Hacking Four new people paid off by Nintendo in the HackerOne program

[rednekcowboy]

Maybe because I don't go back to read every single post in the thread and the thread is about hackerone program.

Well, perhaps before you attack someone, get all insulted and indignant, you should so you can understand what is being discussed. Threads take on a life of their own and go in many different directions. Reading one post without understanding the context is your fault, not mine. Obviously at the time of my posting my response was related to the attitude of the community towards devs. Had you actually put forth the little effort it would have taken to follow along, you would have realized that. Reading and comprehension goes a long way in a discussion and if you can't be bothered then you shouldn't bother posting.

 

[Deleted User]

Jesus, you all need to like stop whining for/against HackerOne tbh. If devs MAKE THEIR OWN EXPLOIT STUFF, and no exceptions (hey I'm talking about myself yeah I'm a terrible person, trying to help fix that rn), then they can sell it. No exceptions. Who cares if it's the next B9S or if it's just a web browser exploit. Point is, they found it, not you. If someone else finds it, Nintendo can't go attack the original reporter. Thank you.

 

[GarnetSunset]

Oh, you're right. But first, the flashcarts still need to get developed and made, maybe mass-produced.

I don't think we'll see many companies scramble for flashcarts this generation, if I'm not mistaken, they've seemed to fixed the issues that sky3DS brought up, and of course I dont mean literally. Check the docs.

 

[biggan1]

Someone probably suggested this but hey.

It would be great if a fund of donations or something was rewarded to contribute to the scene as well, as response to hackerone. Let's make the playing field even.
Maybe people rather get money getting their stuff out there for the public if they could make a dime of it.

It would certainly make more exploits and useful programs coming out as well as updates and support.

Is there someway to do this?
I believe both devs and consumers would be glad if there was a good system.

I would donate.

 

[bradzx]

Their program is really stupid. All they are doing is encouraging more people to try to hack it so that they can earn money.

Maybe they don't know what is meaning real job do. I have real job. Working at Lowe's. Doing buggies and front unloader. That is real job and that is real earn money.

 

[Deleted User]

Maybe they don't know what is meaning real job do. I have real job. Working at Lowe's. Doing buggies and front unloader. That is real job and that is real earn money.

Hacking, finding exploits, selling them to Nintendo is a real job.
Video editing is a real job.
Black hat hacking can be a real job if you use it right.

When the hell was there a difference between "real job" and "not real job", and what is a job that's not real? They're getting paid for the work they do.
Google's definition of job that my Mac also gives me:
(Noun -> 2)

a task or piece of work, especially one that is paid.

So how about you stop judging legit devs who are in need of money and wish to sell their exploits, because I know people who work for companies that do it, and they make more than enough money.

 

[HaloEliteLegend]

Maybe they don't know what is meaning real job do. I have real job. Working at Lowe's. Doing buggies and front unloader. That is real job and that is real earn money.

The "real job" argument is so dumb. The end goal is making money. Who the hell cares if someone considers it a "real job"? If you're making enough money, that's good enough, and there's nothing you can say otherwise.
Besides, there's such a thing as being a freelancer. Black and white hat hackers can make a lot of money selling exploits. There are plenty of people who might choose to go down that route.

 

[gamer765]

Someone probably suggested this but hey.

It would be great if a fund of donations or something was rewarded to contribute to the scene as well, as response to hackerone. Let's make the playing field even.
Maybe people rather get money getting their stuff out there for the public if they could make a dime of it.

It would certainly make more exploits and useful programs coming out as well as updates and support.

Is there someway to do this?
I believe both devs and consumers would be glad if there was a good system.

I would donate.

If you want to put up thousands of dollars as reward, be my guest.

 

[HaloEliteLegend]

Someone probably suggested this but hey.

It would be great if a fund of donations or something was rewarded to contribute to the scene as well, as response to hackerone. Let's make the playing field even.
Maybe people rather get money getting their stuff out there for the public if they could make a dime of it.

It would certainly make more exploits and useful programs coming out as well as updates and support.

Is there someway to do this?
I believe both devs and consumers would be glad if there was a good system.

I would donate.

Isn't this what the GBATemp Bounty is supposed to be for?

 

[Deleted User]

Isn't this what the GBATemp Bounty is supposed to be for?

1) The GBAtemp Bounty will rise again: four times a year, we will organize a grand vote to reward the best project of the trimester; and we mean any project - not just homebrew games or applications (hence the new name 'GBAtemp Bounty' as opposed to 'GBAtemp Homebrew Bounty'), this includes translations, custom firmwares, hacks, tutorials, in short: anything that qualifies as 'project'. The winner will not only receive a special award medal but more importantly a reward directly based on the support we get through Patreon.

Issue with GBATemp Bounty:
It's directly influenced by Patreon, so if less people donate, less money is given. Think about it, a bug like the one reported in April got more than 5x (There's more than that, i'm not going to tell you how much the amount is, see my blogpost) the amount GBATemp makes per month ($285). Think about what a big hack could do.

 

[Deleted member 370283]

How's that harassment, merely asking a simple question Billy. Don't get so offended.

Your "question" was purposefully worded aggressively toward PokeAcer, and it was more rhetorical than anything to take a swing at him. If you were being genuine, would you honestly expect an answer to that?
I know you're just playing dumb, but really? Come on dude.

 

[Deleted-355425]

Apologies are not a get out of jail free card and he's entitled to his own opinion.

 

[Deleted User]

Stop bitching. If these type of people wouldn 't exist, we would have hacked bank accounts, forum accounts and god knows what else.
This isn't a wall of shame but a wall of pride. They help system to develop into something other than bugged trash.

You have a valid point... to extent. If people do their job piss poor like the many 3rd party companies with day one patches to game breaking bugs. Then in a way, it could be more fault on the one who developed the system. If you look at Microsoft and Sony, they have preventing hacking, and all mods on their consoles usually require some sort of hard modding, which mass majority doesn't want to do. So if this is to be the case then it can be assumed that Nintendo, is not pulling their load when it comes to protection software wise on their consoles. See this is where I draw the line on this comment. technically speaking its Nintendo's fault for having their software this exploitable. Its Nintendo's fault. If they need a solution, what they should be doing is asking their workers on the inside to find the issue and resolve it, not the public. Again Microsoft and Sony have been keeping up with their consoles security and haven't exactly asked for help. My primary issue with this program in general is that Nintendo is asking people outside of their company, when they should be telling their workers on the inside to fix the problem.

to sum it up, Nintendo should of fixed this before the system released.

 

[gamesquest1]

You have a valid point... to extent. If people do their job piss poor like the many 3rd party companies with day one patches to game breaking bugs. Then in a way, it could be more fault on the one who developed the system. If you look at Microsoft and Sony, they have preventing hacking, and all mods on their consoles usually require some sort of hard modding, which mass majority doesn't want to do. So if this is to be the case then it can be assumed that Nintendo, is not pulling their load when it comes to protection software wise on their consoles. See this is where I draw the line on this comment. technically speaking its Nintendo's fault for having their software this exploitable. Its Nintendo's fault. If they need a solution, what they should be doing is asking their workers on the inside to find the issue and resolve it, not the public. Again Microsoft and Sony have been keeping up with their consoles security and haven't exactly asked for help. My primary issue with this program in general is that Nintendo is asking people outside of their company, when they should be telling their workers on the inside to fix the problem.

to sum it up, Nintendo should of fixed this before the system released.

Well it's the equivalent of offering a reward for finding your cat, as you don't have the workforce required to scour the entire city but if you offer a sizable reward enough people may be keeping an eye out that your cat is found alive and well before some evil guy finds it and does bad things to it

 

[Deleted User]

You have a valid point... to extent. If people do their job piss poor like the many 3rd party companies with day one patches to game breaking bugs. Then in a way, it could be more fault on the one who developed the system. If you look at Microsoft and Sony, they have preventing hacking, and all mods on their consoles usually require some sort of hard modding, which mass majority doesn't want to do. So if this is to be the case then it can be assumed that Nintendo, is not pulling their load when it comes to protection software wise on their consoles. See this is where I draw the line on this comment. technically speaking its Nintendo's fault for having their software this exploitable. Its Nintendo's fault. If they need a solution, what they should be doing is asking their workers on the inside to find the issue and resolve it, not the public. Again Microsoft and Sony have been keeping up with their consoles security and haven't exactly asked for help. My primary issue with this program in general is that Nintendo is asking people outside of their company, when they should be telling their workers on the inside to fix the problem.

to sum it up, Nintendo should of fixed this before the system released.

You can't code anything 100% bugless, crashless and unhackable. There will always be a bug in the code, if there isn't then you're doing something wrong.

 

[biggan1]

If you want to put up thousands of dollars as reward, be my guest.

Sure if it serves the cause I could, could you? I'm not shy funding creative things that serves the collective. Just think if just 50+ people donated 5 dollars. And we're already at an attractive sum as people struggle with economy. You know what a donation pile is, no need to be rude, you don't have to contribute.

But seeing people not even paying for haxchi for the Wii u is pretty lame, people should invest in their gaming.

Isn't this what the GBATemp Bounty is supposed to be for?

Never heard of it. Good idea, but as Pokeacer said that system don't work very well. Way too bad. And honestly gbatemp should make a few more dollars, it's irreplaceable, almost. And just think back what it's done over the years. At personal and companies expenses.

 

[biggan1]

You can't code anything 100% bugless, crashless and unhackable. There will always be a bug in the code, if there isn't then you're doing something wrong.

Yes many doesn't understand this or how coding works at all. Every hack etc got their bugs as well. But thats what makes it so fun and interesting imo. The community helps kink it out or others can find great ideas for new hacks/programs.

 

[Deleted User]

You can't code anything 100% bugless, crashless and unhackable. There will always be a bug in the code, if there isn't then you're doing something wrong.

Obviously not, but wouldn't Nintendo at least should look thoroughly looked through the internet browser. Because the only reason the system is hacked is because of the internet browser, I mean seriously. You realize the exploit (if I remember correctly) was found because some ios jailbreaker stripped down the ios jailbreak (stripping all ios related stuff) and then tested it on the switch, and that worked. (if I remember correctly its been ages) Shouldn't Nintendo should of I don't know. Make sure that doesn't work? And I'm not saying your point is invalid, as it is true, no system is hackless. But if you had a tight enough security then it would limit the amount of exploits, and it would make access to said exploits harder. In order to hack the xbox 360 you have to hardmod. Yes it is a hack. But is it a easily performed or easily reachable? not really. Thats my point. They should of thought of what could be exploited, or what is the main go to targets, and the internet browser is one of those targets.

 

[Jonna]

Well, perhaps before you attack someone, get all insulted and indignant, you should so you can understand what is being discussed. Threads take on a life of their own and go in many different directions. Reading one post without understanding the context is your fault, not mine. Obviously at the time of my posting my response was related to the attitude of the community towards devs. Had you actually put forth the little effort it would have taken to follow along, you would have realized that. Reading and comprehension goes a long way in a discussion and if you can't be bothered then you shouldn't bother posting.

Just wanted to thank you and the other guy for the interesting and entertaining argument posts you had, it helped amuse me while being bored on my break.

I had to side with @TheCyberQuake though, regardless of who made more sense, because your attitude this whole time left a sour taste in my mouth and my mind. Sorry, man.

Props to @TotalInsanity4 for the thumbs up fun.

 

[rednekcowboy]

Just wanted to thank you and the other guy for the interesting and entertaining argument posts you had, it helped amuse me while being bored on my break.

I had to side with @TheCyberQuake though, regardless of who made more sense, because your attitude this whole time left a sour taste in my mouth and my mind. Sorry, man.

Props to @TotalInsanity4 for the thumbs up fun.

Well, I am sorry that I left the sour taste in your mouth, that was not my intent. I did get carried away on some rants and admit that, for that I do apologize.

My simple point was that I agree with most people. Someone works hard on finding exploits and wants to make some cash for that work, they are more than within their rights to do so. They don't owe the underground hacking community anything. They are true professional Security Consultants. Either on contract, independent (ie with programs like hackerone or through other connections) or work directly for these corporations. You will never, ever hear from these people other than maybe when they retire and they write very interesting stories on their lives/careers and the major flaws they found and catastrophies they helped companies avoid.

What my beef is and was is with the other group that come on forums like these and announce there so called findings in search of hype, epeen, webcred, etc, without any intention whatsoever of releasing the exploit they found. There really are only 3 types of people that do this. One is the type that tried to go the professional route and for whatever reason got rejected by the corporation and are butthurt (either the price they were asking was too high, the exploit was already known but not publicly released, it really wasn't as major as they made it out to be, simply has a "less than desirable reputation," etc, etc). The second is one that is trying to generate enough public hype so that they can hold for ransom the knowledge they possess and use the hype and publicity to extort corporations for much more money (or even get a payday without showing proof of their exploit) than what they truly deserve (ie what is known as corporate terrorism) or publicly shopping their findings to the underground hardware scene to develop hardware to use their exploits. Lastly you have the third who just is looking to create a rucus. This really comes in 2 forms. The first is the one that simply wants everyone to bow down before them and say "na na na na na" and the second is just a complete fake who really has nothing at all and is just looking for 15 minutes of fame so they can later turn around and tell everyone what suckers they are (or even worse, extract donations, both monetary and physical hardware). We have seen our fair share of all of these. That is why there is such a backlash about it.

A true professional would never announce publicly that they have an exploit on anything. Anyone else deserves the backlash they get. While it may be slightly veering off-topic, it's still relevant as I was responding to the community's attitude with developers that work at finding security flaws and I was attempting to explain the differences and why some are hated and receive public lambastings and why some are accepted and respected. Blindly defending a security expert without understanding the differences is very naiive and making blanket statements like "they did the work, they can do whatever they want" isn't necessarily true. If someone chooses to go public with something, then their motives need to be examined and they deserve the public scrutiny and should not only expect it but should be prepared for it and not throw a tantrum when faced with it.

Sorry for the essay but hopefully that is a more unemotional and logical response. Please forgive me. I have been around for a couple of decades now. We went from a community of superiority (both in the normal IT world and the underground hacking world) where you would get ridiculed for asking questions to the generation where everyone finally pulled together and was actually working with one another to a generation of secrecy, manipulation and downright hatred and character assassination (to the point of people actually sending people to jail, court, swat raids) to this new generation where you get tonnes of announcements of the "next big hack" but they would rather take the stage at defcon or show up on every board talking about it and rubbing everyone's face in it.

It's very disheartening and sad to see how the underground hacking community has evolved and, in my point of view, is dying. Sometimes I get a little too passionate about that.

True, professional Security Experts/Consultants/Analysts will absolutely never get a disparaging remark from me and have my utmost respect for what they do. It's the others that I detailed above that destroy their reputation and integrity with their unsavory behavior that deserve our wrath.