TeamSpeak Server Crash v3 [3.0.12]

Status
Not open for further replies.
Dec 5, 2015
25
2
35
I get disconnected on all servers
<18:02:04> "iGU313DKAU6FX2O" connected to channel "[cspacer1]»»»» Welcome ««««"
<18:02:05> "iGU313DKAU6FX2O" disconnected (R4P3.NET)

TS3SRV version 3.0.11.4
 

Qraktzyl

Retired Staff
Contributor
Nov 2, 2015
997
728
161

maxmuen

Member
Oct 12, 2015
25
29
45
apparently teamspeak dont know what to do with this issue. They dont even answer threads or posts about this topic. Plus teamspeak forums accuse us being black hats. We are grey hats we found vulns and share them. We dont use them malicious intend. The information we share can be used by black hats or companies. That is not our concern. We dont share them publicly because they can be exploited too much. I hope this answer satisfies you people.
about the black hat stuff, they are right. a "grey hat" would subscribe to the "do no harm"-principle. the release did do harm, and is used only for doing harm. Also, in my eyes, calling oneself a gray hat is like calling oneself an idiot. That being said, i find all that white, grey, black stuff is immature nonsense anyway.
 

Qraktzyl

Retired Staff
Contributor
Nov 2, 2015
997
728
161
about the black hat stuff, they are right. a "grey hat" would subscribe to the "do no harm"-principle. the release did do harm, and is used only for doing harm. Also, in my eyes, calling oneself a gray hat is like calling oneself an idiot. That being said, i find all that white, grey, black stuff is immature nonsense anyway.
We told TeamSpeak GMBH in advance about the exploit for them to fix it and they didn't listen to us. We acted.
We asked the users to use the tool on their own server, and we do not control the behavior of the people using the tool. If TeamSpeak GMBH needs to see half of the servers down before taking it seriously, well it's the way it will go. This company clearly needs to change the way they are dealing with their dangerous software. They need to have security in mind.

So, to resume, we are grey hats (stupid). We want to change the world, to make it more secure, by any means it takes.
This is what happens when we are not listened to.
 

Asphyxia

Owner
Administrator
Apr 25, 2015
1,844
2
2,197
327
about the black hat stuff, they are right. a "grey hat" would subscribe to the "do no harm"-principle. the release did do harm, and is used only for doing harm. Also, in my eyes, calling oneself a gray hat is like calling oneself an idiot. That being said, i find all that white, grey, black stuff is immature nonsense anyway.
Okay, so how do you suppose we could make TeamSpeak 3 more secure? Most certainly we could just release the protocol to the wild, I propose that is a very mature and adult idea (sarcasm). The VIP supporters in/around this forum are a handful of different types. We have server admins that want patches/fixes or answers, we have researchers that just enjoy security and we even have TeamSpeak 3 staff or spies (hello there).

Just wait until actual black hats start screwing with TeamSpeak 3 the way us grey hats have approached things (we have approached things with everyone's safety in mind by making PoC tools which cause a simple crash, imagine an infection kit ready to go for skids to go around infecting everyone on TeamSpeak 3 sold on a black market for hundreds of dollars per buyer). Next time around there is an RFI in the hands of a black hat team --- you will see a massive botnet constructed from TeamSpeak 3 being prone to infecting computer systems. No offense to you, but in all fairness you did just call anyone on the R4P3 team an idiot. Grey hats do not subscribe to the "do no harm" principal, I think your definition of white hat and grey hat are mixed up. A grey hat is simply non-malicious and even individuals non-malicious may do harm (without intent). Think for example a police officer --- sometimes they do have to make tough decisions like using nonlethal weapons to subdue a threat or unfortunately and very lastly shoot someone (these are always tragic cases and I promise police officers do not actually want to kill people, they are only trying to protect everyone --- the psychological trauma they go through, the nights of crying and their suicide rates are all too high to be inhumane assholes.. the majority of them anyways).

So, my question then to you maxmuen is this: just because police sometimes have to make decisions after warning people that result in bodily harm, sometimes even death and sometimes even putting themselves in situations where they know they could absolutely die, then does this make all police officers idiots? I think not, that would be a very disrespectful statement. I am not comparing R4P3 directly to police officers although I would liken our behavior to police. We give warnings and when people do not take our security warnings seriously, we sometimes have to make tough decisions. Think what you want though. Read the quote at the bottom of the page on our index also. :cool:

White/grey/black is just a measure of ethics. If you think ethics is just immature nonsense, I don't think we are the idiots and I mean that in the kindest way possible. We are not going around stealing people's passwords and credit card numbers. We are merely trying to push for TeamSpeak 3 to tighten up their security by making available Proof of Concept tools which we make people agree to or understand is for research/educational purposes only. The way people use our findings is their choice --- simply not ours and not to represent us.

Even if R4P3 is in any sense black hat by anyone's definition which by the way it makes no sense for you to call us a black team and then call the hat system immature, that would make yourself immature --- would it not? How is your ranking structure if I may ask? Are white hats smart, grey hats are idiots and black hats are magical demons on the Internet that snap your spine without the slightest whisper of a warning? Well, feel free to share your ideas here.

From Wikipedia:
The phrase grey hat was first publicly used in the computer security context when DEF CON announced the first scheduled Black Hat Briefings in 1996, although it may have been used by smaller groups prior to this time.[1][8] Moreover, at this conference a presentation was given in which Mudge, a key member of the hacking group L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to protect the vast number of users of its operating system.[9] Finally, Mike Nash, Director of Microsoft’s server group, stated that grey hat hackers are much like technical people in the independent software industry in that “they are valuable in giving us feedback to make our products better.”

We have given TeamSpeak 3 many valuable warnings and even explained step-by-step how they could reproduce critical security issues/risks in order to have them fixed. When they ignore us and think of security as a joke, we are going to hold them responsible. There are too many people at risk using TeamSpeak 3, we are all probably very much at risk even right now using TeamSpeak 3. Although they do work on their security sometimes and release silly patches --- I personally recommend running TeamSpeak 3 trapped inside a box.
 
Last edited:

maxmuen

Member
Oct 12, 2015
25
29
45
Okay, so how do you suppose we could make TeamSpeak 3 more secure? Most certainly we could just release the protocol to the wild, I propose that is a very mature and adult idea (sarcasm). The VIP supporters in/around this forum are a handful of different types. We have server admins that want patches/fixes or answers, we have researchers that just enjoy security and we even have TeamSpeak 3 staff or spies (hello there).

Just wait until actual black hats start screwing with TeamSpeak 3 the way us grey hats have approached things (we have approached things with everyone's safety in mind by making PoC tools which cause a simple crash, imagine an infection kit ready to go for skids to go around infecting everyone on TeamSpeak 3 sold on a black market for hundreds of dollars per buyer). Next time around there is an RFI in the hands of a black hat team --- you will see a massive botnet constructed from TeamSpeak 3 being prone to infecting computer systems. No offense to you, but in all fairness you did just call anyone on the R4P3 team an idiot. Grey hats do not subscribe to the "do no harm" principal, I think your definition of white hat and grey hat are mixed up. A grey hat is simply non-malicious and even individuals non-malicious may do harm (without intent). Think for example a police officer --- sometimes they do have to make tough decisions like using nonlethal weapons to subdue a threat or unfortunately and very lastly shoot someone (these are always tragic cases and I promise police officers do not actually want to kill people, they are only trying to protect everyone --- the psychological trauma they go through, the nights of crying and their suicide rates are all too high to be inhumane assholes.. the majority of them anyways).

So, my question then to you maxmuen is this: just because police sometimes have to make decisions after warning people that result in bodily harm, sometimes even death and sometimes even putting themselves in situations where they know they could absolutely die, then does this make all police officers idiots? I think not, that would be a very disrespectful statement. I am not comparing R4P3 directly to police officers although I would liken our behavior to police. We give warnings and when people do not take our security warnings seriously, we sometimes have to make tough decisions. Think what you want though. Read the quote at the bottom of the page on our index also. :cool:

White/grey/black is just a measure of ethics. If you think ethics is just immature nonsense, I don't think we are the idiots and I mean that in the kindest way possible. We are not going around stealing people's passwords and credit card numbers. We are merely trying to push for TeamSpeak 3 to tighten up their security by making available Proof of Concept tools which we make people agree to or understand is for research/educational purposes only. The way people use our findings is their choice --- simply not ours and not to represent us.

Even if R4P3 is in any sense black hat by anyone's definition which by the way it makes no sense for you to call us a black team and then call the hat system immature, that would make yourself immature --- would it not? How is your ranking structure if I may ask? Are white hats smart, grey hats are idiots and black hats are magical demons on the Internet that snap your spine without the slightest whisper of a warning? Well, feel free to share your ideas here.

From Wikipedia:


We have given TeamSpeak 3 many valuable warnings and even explained step-by-step how they could reproduce critical security issues/risks in order to have them fixed. When they ignore us and think of security as a joke, we are going to hold them responsible. There are too many people at risk using TeamSpeak 3, we are all probably very much at risk even right now using TeamSpeak 3. Although they do work on their security sometimes and release silly patches --- I personally recommend running TeamSpeak 3 trapped inside a box.
well there is a lot in there. Lets get going.
No i didn't call everyone an idiot, i just believe people calling them self grey hats are idiots. Why? Because it assumes a binary world, where stuff can and is good and/or bad. The idea of grey looks very appealing then. In principle it says: "i want to do black thinks, while white washing my consciousness". To me that looks like that: "i subscribe to a believe system, but i don't like the consequences so i take the easy way out."

As for the question: I don't get your question. Honestly.

You claim you ultimate goal is the improvement of security? Why it is then that you focus on helping people to exploit teamspeak weaknesses instead on informing people about the weaknesses. Would you claim that the current way is the best way to do what you claim to do?

Okay what do i think of White, gray and black hats? I think its a flawed system. Anyone clamming to be a whitehat can be easily proven to a be blackhat, and vise versa. In the end its a function of valuing once action on scale of good to bad. Its my believe that no moral is good or bad, just useful or useless in the context of a given society.
 
Last edited:

Qraktzyl

Retired Staff
Contributor
Nov 2, 2015
997
728
161
Why it is then that you focus on helping people to exploit teamspeak weaknesses instead on informing people about the weaknesses. Would you claim that the current way is the best way to do what you claim to do?
We informed TeamSpeak directly. We were actually very nice in this story. We could have made a "no teamspeak weekend", extended to a "no teamspeak entire week" for a lot of people if we wanted by keeping it to ourselves and some small scripting. We could actually have made a script that shutdowns automatically all the servers from a serverlist by example. How do you think we can get TeamSpeak's GMBH full attention in the future? I'm thinking of a dancing video featuring all the team dancing to the "Qraktzyl" song.

Okay what do i think of White, gray and black hats? I think its a flawed system. Anyone clamming to be a whitehat can be easily proven to a be blackhat, and vise versa. In the end its a function of valuing once action on scale of good to bad. Its my believe that no moral is good or bad, just useful or useless in the context of a given society.
I don't think you can change your mind. You are very stubborn sir. Asphyxia's explanation was clear and yet you still don't want to understand.

If there is really a need to discuss our motives and ways to act, then please open another thread and we will discuss it throughly. However, you are totally closed at the idea of changing your mind.
 
Last edited:

maxmuen

Member
Oct 12, 2015
25
29
45
We informed TeamSpeak directly. We were actually very nice in this story. We could have made a "no teamspeak weekend", extended to a "no teamspeak entire week" for a lot of people if we wanted by keeping it to ourselves and some small scripting. We could actually have made a script that shutdowns automatically all the servers from a serverlist by example. How do you think we can get TeamSpeak's GMBH full attention in the future? I'm thinking of a dancing video featuring all the team dancing to the "Qraktzyl" song.
You offering? ;)
I don't want to judge you guys. I simply very much dislike the "gray hat"-argument.
 
Last edited:
Status
Not open for further replies.
Top