounty - READ 1st post before voting

Voters
50. You may not vote on this poll
  • $10

    9 18.00%
  • $20

    13 26.00%
  • $50

    4 8.00%
  • $100 - (WHEW! sure glad I didn't have to void the warrenty with a prom mod)

    7 14.00%
  • $0 - (gonna let somebody else foot the bill & HOPE the exploit appears)

    5 10.00%
  • $5 - don't even own a hd unit but hey...

    11 22.00%
  • $250 - category added by request

    1 2.00%
Multiple Choice Poll.
Page 3 of 9 FirstFirst 12345 ... LastLast
Results 31 to 45 of 126

Thread: HD-TIVO exploit bounty

  1. #31
    Join Date
    Feb 2003
    Posts
    155
    How can you enforce ANY agreement without revealing exactly who you are?
    Will HDTeam stand up and reveal themselves to defend this agreement/License? I doubt it.

    Furthermore you can't copyright a hack. The code that applies the hack can be copywritten, but the actual exploit can not. So if someone writes a new program that exploits the same vulnerability, nothing can be done.

    As HDTivos become more popular, I'm sure many exploits will show up and once they are out, they are out for free, for anyone, for any purpose!

    I have no idea what the hack is, but I'm sure that a stack overflow/buffer exploit will work fine, just ask MS.

    Thanks to the internet, keeping a lid on how it's done will be impossible.
    Just put it out there if you got it! If the hole gets closed, so what? There is always a way.

    What man can do, man can undo!

  2. #32
    Join Date
    Jun 2003
    Posts
    173
    I know that s1 tivo's can go back to the last version of the software that's installed. I bet that's in hd tivo's and s2 so as long as it's on there your set

  3. #33
    Join Date
    Oct 2002
    Posts
    1,496
    Quote Originally Posted by Tiros
    How can you enforce ANY agreement without revealing exactly who you are?
    Will HDTeam stand up and reveal themselves to defend this agreement/License? I doubt it.

    Furthermore you can't copyright a hack. The code that applies the hack can be copywritten, but the actual exploit can not. So if someone writes a new program that exploits the same vulnerability, nothing can be done.

    As HDTivos become more popular, I'm sure many exploits will show up and once they are out, they are out for free, for anyone, for any purpose!

    I have no idea what the hack is, but I'm sure that a stack overflow/buffer exploit will work fine, just ask MS.

    Thanks to the internet, keeping a lid on how it's done will be impossible.
    Just put it out there if you got it! If the hole gets closed, so what? There is always a way.

    What man can do, man can undo!
    What exactly is your point?

    It seems to me like HDTeam has knowledge, and rather than making a profit, they are willing to release it on the condition that donations are made to the EFF. I am sure enforcing licenses is not a big concern, but stating their position on copying/selling/exploiting their efforts is.

    I am also sure they could care less if someone somes up with a similar exploit on their own.

    Why do you think this obligates HDTeam to reveal themselves?

    By the way, your "for any purpose" comment troubles me...
    That's the kind of attitude that makes hackers/developers stop releasing code to the public.

  4. #34
    Join Date
    Mar 2002
    Posts
    1,339
    Quote Originally Posted by Tiros
    How can you enforce ANY agreement without revealing exactly who you are?
    Will HDTeam stand up and reveal themselves to defend this agreement/License? I doubt it.

    Furthermore you can't copyright a hack. The code that applies the hack can be copywritten, but the actual exploit can not. So if someone writes a new program that exploits the same vulnerability, nothing can be done.

    As HDTivos become more popular, I'm sure many exploits will show up and once they are out, they are out for free, for anyone, for any purpose!

    I have no idea what the hack is, but I'm sure that a stack overflow/buffer exploit will work fine, just ask MS.

    Thanks to the internet, keeping a lid on how it's done will be impossible.
    Just put it out there if you got it! If the hole gets closed, so what? There is always a way.

    What man can do, man can undo!
    gosh, that is just lame on SO many levels

    1) of course it'll be abused - the cover charge before release just helps ensure the net effect will be positive - also makes an effective political statement

    2) obviously you have no idea who HD TeAm is. protecting the right to use our own hardware as we see fit is EXACTLY the sort of fight we should all support. if someone like ptvupgrade or one of the more prolific ebay sleaze were to missappropriate this util you can bet there would be legal action

    3) you CAN copyright a hack - it's just another piece of software (duh)

    4) maybe so, but not just ANY man can do this sorta thing. put up or shut up - don't whine for a handout
    ---
    Give a man a fish and he will eat for a day. Teach a man to fish and he will sit in a boat all day and drink beer

  5. #35
    Join Date
    Aug 2004
    Posts
    6
    Quote Originally Posted by fixn278
    By the way, your "for any purpose" comment troubles me...
    That's the kind of attitude that makes hackers/developers stop releasing code to the public.
    Seems less of an attitude and more of a reality to me. It's something you're going to have to deal with, so why not talk about it? Either way, the only kinds of developers that would stop releasing software for this type of reason are the types that are the ones that have a moral objection to the way their code is being used. If you ask me, that's a good thing. All the people who do this stuff for the attention or the general fuss it causes get a thrill out of complaining about how people use their code, and the people who dump some code out there that they wrote for their own purposes and then disappear probably never even notice what other people do with it. Let's face it. There are some of all those types of people around here...

    Regardless, it seems a decision has been made that nobody's going to change, so I don't understand the intense debate. Either the $1000 thing will work, or it won't. No matter which way it goes, somebody will post the method for hacking these units someday. It's not like this stuff is rocket science. It seems to me the real debate should be wether we believe these guys were successful, or wether they're just trying to get some people to part with their money. Certainly having the money donated adds some credibility, but that's money isn't going *directly* to the EFF, now is it? How much do you trust an anonymous group with your money?

  6. #36
    Join Date
    Aug 2003
    Posts
    11
    Quote Originally Posted by Tiros
    How can you enforce ANY agreement without revealing exactly who you are?
    Will HDTeam stand up and reveal themselves to defend this agreement/License? I doubt it.

    Furthermore you can't copyright a hack. The code that applies the hack can be copywritten, but the actual exploit can not. So if someone writes a new program that exploits the same vulnerability, nothing can be done.

    As HDTivos become more popular, I'm sure many exploits will show up and once they are out, they are out for free, for anyone, for any purpose!

    I have no idea what the hack is, but I'm sure that a stack overflow/buffer exploit will work fine, just ask MS.

    Thanks to the internet, keeping a lid on how it's done will be impossible.
    Just put it out there if you got it! If the hole gets closed, so what? There is always a way.

    What man can do, man can undo!
    Wow this just sounds like sour grapes AGAIN.

    Tell ya what Tiros go find/develop the exploit and you can do whatever you want with it. Thats the beauty of doing it yourself. You dont have to explain yourself or answer to anyone.

  7. #37
    Join Date
    Mar 2002
    Posts
    1,339
    Quote Originally Posted by Ivan
    Certainly having the money donated adds some credibility, but that's money isn't going *directly* to the EFF, now is it? How much do you trust an anonymous group with your money?
    I'm a mod here, my paypal is certainly not anonymous, and I'm currently handling it because I drew the short straw to manage this challenge

    if the challenge isn't met the $ will be returned. anyone unhappy can save the thread & file a grievience with paypal (duh)
    ---
    Give a man a fish and he will eat for a day. Teach a man to fish and he will sit in a boat all day and drink beer

  8. #38
    Join Date
    Aug 2004
    Posts
    6
    Quote Originally Posted by rc3105
    I'm a mod here, my paypal is certainly not anonymous, and I'm currently handling it because I drew the short straw to manage this challenge

    if the challenge isn't met the $ will be returned. anyone unhappy can save the thread & file a grievience with paypal (duh)
    I didn't mean any offence, but as somebody who has filed, and won multiple grievances with paypal but has yet to see a dime returned to him, forgive me if I don't take that as particularly reassuring. PayPal may as well be anonymous.

    If you're being honest, well that's great. You should be commended. I was just surprised nobody had even brought up the possibility that you weren't yet.

  9. #39
    Join Date
    Feb 2003
    Posts
    155
    Quote Originally Posted by fixn278
    What exactly is your point?

    It seems to me like HDTeam has knowledge, and rather than making a profit, they are willing to release it on the condition that donations are made to the EFF. I am sure enforcing licenses is not a big concern, but stating their position on copying/selling/exploiting their efforts is.

    I am also sure they could care less if someone somes up with a similar exploit on their own.

    Why do you think this obligates HDTeam to reveal themselves?

    By the way, your "for any purpose" comment troubles me...
    That's the kind of attitude that makes hackers/developers stop releasing code to the public.
    What I was saying was they would have to reveal themselves in order to enforce thier positions on copying/selling/exploiting. My comments are only to illustrate that there is really no way to control what people will do. There are several users here who constantly taunt everyone that they have some special "private" hack and I'm sick of it! There will always be people willing to release without any conditions. Just wait and see!

    Quote Originally Posted by rc3105
    gosh, that is just lame on SO many levels
    1) of course it'll be abused - the cover charge before release just helps ensure the net effect will be positive - also makes an effective political statement
    2) obviously you have no idea who HD TeAm is. protecting the right to use our own hardware as we see fit is EXACTLY the sort of fight we should all support. if someone like ptvupgrade or one of the more prolific ebay sleaze were to missappropriate this util you can bet there would be legal action
    3) you CAN copyright a hack - it's just another piece of software (duh)
    4) maybe so, but not just ANY man can do this sorta thing. put up or shut up - don't whine for a handout
    1) Political statements are just lip service. Do you think Ebay sleazers are worried about your political beliefs?
    2) I think I do know who they are. But John Law does not. WHEN the ebay software appears, we will see who steps up to defend it. BTW did you ever collect anything from those mfs_ftp infringers?
    3) Please describe how you can copright a "hack". As I said earlier, the code to invoke a hack can be copywritten (duh) but the exploit itself can not. Another program to invoke the same hack, clearly would be non infringing.
    4) I'm not asking for anything. Why don't YOU put up or shut up?
    http://www.dealdatabase.com/forum/sh...9&postcount=33

    That being said, I would like to state for the record that I have never expolited anything that I found here for profit. The main point of my whole rant is that it really sucks that we can't just share whatever we find, WITH EVERYONE, no strings attached. But hey, if it boosts your ego, keep it private. If it's a real big deal, it will come out anyway.

  10. #40
    Join Date
    Jan 2002
    Location
    New York
    Posts
    2,407
    Quote Originally Posted by Ivan
    If you're being honest, well that's great. You should be commended. I was just surprised nobody had even brought up the possibility that you weren't yet.
    Well, you're new, and you haven't seen that we're generally a tight knit community up in the higher eschelons of DDB.

    You're well within your rights not to contribute if you don't trust someone. However, the folks who already have (BTW: we're almost at our mark within 24 hours...) seem to trust rc3105, and they should be commended for paying for a hack that YOU will undoubtedly receive for free.

    Thanks to them, there is a very good chance that this hack will be public in just a few short hours.

    EDIT:Unfortunately, folks like Tiros will benefit as well. Based on some of his comments, it seems like he might be one of the first to infringe on any "license" that may be granted for this hack. Truthfully, as the leadership of DDB, most of us have access to this kind of hack anyway. If all the EFF donations were returned and this hack NOT released to the public at all, those illuminati would still have it, and those like Tiros, would .. um.. not.

    Do with it as you will. Though keep the threats and veiled references to a minimum.
    Last edited by JJBliss; 08-02-2004 at 05:43 PM.

  11. #41
    Join Date
    Sep 2002
    Posts
    140

    Talking

    Back when Jdiner was doing the start of Tytool I paypaled (is that a word?) him so dough because I was using software that he had written. I had not provided any help and I didn't expect anything for free. He had not asked for any money, but he had spent so much time on it and I was going to really use his software so I decided to send him some money. What really erks me is the people that complain about something that is free? Puhhhleeezzzz.

    Anyway, why not pay for something that you didn't have any help in creating but are going to use?

    Now, don't get me wrong, I love free stuff like everyone else...

    Just my 20 bucks speaking. ;-)

    Matt

  12. #42
    Join Date
    Aug 2004
    Posts
    6
    Quote Originally Posted by JJBliss
    EDIT:Unfortunately, folks like Tiros will benefit as well. Based on some of his comments, it seems like he might be one of the first to infringe on any "license" that may be granted for this hack. Truthfully, as the leadership of DDB, most of us have access to this kind of hack anyway. If all the EFF donations were returned and this hack NOT released to the public at all, those illuminati would still have it, and those like Tiros, would .. um.. not.

    Do with it as you will. Though keep the threats and veiled references to a minimum.

    It seems to me that folks who will try to profit monitarily off of a hack like this are far more likely to be sued than the developers; especially since they're more likely to have money to collect as damages. Generally people get what's coming to them.

    Simillarly, however, with money involved here it seems to me the chance of legal action against the developers is now higher than if the EFF didn't get the $1000. Considering the potential consequences it amazes me what people will complain about while they're missing the bigger picture.

  13. #43
    Join Date
    Jun 2004
    Location
    Planet Earth
    Posts
    235
    Quote Originally Posted by rc3105
    "HD TeAm" has submitted a sw only exploit for evaluation

    the license is restricted distribution - but only to prevent resale / hero abuse

    OK, lets open the floor to discussion
    Question: This exploit will allow one to setup a USB-ethernet connection and use HDTytool?

  14. #44
    Join Date
    Sep 2001
    Posts
    69
    Quote Originally Posted by redstone
    Question: This exploit will allow one to setup a USB-ethernet connection and use HDTytool?
    It should be logically equivalent to the prom hack. Anything you could do with a hacked prom should be doable.

  15. #45
    Join Date
    Mar 2002
    Posts
    1,339
    Quote Originally Posted by Tiros
    Another program to invoke the same hack, clearly would be non infringing.
    not necesarily. learn a little, how many ways do you think there are to defeat an el-gamel signature check???
    Quote Originally Posted by Tiros
    BTW did you ever collect anything from those mfs_ftp infringers?
    some. made life difficult for others. generally when ebay / law enforcement turns over that sort of rock they find a lot more going on and the scammer begins to wish I hadn't taken an interest
    Quote Originally Posted by Tiros
    The main point of my whole rant is that it really sucks that we can't just share whatever we find, WITH EVERYONE, no strings attached.
    yep, that's true. send the EFF some $ or volunteer to be the victim of a precedent setting case and maybe that'll improve
    Quote Originally Posted by Tiros
    If it's a real big deal, it will come out anyway.
    maybe, mabye not. some people really can keep secrets
    ---
    Give a man a fish and he will eat for a day. Teach a man to fish and he will sit in a boat all day and drink beer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •