After some strange problems logging in and total lack of interest in this site for almost 6 months now, here I am finding the time to actually get back on here and post this. As I have nothing of value to actually post at 7am in South Korea, I thought I'd go ahead and post what should have been posted the second Eric Bauman and his pathetic staff were kicked out of their comfortable thrones at their old jobs-- the email conversations between me and them regarding the total abuse, lies and waste of resources at their offices that ultimately led to their being let go as a whole.


Here you are, unedited, for your judgment and hopefully, your amusement- the first time I contacted them to the last. (If this experience has taught me anything, it's to record phone calls, because we had some beauts'.)

__________________________________________________ ____________________________


Prologue


At this time in November, I have been a visitor of ebaumsworld.com for over 7 years, but only a 'member' for a week, and as I often do when I get bored, have already begun to find things to break. First target-- eRep system. I hadn't a plan, but was intent on reporting whatever I found. I also informed several of my friends (including a children's book co-author and even my own girlfriend) to make accounts on the website with their IP's and info and allow me to use them to avoid detection for the longest period of time possible. Within several days of numerous attacks on the website however, the admins FINALLY figured out it was my account and that something wasn't adding up with my 'account usage' and saw fit to IP ban me, and all associated accounts. At the time, I had zero knowledge of the admins, their real positions, whether or not they were a small company or a big one and frankly didn't care. All I knew was that in those few days I had discovered and proven numerous vulnerabilities in their website and was determined to communicate with them about it. Full disclosure: I was cocky and my lack of knowledge of just how many other people there were performing daily attacks on this gave me a false self sense of importance. I'll never let that happen again.


__________________________________________________ _________________________________

The e-mail that caused it all:




Received: by 10.114.39.7 with HTTP; Mon, 24 Nov 2008 10:28:48 -0800 (PST)
Message-ID: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
Date: Tue, 25 Nov 2008 03:28:48 +0900
From: "None None" <jindq1@gmail.com>
To: general@ebaumsworld.com
Subject: m_wright IP ban
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_127808_9930708.1227551328355"
Delivered-To: jindq1@gmail.com

------=_Part_127808_9930708.1227551328355
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Dear Eric,

I have built a few utilities from scratch that utilize existing flaws in the
ebaumsworld system to allow much, too much, automation for user activity.

This ranges for everything from viewing media and posting comments, to
referring and submitting media to the site, all of which are completely
undetectable features if covertly done.

As an IT professional of 9 years, and an avid fan of eBaumsworld for 5, I
offer my humblest apologies for the massive activity of the past few days.
I assure you, it was I and I alone, and all associated grouped accounts were
in fact real users who are friends of mine who although know not how to do
what it is I was doing, allowed me to use their accounts for such a purpose
as to increase eRep points.

As you can see by visiting my blog under m_wright, I had a great deal of
interest in the awesome and intrepid eRep points system. I think it is a
benefit to all of the community here at eBaumsworld, and I too would prefer
not to have the system so open to virtual cheating of any sort.

I offer a simple solution for you to fix this problem. A solution to which
requires the unbanning of me and all my friends that were banned,
reinstating my group as active, and bringing everything back to usual, as
close as possible to how it was yesterday (including ALL the original points
that were earned).

In return for this, you will receive several benefits from me directly.

(1) You will receive the PHP code I wrote to do the actual cheat/attack on
your website. This may be studied by you or an IT associate working with you
to understand the flaws and weaknesses.

(2) You will receive my professional assistance in patching all security
holes, both server and script oriented.

(3) You will receive my promise to no longer attempt any unauthorized
attacks or fraud of any nature, whether for educational purposes or
otherwise, without the expressed permission of yourself, or else face
banning once again.

(4) You will receive my invaluable services of fixing future security issues
with eBaumsworld.

I offer this solution to you as an opportunity for both peace and future
prosperity of this community. You may decide as you wish without fear of
further repercussions from myself, however I must warn you that these
vulnerabilities are not the only that exist, nor have you the ability to fix
them by yourself or else they'd already be fixed.

Eagerly awaiting your well thought response,

Matthew N. Wright
President and CEO MWICPS
M. Wright International College Preparatory School, South Korea
http://www.mwright.kr

__________________________________________________ __________________

Here's the question you had to ask yourself-- does this e-mail sound like a threat? Admittedly, I was quite pissed off at the admins for banning me considering I had spent a week before the experimental exploits earning thousands of points legitimately, but apparently one of the employees who read this email decided that it was both: 1) blackmail, and 2) deserving of a 'good lesson'. In retrospect, as I agreed with them on the phone after this scam on me, I was a little pushy in the email. I still however stand by the un-professionalism and childishness of the entire group at ebaumsworld in their handling of this. And thus, the back story of the war as most of you saw between the admins and a user named m_wright, begins.


Fearing that the email to general@ebaumsworld.com would never be checked, I forwarded it with a small note to the team manager, Jason ********* (definitely was aware of the entire scam and did nothing to stop it).
__________________________________________________ __________________

Received: by 10.114.39.7 with HTTP; Tue, 25 Nov 2008 08:48:44 -0800 (PST)
Message-ID: <184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
Date: Wed, 26 Nov 2008 01:48:44 +0900
From: "None None" <jindq1@gmail.com>
To: jason@ebaumsworld.com
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_7109_1204901.1227631724850"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_7109_1204901.1227631724850
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason,

Here's the same e-mail I wrote (and messaged to 'ebaum' on the website). I
am currently signed up to the website as username "jindo" and he, you or any
moderators may contact me through private message.

On Tue, Nov 25, 2008 at 3:28 AM, None None <jindq1@gmail.com> wrote:

> Dear Eric,
>
> I have built a few utilities from scratch that utilize existing flaws in
> the ebaumsworld system to allow much, too much, automation for user
> activity.
>
> This ranges for everything from viewing media and posting comments, to
> refering and submitting media to the site, all of which are completely
> undetectable features if covertly done.
>
> As an IT professional of 9 years, and an avid fan of eBaumsworld for 5, I
> offer my humblist appologies for the massive activity of the past few days.
> I assure you, it was I and I alone, and all associated grouped accounts were
> in fact real users who are friends of mine who although know not how to do
> what it is I was doing, allowed me to use their accounts for such a purpose
> as to increase eRep points.
>
> As you can see by visiting my blog under m_wright, I had a great deal of
> interest in the awesome and intrepid eRep points system. I think it is a
> benefit to all of the community here at eBaumsworld, and I too would prefer
> not to have the system so open to virtual cheating of any sort.
>
> I offer a simple solution for you to fix this problem. A solution to which
> requires the unbanning of me and all my friends that were banned,
> reinstating my group as active, and bringing everything back to usual, as
> close as possible to how it was yesterday (including ALL the original points
> that were earned).
>
> In return for this, you will receive several benefits from me directly.
>
> (1) You will receive the PHP code I wrote to do the actual cheat/attack on
> your website. This may be studied by you or an IT associate working with you
> to understand the flaws and weaknesses.
>
> (2) You will receive my professional assistance in patching all security
> holes, both server and script oriented.
>
> (3) You will receive my promise to no longer attempt any unauthorized
> attacks or fraud of any nature, whether for educational purposes or
> otherwise, without the expressed permission of yourself, or else face
> banning once again.
>
> (4) You will receive my invaluable services of fixing future security
> issues with eBaumsworld.
>
> I offer this solution to you as an oppurtunity for both peace and future
> prosperity of this community. You may decide as you wish without fear of
> further reprecussions from myself, however I must warn you that these
> vulnerabilities are not the only that exist, nor have you the ability to fix
> them by yourself or else they'd already be fixed.
>
> Eagerly awaiting your well thought response,
>
> Matthew N. Wright
> President and CEO MWICPS
> M. Wright International College Preparatory School, South Korea
> http://www.mwright.kr
>
> As you can see in the letter above, my interest in retaining my original
ebaumsworld account (as well as my friend's) is high, as is my interest in
serving ebaumsworld in a professional mode.
About the problems:
There exist several currently unknown and currently known problems with
ebaumsworld.com. Without going into too much technical details, basically I
can 1) hijack accounts and do whatever I want with them, 2) earn as many
points as I want.
The flaws are both server side and software side. Being a professional PHP
developer of 6 years myself, the fixes would take little to no time on the
software side to fix, if I were the one doing it. As for the server flaws,
in my opinion they exist because without them, the site would not function
as well as it was supposed to. This comes back to the software having been
designed poorly- something my initial statement of being able to fix applies
to as well.
The degree of difficulty in fixing these problems is not exactly high, but
the range and location of these problems, being still unknown to anyone in
ebuamsworld, would be dangerous to both reputation and operation of
ebuamsworld.com if let to stay open.
I consider it my duty to insist the proper fixes for these, and as a reward
for such, have my original account reinstated. Simple enough.
The account was banned for the improper earning of eRep points (which was
the result of several experiments with the website's flaws). As a move to
test the second and critical level of the operations at ebaumsworld, I
initiated a prize claim using the ill-earned points. This set off a red flag
and caused me and all my friends accounts associated with me to be banned.
Trust me. That won't stop me or anyone else from obtaining prizes in this
manner if I was actually trying to keep things quiet.
The signs of me being an honest person can be seen everywhere.
1) I use my real name, phone number, and have revealed my business.
2) My account was 1 week old and retained 250,000 points by the completion
of my first tests, each other account ranking it at 100,000 for their first
day of creation. If was trying to scam ebaumsworld, I wouldn't have done it
so much so fast.
3) I am offering solutions to fix this problem once and for all.
My request is simple- reinstate the following accounts (or if reinstating is
not possible, simply un-ban them and let them sign up again, and enter their
status in later):
m_wright (my account)
avshav (David Shaw, the artist of one of my published children's books)
BaconKing (Cedric Santo, David Shaw's partner in an online comic endeavor)
cheongybaby (My girlriend in South Korea)
Each of these accounts had earned points using a flaw in the system. Other
accounts had also been hijacked.
Emminen
MeBeObama
After proving it worked on two seperate accounts, I decided not to use that
flaw anymore.
These issues are serious as they reflect the reputation and finances of
ebaumsworld, and the morale of the website community. I will use my many
years of expertise to assist you in any way to fix these problems- under the
strict condition that my test be confidential between me and the staff of
ebaumsworld, and that the accounts listed above are returned to their
status, with points earned as a show of good faith. None of the accounts
will ever attempt to redeem any merchandise except for m_wright, and I will
make an agreement not to attempt to redeem any prizes until 2,800,000 more
unique non-exploited points have been earned in addition to the 250,000
already having existed in that account.
You may call me directly at 82-10-4948-0073 whenever you and whoever else is
in charge of this, are ready to come to an understanding. Or you can ignore
me and see how that goes.
Until then,
Matthew N. Wright
President and CEO MWICPS
http://www.mwright.kr

__________________________________________________ _______________________

(During this time I was already communicating with them over the phone as well and was able to communicate with both a technician and Jason ********* for long periods of times discussing the website's vulnerabilities and how I could help them fix them. At all times, the pretended to be unknowing of any existing problems, unaware of solutions, and continuously made up problems, delaying with excuses such as "our software is done by another company so I don't know how to get access to the servers to fix it".)

Received: by 10.114.39.7 with HTTP; Tue, 25 Nov 2008 14:18:30 -0800 (PST)
Message-ID: <184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
Date: Wed, 26 Nov 2008 07:18:30 +0900
From: "None None" <jindq1@gmail.com>
To: jason@ebaumsworld.com
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_13910_21140130.1227651510118"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_13910_21140130.1227651510118
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason,

Sorry for the delay, had to contact my friends and have them create the
accounts again. I appreciate the understanding of the situation and it
sounds like I will have a good chance to be of use to you there in the
states. I want your assurances that this will not happen just as soon as
these holes are patched too. That would not be a wise move for anyone.

I am alright with having my IP banned, considering that it doesn't seem to
affect my accessing or participating in the website in any way shape or
form.

There are just two more things to take care of first, and we will have be
back in business.

First off, the following accounts were wrongfully banned before along with
mine:

cheongybaby (my girlfriend)

avshav (my book artist)

baconking (^ his associate)

These three accounts have been remade into:

cheongybaby2 (Change to cheongbaby)

KingOfBacon (You needn't change this name)

avshav2 (Change to avshav)

my girlfriend has recommended to put her points on to my account, as she will not be logging in as much starting next month anyway. I agree with that
idea.

I will be awaiting your reply email.

Matthew N. Wright

President and CEO MWICPS

http://www.mwright.kr

__________________________________________________ ________________


Delivered-To: jindq1@gmail.com
Received: by 10.114.39.7 with SMTP id m7cs45628wam;
Tue, 25 Nov 2008 15:13:48 -0800 (PST)
Received: by 10.103.172.9 with SMTP id z9mr1836513muo.109.1227654826733;
Tue, 25 Nov 2008 15:13:46 -0800 (PST)
Received: by 10.103.131.16 with HTTP; Tue, 25 Nov 2008 15:13:46 -0800 (PST)
Message-ID: <6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
Date: Tue, 25 Nov 2008 18:13:46 -0500
From: "Jason *********" <jason@ebaumsworld.com>
Sender: jason*********@gmail.com
To: "None None" <jindq1@gmail.com>
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_14852_10429823.1227654826735"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
<184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
X-Google-Sender-Auth: f38c9b43c6dd7e47

------=_Part_14852_10429823.1227654826735
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi Matthew,

After catching up with Vic, it sounds like you guys came to an agreement, so
I don't foresee any problems. Also, because you've handled this so well, we
really are quite happy you reached out to us and have provided such great
help.

Thanks again, looking forward to seeing your scripts and list of
vulnerabilities.

- J


__________________________________________________ _______________


This 'agreement' his is speaking of, was that they were so excited on the phone to fix these existing problems that they wanted to pay me for my time. I told Vic, the technician I was mainly communicating with, that I was only interested in being part of the community and giving something to the site. He recommended I receive an award and offered 1,000,000 erep points (take note, I never mentioned any kind of reward, just that me and my friends accounts be restored as they were). I told him that it would be cool to have that many points and said "Why not.". With that, we had an agreement that I would guide them through the patching process and do any necessary work with their full cooperation.

__________________________________________________ _______________

Received: by 10.114.39.7 with HTTP; Tue, 25 Nov 2008 15:23:56 -0800 (PST)
Message-ID: <184683860811251523v10a0f09fx80bf8a9c5916bd9f@mail. gmail.com>
Date: Wed, 26 Nov 2008 08:23:56 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: m_wright IP ban
In-Reply-To: <6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_14639_32211267.1227655436639"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
<184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
<6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_14639_32211267.1227655436639
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason,

The agreement was that the users listed in my response also had their names
changed, each with 1,000,000 points deposited into their accounts. I am
currently writing a professional white paper on the problems of eBaumsworld,
but as everyone has gone home at your office for the day, I will only have
your responses here at this email address to communicate with.

As I work on this white paper I await the progress of the other 3 accounts
being renamed and deposited as offered.

It is my sincere hope that in the future, if you experience any security or
technical issues with the site or users of the site, you will feel free to
contact me. I am not shy to doing website design and code improvements or
security patching, as it was my job (although not anymore) for over 9 years.
As for pay for any work in the future, eRep points seem like a fair
currency.

I'll be awaiting word on my friends accounts. Once I'm finished with the
paper, I'll let you know I'm finished.

Matthew N. Wright

President and CEO MWICPS

http://www.mwright.kr


__________________________________________________ _____________

Received: by 10.142.140.1 with HTTP; Tue, 25 Nov 2008 18:15:28 -0800 (PST)
Message-ID: <184683860811251815q53f1e738ve40da8f7f4cf8b4b@mail. gmail.com>
Date: Wed, 26 Nov 2008 11:15:28 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811251523v10a0f09fx80bf8a9c5916bd9f@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_17922_21038734.1227665728545"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
<184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
<6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
<184683860811251523v10a0f09fx80bf8a9c5916bd9f@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_17922_21038734.1227665728545
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason,

The technical document including details for implementing fixes for
everything is completed. All scripts that were written to exploit those
vulnerabilities have been edited to be more user friendly so that you may
run them yourself (or off my extra server if you'd like). These scripts will
be attached to the email with the PDF briefing.

I'll be awaiting word on the remaining accounts and I'll send it right out
after that.

Matthew N. Wright

President and CEO MWICPS

http://www.mwright.kr


__________________________________________________ ______


Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 02:29:48 -0800 (PST)
Message-ID: <184683860811260229w4988354ene8a99585438a8a1a@mail. gmail.com>
Date: Wed, 26 Nov 2008 19:29:48 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811251815q53f1e738ve40da8f7f4cf8b4b@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_18252_13217044.1227695388476"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
<184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
<6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
<184683860811251523v10a0f09fx80bf8a9c5916bd9f@mail. gmail.com>
<184683860811251815q53f1e738ve40da8f7f4cf8b4b@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_18252_13217044.1227695388476
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason and Vic,

My sincere apologies. There was a mistake in the PDF file. The test URL to
prove these vulnerabilities is freehostia, not virtuahostia. Please use the
format http://erepking.freehostia.com when testing the scripts live. Thank
you.

Matthew



__________________________________________________ __________

Contained in these tech white papers were pages and pages of outlines and details regarding exploiting the existing holes in ebaumsworld, concepts for possible further exploitation, and recommended first draft solutions that required the least access to the server on my part as necessary (for security reasons and to maintain a level of trust).

__________________________________________________ __________


Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 07:26:40 -0800 (PST)
Message-ID: <184683860811260726k4abe0a19v5f46e2ff77cfe7c9@mail. gmail.com>
Date: Thu, 27 Nov 2008 00:26:40 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: m_wright IP ban
In-Reply-To: <184683860811260229w4988354ene8a99585438a8a1a@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_21636_28328775.1227713200518"
References: <184683860811241028m42a72e4bq7368561216dfc0e5@mail. gmail.com>
<184683860811250848m3ca3f32cy6b3c120dd5113967@mail. gmail.com>
<184683860811251418u1c4850a2ye88a9702d124a379@mail. gmail.com>
<6caf1b510811251513t78c3a230wa834a5b664a7fa09@mail. gmail.com>
<184683860811251523v10a0f09fx80bf8a9c5916bd9f@mail. gmail.com>
<184683860811251815q53f1e738ve40da8f7f4cf8b4b@mail. gmail.com>
<184683860811260229w4988354ene8a99585438a8a1a@mail. gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_21636_28328775.1227713200518
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Jason,

I will be eagerly awaiting your plans for fixing these problems and whether
or not they include my services. At the time of sending that PDF file, those
were the only security issues I had known. However in the past 6 hours with
further investigation into more user features I have stumbled upon a few
more.

One of the bugs is just slightly less serious then the hijacking bug
described in the PDF whitepaper, in that although the probability of
hijacking a session with it are low, the malicious user can in fact send
visitors of ebaumsworld.com to any website they wish in the background,
without the person's knowledge, which could be used to force the download of
spyware or for other malicious purposes that my research hasn't discovered
yet.

The other bug is not exactly harmful to the server, but it allows messages
that are sent to an individual to be altered to look as if it was coming
from another individual. This could prove a privacy problem for the
individuals here if that were to ever be used.

I am not exactly ready with a whitepaper on those however, as I still need
to do more research into them. I'll let you know when I'm ready. I hope this
is a step in the direction of working further with you and your small team
there in making this website a better place for everyone.


Matthew N. Wright

President and CEO MWICPS

http://www.mwright.kr


__________________________________________________ ______________

Since that email was sent, I have actually uncovered literally hundreds of other bugs and exploitable holes (ones that can even change your account password) in this website that remain to this day, unfixed and open. Whether or not they are fixed is up to the current administration who seems to have only talked with me back in January when I was a hot topic. Recent emails to them have gone unresponded.

As my email address jindq1@gmail.com remains intact with original downloadable email attachments, if anyone is interested in a copy of the entirety including security briefing white paper pdfs and php script samples for educational value and to validate my findings, simply send a request to that email address and it will be honored.
__________________________________________________ ______________




See part 2....

Delivered-To: jindq1@gmail.com
Received: by 10.142.140.1 with SMTP id n1cs68083wfd;
Tue, 25 Nov 2008 18:58:38 -0800 (PST)
Received: by 10.67.15.2 with SMTP id s2mr3180366ugi.84.1227668317150;
Tue, 25 Nov 2008 18:58:37 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.26])
by mx.google.com with ESMTP id j4si747446ugf.16.2008.11.25.18.58.36;
Tue, 25 Nov 2008 18:58:36 -0800 (PST)
Received-SPF: neutral (google.com: 74.125.78.26 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) client-ip=74.125.78.26;
Authentication-Results: mx.google.com; spf=neutral (google.com: 74.125.78.26 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) smtp.mail=vicf@ebaumsworld.com
Received: by ey-out-2122.google.com with SMTP id 25so117273eya.41
for <jindq1@gmail.com>; Tue, 25 Nov 2008 18:58:36 -0800 (PST)
Received: by 10.210.58.17 with SMTP id g17mr5459543eba.130.1227668315693;
Tue, 25 Nov 2008 18:58:35 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ?192.168.1.101? (cpe-69-205-86-36.rochester.res.rr.com [69.205.86.36])
by mx.google.com with ESMTPS id 5sm1952697eyh.56.2008.11.25.18.58.33
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 25 Nov 2008 18:58:34 -0800 (PST)
Message-ID: <492CBB5F.2080403@ebaumsworld.com>
Date: Tue, 25 Nov 2008 21:58:39 -0500
From: vicf@ebaumsworld.com
User-Agent: Thunderbird 2.0.0.17 (X11/20081109)
MIME-Version: 1.0
To: email omitted
CC: Jason <jason@ebaumsworld.com>, Vic <vicf@ebaumsworld.com>
Subject: Changes applied, please send document/scripts
X-Enigmail-Version: 0.95.6
OpenPGP: id=53B6E5E7
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Matthew,

We have applied the changes you sought. We have changed:

cheongybaby2 -> cheongybaby
avshav2 -> avshav, +1,000,000 points
KingOfBacon, +1,000,000 points
m_wright, +1,000,000 points

Please send your document and scripts along to both Jason and I as soon
as possible. Thank you.

--
Vic

__________________________________________________






Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 13:59:35 -0800 (PST)
Message-ID: <184683860811261359t1ad3d7eajdfdd38cebd910754@mail. gmail.com>
Date: Thu, 27 Nov 2008 06:59:35 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason" <email ommitted>
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_27101_29733760.1227736775041"
References: <492CBB5F.2080403@ebaumsworld.com>
<email omitted@mail.gmail.com>
<email omitted@mail.gmail.com>
Delivered-To: jindq1@gmail.com

------=_Part_27101_29733760.1227736775041
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

There are a slew of other bugs and glitches that I have come across. I have
noticed that the session ID and cookie problem has almost completely been
resolved- that's reassuring. However, there still exist a few older problems
with the system and one of this is very crucial- it enables users to add and
remove as many points as they want from any other account!

All previous problems including a few of the ones I found tonight do not
actually need me to have any access to the server, however this last one is
the trickiest and I will not be able to understand how it works until I see
the source code of the points system off the webserver itself. I don't even
know if YOU know how to get that, so I'm just putting that out there. In the
meantime, there are a few veteran users who know how this works, but they're
not telling me because they don't know who I am or if I'm actually
legitimately helping ebaumsworld or not.

I'll try finding out through some word of mouth, but I doubt that's going
to happen. I might need to start looking at some source code.

Also: I hate to tell you this, but those 2,000,000 points you gave me along
with the 56,000 I earned in the past 48 hours have been taken away again by
a malicious veteran user who didn't like me claiming I was helping
ebuamsworld. It doesn't bother me too much though, as I know you guys
remember how many points I had and can give them back if they get taken away
by this malicious user.

I'll be looking for more security problems over the weekend as well and give
you some updates.

Matthew


__________________________________________________ _____

At this time, I had already introduced myself to the general community in the blogs and postings as someone working at ebaumsworld.com both to encourage feedback about existing security concerns and to flush out hackers of the website. Almost immediately revealing myself, there was quite an onslaught of attacks against my account, including superuser level modifications of my profile. Knowing the website was full of holes, I assumed it was just some other crafty users, and sought to flush them out in private messages (and succeeded to do so on numerous occasions). Little did I know, these 'hackers' were actually the admins and other technicians spending their hourly pay toying with me and creating a sense of urgency on the website, involving even the website's non-paid moderators such as Jen.

__________________________________________________ _____

Delivered-To: jindq1@gmail.com
Received: by 10.114.39.7 with SMTP id m7cs98061wam;
Wed, 26 Nov 2008 14:50:08 -0800 (PST)
Received: by 10.103.217.5 with SMTP id u5mr2358047muq.42.1227739807414;
Wed, 26 Nov 2008 14:50:07 -0800 (PST)
Received: by 10.103.131.16 with HTTP; Wed, 26 Nov 2008 14:50:07 -0800 (PST)
Message-ID: <email omitted@mail.gmail.com>
Date: Wed, 26 Nov 2008 17:50:07 -0500
From: "Jason" <jason@ebaumsworld.com>
Sender: email omitted
To: "None None" <jindq1@gmail.com>
Subject: Re: Changes applied, please send document/scripts
Cc: "Vic Fryzel" <vicf@ebaumsworld.com>
In-Reply-To: <184683860811261359t1ad3d7eajdfdd38cebd910754@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_8383_17945850.1227739807421"
References: <492CBB5F.2080403@ebaumsworld.com>
<184683860811251905tdd2e28chb8bc99dae8244635@mail.g mail.com>
<184683860811251907t3a824f6h722be73aa5c7fa46@mail.g mail.com>
<184683860811261359t1ad3d7eajdfdd38cebd910754@mail. gmail.com>
X-Google-Sender-Auth: 5bd1b0a53437ee8e

------=_Part_8383_17945850.1227739807421
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Matt, I've copied in Vic on this email, you missed him on your email below:


__________________________________________________ __


Delivered-To: jindq1@gmail.com
Received: by 10.114.39.7 with SMTP id m7cs99374wam;
Wed, 26 Nov 2008 15:32:18 -0800 (PST)
Received: by 10.210.65.17 with SMTP id n17mr1385911eba.27.1227742336328;
Wed, 26 Nov 2008 15:32:16 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191])
by mx.google.com with ESMTP id 3si2122982eyi.55.2008.11.26.15.32.15;
Wed, 26 Nov 2008 15:32:16 -0800 (PST)
Received-SPF: neutral (google.com: 64.233.182.191 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) client-ip=64.233.182.191;
Authentication-Results: mx.google.com; spf=neutral (google.com: 64.233.182.191 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) smtp.mail=vicf@ebaumsworld.com
Received: by nf-out-0910.google.com with SMTP id b11so432635nfh.3
for <jindq1@gmail.com>; Wed, 26 Nov 2008 15:32:15 -0800 (PST)
Received: by 10.210.34.2 with SMTP id h2mr1383221ebh.197.1227742335019;
Wed, 26 Nov 2008 15:32:15 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ?192.168.1.101? (cpe-69-205-86-36.rochester.res.rr.com [69.205.86.36])
by mx.google.com with ESMTPS id 3sm1283743eyi.35.2008.11.26.15.32.12
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 26 Nov 2008 15:32:13 -0800 (PST)
Message-ID: <492DDC83.6070909@ebaumsworld.com>
Date: Wed, 26 Nov 2008 18:32:19 -0500
From: vicf@ebaumsworld.com
User-Agent: Thunderbird 2.0.0.17 (X11/20081109)
MIME-Version: 1.0
To: jindq1@gmail.com
CC: Jason <jason@ebaumsworld.com>
Subject: Re: Changes applied, please send document/scripts
References: <492CBB5F.2080403@ebaumsworld.com> <email omitted>
In-Reply-To: <email omitted>
X-Enigmail-Version: 0.95.6
OpenPGP: id=53B6E5E7
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Matthew,

This is very bad news. I'm not even sure where to begin.

When we hired the company in India to develop eBaum's World, we signed a
clause saying that we were just purchasing a license to the code, and
not actually purchasing the code itself.

Despite this, I don't understand why you need the source code of the
site to diagnose this problem. You've been able to successfully
determine every other fault of the web site just using your expertise.
Why is it not the same for this?

These veteran users, who are they? You said we've no way of banning
them from the site because of those PROXY Servers you mentioned, so is
there anything else you can do? We have contacts with the FBI. Can you
find out more information on these users who stole your points? Can you
get their name, address, or phone number? With that, we might be able
to do something. I only ask because you seem like someone of that
caliber to procure those things. It would be a HUGE help to us.

Please continue reporting these finds, it is much appreciated.

--
Vic


______________________________________________


Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 15:58:58 -0800 (PST)
Message-ID: <184683860811261558l2cf07c65l62e676128d29929d@mail. gmail.com>
Date: Thu, 27 Nov 2008 08:58:58 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <492DDC83.6070909@ebaumsworld.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_28156_10943596.1227743938977"
References: <492CBB5F.2080403@ebaumsworld.com>
<email omitted>
<492DDC83.6070909@ebaumsworld.com>
Delivered-To: jindq1@gmail.com

------=_Part_28156_10943596.1227743938977
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

The flaw lies in the code. If I can see the code, I can spot the problem
instantly. Otherwise, it's just trial and error, trial and error. So
honestly, no I don't think need to see the code to be honest, but it might
it might save up to 2 days of scratching my head wondering. Understand that
all the vulnerabilities were found by common sense- but even common sense
can't explain some things like back doors and trojans that may exist in the
code to let malicious users abuse it. You would never know about that until
you saw the code. It's like trying to fix your engine by listening to the
sound only. We both know that's only possible up to a certain level of
difficulty and for certain fixes only. Some things you just gotta pop the
hood!

However, about this latest hijacking and point switching problem: In the
past hour I've pretty much found out enough results to figure out that what
is happening is what's called an SQL injection attack. This is like
literally injecting malicious code into existing good code at run time.

SQL is the name of the database system (MySQL to be exact) that stores all
the data on the users, media, etc. The search engine on ebuams world,
although normally designed for simply searching, is not secure (there
doesn't exist a secure search engine to be honest, but ours is particularly
buggy).

here's how it works:

The server should send a special search command to the database containing
what the user searched for. However, as I said before in my white paper,
each string has a beginning and end, denoted by a quote ". By including
slashes, quotes and special characters you can't type on the keyboard, it is
in fact possible to BREAK that string and cause the computer to think that
the string is 2 parts, one being your search, and another being any command
you wanted. This is called SQL Injection.

I believe this malicious user has found the exact perfect combination of
codes (which I am currently trying to find out for myself) that would alow
him to not just search for a video, but in the same comand, also change user
data, retrieve user data, change erep values, etc, etc.It's not only a
totally feasible explination, it happens A LOT on the internet, to even huge
companies on their websites.

There is only one other way Ican fix this in time without needingto actually
see the code, and that's by seeing the HTTP LOG (the log file of every web
activity to the website in the past 5 hours). It will show EVERYTHING, from
images to submitted messages and such.

For that reason, it is typically kept locked away. However, for me it would
be particularly beneficial as I would be able to search quickly through it
for the EXACT string being used against the server.

Now I have explained the biggest problem yet, and given a simple next step
to it. Can you help me with that next step? If not, I am afraid you'll be
waiting on me to get some luck- this kind of thing is not about expertise at
this level, it's about being psychic. Like guessing a persons password in a
way- time consuming.

If I can't get to the code, I need the HTTPd LOG for all activity for the
past few hours on the site. That will tell me whether or not this is an SQL
injection from the web server.

There were other possibilities, but the server already having patched up
many of the bugs I mentioned yesterday to you, those methods are now
impossible, so I would bet my guess that it's an SQL injection attack.


About the individual: I want you to let me handle them, as they are in fact
a veteran of the website, with no special powers or abilities- simply a flaw
they discovered and held on to. The difference between this person and I is
clear- I preached about my consideration for ebaumsworld community and came
to fix the glitches. This person preaches about caring and keeps the
glitches for their own amusement and protection against others (kind of like
the basis for owning a hand gun in a quiet town.)

You needn't involve any authorities as this person has not broken the law-
yet. According to cybercrime laws, a person needs to access to certain
places that are OBVIOUSLY off limits. Your website is making it so easy to
do things without ever accessing those areas. FBI will not be able to help
you in this particular situation. The only harm this person has been doing
is hijacking my account in order to tamper with it to "prove" something to
me, and scare me, as he does not believe I am actually working with
ebuamsworld. Instead he believes that I am there using the very exploits I
am here to fix. He doesn't believe the 2,000,000 points were gifted, and
retaliated against me for his lack of understanding. He also claims to
communicate regularly with eric, and mentioned that eric doesn't like me.
For this, I think he's talking out of his ass- but at the same time, you
never know who you're talking to, so I have a solution that is non-technical
but more social...

If I can make him take me serious, I wholeheartedly believe he would assist
me in patching this hole up. At the moment though, he;s looking at my
account as if I was just a kid trying to steal points from ebaumsworld. He
isn't listening to me, and he won't know who anyone there in your group is
if you tried to contact him...

I do have a possible solution to this though- if Eric himself can tell him
that I am working with you, or possibly even put it on the website, he will
not be able to deny it and then he will be forced to show his true colors.

At this very moment though, I am hard at work securing the methods behind
this SQL injection attack and will let you know as I hear. Please find out
about possibly getting the HTTPd log from your web hosting company. That
would probably answer the entire question in an instant.


Matthew


________________________________________

Delivered-To: jindq1@gmail.com
Received: by 10.114.39.7 with SMTP id m7cs101785wam;
Wed, 26 Nov 2008 16:37:56 -0800 (PST)
Received: by 10.67.15.2 with SMTP id s2mr49133ugi.84.1227746274851;
Wed, 26 Nov 2008 16:37:54 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
by mx.google.com with ESMTP id e23si1631703ugd.46.2008.11.26.16.37.53;
Wed, 26 Nov 2008 16:37:54 -0800 (PST)
Received-SPF: neutral (google.com: 64.233.182.186 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) client-ip=64.233.182.186;
Authentication-Results: mx.google.com; spf=neutral (google.com: 64.233.182.186 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) smtp.mail=vicf@ebaumsworld.com
Received: by nf-out-0910.google.com with SMTP id c7so427979nfi.40
for <jindq1@gmail.com>; Wed, 26 Nov 2008 16:37:53 -0800 (PST)
Received: by 10.210.86.10 with SMTP id j10mr6709786ebb.129.1227746273435;
Wed, 26 Nov 2008 16:37:53 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ?192.168.1.101? (cpe-69-205-86-36.rochester.res.rr.com [69.205.86.36])
by mx.google.com with ESMTPS id 7sm2583556eyb.54.2008.11.26.16.37.50
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 26 Nov 2008 16:37:52 -0800 (PST)
Message-ID: <492DEBE6.5080305@ebaumsworld.com>
Date: Wed, 26 Nov 2008 19:37:58 -0500
From: vicf@ebaumsworld.com
User-Agent: Thunderbird 2.0.0.17 (X11/20081109)
MIME-Version: 1.0
To: jindq1@gmail.com
CC: Jason <jason@ebaumsworld.com>
Subject: Re: Changes applied, please send document/scripts
References: <492CBB5F.2080403@ebaumsworld.com> <email omitted>
X-Enigmail-Version: 0.95.6
OpenPGP: id=53B6E5E7
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Matthew,

I just spoke with Suraj, our contact to the Indian developers, and he
said there is no way for them to get us the code. I tried and tried,
but they're not budging. He said his developers use some of the code
for other web sites they develop. He said some of it was bought by
YouTube, and that they can't release it.

So, instead, I tried to get some information for you.

Suraj said that our database system is Oracle 10G, whatever that is. I
asked him about the SQL thing you mentioned, and he said just to tell
you Oracle, and that you'd understand.

As far as the search goes, I mentioned it to him, but he said that the
search is offloaded to a Google server that's somewhere in our site. He
actually gave me a link to the specific one that we apparently use:

http://www.googlestore.com/appliance/product.asp?catid=3

Not sure how that works, but if you've found a vulnerability in that, we
MUST know so that we can tell Google to fix it ASAP.

Next, I asked Suraj for the HTTP LOG you mentioned. He asked what kind
of logs. I said I didn't know. So he explained to me that there are
two kinds, access logs and error logs. He said the access logs are
probably what I was looking for, but that they don't keep access logs
because they take up too much space. He said we get so much traffic to
ebaumsworld.com that turning on the log feature of ebaumsworld.com
generates about 1 giga-byte of logs every 5 minutes. So, in short, I
guess they don't have them. He did say though that they searched the
error logs on the Google thing for anything coming from the searches,
and he said the error logs were empty.

On top of everything, Suraj sounded a little annoyed that we keep
calling him. I don't want to upset the developers, if you get my gist.

This whole situation is not good Matthew. Please let me know any advice
you may have. Thanks again.

--
Vic

__________________________________________________ _____-

(This is all completely falsified story created by Vic in an effort to waste my time, as he believed at the time I was some dangerous individual bent on blackmailing them.)

__________________________________________________ _____


Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 16:51:02 -0800 (PST)
Message-ID: <184683860811261651r71166e56l2b53d150031432bd@mail. gmail.com>
Date: Thu, 27 Nov 2008 09:51:02 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <492DEBE6.5080305@ebaumsworld.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_28688_23807963.1227747062773"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_28688_23807963.1227747062773
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

Appreciate your taking it seriously and doing the footwork to help out. It
is possible that it is not an SQL injection, but as it stands without seeing
any code or finding out from this individual how its working, you'll have to
wait on me. As for sending it to google, that's bullshit. It might in fact
EVENTUALLY get to google, but you don't see the address as google.com when
you search, do you?

If it is an injection, it might be a PHP code injection instead of an SQL
command injection. That's also possible. The problem lies in that few lines
of code that interact with the google site, and I know its not all processed
by google, because I have generated error pages using strange characters-
and those error pages are coming from ebaumsworld.com

Either way, let me do some research before they get too steamed, heh. As far
as the logs go, there would be no real need for error logs if the person
made no mistake- however, that is in fact possible and I believe if they
made a mistake, he's already have seen it.

Here's where it gets unlucky for you guys- all of these problems it seems
are stemming from your host and their faulty production of code. I could do
better writing the entire website myself in a 1 month time frame to speak
frankly and you can in fact set special features in the settings file of the
web server that allow for logging of only certain events- like only the
accesses for search.php or something....but that again, is in the hands of
the team in India and they might not do special work like that for you, as
you might not be hosted alone, but rather with other users as well.

It seems that all of the help I could use is not going to come from them
though, but I thank you for your efforts and I'll keep trying. If you want
to try one more thing, you could tell them to double check their work and
make sure SQL injections are protected against or you'll change hosts.
That's a totally viable threat considering its an easy fix and they're being
lazy on security it sounds like. Would it be okay if I spoke with them
directly?


Matthew


___________________________________________

Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 17:08:24 -0800 (PST)
Message-ID: <email omitted>
Date: Thu, 27 Nov 2008 10:08:24 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <492DEBE6.5080305@ebaumsworld.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_28823_20645579.1227748104773"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_28823_20645579.1227748104773
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

I feel a little more comfortable speaking on the phone- do you have a line I
can call you on where you are?

Matthew

__________________________________________________ ____

Delivered-To: jindq1@gmail.com
Received: by 10.114.39.7 with SMTP id m7cs105265wam;
Wed, 26 Nov 2008 17:52:25 -0800 (PST)
Received: by 10.210.26.14 with SMTP id 14mr6796064ebz.135.1227750744327;
Wed, 26 Nov 2008 17:52:24 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ey-out-1920.google.com (ey-out-1920.google.com [74.125.78.150])
by mx.google.com with ESMTP id 3si2227128eyj.41.2008.11.26.17.52.23;
Wed, 26 Nov 2008 17:52:24 -0800 (PST)
Received-SPF: neutral (google.com: 74.125.78.150 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) client-ip=74.125.78.150;
Authentication-Results: mx.google.com; spf=neutral (google.com: 74.125.78.150 is neither permitted nor denied by best guess record for domain of vicf@ebaumsworld.com) smtp.mail=vicf@ebaumsworld.com
Received: by ey-out-1920.google.com with SMTP id 21so317777eyc.56
for <jindq1@gmail.com>; Wed, 26 Nov 2008 17:52:23 -0800 (PST)
Received: by 10.210.24.12 with SMTP id 12mr6814050ebx.31.1227750743352;
Wed, 26 Nov 2008 17:52:23 -0800 (PST)
Return-Path: <vicf@ebaumsworld.com>
Received: from ?192.168.1.101? (cpe-69-205-86-36.rochester.res.rr.com [69.205.86.36])
by mx.google.com with ESMTPS id 7sm2524603eyg.52.2008.11.26.17.52.20
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Wed, 26 Nov 2008 17:52:22 -0800 (PST)
Message-ID: <492DFD5C.6030301@ebaumsworld.com>
Date: Wed, 26 Nov 2008 20:52:28 -0500
From: vicf@ebaumsworld.com
User-Agent: Thunderbird 2.0.0.17 (X11/20081109)
MIME-Version: 1.0
To: jindq1@gmail.com
CC: Jason <jason@ebaumsworld.com>
Subject: Re: Changes applied, please send document/scripts
References: <email omitted>
X-Enigmail-Version: 0.95.6
OpenPGP: id=53B6E5E7
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Matthew,

I really cannot afford to talk to you internationally over the phone
from my house line. A phone conversation would have to wait.

--
Vic

__________________________________________

I hadn't figured it out at the time, what with all the seemingly total cooperation from him at the time, but this was just a lie in order to keep me from obtaining his home phone number to later retaliate against him. Throughout our entire encounters, I have been the only one other than Jason Martonara to release my full name. I guess he has something to hide.

__________________________________________

What the fuck is this shit? How about a summary instead of a brick wall.

Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 17:52:56 -0800 (PST)
Message-ID: <184683860811261752m18c52270i123a96925445bcac@mail. gmail.com>
Date: Thu, 27 Nov 2008 10:52:56 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <492DFD5C.6030301@ebaumsworld.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_29251_31423290.1227750776478"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_29251_31423290.1227750776478
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

I meant calling you, silly.


Matthew


__________________________________________________ __

Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 18:00:03 -0800 (PST)
Message-ID: <184683860811261800h449ba545j5d6cee803ae4dbd8@mail. gmail.com>
Date: Thu, 27 Nov 2008 11:00:03 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_29292_5950837.1227751203177"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_29292_5950837.1227751203177
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

By the way, who is moderating the website? Seems like there is only a
comment moderator. Who is the person who deletes groups if someone violates
the TOS, or who removes media if its inappropriate?



Matthew


____________________________________________


Received: by 10.114.39.7 with HTTP; Wed, 26 Nov 2008 18:48:45 -0800 (PST)
Message-ID: <184683860811261848w2c2d6354s2c63b52e6ab9c67f@mail. gmail.com>
Date: Thu, 27 Nov 2008 11:48:45 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_29573_16249270.1227754125169"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_29573_16249270.1227754125169
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Some good news on the front- I am only mere steps away from uncovering the
reason for this last remaining vulnerability. I am confident once this one
is patched, ebaums world will be a safe environment for eRep points once
again to be earned in higher amounts and for users to community freely
without fearing security issues with their own computers.

I'll let you know when I crack the last one here.


Matthew

__________________________________________________-

eceived: by 10.114.39.7 with HTTP; Thu, 27 Nov 2008 20:44:49 -0800 (PST)
Message-ID: <email omitted>
Date: Fri, 28 Nov 2008 13:44:49 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_43097_12046531.1227847489885"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_43097_12046531.1227847489885
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

I wanted to note to you that you can no longer hijack sessions- that is the
good news. Someone has already fixed that part of it. The server now records
the IP address along with the PHPSESSID that way if someone on a different
computer tries to use the same ID, it will automatically log them out.

However, this doesn't stop the scripts that I wrote to add media/points,
because I can still do all of that from my own IP address by running the
scripts from my computer.

As for the new vulnerabilities, I am pretty sure that once the older ones go
away, the newer ones will be harder to use, but as for the SQL injection or
PHP injection thing, unless this user is set to Administrator status, he is
will able to just change points, change my profile settings, etc, at his
will.

He has now decided to officially not help us in our mission to fix these
holes, so I would like yuo to get his email address from his account and
give it to me. Find out if he is an administator or a friend of Eric's as he
claims to be. If he is, then there is no bug and he's just abusing his
powers. If he isn't, then there is a bug and I want you to ban his account
please.
The username is DrunknDecrepit.

If I have his email address and he is banned, he will understand that I in
fact am working with ebaumsworld and not just another user making empty
claims, and having his email address will give me a way to continue
communicating with him in order to get more information on the bug that he
has discovered.

In the meantime, I am still working on discovering more about this as an
injection attack and am confident that even if we discover just one of the
ways this user has been able to do what he is doing and fix it, he will
still be able to find a way to do it again unless the bigger and more
important bugs are fixed.

Those bugs, I believe, rely in both the mobile website and the google search
interfaces. If not commands, they can still be tricked to execute code
inside the user's browser. I want to show you live examples of this so
please let me know when you are available to talk on the phone and I will
call you, and let you see for yourself what these bugs do right while we're
on the phone.

Matthew


__________________________________________________ _____


Received: by 10.114.39.7 with HTTP; Sat, 29 Nov 2008 06:01:28 -0800 (PST)
Message-ID: <email omitted>
Date: Sat, 29 Nov 2008 23:01:28 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_54012_12525317.1227967288796"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_54012_12525317.1227967288796
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Vic,

I hope you've been having a great thanksgiving and I know you're having fun
sifting through the numerous emails awaiting you. Sorry for that!

Here's an update on the situation:

The user DrunknDecrepit abused the same vulnerability in the database I was
speaking of earlier in order to change my profile status and deduct 50,000
erep points from my account. He dropped them into his account instead (check
into it).

Since then, I have ignored all communication with him and begun to work
harder to find out the problem myself- again, this is not easy without some
kind of line of communication to the system admins, or the people who make
the website, and you must understand that this individual might have spent
years finding this exploit- something I don't have time for. I will try my
best, but at the moment, he has the advantage of having already known about
it. I am however, almost 100% sure that if he's not an administrator just
screwing around with me, he has in fact uncovered a bug related to SQL or
PHP code injection! Regardless of what your friend in India says to you,
that's what it has to be unless he has the passwords for everything himself.

Now one more thing, you can prove he too 50,000 points by checking his
account and noticing no record of earning 50,000 points, and also by
checking my account erep points amount. To make sure everything is clear, I
went to the erep store and selected an ipod touch for 450,000, so you need
to deduct that from your calculations when you want to return this to normal
again. In other words, do not simply put 2,000,000 back into the account, as
that is not accurate- instead, simply add 50,000 to the total and that will
in fact be accurate. I say this to avoid any confusion and to remain, as
always, completely open, up front, and honest about all activity on the
website by me or anyone I come in contact with there.

As for the security vulnerabilities, many of them still exist and it will be
hard to tell how this new security vulnerability of changing user data and
erep point values is being accomplished without first fixing the other
security vulnerabilities.

I will be available to you and Jason whenever you need me either through
email or over the phone to discuss with you or any third party, the problems
and possible solutions. I am also prepared to write my own code to fix most
of the problems if that kind of access to the server could ever eventually
be allowed.

Until then, as usual, I will be testing the system little by little, trying
to get one step closer to finding the true source of this newest
vulnerability. As I mentioned in an earlier email, once this malicious
user's email address has been given to me, and his account has been banned,
I will be able to persuade him better to release information on how in fact
he is accomplishing it.


Matthew


_________________________________________________


At this time, Vic and the other technicians at ebaumsworld had been communicating with me, pretending to be avid users of the site who knew of numerous security holes, trying to befriend me, earn my trust, and even trying to test me. I did what I could to draw them out as much as possible by lying about my position and job and even about my abilities, which later led the real Vic to believe I was impersonating an employee and further fuel his dislike of me, causing him to further his masquerade.

__________________________________________________


Received: by 10.142.203.2 with HTTP; Mon, 1 Dec 2008 12:31:57 -0800 (PST)
Message-ID: <184683860812011231n1b5e96f0q8a2999ff6b83a32f@mail. gmail.com>
Date: Tue, 2 Dec 2008 05:31:57 +0900
From: "None None" <jindq1@gmail.com>
To: vicf@ebaumsworld.com
Subject: Re: Changes applied, please send document/scripts
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_111877_15587265.1228163517202"
References: <email omitted>
Delivered-To: jindq1@gmail.com

------=_Part_111877_15587265.1228163517202
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Login: paurob84
Password: 0633719

https://cp.freehostia.com/members/

Just wrote the code for you guys.



Matthew


_________________________________________________


At this time, he decided he had wasted enough of my time (almost an entire week now involving almost 10 hours of phone conversations and hours upon hours of work for their site) and told me on the phone that I was being recorded and that I was "pwned". In disbelief I appologize for giving any wrong impression and even spoke briefly with Eric Bauman himself on the phone, but it was no use- him and every person involved in the scam were so deep in what they had created, they couldn't see how overboard and misjudged it all really was and we ended the phone conversation.


I then hopped on Gmail's AIM interface and began chatting with Jason Martonara, a person whom I trusted more than Vic to explain the situation, based on his supposed position at ebaumsworld.
__________________________________________________


5:41 AM me: So that's it? Just wasted my time?
5:42 AM You guys don't have any problems and it's not going to hurt you at all that anyone can still get eRep points however they like and post content with embedded iframes and such?
Cool then.
5:45 AM Jason: hey Matt, want you to know that I really haven't followed this as closely as our developers, so I'm a bit out of the loop. But i do agree that you went about this the wrong way in the first place, and that you've taken the liberty of posing as an EBW employee, posting blogs and msging others, which is also not acceptable
5:47 AM me: I get that. I've explained why I did that too. As I said before, I'm sorry for the original "attacks" and as I said in my email to you, and I quote,
You may decide as you wish without fear of further reprecussions from myself, however I must warn you that these vulnerabilities are not the only that exist, nor have you the ability to fix them by yourself or else they'd already be fixed.
So I'm not planning on using anythign I know against your website.
nor was I ever. However, there is a law in New York city regarding recording conversations, N.Y. Penal Law §§ 250.00, 250.05.
5:48 AM I haven't authorized the release of that recorded conversation until I get a straight answer about the existing security problems with the website.
Once I get that information, you can earn all the money you want from my name and voice.
Considering I'm in Korea, it doesn't really bother me that much what goes on in America.
5:49 AM So if you could direct me to the person who designs the website code itself and let me chit chat with them for a brief moment, I think I can give you guys some content for your site.
5:52 AM Jason: vic is part of the team that develops the code itself, as is the user you were 'fighting' with
5:53 AM along with 2-3 others
me: In that case, take a look at the code I gave you, along with the code stored in the web server I gave vic the password for
You'll figure out what's wrong. Theres some security problems with being able to travel from m.ebaumsworld.com
5:54 AM there's also more problems with the member system like spoofing messages and little things like that
But I think the biggest problem is including custom HTML (and IFRAMES) into blogs and such
5:55 AM With that wide open, you can send anyone you want to another page outside of the ebaumsworld site
You can also force forms into the website's background and force them to submit with javascript
I noticed they were fixing that as I was working, but it's something they need to make sure can't be done.
5:56 AM And regardless of what they say about me, I'm glad to have been able to be productive and show some vulnerabilities with the site. Obviously there were some or we wouldn't be talking in the first place.
If nothing more than the vulnerabilities of not limiting user activity in any shape or form
5:57 AM Now although I was tricked nicely, I do admit, the fact remains that I did what I believed to have been my job under the circumstances, and reacted to the ebaumsworld developers with the respect that they deserved under the conditions I was presented with.
5:58 AM Ego or no ego, I'm completely fine right now because I know I did what I could do, and that the only thing that happened was that they didn't have a need for it or room for my expertise in that group.
Regardless, I hope your website does well, which I'm helping with by giving you that audio,
5:59 AM Jason: we're not using the audio, dont worry
me: One thing I noticed was the users are really aching for updates to some navigation problems on the site
Jason: developers have a tendency to take things personally sometimes so I think they were just venting
6:00 AM me: I agree with them too about the need for change, and if there is no fraud, I think it should be appropriate for the erep points to be earned easier. But I don;t know your company's financial situation so I don't know.
Anyway, my hopes were to become trusted enough to assist in the "small company" that I was led to believe you were, and take on some responsibility for any of the future updates. That's where the ego came from.
6:01 AM Jason: well, the ego was apparent in your first email...we would have never told you we were a small company if we didnt feel threatened right off the bat
me: I read you loud and clear on that.
Either way, it was nice to have a chance to give you guys help even if it was just a joke on me,
Jason: it was a tactic we used to get as much information as possible from you, not knowing what your intentions were
me: Well like I said in my email
Whatever info you need on me, I'll offer willingly,
6:02 AM I'm not hiding behind anything at all. I hope you guys know that know if not figured it out already.
Jason: I believe you helped us some, i know there are several fixes we've pushed already during this whole incident
you've been very forthcoming, i agree
me: Then that being said, I hope this is a lesson for me in how to handle small businesses in the future,
6:03 AM and I'm sure I'm taking away alot with this indeed
However, I don't appreciate being led on so long, but I guess that's what makes the joke funnier for everyone.
6:04 AM Either way, something Vic said about me 'staying up all night like a 15 year old" struck me as kind of brutal considering I was staying up in order to work on both ny website and what I thought would be patches for yours.
Either way, its clear your team made the right choice and judgement on me or else you would not have a website anymore if you think about it.
So I give them props for being so smart.
But I also give them negative points for letting emotions change their direction so much. It's kind of childesh.
ish*
6:05 AM I mean, if I was upset about this whole thing, I'd be pissing and crying, but frankly I think I did a good job and in the future if you ever asked my help I'd not turn it down.
And just for the record, I did have an agenda, but it wasn't one to hurt ebaumsworld at all. I was planning on waiting out your updates
6:06 AM When you had figured out your website providers were not going to help you at all (as vic had led me to believe),
I was going to offer more services, both of myself for website construction and development, and my good friends' for art and illustrations.
This was about business from the start.
That's what Vic had picked up on as "extortion"
6:07 AM I'm just an oppurtunist. Not really an extorter.
Either way, it's been fun.
6:08 AM It's always been interesting to me to find information out about companies and people and systems and everything.
Now I know roughly how many people work there, most of their names, their working hours, etc
It's been like a challenge for me to get up as high as possible with as little effort.
It would have worked too, if it wasn't for those meddling kids!
lol
6:09 AM I don't expect you'll be needing me for any changes as I'm sure your tech department can handle it all now that I've told thema bout it
And I think that I'm just serving as further entertainment, so I'll end our communications.
You might want to ban the jindo account too, just in case I get tempted to check your website someday.
13 minutes
6:23 AM Jason: well like i said, i think the developers find this more amusing than i do. I actually appreciate your investigation and I've already seen some good come out of it, so other than your initial communications, I really have no gripes
me: Cool. Then I think everything is in order. Appreciate your time Mr. *********.
6:24 AM And I'll remember the original message of how it seems ego and extortion were all that was being read, and I'll try to fix that in the future.
To tell you the truth, I really didn't know I was coming across like that I really don't want to be the type of person they're claiming I am so.. Even the devil's right sometimes.
6:25 AM Jason: well, beyond that initial email too i guess, you really shouldn't have been posting as ebaum or posting blogs as an employee, etc... it was dishonest and misleading
6:26 AM me: I knew it was wrong when I did it, I did to because I thought that someone was out to get me (turns out they were) and I was being obnoxious to flush them out. Which also apparently worked.
If I can say one thing though, I really do speak for the community during what time they believed I was there to help them and they told me many things they really wanted to see with that site, and I think they're all excellent ideas. Please look over that blog at their postings. A lot of them would make ebaumsworld a much smoother place to communicate and share in.
6:27 AM INcluding the one about adding a music section and working more to support original content from the now growing community of users who actually know how to create their own.
6:28 AM (the music section obviously being a place where they can make songs and submit them, not where they can just upload existing copyrighted music)
6:30 AM anyway, its all there for you if you're interested, I think the community (altough maybe not the website) was doing alright before I came along, so with best wishes I leave you at that.
God bless.


__________________________________________________ ______________



After that, the blog war started where my original blog to seek out potential site hackers was edited with my personal wikipedia about:user page (which every user creates for themselves btw) and displayed in a negative manner including the comment "He even made this wikipedia page about himself!". Well of course I did, it's a user's about page. Due to the fact that he was also releasing my phone number to the public, removing any posts I made in rebuttal to his actions and repeatedly banning any IP's I used to connect with, I decided to continue contacting them regarding this issue.


__________________________________________________ _____________


Received: by 10.114.79.12 with HTTP; Sat, 3 Jan 2009 16:28:54 -0800 (PST)
Message-ID: <email omitted>
Date: Sun, 4 Jan 2009 09:28:54 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Wikipedia GFDL License Infringement / Civil Libel Notice
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Delivered-To: jindq1@gmail.com

Dear Jason,

Shortly after the misunderstanding between me and a staff member there
at ebaumsworld, I noticed that your staff had updated a personal blog
that was originally posted by me in an effort to bring what had been
described to me at the time as a hopeless community, and to draw out a
specific individual that had made themselves out to be a threat.

Although I do understand the perception of my actions from the
ebaumsworld.com staff, I cannot agree with the blatent libel against
me nor the infringement of wikipedia GFDL licenced content. The GFDL
governs all Wikipedia content and may be viewed here at
'http://en.wikipedia.org/wiki/WP:GFDL'. Only the GFDL is legally
binding.

Specifically, the blog posted at
'http://www.ebaumsworld.com/user/blog/m_wright/view=80429094/' uses
content from 'http://en.wikipedia.org/wiki/User:Matthew_wright'. As
the author of that private user page, the existence of your blog
contents violates my copyright, as well as those of all other
contributors.

As I won't be escalating this to a civil suit for libel, and have
remained cordial, helpfull and honest throughout all communications
with ebaumsworld.com staff, you are officially requested to edit the
information that may be libelous in nature, and cease further
infringement of both the GFDL and the personal copyright on the users
page for 'Matthew_wright'.

Sincerely,

Matthew N. Wright

_________________________________________


Absolutely no response and no change in banning policy since that email led me to believe it was time to fight fire with fire.
_________________________________________

Received: by 10.115.54.16 with HTTP; Tue, 20 Jan 2009 02:21:50 -0800 (PST)
Message-ID: <email omitted>
Date: Tue, 20 Jan 2009 19:21:50 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: Wikipedia GFDL License Infringement / Civil Libel Notice
In-Reply-To: <email omitted>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <email omitted>
Delivered-To: jindq1@gmail.com

Dear Jason,

As I have not yet received word back from you or anyone at your office
concerning this matter, I am resending this message to you in hopes it
will receive you better.

Sometime within the week I will follow up with a phone call to your
office in order to confirm its receipt.

If contact can not be made, the next step will be to forward this
issue to all parties involved, including but not limited to:

Wikimedia
Google
TechieMedia

At that point, it will be the job of those parties to follow their
policies on copyright infringement by their users as outlined by their
terms of usage agreements.

I'm sure you'll make the appropriate decision for the success of
eBaumsWorld, Inc.

On a separate note, there is in fact an abundance of stored
information regarding my research on the eBaumsWorld.com website
vulnerabilities, fully documented and logged through Camtasia. Would
you kindly permit me to release those documents and videos to several
different websites for educational purposes only, such as YouTube,
considering the "IT department" had let me know on our last phone
conversation that, and I quote, "There are no security
vulnerabilities"? I think it is the duty of any security analyst to
assist others interested in securing their websites by allowing them
to learn from others mistakes.

Looking forward to your correspondence.

Happy holidays!

Matthew N. Wright
President MWICPS

_________________________________________________

Delivered-To: jindq1@gmail.com
Received: by 10.115.54.16 with SMTP id g16cs165619wak;
Tue, 20 Jan 2009 10:59:37 -0800 (PST)
Received: by 10.140.139.6 with SMTP id m6mr3524294rvd.234.1232477975890;
Tue, 20 Jan 2009 10:59:35 -0800 (PST)
Received: by 10.140.119.5 with HTTP; Tue, 20 Jan 2009 10:59:35 -0800 (PST)
Message-ID: <6caf1b510901201059y15adc5dfu2b5a70a38853c1fb@mail. gmail.com>
Date: Tue, 20 Jan 2009 13:59:35 -0500
From: "Jason *********" <jason@ebaumsworld.com>
Sender: jason*********@gmail.com
To: "None None" <jindq1@gmail.com>
Subject: Re: Wikipedia GFDL License Infringement / Civil Libel Notice
In-Reply-To: <184683860901200221x4e1c26edvfee995379924fac4@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_27907_30098770.1232477975878"
References: <184683860901031628h28ca51e5ibf0704dc5b069120@mail. gmail.com>
<184683860901200221x4e1c26edvfee995379924fac4@mail. gmail.com>
X-Google-Sender-Auth: 296eb536d676a203

------=_Part_27907_30098770.1232477975878
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Matt, we'll remove your blog post as requested.

I CAN NOT permit you to release any documents or videos regarding eBaum's
World to ANY other sources without first reviewing them with our team and
counsel. Please provide these docs/videos to me in a secure and
confidential manner at your earliest convenience.

Thank you,
Jason


____________________________

Well that seemed to have worked. If anyone wants that camtasia video, drop a line to jindq1@gmail.com and I'll give you the rapidshare link. Most exploits have already been patched due to working with the new admins however.

______________________________


Received: by 10.142.223.14 with HTTP; Tue, 20 Jan 2009 15:35:53 -0800 (PST)
Message-ID: <184683860901201535g297a3707sd177c327a14cdd98@mail. gmail.com>
Date: Wed, 21 Jan 2009 08:35:53 +0900
From: "None None" <jindq1@gmail.com>
To: "Jason *********" <jason@ebaumsworld.com>
Subject: Re: Wikipedia GFDL License Infringement / Civil Libel Notice
In-Reply-To: <6caf1b510901201059y15adc5dfu2b5a70a38853c1fb@mail. gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <184683860901031628h28ca51e5ibf0704dc5b069120@mail. gmail.com>
<184683860901200221x4e1c26edvfee995379924fac4@mail. gmail.com>
<6caf1b510901201059y15adc5dfu2b5a70a38853c1fb@mail. gmail.com>
Delivered-To: jindq1@gmail.com

Mr. *********,

I appreciate your speedy response and cooperation with keeping the
internet a copyright infringement free place. I also understand your
feelings regarding any materials involving eBaumsWorld, and will
respect your wishes by first sending any and all information regarding
eBaumsWorld to you directly for review before publishing in any manner
online or offline.

Happy New year!

Matthew N. Wright
President MWICPS


____________________________________

Delivered-To: jindq1@gmail.com
Received: by 10.142.223.14 with SMTP id v14cs265464wfg;
Tue, 20 Jan 2009 15:51:13 -0800 (PST)
Received: by 10.103.245.18 with SMTP id x18mr1226677mur.62.1232495470295;
Tue, 20 Jan 2009 15:51:10 -0800 (PST)
Received: by 10.103.228.2 with HTTP; Tue, 20 Jan 2009 15:51:10 -0800 (PST)
Message-ID: <6caf1b510901201551n782b764bwbea2a817c0755891@mail. gmail.com>
Date: Tue, 20 Jan 2009 18:51:10 -0500
From: "Jason *********" <jason@ebaumsworld.com>
Sender: jason*********@gmail.com
To: "None None" <jindq1@gmail.com>
Subject: Re: Wikipedia GFDL License Infringement / Civil Libel Notice
In-Reply-To: <184683860901201535g297a3707sd177c327a14cdd98@mail. gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_56853_23701914.1232495470280"
References: <184683860901031628h28ca51e5ibf0704dc5b069120@mail. gmail.com>
<184683860901200221x4e1c26edvfee995379924fac4@mail. gmail.com>
<6caf1b510901201059y15adc5dfu2b5a70a38853c1fb@mail. gmail.com>
<184683860901201535g297a3707sd177c327a14cdd98@mail. gmail.com>
X-Google-Sender-Auth: 431cc0e466cfeac9

------=_Part_56853_23701914.1232495470280
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Matt,

You mentioned that there was abundance of stored information regarding your
"research" of EBW. Specifically, documents and camtasia videos that have
logged your "research". Can you please provide those to me in a secure and
confidential manner ASAP?

Thanks,
Jason

________________________________________________

What would you do in my shoes? That's right! Downplay the importance of any existing documents and end communications as soon as possible.

________________________________________________


MIME-Version: 1.0
Received: by 10.115.54.16 with HTTP; Wed, 21 Jan 2009 20:04:47 -0800 (PST)
In-Reply-To: <6caf1b510901201551n782b764bwbea2a817c0755891@mail. gmail.com>
References: <184683860901031628h28ca51e5ibf0704dc5b069120@mail. gmail.com>
<184683860901200221x4e1c26edvfee995379924fac4@mail. gmail.com>
<6caf1b510901201059y15adc5dfu2b5a70a38853c1fb@mail. gmail.com>
<184683860901201535g297a3707sd177c327a14cdd98@mail. gmail.com>
<6caf1b510901201551n782b764bwbea2a817c0755891@mail. gmail.com>
Date: Thu, 22 Jan 2009 13:04:47 +0900
Delivered-To: jindq1@gmail.com
Message-ID: <184683860901212004s3cba4441u23968aa8f774241d@mail. gmail.com>
Subject: Re: Wikipedia GFDL License Infringement / Civil Libel Notice
From: None None <jindq1@gmail.com>
To: Jason ********* <jason@ebaumsworld.com>
Content-Type: multipart/alternative; boundary=00163646c21c94d59c04610a5f2a

--00163646c21c94d59c04610a5f2a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Mr. *********,

The documents are similar to the ones that were sent to your associate
"Vic". They include several white papers regarding security vulnerabilities
within the ebaumsworld.com website and particular problems with the user
system. Some of the security problems have already been outlined to 'Vic'
and at our last phone conversation assured me he would not be needing any of
them, therefor I doubt they will be of any benefit to ebaumsworld.

I did however, think that they would be beneficial to the other website
communities regarding proper user website designs and basic SQL/Website
interface implementation.

I will of course respect your wishes to not release those documents to
anyone for any reason as they were created for a particular purpose of
educating ebaumsworld staff. I do not however, believe they will do you any
good as your associates have well spelled out.

Wishing ebaumsworld.com all new success in 2009!


Matthew N. Wright
President MWICPS


__________________________________________




Since then, I have worked closely with the new admins in fixing these problems and others on the website, and yet to this day, the 'veterans' over at ebaumnation (which I'd like to go on the record as saying, is just about as important to the internet as digg, considering it's just youtube video embeds mostly) would still die for the ideal that I was some hacker who blackmailed ebaumsworld 'that time'. This is obviously because they don't want the complicated truth and its easier to believe the biased admins. I have since then tried one single occasion to explain to users on ebaumnation what actually happened, within MINUTES of said posting having the contents changed by a veteran user given forum moderator privaleges to "I rape children" or something to that nature.

In Korean, they have an expression: "Dapdap-hay". It means, extremely frustrating but it's used as an expression at the time of said feeling. So in the honor of the country where I currently reside as a successful book author and international school principle,



Dapdap-hay.

What the fuck is this shit? How about a summary instead of a brick wall.

:facepalm: Try not being a dumbass. I'm guessing, if you ever pick up the newspaper, you go straight to the comics.

:facepalm: Try not being a dumbass. I'm guessing, if you ever pick up the newspaper, you go straight to the comics.

Oh. You're right. But how about giving me a summary since you know what it means...

Who the fuck is Eric Bauman, and why the fuck would I give a shit about him?

:facepalm: Try not being a dumbass. I'm guessing, if you ever pick up the newspaper, you go straight to the comics.

Here we go with the same BS again

:facepalm: Try not being a dumbass. I'm guessing, if you ever pick up the newspaper, you go straight to the comics.

Nonsense. The question is valid, and most don't have time to hire 12 jury members to figure out the dynamics of this mess of a thread.

If a man can't explain a story in 'plain english' or terms a layman can understand, hes:

A. Probably lying / full of shit
B. Probably doesn't know what he's talking about.

My general feel of this thread is OP may be a bit book smart / street dumb.
That said, A summary is very little to ask.

Here we go with the same BS again

What do you mean BS..again?

Alright, I really did read this and understood (most of) it, basically, he found some big glitches in EBW, tried to help, got toyed with, has major black mail material on EBW.

Alright, I really did read this and understood (most of) it, basically, he found some big glitches in EBW, tried to help, got toyed with, has major black mail material on EBW.

Yeah, I also read the whole thing, and what I gleaned from it was that this kid hacked the site and demanded that the old regime compensate him for it.
How 'bout I break into a bank safe, walk away with a couple million dollars, and then call the bank president the next day telling him that I'll return his money for a small reward?

He was owned.


EDIT: Hey OP - I'd say there is a 100% chance that you are also gnome.

As I remember it, OP found some glitches and tried to blackmail the site admins with it. They humored him a bit to gauge what exactly he knew and what exactly the threat was. Then they decided to fuck with him a bit. That pissed him off.

These crazy kids posting words that i refuse to read.

The brief summary I received from the current administration about the fall of the old staff matches up pretty well with what this guy is saying. I read the whole thing and it, to the best of my knowledge, is legit.

I suggest you people who are demanding a summary take time to read the whole thing. To summarize would certainly exclude some major details.


If you skip over email headers and whatnot, it's not really a big read.

I refuse to read it because I don't really give a shit about details.

I refuse to read it because I don't really give a shit about details.

Then stop bitching and go read another thread.

I haven't bitched. And I am still demanding, DEMANDING, a summary. I refuse to post anywhere until I get it. I don't want a single detail, only a summary.

http://comps.fotosearch.com/comp/IGS/IGS931/stubborn-boy_~IS851-014.jpg

Ok, here's the detail free summary you are asking for;


The old staff was fired. Made a new site.

Too many details. Try again.

Too many details. Try again.

You are on the internet.

You are on the internet.

Less details.

Less details.

.


tenchars

The brief summary I received from the current administration about the fall of the old staff matches up pretty well with what this guy is saying. I read the whole thing and it, to the best of my knowledge, is legit.

I suggest you people who are demanding a summary take time to read the whole thing. To summarize would certainly exclude some major details.


If you skip over email headers and whatnot, it's not really a big read.

So the current admins are saying that we were fired due to a guy attempting to scam ereps?

Nice one ****** and ****.

Here's a TL;DR for Wrights post:

I found a way to get a shit ton of EREP points scamstyle so I used it to get my chink friend and my fugly girlfriend a ton of points. And then I got banned and said, but I poop from there :wah:.

Not right now you don't.

http://upload.wikimedia.org/wikipedia/en/thumb/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg/454px-Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg

nice chalk faggot.

So the current admins are saying that we were fired due to a guy attempting to scam ereps?

Nice one ****** and ****.

Here's a TL;DR for Wrights post:

I found a way to get a shit ton of EREP points scamstyle so I used it to get my chink friend and my fugly girlfriend a ton of points. And then I got banned and said, but I poop from there :wah:.

Not right now you don't.

http://upload.wikimedia.org/wikipedia/en/thumb/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg/454px-Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg

nice chalk faggot.

unban me over at EBN so i can post some more shit porn in pictures

So the current admins are saying that we were fired due to a guy attempting to scam ereps?

Nice one ****** and ****.

Here's a TL;DR for Wrights post:

I found a way to get a shit ton of EREP points scamstyle so I used it to get my chink friend and my fugly girlfriend a ton of points. And then I got banned and said, but I poop from there :wah:.

Not right now you don't.

http://upload.wikimedia.org/wikipedia/en/thumb/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg/454px-Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg

nice chalk faggot.



Darc isn't an admin.

Darc isn't an admin.

Darc said that is what cthe current admins told him. nobody is saying darc is an admin.

I'm not on the ball tonight. Fuck everyone I hate all of you.

So the current admins are saying that we were fired due to a guy attempting to scam ereps?

Nice one ****** and ****.

Here's a TL;DR for Wrights post:

I found a way to get a shit ton of EREP points scamstyle so I used it to get my chink friend and my fugly girlfriend a ton of points. And then I got banned and said, but I poop from there :wah:.

Not right now you don't.

http://upload.wikimedia.org/wikipedia/en/thumb/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg/454px-Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg

nice chalk faggot.

No. In short I was told due to the poor handling of a situation involving the main site, and abuse of mod/admin powers the people in question were relieved of their positions.

Details were vague.


So is this guys info accurate? or is he withholding some info on how things went down?

No. In short I was told due to the poor handling of a situation involving the main site, and abuse of mod/admin powers the people in question were relieved of their positions.

Details were vague.


So is this guys info accurate? or is he withholding some info on how things went down?

The abuse of Mod/Admin powers is completely baseless. This is the first I've heard of it and if any of the power that be would like to give an example I'd be really interested.

I know exactly why we were fired, Zvue as a whole was/is trading at ~1 cent. It was very easy to fire the entire EBW staff and get some people to upload the latest videos from break / collegehumor / digg / reddit. Makes a ton of business sense (That's why I'm not bitter anymore, gotta do what you gotta do to get paid).

They've done that a ton of times and ran the site into the ground each time. putfile.com, holylemon.com, yourdailymedia.com, dorks.com, funmansion.com all Zvue sites, all worse off than when they stepped in.

Regardless, I've got no beef with this place, and I hope it does well. I just don't like that the current admins are spreading false rumors about what happened.

Also, M_Wright is a moron no matter what side you are on. Go post about your fake korean school douche.

mgunit, any updates on the unbanning so i can post shit porn?

The abuse of Mod/Admin powers is completely baseless. This is the first I've heard of it and if any of the power that be would like to give an example I'd be really interested.

I know exactly why we were fired, Zvue as a whole was/is trading at ~1 cent. It was very easy to fire the entire EBW staff and get some people to upload the latest videos from break / collegehumor / digg / reddit. Makes a ton of business sense (That's why I'm not bitter anymore, gotta do what you gotta do to get paid).

They've done that a ton of times and ran the site into the ground each time. putfile.com, holylemon.com, yourdailymedia.com, dorks.com, funmansion.com all Zvue sites, all worse off than when they stepped in.

Regardless, I've got no beef with this place, and I hope it does well. I just don't like that the current admins are spreading false rumors about what happened.

Also, M_Wright is a moron no matter what side you are on. Go post about your fake korean school douche.



EDIT: VVVVV r u hot chick?

Yeah, like I said, I got very vague details. No names dropped or anything, just one side of the story in a few sentences.

Either way, I'm not playing the blame game. I wasn't involved, so I have no real input on what happened. I think it sucked for everyone when it all went down though.

The abuse of Mod/Admin powers is completely baseless. This is the first I've heard of it and if any of the power that be would like to give an example I'd be really interested.

I know exactly why we were fired, Zvue as a whole was/is trading at ~1 cent. It was very easy to fire the entire EBW staff and get some people to upload the latest videos from break / collegehumor / digg / reddit. Makes a ton of business sense (That's why I'm not bitter anymore, gotta do what you gotta do to get paid).

They've done that a ton of times and ran the site into the ground each time. putfile.com, holylemon.com, yourdailymedia.com, dorks.com, funmansion.com all Zvue sites, all worse off than when they stepped in.

Regardless, I've got no beef with this place, and I hope it does well. I just don't like that the current admins are spreading false rumors about what happened.

Also, M_Wright is a moron no matter what side you are on. Go post about your fake korean school douche.



Think I could get a summary?

Think I could get a summary?

EBW: WE RICH BICH

ZVUE: Hey, what the fuck make more money our mp3 players are suck we got journey and everything.

EBW: FUK U NOOB SHUFFLEBOARD LOL

ZVUE: LoL we're in ur base killin ur doods.

EBW: awwww :wah: TO WORDPRESS!

don't stop believin'

And they all lived happily ever after.

:dbagsmile:

EBN: Fuck you Pierce, you banned for no reason.

EBW: Fuck you Pierce, you mod for no reason.

EBN: Fuck you Pierce, you banned for no reason.

EBW: Fuck you Pierce, you mod for no reason.

You know why ya got banned, what are ya, whacked out on goofballs?

Whats it take to get banned around here? not that I'm going to do anything like that at all.

You know why ya got banned, what are ya, whacked out on goofballs?

Whats it take to get banned around here? not that I'm going to do anything like that at all.

I'm not exactly sure why I got banned but I think I know. I'm just not sure if it was a legitimate reason.

I don't really like banning people that much, I prefer talking to them first and warning them and shit and trying to earn some respect and shit I dunno, I think banning is dumb. But I know Darcsystems has to refrain himself from banning people. He's tried banning me a couple of times.

Whats it take to get banned around here? not that I'm going to do anything like that at all.


I don't really like banning people that much, I prefer talking to them first and warning them and shit and trying to earn some respect and shit I dunno, I think banning is dumb. But I know Darcsystems has to refrain himself from banning people. He's tried banning me a couple of times.

pierce is too soft.

I will ban him one day though.

pierce is too soft.

I will ban him one day though.

Nope, never. I'm invincible. *insert picture of boris*

My bad. The reason why I didn't give a summary here is because everyone's already heard the whiney story a hundred times, but without the details before. The summary is that they treat people poorly and are completely unprofessional. As everyone else is already saying here too, I was an arrogant asshole and was wrong to try to 'hack' the website in the first place. I couldn't agree more. With that, I'll also never change, allowing for situations like this to arise in the future as well. Oh Joy!

I'll give a summary: OP is an arrogant windbag. Just take a look at the self-fluffing he made for his Wikipedia page (in love with yourself much?): http://en.wikipedia.org/wiki/User:Matthew_wright

And his pic: http://upload.wikimedia.org/wikipedia/en/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg
A total asswipe.

P.S.....you probably think your post is going to rattle this website and forum, but nobody cares that a bunch of old moderators hurt your feelings.



True. My wikipedia about page for myself is full of fluff. It's basically an advertisement for Koreans who have difficulty trusting round eye.

False. No one thinks the post is going to rattle the website. It is meant for information. If any rattling was going to happen, it should have been started in June when they were on the way out.

False. I'm not mad. Far from it. I'm just having fun going through my old email logs. How could I be mad when I can still do basically anything I want on the website? Why do you think I have been working with the new admins? Where do you think I heard the reason for their being let go? Jesus Christ you people are thick and slow.

True. I do love myself. I guarantee I do more and make more money than you have or ever will. What's not to love?

True. Asswipe. That particular picture was also geared towards Korean's infatuated with westerners in teaching poses (they would prefer we all dress like harvard professors too, even when we're swimming). I take the criticism and raise you a "you've never done anything interesting with your life and therefor wouldn't understand putting yourself out there for others to attack".

Bring it on, poser.


As for anyone else who refuses to question the actions of the previous admins solely based on the fact that they are currently members of ebaumnation and still believing everything they say, the question is not whether I made a mistake or not, that's a given. The question is were the unprofessional waste of time and resources, slander, and lies necessary?

True. My wikipedia about page for myself is full of fluff. It's basically an advertisement for Koreans who have difficulty trusting round eye.

False. No one thinks the post is going to rattle the website. It is meant for information. If any rattling was going to happen, it should have been started in June when they were on the way out.

False. I'm not mad. Far from it. I'm just having fun going through my old email logs. How could I be mad when I can still do basically anything I want on the website? Why do you think I have been working with the new admins? Where do you think I heard the reason for their being let go? Jesus Christ you people are thick and slow.

True. I do love myself. I guarantee I do more and make more money than you have or ever will. What's not to love?

True. Asswipe. That particular picture was also geared towards Korean's infatuated with westerners in teaching poses (they would prefer we all dress like harvard professors too, even when we're swimming). I take the criticism and raise you a "you've never done anything interesting with your life and therefor wouldn't understand putting yourself out there for others to attack".

Bring it on, poser.


As for anyone else who refuses to question the actions of the previous admins solely based on the fact that they are currently members of ebaumnation and still believing everything they say, the question is not whether I made a mistake or not, that's a given. The question is were the unprofessional waste of time and resources, slander, and lies necessary?





I think the real question is, who gives a shit anymore? I doubt any member here cares who was actually right or wrong in the situation.

Needs more dancing


:awesome::awesome::awesome::awesome::awesome:

EBW: WE RICH BICH

ZVUE: Hey, what the fuck make more money our mp3 players are suck we got journey and everything.

EBW: FUK U NOOB SHUFFLEBOARD LOL

ZVUE: LoL we're in ur base killin ur doods.

EBW: awwww :wah: TO WORDPRESS!

don't stop believin'

And earlier you said you weren't bitter.........:confused:
MG, Fact is the new staff doesn't even have a clue on why it happened.

Alright, I really did read this and understood (most of) it, basically, he found some big glitches in EBW, tried to help, got toyed with, has major black mail material on EBW.

:idea:

Thats what I got out of it

I think the real question is, who gives a shit anymore? I doubt any member here cares who was actually right or wrong in the situation.

Here! Here!

True. My wikipedia about page for myself is full of fluff. It's basically an advertisement for Koreans who have difficulty trusting round eye.

False. No one thinks the post is going to rattle the website. It is meant for information. If any rattling was going to happen, it should have been started in June when they were on the way out.

False. I'm not mad. Far from it. I'm just having fun going through my old email logs. How could I be mad when I can still do basically anything I want on the website? Why do you think I have been working with the new admins? Where do you think I heard the reason for their being let go? Jesus Christ you people are thick and slow.

True. I do love myself. I guarantee I do more and make more money than you have or ever will. What's not to love?

True. Asswipe. That particular picture was also geared towards Korean's infatuated with westerners in teaching poses (they would prefer we all dress like harvard professors too, even when we're swimming). I take the criticism and raise you a "you've never done anything interesting with your life and therefor wouldn't understand putting yourself out there for others to attack".

Bring it on, poser.


As for anyone else who refuses to question the actions of the previous admins solely based on the fact that they are currently members of ebaumnation and still believing everything they say, the question is not whether I made a mistake or not, that's a given. The question is were the unprofessional waste of time and resources, slander, and lies necessary?

TL;DR = U Mad

:facepalm: Try not being a dumbass. I'm guessing, if you ever pick up the newspaper, you go straight to the comics.

Try following your own advice and not flaming a moderator. Much less MY MOOB. Nobody here gives a flying fuck about your opinion, Captain Two-Post.

As far as this thread is concerned, I'll agree with Pierce. I'll go further and say this poster is attmpting to incite drama by making something that is almost a year old a current issue again, which is against the rules.

And mgunit, the abuse theory isn't baseless. The favoritism by many moderators was blatant. Favoritism is abuse.

Strados, you're my hero.

So the current admins are saying that we were fired due to a guy attempting to scam ereps?

Nice one ****** and ****.

Here's a TL;DR for Wrights post:

I found a way to get a shit ton of EREP points scamstyle so I used it to get my chink friend and my fugly girlfriend a ton of points. And then I got banned and said, but I poop from there :wah:.

Not right now you don't.

http://upload.wikimedia.org/wikipedia/en/thumb/a/a3/Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg/454px-Wikipedia_Press_Photo_Tie_Chalkboard_Pose_2009.jpg

nice chalk faggot.

indeed .its yellow

And earlier you said you weren't bitter.........:confused:


You read that as bitter? It's a burn on both sides lol. It's known fact that ZVUE players are garbage, if you had ever used one you'd agree with me. Other than that the rest of the post was making old EBW staff look bad.

Fact is the new staff doesn't even have a clue on why it happened.

So you're a staff member? Then why is Darc getting misinformed about things?

And mgunit, the abuse theory isn't baseless. The favoritism by many moderators was blatant. Favoritism is abuse.
[Citation needed]

I guarantee I do more and make more money than you have or ever will. What's not to love?
wow... Fine, lets start with the eyebrows (the ears). dbag chalkboard pose, the fake korean school, and the 12 gigs of tentacle rape porn on your hard drive.


As for anyone else who refuses to question the actions of the previous admins solely based on the fact that they are currently members of ebaumnation and still believing everything they say, the question is not whether I made a mistake or not, that's a given. The question is were the unprofessional waste of time and resources, slander, and lies necessary?
Are you still crying because your script kiddy shit didn't get you a free tv?

The only thing that I can add to this conversation is from what I understand, this situation with m_wright and all things involved had nothing to do with the staff being let go.

:wave:

You read that as bitter? It's a burn on both sides lol. It's known fact that ZVUE players are garbage, if you had ever used one you'd agree with me. Other than that the rest of the post was making old EBW staff look bad.



So you're a staff member? Then why is Darc getting misinformed about things?


[Citation needed]


wow... Fine, lets start with the eyebrows (the ears). dbag chalkboard pose, the fake korean school, and the 12 gigs of tentacle rape porn on your hard drive.



Are you still crying because your script kiddy shit didn't get you a free tv?

Me a Staff ? No.
MG it did sound just a little tense and come off that way "bitter". But Curious......... Burn on both sides?

By the way a little birdy told me............
1.Eric and Kelley were planning on buying a steakhouse in Rochester
2.Eric grew some Balls and popped the Question to Kelly.
3. Mikey Actually lost a hundred pounds Using the Jerod's Subway diet?

Might be all BS, but stranger things have happened......


wow... Fine, lets start with the eyebrows (the ears). dbag chalkboard pose, the fake korean school, and the 12 gigs of tentacle rape porn on your hard drive.

That was quite Funny.......I expected someone tottaly different.......Like A Ted Bundy/ Jefferey Dommer look-a-like........never mind (insert funny burn here)


:whip:

PepperPeanut is correct. This actual situation isn't the only reason why they were canned, and the economy had something to do with it obviously, but what I heard from JFetus was that their attitudes and unprofessionalism, this particular case as an example, is what caused them all to be in question to begin with.


I'd say you're jealous you don't have awesome eyebrows like mine. As for the pose, if you look in the Ebaumsworld.com photo archives, I have a pose involving Santa Clause and lube that would probably suit your tastes better.

"Fake school"? What exactly is a fake school? A school without a building? A school that doesn't have classes? A school not registered with the Ministry of Education in the country its' operating in? If so, do your homework. It's not only not fake- it's real!

I'm pretty sure the tentacle rape porn is the only thing you got right.

:boink: Bam! Giggitty Giggitty!

^^Delusions of grandeur. Please ban.

I find it irritating how some people take the PETA approach to debates, resorting to the hands-over-ears 'lalalala' defense and shouting 'ban!' whenever they have no valid arguments against something.

Furthermore I'd like to say that I am so far away from ever needing your feedback in order to function in my life, that from this moment on, unless you have a comment relating to the actual topic of this post, I will no longer be dignifying it with a response.

As a measure of compromise to those who feel this thread is biased and self serving, I'll change the thread title to something a little more accurate.

I think the real question is, who gives a shit anymore? I doubt any member here cares who was actually right or wrong in the situation.

P.S.....you probably think your post is going to rattle this website and forum, but nobody cares that a bunch of old moderators hurt your feelings.


View Poll Results: What do you think is at fault?

Voters: 21

Yea...you're probably right.. :rollseyes

My favorite part of this saga (which hasn't been mentioned yet) is when m_wright started telling people he was employed at eBaumsworld and physically IN the Rochester office. It was awesome when he told admin's alter-ego account that everyone in the office was out to lunch at the moment and got into a pissing match with him, I believe the admin in question was dt. :dbagsmile:

my favorite part of this saga (which hasn't been mentioned yet) is when m_wright started telling people he was employed at ebaumsworld and physically in the rochester office. It was awesome when he told admin's alter-ego account that everyone in the office was out to lunch at the moment and got into a pissing match with him, i believe the admin in question was dt. :dbagsmile:
vvvvvvvvvvvvv

at this time, vic and the other technicians at ebaumsworld had been communicating with me, pretending to be avid users of the site who knew of numerous security holes, trying to befriend me, earn my trust, and even trying to test me. i did what i could to draw them out as much as possible by lying about my position and job and even about my abilities, which later led the real vic to believe i was impersonating an employee and further fuel his dislike of me, causing him to further his masquerade.

My favorite part of this saga (which hasn't been mentioned yet) is when m_wright started telling people he was employed at eBaumsworld and physically IN the Rochester office. It was awesome when he told admin's alter-ego account that everyone in the office was out to lunch at the moment and got into a pissing match with him, I believe the admin in question was dt. :dbagsmile:


st4rfucker: As you may have missed (understandably considering the length of the posts above), I already addressed both the fact that they were pretending to be a hacker on the site and that, in order to help them find out who it was I did in fact impersonate an employee in order to piss them off and get them to continuously attack me (which actually worked to a degree but ultimately did not lead to any contact information being retrieved for the obvious reason that the individuals in question were involved in a conspiracy against me).


Also: I hate to tell you this, but those 2,000,000 points you gave me along
with the 56,000 I earned in the past 48 hours have been taken away again by
a malicious veteran user who didn't like me claiming I was helping
ebuamsworld. It doesn't bother me too much though, as I know you guys
remember how many points I had and can give them back if they get taken away by this malicious user.


Take notice to my warnings to the staff that possibly dangerous users not only existed, but were seemingly obsessed with harassing me, and how I was determined to assist them by leading this devious users on in order to extract information from them. I'm pretty sure I was doing my job and nothing more, contrary to the frothing load that Vic posted in my blog that most of the veterans here would die by.


At this time, I had already introduced myself to the general community in the blogs and postings as someone working at ebaumsworld.com both to encourage feedback about existing security concerns and to flush out hackers of the website. Almost immediately revealing myself, there was quite an onslaught of attacks against my account, including superuser level modifications of my profile. Knowing the website was full of holes, I assumed it was just some other crafty users, and sought to flush them out in private messages (and succeeded to do so on numerous occasions). Little did I know, these 'hackers' were actually the admins and other technicians spending their hourly pay toying with me and creating a sense of urgency on the website, involving even the website's non-paid moderators such as Jen.


As a normal user account without system access at the time, there would have been no way of knowing if the system was more faulty than I had imagined or if the admins were just screwing with me. I'm pretty sure I did a good job handling it.


These veteran users, who are they? You said we've no way of banning
them from the site because of those PROXY Servers you mentioned, so is
there anything else you can do? We have contacts with the FBI. Can you
find out more information on these users who stole your points? Can you
get their name, address, or phone number? With that, we might be able
to do something. I only ask because you seem like someone of that
caliber to procure those things. It would be a HUGE help to us.

Please continue reporting these finds, it is much appreciated.

--
Vic


Note: I was asked by Vic to continue doing anything it took to uncover the identities and methods of the would be hackers, which is exactly what I did.



You needn't involve any authorities as this person has not broken the law-
yet. According to cybercrime laws, a person needs to access to certain
places that are OBVIOUSLY off limits. Your website is making it so easy to
do things without ever accessing those areas. FBI will not be able to help
you in this particular situation. The only harm this person has been doing
is hijacking my account in order to tamper with it to "prove" something to
me, and scare me, as he does not believe I am actually working with
ebuamsworld. Instead he believes that I am there using the very exploits I
am here to fix. He doesn't believe the 2,000,000 points were gifted, and
retaliated against me for his lack of understanding. He also claims to
communicate regularly with eric, and mentioned that eric doesn't like me.
For this, I think he's talking out of his ass- but at the same time, you
never know who you're talking to, so I have a solution that is non-technical
but more social...

If I can make him take me serious, I wholeheartedly believe he would assist
me in patching this hole up. At the moment though, he;s looking at my
account as if I was just a kid trying to steal points from ebaumsworld. He
isn't listening to me, and he won't know who anyone there in your group is
if you tried to contact him...

I do have a possible solution to this though- if Eric himself can tell him
that I am working with you, or possibly even put it on the website, he will
not be able to deny it and then he will be forced to show his true colors.


Take note that not only did I tell Vic what I was doing, including telling the general public that I was working with ebaumsworld, but I also asked for them to step in and let the users know themselves, to which I never received either confirmation for or opposition against doing.

This combined with my continued honesty towards the staff should lead any sensible thinking person to the conclusion that they were more interested in toying with me for their own personal entertainment and not at all for any of the false arguments they gave in the last conversations, thus supporting my original argument that they were unprofessional and deserving of what they got.

Basically, as everyone's been saying, I got screwed and was pissed. I'm not so much pissed at them anymore so much as pissed at people who after looking at painfully obvious evidence of their unprofessionalism and immaturity still prefer to take refuge in their ignorance and continue to post nonsensical baseless accusations and gossip about either me or what one single employee had said about me.

It is truly mind boggling.:ugly:

:confused:
Mathew,

I'm throwing this out there so everyone can end this shit and go back to being regulars again...and the questions that are in the back of all there minds but they wont say it............Why in the first place did you start all this shit back then, What was the true motivation ? "You say it wasn't malicious but fact is it was". Who the fuck does all that work when there's absolutley no pay involved? You must really...really reaaaaaaaaaalllllllllllllly love the site. I also remeber with the new staff you wrote a threating blog saying you'd give all the users the gliches due to the fact that they didn't get back to you in two days. To me, you sounded like a 4chan whiney wannabee hacker on a power trip to just begging for a fight...so How the fuck were the staff supposed to feel about that?
"Notice the hostility there, the staff thought worse than that probally"
If I was in there shoe's you sure as hell better believe I'd retaliate.


But on the different side of the fence you did offer help, but in a demanding manner.
Some people in this world cant take constructive critism.
But whats past is past, and obviously you grew mature. I'm looking at the both sides here and being devils advicate.:cool:

I hope My point came across clear and was not to be insulting but as an example

But seriously if you really wanted to Slap Eric Bauman in the Face......... Get nudies of his GF on here

I'm throwing this out there so everyone can end this shit and go back to being regulars again...


I was going to say something along the lines of "I appreciate your wanting any arguments to end", but as you seem to be a tad narcissistic in your claim that users will no longer 'need' to post here once you've posted, I can't help but hesitate on commending you.


..and the questions that are in the back of all there minds but they wont say it............


I'm pretty sure if there was anything on anyone's mind, they would say it. They've said everything else. So I will take your inquiry as it actually is-- your personal inquiry.


Why in the first place did you start all this shit back then, What was the true motivation ? "You say it wasn't malicious but fact is it was".


After reading the e-mails again carefully, I can't quite fathom how anyone would say I was starting shit. In fact, I was saving the God damn day.

If you're referring to my original curiosity that brought me to test the site's limitations and vulnerabilities-- obviously you wouldn't fit in much with the MIT crowd-- or the 2600 crowd-- or any technologically conscious crowd for that matter. Some people are just natural born scientists with theories itching to be proven or misproven. And I probably have ADHD.


Who the fuck does all that work when there's absolutley no pay involved?

Really...Have you SEEN any of my websites? I once wrote a 3D RPG for 1 month and then gave up on it completely without batting an eye. I do for the adventure and opportunity for experience. That is the only reward I have ever needed. If that's not enough explanation for you, throw in the ADHD one again for good measure.


I also remeber with the new staff you wrote a threating blog saying you'd give all the users the gliches due to the fact that they didn't get back to you in two days.


That was only after repeated failed attempts to receive feedback from the new admins after numerous attacks. After reading this thread, you can't see where my lack of faith came from? It all worked out though and I work with them now.


To me, you sounded like a 4chan whiney wannabee hacker on a power trip to just begging for a fight...so How the fuck were the staff supposed to feel about that?


I'd like to agree with you there, except I just don't see that tone in my original emails. I've gone over it, over and over again in my head and although I can understand the lack of trust, no real whining occurred and I'm pretty sure even if it did, the amount of help I was giving them (which they continued to leach off of me for days) was not deserving of their reaction, a reaction that-- as is the entire point of this thread- was both unprofessional and overboard.


"Notice the hostility there, the staff thought worse than that probally"
If I was in there shoe's you sure as hell better believe I'd retaliate.


This is one thing I can totally agree with. In looking back, I can't be sure why I was so hostile in the beginning, and I'm pretty sure I cured that after my final conversation with Jason *********. I'm pretty sure I agreed with them emphatically over the phone too when they used that as a cheap excuse for how they had treated me too. That being said, their elaberate reaction was overboard and uncalled for.



But on the different side of the fence you did offer help, but in a demanding manner.
Some people in this world cant take constructive critism.


I don't do that as a practice anymore. I learned a lot from this ordeal. The problem is I DO take constructive criticism (see the part about growing up on IRC), and basically it was my way of finding the shape of the world as a young kid too. Elaborate hoaxes that waste people time and money, followed by slander and outright lies don't add up to criticism for me though, and thus it is still hard to let go because there are still silly users on this very thread who are not even thinking, they're just remembering what Vic posted on my blog and without a backbone at all making a judgment on me.

Sad. So sad. :facepalm:


But whats past is past, and obviously you grew mature. I'm looking at the both sides here and being devils advicate.:cool:

I hope My point came across clear and was not to be insulting but as an example

But seriously if you really wanted to Slap Eric Bauman in the Face......... Get nudies of his GF on here

I totally take your point and I respectfully and humble assert that I was completely off from the beginning by contacting ebaumsworld staff in a pushy arrogant manner.

Now if only someone else would bother to agree with the fact (up to liability in a civil suit) for the waste of time, money, abuse of my programming talents, slander and continued harassment by Vic, then this thread would not even have been necessary.

Until then, back to fixing the vandalism on my wikipedia page due to the popularity of this thread.

^I hate you.

They probably didn't want to read your 25 pages of bullshit OP.

Wait, are you the one who posted previews on eBn of new website material for opinions? The pages with the sloppy template WYSIWYG code? I hope not.

I remember pulling a prank (which although has been taken down, the comments page for it is still up) where someone could hover over a link and automatically have their entire page redesigned to some gay porn theme or something to that nature. If that's what you're talking about then yeah.

If you're referring to something that was supposed to be of actual use to anyone, no I don't recall doing anything of that nature.

Edit: I noticed just now you were referring to ebaumnation- in that case, the only thing I've EVER done there was make a script that whenever someone looked at my posted picture it would automatically make their account post a comment that says things like "I love hitler" or something like that.

Edit: I noticed just now you were referring to ebaumnation- in that case, the only thing I've EVER done there was make a script that whenever someone looked at my posted picture it would automatically make their account post a comment that says things like "I love hitler" or something like that.

Did it work?

Of course. 'm_wright' was immediately IP banned after that and I never bothered to go back since.