[Defcon] Smea to give 3DS security talk and release free arm9 exploit chain on August 11

ihaveahax · Aug 14, 2018

Tigger said:
Both reporting them to N and making money from it make him a bell end

Since he found the vulnerabilities, it's entirely his right to do anything he wants with them, including reporting to Nintendo for money. Nothing says he is required to release them in any form.

naddel81 · Aug 14, 2018

ihaveamac said:
Since he found the vulnerabilities, it's entirely his right to do anything he wants with them, including reporting to Nintendo for money. Nothing says he is required to release them in any form.

Exactly. It is quite the opposite. He is not allowed to release the exploits after selling them to Nintendo. Right?

Gesendet von meinem Redmi Note 4 mit Tapatalk

R13 · Aug 14, 2018

naddel81 said:
Exactly. It is quite the opposite. He is not allowed to release the exploits after selling them to Nintendo. Right?

Gesendet von meinem Redmi Note 4 mit Tapatalk

Look at Zoogie's post. He links to where it says that you are allowed to release them once given permission, which is apparantly given by nintendo 2-4 weeks after being fixed.

naddel81 · Aug 14, 2018

R13 said:
Look at Zoogie's post. He links to where it says that you are allowed to release them once given permission, which is apparantly given by nintendo 2-4 weeks after being fixed.

So we assume he sold them to Nintendo and now he can make them public?

Gesendet von meinem Redmi Note 4 mit Tapatalk

ObitoPSHHHH · Aug 14, 2018

Anyone knows how's the end user exploit going? How can we know if 3ds.guide is being updated?

Ehb33 · Aug 14, 2018

naddel81 said:
So we assume he sold them to Nintendo and now he can make them public?

Gesendet von meinem Redmi Note 4 mit Tapatalk

He sold them to nintendo, yeah

naddel81 · Aug 14, 2018

Ehb33 said:
He sold them to nintendo, yeah

source?

Tigger · Aug 14, 2018

zoogie · Aug 14, 2018

naddel81 said:
source?

https://hackerone.com/smea?sort_type=latest_disclosable_activity_at&filter=type:all from:smea&page=1

Tigger said:
New car for Smea then eh?

You're in the ballpark

would selling 3ds bugs to nintendo to pay for mortgage be ok or would i be hated forever
— smea (@smealum) October 23, 2017

Hunter · Aug 14, 2018

zoogie said:
https://hackerone.com/smea?sort_type=latest_disclosable_activity_at&filter=type:all from:smea&page=1

You're in the ballpark
https://twitter.com/smealum/status/922551228466262016

he deserves to be paid for his talent, and if nintendo wants to pay ffor his mortgage then so be it

zoogie · Aug 14, 2018

Hunter said:
he deserves to be paid for his talent, and if nintendo wants to pay ffor his mortgage then so be it

Not criticizing it, just letting people know ;p

Hunter · Aug 14, 2018

zoogie said:
Not criticizing it, just letting people know ;p

I know, but thats my thoughts on it

Tigger · Aug 14, 2018

ihaveahax · Aug 14, 2018

Tigger said:
What's the point being a hacker, then getting paid by the company tou are fucking over to tell them how you did it. Bit hypocritical maybe, but shrug......if it pays his mortgage don't suppose he gives a fuck

Many companies have bug bounties for their software. They would be interested in paying you if you found a bug or security hole.

Why do you think he should instead hold and release them instead of reporting? The more ethical thing actually would be to report them instead of making them public. It just happens to seem like less of an issue to do so for game consoles. It's his vulnerability, not yours, he can report it all he wants and it's his right to do so. You are not entitled to anything. Stop acting like it.

naddel81 · Aug 14, 2018

zoogie said:
https://hackerone.com/smea?sort_type=latest_disclosable_activity_at&filter=type:all from:smea&page=1

You're in the ballpark
https://twitter.com/smealum/status/922551228466262016

very interesting. is he the only one? and how high are the figures here?

bennyman123abc · Aug 14, 2018

naddel81 said:
I am quite certain that you cannot release infos you "sold" to Nintendo by contract.

Gesendet von meinem Redmi Note 4 mit Tapatalk

Not until they're patched and Ninty gives the thumbs up

naddel81 · Aug 14, 2018

bennyman123abc said:
Not until they're patched and Ninty gives the thumbs up

so they would never greenlight something big, I guess.

bennyman123abc · Aug 14, 2018

naddel81 said:
so they would never greenlight something big, I guess.

Only after they patch it and force you to update your 3DS

Tigger · Aug 15, 2018

ihaveamac said:
Many companies have bug bounties for their software. They would be interested in paying you if you found a bug or security hole.

Why do you think he should instead hold and release them instead of reporting? The more ethical thing actually would be to report them instead of making them public. It just happens to seem like less of an issue to do so for game consoles. It's his vulnerability, not yours, he can report it all he wants and it's his right to do so. You are not entitled to anything. Stop acting like it.

sorry didn't realise my comments would make his followers cry. sorrrrrreeeee.

I have edited all my hurtful comments.

Good luck to Smea the wonderful mortgageless person hurrah

ihaveahax · Aug 15, 2018

Tigger said:
sorry didn't realise my comments would make his followers cry. sorrrrrreeeee.

I have edited all my hurtful comments.

Good luck to Smea the wonderful mortgageless person hurrah

Why are you upset that he did this? He was right to report them and get a reward, and you still got the exploits in the end, so both sides are happy.

Well-Known Member

Well-Known Member

Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

Well-Known Member

playing around in the end of life

i'ma stuffup the board

playing around in the end of life

i'ma stuffup the board

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Similar threads

Popular threads in this forum