In reply to a post by ScottHelme:

I found the first exploited URLs using packet sniffing software and then went on to find the rest from the device itself. I used to be a firmware tester so hooking up to JTAG/serial headers on an embedded device is something I'm familiar with.

Oh ok. I'm interested to know where glossywhite got the URLs from in October 2013, since your blog entry is dated this month. Did you publish this information elsewhere in October 2013?

You're not making any sense at all. Are you implying that because Unlokia published some of the URLs first that the only possible way anyone else could find them is by using his post? Seems a bit odd, but that's the impression I'm getting.

To my knowledge, I can't find anyone else that has made reference to some of the URLs I have published. That doesn't mean that should anyone else ever make any mention of them that they must have found them as a result of my work and attribute credit to me.

As I mentioned, and as detailed in my blog, my first exploration and discovery was made with Fiddler, a packet capture program.

In reply to a post by ScottHelme:

Are you implying that because Unlokia published some of the URLs first that the only possible way anyone else could find them is by using his post?

I was just wondering who was the first person to discover the exploited URLs, that is all.

Well Unlokia found some first and I found others first. For all we know, someone else could have found them in 2012 and not published it on the Internet. They could have found it 'first' and we'd never know.

It's not really about "who found what first", I only came across Unlokia's work once I started putting the file names I'd found in Google. It's about giving credit where credit is due. If someone makes mention to the additional things I have found, but they found them through their own research, or potentially even a different method all together, I'm not going to jump up and down and demand credit simply because I published the file name 'first'.

Well, you managed to make EE & BBC to sit up and take note which is more than Unlokia ever did, and it strikes me that you employ a much more scientific and methodical approach.

It was just luck that it got picked up by a few news outlets and kind of worked its way up from the smaller ones all the way to the BBC. Thanks for the comments

In reply to a post by XRaySpeX:

Well, you managed to make EE & BBC to sit up and take note which is more than Unlokia ever did, and it strikes me that you employ a much more scientific and methodical approach.

I'd say Scott has done more than any of us have done, including me, especially since it was posted back in October; there was nothing stopping anyone else reporting it, hey

I'm not into software as my career; this was a side-line "pet" project which I became bored with and lost interest in. I didn't owe the world a thing, and know it, so I dropped it - that's what happens in life - I don't feel a need to defend it

Listen folks, I'm not at all concerned who found what first; I am extremely pleased for Scott that he has managed to get this publicly ack'd and has made EE take some steps to "fixing" (hmm) their useless routers.

Do we really need to pick and bicker over "who found it first?" - that's what 7 year olds do in the playground, not responsible adults. I am actually very happy that Scott has taken all this time out of his life to make this research available. I don't feel the need to question his integrity about ANYTHING - if he says he was unaware of my links/info from last October, then I completely believe him - that's the end of it, no more sillyness please.

Scott, you're a very good bloke mate - God bless you, and thanks for the correspondence. I am moving away from firmware and software now, and massively focussing on my primary love - electronics!

I'd love to help, but I am otherwise occupied for now. I do not expect any "crediting", as you said - ANYONE with a little patience could have found this info. These kind of petty squabbles with people possibly twice my age, is why I don't frequent this forum very much; I simply don't have the desire to have strangers rant and steal my joy - I'm a happy person, and I'm not going to give people reasons to deride me - you don't know me, and you may think what you will; I cannot stop you thinking it, but it won't affect who I AM - God decided that, not you

Take care all, and Scott - especially to you - I'll gladly help hardware-wise if I can with photos etc, but no promises on timescale... could be many months.

Adios, and God bless you all

Matt.

Edited by glossywhite (Tue 21-Jan-14 21:12:31)

In reply to a post by glossywhite:

there was nothing stopping anyone else reporting it, hey

As you addressed one of my posts, I see I need to put you right on one of your misconceptions.

Not all of us are hardware geeks like yourself. I only claim to be a software geek focusing on logical & analytical methods. As you yourself said, you are not into software; likewise me with hardware.

Many times you have brought a hardware project to the table here and when I have asked you Qs on it, as your tabling of it entitles me, you have told me to go away and do it myself. Now I hope you can see why that was inappropriate.

So, yes, what Scott & yourself did is well beyond my capabilities and I was congratulating Scott on his thorough approach.