you also have to factor in the entry barrier, most people don't even bother using homebrew, much less piracy, cause it takes too many resources/time
Hacking Four new people paid off by Nintendo in the HackerOne program
- Thread starter BlastedGuy9905
- Start date
- Views 44,911
- Replies 365
- Likes 8
But then isn't anouncing that they found an exploit to the community kind of like saying "Na na na na na, I know something you don't know."
If someone finds an exploit and approaches Nintendo, Sony or MS and sells it to them, while I have an inherent distaste for that behavior and feel that they are a traitor and a sellout, that is their business. I wouldn't be able to look in the mirror if I did something like that but morality today isn't what it was when I was raised and to each their own.
However, if someone is going to flaunt something in the face of the hacking community and never has any intention of releasing it, only to create hype to boost the dollars they can get by selling out, you truly don't believe they deserve backlash from that community for that? It's not entitlement (though that is a common deflection tactic), but if they put themselves in the public eye, then they don't really have the right to be butthurt when everyone clearly knows the reason why they are doing it. Once people stop being angered by this behavior is when I will truly be concerned for our future.
Last edited by rednekcowboy,
is there a case of someone generating hype over an EXPLOIT (not what you can do with it, Nintendo only cares about the exploits), then getting paid by Nintendo to give it to them? I don't think Nintendo would actually like that the public knows of the exploit, so it would most likely stay completely private (hacker finds exploit, gives to nintendo, public never knows unless they diff new system versions).
as far as I know, fail0verflow has never actually tried to sell an exploit to Nintendo, they probably only wanted to do "responsible disclosure". you know, like report an issue to the manufacturer and disclose it publicly eventually (either a set period, or when a fix for it is distributed). any of their exploits was either completely private, or revealed and eventually released.
unless you can show me a case of them trying to sell to Nintendo?
also, the thought of "selling an exploit to Nintendo is stabbing the community in the back" is 1) acting entitled when you aren't entitled to it (maybe this is why they're going to Nintendo instead?), and 2) for the hacker, not their problem, only yours. if you paid them or something for the exploit and they still sold it to Nintendo, then you could probably say you are entitled to it.
it's nice that some decide to give it to the community, and we should be thankful when this happens, since they could have gone the route of giving it to Nintendo for $$$, and there's nothing legally or morally wrong with that. ¯\_(ツ)_/¯
as far as I know, fail0verflow has never actually tried to sell an exploit to Nintendo, they probably only wanted to do "responsible disclosure". you know, like report an issue to the manufacturer and disclose it publicly eventually (either a set period, or when a fix for it is distributed). any of their exploits was either completely private, or revealed and eventually released.
unless you can show me a case of them trying to sell to Nintendo?
also, the thought of "selling an exploit to Nintendo is stabbing the community in the back" is 1) acting entitled when you aren't entitled to it (maybe this is why they're going to Nintendo instead?), and 2) for the hacker, not their problem, only yours. if you paid them or something for the exploit and they still sold it to Nintendo, then you could probably say you are entitled to it.
it's nice that some decide to give it to the community, and we should be thankful when this happens, since they could have gone the route of giving it to Nintendo for $$$, and there's nothing legally or morally wrong with that. ¯\_(ツ)_/¯
fail0verflow openly called out nintendo and invited them a couple of times live during the hacker conference 2 years in a row. It was quite obvious what they were doing. Nintendo refused to shell out, the exploit was privately shared and today the console is hacked. Nintendo isn't like Sony or MS and they, to this day, refuse to pay the hacking community. I kind of admire them for that. Even they realize what these people are doing is descpicable and wrong.
And again, it is not entitlement. What would be the reason to announce something publicly? If you honestly believe that Nintendo doesn't have monitoring on this, other hacking sites and the web in general for exploits, then you truly are naiive. It's not being entitled when someone is shoving an exploit in your face but refuses to release it, of course they will receive backlash for that attitude. If there is anyone being entitled, it's the person looking for efame and trying to boost the value of the exploit. The community cannot be blamed for getting pissed about it as they see the behavior for what it truly is and are just calling the person out on it.
I do agree with one thing though. Nintendo is the last holdout that refuses to be held hostage by "independent security consultants." This is also the reason why their devices are hacked and the exploits released. They receive an ultimatum and people think they will give in and shell out and when they refuse, the person has no alternative to release the exploit to the wild.
These "independant security consultants" is a very clever disguise and publicly acceptable way of justifying their behavior. However in reality, they are very much corporate terrorists and are viewed as such by corporations. Sony and MS has come to terms with this being an acceptable business expense, a cost of today's society. Nintendo refuses to give into this terrorism and, as a result, has all their devices hacked pretty much immediately upon release. This is very plain to see and it's not hard to read the situation. Yes you do have some sort of game sharing hack on the ps4 and there are some known exploits that have long been patched on an ancient firmware. Xbone hacking discussion is vitually non-existent and it's not likely we'll ever see any workable hacks or communities develped on these consoles. Yet the Nintendo hacking community is alive and well. Use some logic.
Last edited by rednekcowboy,
refuse to pay? well I know with the hackerone program, they are actually paying people for reporting exploits to them (and here's one case of someone reporting an exploit not theirs). just not disclosing the amount.
sure, I would likely agree that's not "entitlement" if the community was promised it and instead sold it. but I don't really see a case of this happening. maybe I am missing something but I would like to see that if you know of one, because I only know of either "exploit revealed and would eventually be released", or "exploit not being revealed to the public at all" happening. has it happened in previous scenes before or something?
There are several things wrong with this post. Firstly you are assuming the homebrew dev community are the ones selling info to Nintendo, which is usually not the case minus a few exceptions. From what we can tell the current submissions are either a completely separate entity or people stealing work from the homebrew community and submitting it.
And second your "morality" point makes no sense. So you are saying its more moral to exploit and publicly release code that circumvents copyright protection instead of giving that info to Nintendo who is offering to pay? Maybe if you were blackmailing Nintendo with the info I would agree, but Nintendo put out this program themselves. In actuality its less moral to publicly release hacks than to give that info to Nintendo. I don't know what kind of place you grew up that gave you such a backwards understanding of morals.
--------------------- MERGED ---------------------------
I will agree that some exploits are shared and not the original dev of the exploit sells it out, pretending to be the owner of it. There has been many, many instances of this. It's extremely disgusting.
Who said anything about copyright? Secondly by announcing an exploit you have no intention of releasing, that is the start of the blackmail. It's sending a message saying I can blow your system wide open but am available for discussions (ie negotiations). The hacking community was (at least to this old timer lol) about protecting the general public and keeping corporations in check. They knew if they stepped too far out of line, there would be backlash for that behavior and they would get nailed for it. That is definitely not the case today. That is where my moral stance comes from.
Lastly, there is absolutely nothing moral about publicly announcing a hack/exploit in order to extort money from a company. There is no altruistic purpose behind it.
Homebrew is circumventing system protection. End of story.
The only cases I know of for exploit announcement and no release are some wii u devs that vanished and projects that were in fact being worked on but died for one reason or another. Most I've seen were being worked on for release but just didn't finish. That isn't blackmail, it's project abandonment at worst.
And again what part of the hackerone program is publicly announcing exploits to extort money? That's not what the program is at all. Nintendo set this up themselves they aren't forced to. They WANT to pay people for giving them info on exploits. It isn't extortion if the company set up the program themselves and want to do it. And from what we know none of the sold exploits were made public by the switch devs. Your ramblings so far have been nonsensical.
D
Deleted User
Guest
And again, when did I ever say that? You keep putting words into my mouth. First you try to twist this into a copyright/piracy argument, which I never brought up and now this. That is a clear sign of someone that has no rebuttal or logic to refute an opinion he/she simply doesn't like. Then you go further by resorting to personal attacks.
There have been many exploits announced in recent history. Some of those that you are classifying as "abandoned projects" are not even close. Yes development stopped but it wasn't because of what you are trying to say, it was because they cashed out. What you are trying to intimate is that exploits only started being sold with the release of the Switch? Seriously? If you are being genuine with that statement, then obviously you are either being facetious or have absolutely no idea what you are talking about and in either case, there is no point in continuing a dialogue with you.
As for your "homebrew is circumvent system protection" argument. That really has no bearing on the point I was making and brings nothing to the discussion at all other than to derail what I am trying to get across. In fact, if you want to really go down that path, then regardless of whether an exploit is released to the community or sold to a company, it is equally wrong. You're actually helping my argument. Releasing to the community typically has an altruistic purpose behind doing so. A company pisses you off and your way of righting a perceived wrong is to release the exploit. Developing an exploit, announcing it publicly with no intention of releasing but instead sending a message to the corporation has no morally acceptable excuse. All that is doing is announcing to the corporation that you and your exploit can be bought.
However developing an exploit and finding a security hole, keeping your mouth shut and anonymously sending an email to the corporation alarming this of the hole so they can patch it is an entirely different story (and was done a number of times in the past). I can respect that. People looking for a payday and efame, however deserve the backlash they receive. People like you that defend this kind of behavior are the brainwashed new generation that will be our demise to the corporate takeover.
The hackerone program actually brings some legitemacy to selling exploits. There is no holding a company hostage publicly (which Nintendo refused to accept), there is no backroom deals, it's legit people with legit research that submit their findings online. Nintendo took a situation where "security consultants" at large were holding the industry hostage and conducted themselves as nothing better than terrorists practicing extortion and corporate espionage in order to get a payday and legitimized the process.
Last edited by rednekcowboy,
"When did I ever say that"
It's basically the only thing you've talked about. You've mentioned using exploits to extort money several times as if that's what this thread is about.
Also in the US hacking a console for homebrew counts as circumventing copyright protection, so yes it does have bearing as an argument against your faulty moral argument. And no it doesn't help your argument. I honestly can't understand why you can't grasp the simple difference between essentially being hired by Nintendo to find security holes and people who publicly release exploits. By that logic you would argue white hat hackers and black hat hackers are the same, even when they clearly aren't.
And your last paragraph makes no sense again. The public devs aren't the ones currently giving Nintendo the info. I don't understand why you keep this thought that Nintendo paying these people is somehow immoral. Nintendo wanting to pay people is not immoral, people blackmailing and extorting money is immoral. These two things are completely different, and if you can't understand that simple concept you need help.
You keep going on a rant about things that don't pertain to either the thread or the how the hackerone program runs
AND THAT LAST PARAGRAPH
Why tf do you keep arguing with me when you clearly are fine with the program which is all I've been defending. Your ramblings at this point make no sense because frankly I don't even understand what you are getting mad at directly or what caused it. I can't even keep up with your 5 page essays dude. I'm out in done trying to understand what you are even trying to argue at this point.
It's 1am and trying to do this on mobile. You can't expect people to try to properly counter argue when you give 500 points in each post and include arguments based purely on what you feel rather than the currently known facts. I'm going to bed maybe I can make sense of this after some sleep but frankly right now I have no clue what you are arguing after that last post threw that curveball at the end
Last edited by TheCyberQuake,
D
Deleted User
Guest
Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.
The reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.
A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better). If you don’t yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later such that you do not to lose the opportunity to become the first reporter; you can then submit a proof of concept or functional exploit code later (within three (3) weeks of the initial report) and it will be considered to be a part of the report.
The reward will be paid after the reported vulnerability has been fixed by Nintendo, but no later than four (4) months after Nintendo has confirmed the reported vulnerability.
Nintendo will not disclose to the public the amount of any reward distributed by Nintendo.
The reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.
A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better). If you don’t yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later such that you do not to lose the opportunity to become the first reporter; you can then submit a proof of concept or functional exploit code later (within three (3) weeks of the initial report) and it will be considered to be a part of the report.
The reward will be paid after the reported vulnerability has been fixed by Nintendo, but no later than four (4) months after Nintendo has confirmed the reported vulnerability.
Nintendo will not disclose to the public the amount of any reward distributed by Nintendo.
And again, your whole post is irrelevant and you're trying to completely steer away from what I'm saying, simply because you have no rebuttal. What I quoted is the only thing that remotely relates to anything I said and even that is completely skewed, ignorant and deflectionist.
What you "can't understand" is that they aren't "essentially being hired" but are trying to hold a company hostage in order to extort a payday. You have the absolute gall to discuss morality when in the same breath defending corporate terrorism. Then you go on to say I'm the one that doesn't know what I'm talking about? Take off the blinders and use that thing between your ears.
--------------------- MERGED ---------------------------
They don't not only pertain to this thread but to the community as a whole. If you actually chose to comprehend my posts and why I started posting then perhaps we could actually have an intelligent conversation. I replied to someone complaining about entitled people and the reason I did so is because these so called "entitled people" are only responding to a situation created solely by someone of their own volition and then getting butthurt because of the backlash they received because they were looking to extort a company and looking for efame. The "entitled" person in this situation is not the community but the person making the announcement. They create the public circus and deserve whatever backlash comes as a result.
You're the one that keeps trying to duck that, put words into my mouth and change the conversation into something it isn't.
Wtf are you taking about. You just said the hackerone program brings legitimacy to selling exploits. That is the only thing I've been talking about. I'm getting very confused now.
Obviously you are. Perhaps before you attack someone you should follow along with the thread and read their posts. It would stop the confusion.
Last edited by rednekcowboy,
I wasnt ducking anything nor putting words in your mouth. Maybe if you chose to read and understand my posts it would have been obvious I was only talking about the hackerone program. I mean I explicitly stated that several times.
I wasnt attacking you. I was making counter arguments. You are the one that started personal attacks
No you weren't, you went off in several different directions trying to obfuscate the message I was responding to. Do I really need to go back and quote your posts?
Even if that was what you were doing (which clearly it was not) why would you respond to me when it was clear that I was pro hackerone and clearly talking about people announcing publicly they had no intentions of releasing but only looking to extort a payday not only from Nintendo (which refused to deal with corporate terrorists) but from Sony and MS which chose to deal with such individuals?
--------------------- MERGED ---------------------------
I'd like to see that pointed out.
I can quote where you did personally attack me. You do realize that your posts are still up, right?
What happened here is you clearly got into a discussing that you couldn't weasel out of no matter how much deflection and obfuscation attempts you made and now rather than admitting that and saving face your denying things that are in black and white. It's just making you look silly.
I understand what happened, you saw a post you didn't like but didn't read the thread and the context it was posted in and then once you did realize it, it was too late. Happens to the best of us but continuing in this fashion is making the situation worse. If I were you, I would cut my losses.
--------------------- MERGED ---------------------------
I'd like to see that pointed out.
I can quote where you did personally attack me. You do realize that your posts are still up, right?
What happened here is you clearly got into a discussing that you couldn't weasel out of no matter how much deflection and obfuscation attempts you made and now rather than admitting that and saving face your denying things that are in black and white. It's just making you look silly.
I understand what happened, you saw a post you didn't like but didn't read the thread and the context it was posted in and then once you did realize it, it was too late. Happens to the best of us but continuing in this fashion is making the situation worse. If I were you, I would cut my losses.
Maybe because I don't go back to read every single post in the thread and the thread is about hackerone program. It's not that difficult to see one of the later posts without the first and assume you were being anti hackerone. For that I apologize, but if you read my posts I kept saying hackerone isn't extortion, Nintendo Wants to pay people for exploits, etc all talking about hackerone.
Similar threads
- No one is chatting at the moment.
-
-
@
Sonic Angel Knight:
Or, I also heard that if you use flash memory, it can act as more "RAM" at least windows tell me when I stick a flash drive into it. -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
K3Nv2:
I can think of the design teams process another joystick and no audio or a joystick and mono audio -
-
-
-
-
-
-
-
