Proposal DNM rule: security issues must be backed up with sources or otherwise its FUD->delete!

Please people, can we agree that any posts with 'ive read somewhere that this and this is compromised/ unsafe' are completely counterproductive. as security is the most important topic in my opinion on this reddit any such important claims need to be backed up by at least reasoning or sources. i see more and more comments from people that are just FUD (see the torchat discussion) and can be an effective tool of enemies of darknetmarkets to make this reddit counterproductive.

I motion, moderators please delete any claims relating to security and security compromises in particular to be backed up by reasoning and/or sources (links) or delete it. Otherwise its FUD, and FUD is dangerous round these here parts.


Comments


[10 Points] LongLiveThe_King:

My opinion on this matter is, and always has been, that it isn't our job to take care of that. Its yours. Downvote bad posts and upvote good ones.

Once we start intervening it causes a lot of problems. But its a valid concern so we'll have a mod discussion about it, and if the other mods agree then we'll start doing that.


[4 Points] None:

I pointed out a massive information leak on Black Bank two days ago which leaked his EXACT server version 2.5.11 and his operating system that got swept under the rug. He has since only fixed the problem cosmetically because his web server version is unstable.

He made the claim that this is a non-issue but that is patently absurd considering it is his entire attack service.

Then he sidestepped the claim by saying that if I couldn't reveal his IP address then there was no security issues which is absurd. While at the same time he threatened suicide his multiple messages to me if I released his information to LE. While caling me out to dox him. His server seems to be clearly hosted from his house. So if I reveal his IP address as he asks any LE reading this would be able to quickly find his actual address by requesting this information from his ISP.

Despite how much you guys hate me, I have been at the very least confirmed revealed an confirmed XSS exploit on utopia, I took over their administrator account (confirmed by JLaw), I took down their registration, and now I have exposed a critical leak in Black Bank. I did more but these are what you can easily confirm.

However this all gets ignored because everyone here blindly believes the server admins aren't just kids throwing sites together while constantly moving the goalposts for what counts as evidence of insecurity. If I show one bug I have to leak everything I have or its bullshit. Well the truth is you guys ask for evidence that can be easily faked while I'm handing you massive security flaws. You don't know what qualifies as good evidence clearly


[3 Points] RosyPalm:

The problem with posting working bugs is they often get fixed before anybody else has a chance to confirm them.

When someone makes a claim people want to verify it themselves.

If people can't verify it themselves, they'll look to see if users they trust accept it or reject it, and past history of the parties involved.

If it can't be verified, and opinions are divided, it comes down to "flip a coin".

This is usually reflected in the voting, although we all as a community do get it wrong from time to time.

If we let the mods determine the validity of posts we'll be overrun with, "The Mods deleted my posts! They're in on it!!!!!!"

People who really want to spread FUD will just adapt their phrasing. Instead of, "so-and-so is a scam", it will be, "anyine think so-and-so might be a scam?"

Unless someone is deliberately spreading information that isn't true or isn't safe I'd prefer the mods letting us sort things out for ourselves.


[1 Points] voltme:

damn yo. i got censored by the big brother! fuk. i'm tired of FUD too - i post here a bitmessage a bro sent me saying how ultravioletcity is secure and pple shouldnt be dissing it coz it accepts less methods.

pple are some dumb to think that shit matters. still fun useless shit facts to know:


all methods not returning a 405 or 511 shown  
-  
UltraVioletCity  
http://ultracityi2gdwhq.onion  
Server: nginx/1.5.8  
HEAD GET POST  
-  
The Market Place  
http://7z7s2qezpj3rlrww.onion  
Server: nginx/1.1.19  
GET POST PUT DELETE OPTIONS CONNECT  
-  
BlueSky Market  
http://blueskyplzv4fsti.onion  
Server: nginx  
HEAD GET POST PUT  
-  
Agora Market  
http://agorabasakxmewww.onion  
Server: (guessing: MASM based - Cinchy?)  
X-Powered-By: Microsoft (R) Macro Assembler (x64) Version 9.00.30729.207  
HEAD GET POST PUT DELETE TRACE OPTIONS CONNECT  
-  
Pandora  
http://pandorajodqp5zrr.onion  
Server: lighttpd/1.4.31  
HEAD GET POST PUT DELETE OPTIONS CONNECT  
-  
TorEscrow  
http://torescrow7upglhe.onion  
Server: nginx  
HEAD GET POST PUT DELETE OPTIONS