Quote:
Originally Posted by Mindi
Normal questions stop after being told NO, Mark.
You asked 11+ times after I told you to leave. That's not "standard due diligence" - that's harassment.
Normal technical reviews don't contradict independent audits.
Killswitch audited the code in Post #45 and said it was clean. fris confirmed in Post #54.
Your "technical review" came AFTER they already verified there was nothing malicious. You weren't helping - you were building a case.
You didn't find an XSS issue.
I changed the version checker to use textContent instead of innerHTML as a precaution after your noise - not because there was an exploitable vulnerability. There was no user input being passed to innerHTML. You know this. You're a "programmer".
About that "scrutiny"...
CyberHustler Post #8: "information mining and doxxing"
Umami Post #9: "backdoor that steals your passwords, crypto keys"
Then YOUR "technical review" lands
That's not organic scrutiny. That's a coordinated hit.
And you're STILL dodging this:
You said: "Legacy is not my employee and never was"
His LinkedIn: "Chief Program Director at 2Much.net since Feb 2021"
Why are you lying about your relationship with the guy who's been stalking me for weeks and has joined a sociopath that has stalked me for nearly 29 years??
|
The issue wasn’t “user input.” The risk was remote input (your server’s version.txt) being placed into innerHTML. I hope you fixed them.
“Independent audits said nothing malicious” doesn’t contradict “there was a security flaw.” Both can be true at the same time. I never said you did steal anything, I said your design created an avoidable risk.
On Legacy: he is not my employee. He said he was on his LinkedIn account and I asked. him to remove it which he did. This is something you know already, but anyway. That's on him.
Bottom line: you posted public software for people to install. It got reviewed publicly. Issues were raised. You said you improved it after I pointed it out. Good on you.