Whats up With atf? I've been out of the mixing loop for a few years and noticed a lot of changes. Something Something about bitcoin mining, scott not running it etc.
can i get a low down? Is it safe to use?
Scott sold ATF to Flavorah so ATF is now under new management.
The bitcoin mining were from Scott's time.
So yes, more safe than ever to use and it's also constantly being updated now, compared to when Scott was running the show.
the bitcoin mining thing scared the shit out of me, I didn't know about it til this thread.
I had noticed that ATF was better/free now, which is a major plus, as I refused to pay for it (it sucked cock, I've ranted about it before from a software engineers perspective.
I found 3 different sql injection points and pointed out a major exploit on his server allowing root access, so contacted whoever was running it and never got a response... five emails, nothing, no way to contact him.
I'll admit that I thought about exploiting the server and ripping its code/database then posting proof of this on this sub just so the fucking owner would get scared into caring about the site/community for a minute or risk others using some basic whitehat tools and having everything stolen including peoples payment details... but I had second thoughts when I thought about the spaghetti code that's prolly the backend of ATF.
had I known about the btc mining I'd likely have shown the community the emails I sent. that's mad scummy/money hungry.
I'll check to see if everything koshar later on with the site again and send the reports to flavorah if the sql injection points are still open... one of the exploits had to do with the m-payment redirect page, so that's at least gone.
I will also check if the old m-payment scripts are accessible, a lot of webmasters forget to delete old scripts with sql injection points exploitable after the "feature" is removed
at least flavorah cares about its website and isn't all about quick money
​
side edit: I'm no hacker, I don't wear a hat, don't bother me.
before becoming an adult and getting a career as a sw engineer I maintained + developed a few mid-traffic websites (no turnkey stuff or blogs, as an example one was a myspace ripoff, thinking I'd be the next tom, but 30k members in a year is nothing but a few g's. still, for a 15 yr old it's pretty good. it had more than average amount of "hackers" attempt shit on it though) by myself, so I had to learn how to use a lot of secops tools in order to survive, because I had nearly no money
I only pissed about looking for security flaws on atf because I was bored & felt like trying out the latest (at the time) version of kali linux on a vm. didn't expect to find anything, wasn't looking to steal ur secret recipes don't worry
Feel free to PM me with details. I took over the site in January, haven't gotten any emails from you.
this was before corona started, AFAIR there was some talk of an alternative to ATF/ELF being made by somebody/the community? I feel like there was a sticky asking what features they'd like to see on an "alternative" ATF type site, or something like that. I'm fuzzy on what exactly it was
I'd have to go look for my rant to see exactly when I tried to email whomever.
I think the first email was to the registered email address on the atf.com domain (from a whois search) then the rest were to support@atf.com. I sent the emails from a protonmail address, it wasn't from the atf web form.
I'll PM you tomorrow when I get home to my pc. I'll fire up burp and aa fuzzer to run the same tests I did last time to find out what was wrong and tell you exactly what needs to be fixed, if anything.
(btw you own flavorah? great f'ing job with somehow hitting a homerun with the 50 or so flavours I've drunkenly bought without an initial clue of how they've reviewed or used in published recipes. it's rare that I'd praise a company but I think you guys are amazing at what you do, so I'm excited that ATF is in good hands & I'm excited for the future)
I'm super-happy with all the changes to ATF.
However there is One-Last-Thing that is still preventing me from jumping in:
Account creation / log-in with plain old email + password.
I don't use Google. I don't use Facebook. I don't use Twitter, Steam, or Twitch either.
I use email (non-google).
Could have just searched for this here, ya know?
I did search. and found nothing in relation to the overall safety/new ownership etc. a few posts on it freezing, going down. last update of any importance was from q a year ago apologizing for the servers being down.
Weird. If you search on "atf" and limit to this sub, the very first hit (sorted by "relevance") is the Tuesday Tutorial : ATF and Beyond, explaining everything.