From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alviro.iskandar@gnuweeb.org>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,URIBL_BLOCKED,
	URIBL_DBL_BLOCKED_OPENDNS autolearn=ham autolearn_force=no
	version=3.4.6
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gnuweeb.org;
	s=default; t=1700540662;
	bh=SE6cW5o3tkG6+KHKtuRUYdUFXeg7O4FE+cpMtpzktFI=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc;
	b=KlQQ5qBDA1kVON1bxjbutudmxey+SOYy48w6349NH7VkJ8VoV7VR7nY8tMEvUdftE
	 Cx14CvURsdHaakIPqSgoQolyBOSVonu30+8BsgNNit+tg+bF/Xm8T4ElQL0wUc8Xmg
	 T+WKEYtiuqzppPnNOdHzQbF+YMH35T1o89O5+cnvy61N4OJJd8/c08ouyGUS0D9GyO
	 HwhVcQ3O4i4E7AxLTbG6Kjq3AFyP+pPUiVjaB+sZ4Yl8Q0SbTH7mHouwq9oEhMojel
	 3GzmtybC/bRgXWrD63Vqa/omK6AMlOwV1tO9VXde8EXXAleB6LJlumfwNo6roMJEy/
	 Od8uEREk7aHlA==
Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177])
	by gnuweeb.org (Postfix) with ESMTPSA id 82A5624BCC5
	for <gwml@vger.gnuweeb.org>; Tue, 21 Nov 2023 11:24:22 +0700 (WIB)
Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-2c5071165d5so63898841fa.0
        for <gwml@vger.gnuweeb.org>; Mon, 20 Nov 2023 20:24:22 -0800 (PST)
X-Gm-Message-State: AOJu0YwnzHxeeCLBMqQwemCfZC4ojvU1QtdBakWeqVTFX4ed5ZXh4DMw
	/olOcZYa4l/dvpT2ymYe1FYOvBPcfo1XbcXkE7E=
X-Google-Smtp-Source: AGHT+IF7kydHXpnQfnTdG6MdWj4PKW2GCoZmJ3AshHKm2Lz4kKqumpYuigYoVtTm8wQDtT17FdVw/09BanzKZOm05Dw=
X-Received: by 2002:a2e:5013:0:b0:2c5:27ca:478b with SMTP id
 e19-20020a2e5013000000b002c527ca478bmr5819196ljb.7.1700540660462; Mon, 20 Nov
 2023 20:24:20 -0800 (PST)
MIME-Version: 1.0
References: <CAOG64qPJ1EOc0Q2r-yf4nM2dwvgt-6=TVumN9Yvaa_b+mXBKfw@mail.gmail.com>
 <CAP2ubgKewQt3pPq-=_Qhn=UkXkrRKjLP06NrB=3WvPHPs=KoXA@mail.gmail.com>
 <CAP2ubgLmQBwckvfMxO7y1DaTpVCTjSctNzRHCV58zZ5rc0KE+g@mail.gmail.com>
 <CAOG64qPTeo=BWuZ837YFCm_g+k3b8+T4QgopuDxPCcVoqhzhYg@mail.gmail.com>
 <CAOG64qPMDZVoq6Fyy0JCs+r=id6CU09Csxa8XcQ-nB+zpnSBDQ@mail.gmail.com>
 <CAP2ubg+MwpKqSf-jcmmGepc-Ln2YyhL_nB1GYLXExidfszN2rw@mail.gmail.com>
 <CAOG64qO4_KRgOGaXoZD2Rybu2_WEhBQ0nUfXZVra1eCHAH1t8w@mail.gmail.com> <CAP2ubgKrqFxrvhha6n3_=HfqmOG50P1a8XnMXzLbTJm7AiqkaA@mail.gmail.com>
In-Reply-To: <CAP2ubgKrqFxrvhha6n3_=HfqmOG50P1a8XnMXzLbTJm7AiqkaA@mail.gmail.com>
From: Alviro Iskandar Setiawan <alviro.iskandar@gnuweeb.org>
Date: Tue, 21 Nov 2023 11:24:09 +0700
X-Gmail-Original-Message-ID: <CAOG64qNx7PWhiU+9fgBeKK-CdheZhsALsvcO5d8V0hmpmVdsLw@mail.gmail.com>
Message-ID: <CAOG64qNx7PWhiU+9fgBeKK-CdheZhsALsvcO5d8V0hmpmVdsLw@mail.gmail.com>
Subject: Re: gwcfd v2?
To: Louvian Lyndal <louvianlyndal@gmail.com>
Cc: "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>, "GNU/Weeb Facebook Team" <fb@gnuweeb.org>, 
	Ammar Faizi <ammarfaizi2@gnuweeb.org>, Michael William Jonathan <moe@gnuweeb.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <gwml.vger.gnuweeb.org>

On Tue, Nov 21, 2023 at 11:07=E2=80=AFAM Louvian Lyndal wrote:
> On Tue, Nov 21, 2023 at 10:59=E2=80=AFAM Alviro Iskandar Setiawan wrote:
> > On Tue, Nov 21, 2023 at 10:52=E2=80=AFAM Louvian Lyndal wrote:
> > > On Tue, Nov 21, 2023 at 10:42=E2=80=AFAM Alviro Iskandar Setiawan wro=
te:
> > > > On Tue, Nov 21, 2023 at 10:23=E2=80=AFAM Alviro Iskandar Setiawan w=
rote:
> > > > > On Tue, Nov 21, 2023 at 6:46=E2=80=AFAM Louvian Lyndal wrote:
> > > > > > On Tue, Nov 21, 2023 at 6:37=E2=80=AFAM Louvian Lyndal wrote:
> > > > > > > On Tue, Nov 21, 2023 at 5:08=E2=80=AFAM Alviro Iskandar Setia=
wan wrote:
> > > > > > > > There's a rumor that the current CF ticketing system is vul=
nerable (
> > > > > > > > https://ticket2u.id ). Will the GNU/Weeb security team asse=
ss it?
> > > > > > >
> > > > > > > I'll give you some samples so you can be sure it's real.
> > > > > >
> > > > > > Here you go:
> > > > > > http://mbol2yli7np6mzfgwimfnhajat6sdnq5frs2w7w3b7ldppdawexaxyid=
.onion/comifuro2023/
> > > > > >
> > > > > > It contains many events, not only CF. Your job is to create an =
OCR
> > > > > > program to classify those tickets (group by event). And extract=
 user
> > > > > > identities.
> > > > >
> > > > > Ack, that's real.
> > > >
> > > > BTW, it's tiring to filter those out as I have not been able to
> > > > identify them programmatically. So far I couldn't find any CF ticke=
ts,
> > >
> > > Neither have I.
> > >
> > > > could you please send a valid CF sample? Not expired tickets.
> > >
> > > I found one:
> > > https://mbol2yli7np6mzfgwimfnhajat6sdnq5frs2w7w3b7ldppdawexaxyid.onio=
n/comifuro2023/85b4bcb4-5455-4c91-9d55-76bcd648d165.pdf
> >
> > your claim is real
> >
> > tq tq, will give more effort on creating a program that helps this rese=
arch
>
> Note that you cannot report this to Comifuro admins until you manage
> to create a filter to collect only CF tickets. After that, you must be
> able to extract user private information from the ticket to make the
> severity higher. Once everything is settled up, I will give you all of
> the dumps I collected (I'm still collecting newly generated tickets
> now).

gud deal, oracle hacker

-- Viro