gibbed
commented
4 years ago See #144.
Closed JDBeau closed 4 years ago
gibbed
commented
4 years ago See #144.
JDBeau
commented
4 years ago Sorry, but that explains nothing . . .the program shouldn't be trying to access the internet at all, and it clearly has on my system, several times, and not to Microsoft, but to some obscure addresses that have nothing to do with certificates. My IPS system clearly identified and stopped your program from attempting unauthorized outgoing traffic, this is not a mistake, so please explain why your program is attempting ANY connections AT ALL, as it has absolutely no legit reason to do so. Either it's been altered by someone to do that, or you designed it to do that, but programs don't randomly start outgoing traffic without CODE telling them to do that, so again, please explain, without the bullshit . . .
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, August 22, 2020 9:02 PM, Rick Gibbed notifications@github.com wrote:
See #144.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
gibbed
commented
4 years ago I'm not sure what kind of response you're expecting when you opened an issue with hostile tone and threats.
There is no bullshit here. I gave you a relevant closed issue which addressed your concern.
There is no code in the editor directly that talks to any web server. Peruse the code at your leisure, it's on the repo. Any behavior you see is either non-standard (ie, not builds produced by me) or via libraries the save editor uses. Both of which are out of scope for issues on this repo.
If you can show me evidence of wrongdoing on my part, sure, otherwise any further finger wagging will result in this issue being locked.
JDBeau
commented
4 years ago If you perceive the tone as hostile, I suspect the tone you perceive comes from my reaction to your initially seeming indifferent to the issue, and your rather curt and rude response in the link you directed us to. I'm in the business of uncovering and prosecuting criminal behavior, not winning over friends. The possibility of a forum posting being locked, or not, is not relevant to the issue being dealt with.
I run a security firm, and we are conducting a legal investigation into documented malicious behavior. Your program has undeniably been logged attempting unauthorized outgoing connections from one of our client systems to 9 different IP addresses in the past 72 hours; The obvious first point-of-contact would be the creator of the app.
We already have your source code and haven't found evidence of anything obviously malicious at this point, which is why you're receiving this informal correspondence instead of something more official, legal and in-person.
I'm sure you can understand the concern when a program ostensibly created to alter simple game configuration files suddenly begins attempting outgoing connections to remote sites, seemingly without human initiation, and in violation of a white-list. The fact that it was even on one of our systems, as well as the employee who installed it, have been dealt with accordingly.
The program has been isolated to a sandbox, and is being allowed to run, and the behavior, connections and packets will be monitored and findings added to the summary report that will be forwarded to our legal department, when and if anything is found.
Our initial informal communication was nothing more than an attempt to contact you and apprise you of this issue, and find out if you responded, and what you might have to add to the investigation. The fact that you have and continue to respond is appreciated and certainly puts you in a more favorable light, as far as malicious intent, at this point of our initial investigation.
If we find the source of the malicious behavior, and you care to be informed, we will let you know of any alterations or backdoors we discover that are allowing the program to be used as a trojan, so you can patch the issue if you desire.
Thank you for cooperating.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, August 23, 2020 8:11 PM, Rick Gibbed notifications@github.com wrote:
I'm not sure what kind of response you're expecting when you opened an issue with hostile tone and threats.
There is no bullshit here. I gave you a relevant closed issue which addressed your concern.
There is no code in the editor directly that talks to any web server. Peruse the code at your leisure, it's on the repo. Any behavior you see is either non-standard (ie, not builds produced by me) or via libraries the save editor uses. Both of which are out of scope for issues on this repo.
If you can show me evidence of wrongdoing on my part, sure, otherwise any further finger wagging will result in this issue being locked.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
gibbed
commented
4 years ago If my tools are being bundled with malicious code and redistributed as such, I have no control over that. It's not really relevant to me.
Keep me informed, sure, but I have my doubts that would anything would come of it.
Today I noticed in my logs that the editor was blocked by my firewall from accessing multiple IP's . . .why is this program even trying to create outbound traffic? If this isn't intentional and explained, I'm going to analyze it and find out if you or someone else is trying to use this as a trojan, and deal with it and the creator accordingly. . .
An explanation would be greatly appreciated, before I have to ask why this is happening on the Steam forums, along with screenshots of the attempts . . .