Steven Vulich Full Conversation AUG 29th 2017

1. FULL CONVERSATION OF STEVEN V (InfinitySN CEO) on AUG 29th prior to the hacks, being warned. He was told exactly what was wrong and disregarded. Read and share.
2.  
3. AUG 29th 2017
4. Steven Vulich
5. Hi John Doe
6. I would like to see what you have found in your Vegas files and anything else you have as you are the one giving them their information. ??
7. Steven Vulich
8. Everything you are passing as true, is in fact false. It's not on a live server yet so all you have shown is your email confirmation of signing up. Is this your proof? If so, you are totally wrong, also, if you are trying to hack our system you will be prosecuted to the fullest extent of the law. You are welcome to sign up and check us out legally when we are on a live server. Once again I will ask that you refrain from hacking tactics and passing bad information about ISN to others.
9. 11:25AM
10.  
11. Steven Vulich
12. Hello?
13. Steven Vulich
14. Steven
15. You missed a call from Steven.
16. 11:44am
17. Call Back
18. Steven Vulich
19. Steven
20. You missed a call from Steven.
21. 12:23pm
22. Call Back
23. You accepted Steven's request.
24.  
25. John Doe
26. Steven
27. ?? you know you are full of shit. it is live its hiding behind a bootstrap page.
28.  
29. Steven Vulich
30. If you have concern then let's talk about it
31.  
32. John Doe
33. lets
34.  
35. Steven Vulich
36. Steven
37. You missed a call from Steven.
38. 12:41pm
39. Call Back
40.  
41. Steven Vulich
42. Trying to call
43.  
44. John Doe
45. we will talk over text so everything is recorded. though text
46.  
47. Steven Vulich
48. Easier than getting things mixed up on text
49.  
50. Robert
51. it wont.
52.  
53. Steven Vulich
54. Why are you attacking ISN?
55.  
56. John Doe
57. so i was tossed your link from an anon contact asking me to see if it was safe to use. the 1st thing i did. was register.
58. wait
59.  
60. Steven Vulich
61. I woke up to this stuff.
62.  
63. John Doe
64. wait
65.  
66. Steven Vulich
67. It's not live
68.  
69. John Doe
70. it's active
71.  
72. Steven Vulich
73. You cannot fully register
74.  
75. John Doe
76. and i registerd
77.  
78. Steven Vulich
79. The sign up works but not fully, and was redeveloped. Once live all that will go away
80.  
81. John Doe
82. well its live for me. lets just say this even if you don't think it is. where did you purchase this script.
83. because i know you did not write it.
84.  
85. Steven Vulich
86. I won't discuss certain things here for security reasons. I'm sure you understand
87. John
88.  
89. Steven Vulich
90. Which script
91.  
92. John Doe
93. your social network script.
94.  
95. Steven Vulich
96. I'm not a coder. I have a full staff for that
97. I only dab in code
98. Steven Vulich
99.  
100. John Doe
101. your full staff is dicking you. sorry to say.
102.  
103. Steven Vulich
104. How so?
105.  
106. John Doe
107. your clients passwords should be salted and they are not. they are only MD5
108.  
109. Steven Vulich
110. Don't know what MD5 is
111. If you have identified something then let me know and I can forward it to my staff
112. ??
113. I would hope you want to help
114. Not bash it to people.
115. It's not on a live server, so you are looking at old code
116. When it's live all of that is changing.
117.  
118. John Doe
119. hold on had a lagg.
120.  
121. Steven Vulich
122. Yup
123.  
124. John Doe
125. ok so when you go into your sql the actual database in Mysql your going to find this
126. users` (id, username, password, status, created_on, `updated_on
127.  
128. Steven Vulich
129. I hope you understand that because you are using this for record I can only say so much.
130.  
131. John Doe
132. under password you will find
133. username id user password
134.  
135. Steven Vulich
136. Your not hacking the site are you?
137.  
138. John Doe
139. the password is MD5 crypted.
140. not Salt,MD5
141. any liberal asshole with a brain can crack it using crack station. and to answer no i am not.
142.  
143. Steven Vulich
144. Ok
145.  
146. John Doe
147. i poked because someone has some concerns about the legitimacy of it.
148.  
149. Steven Vulich
150. So come to me with a solution to this and I will pass it to my staff. ??
151. So let's help and not bash
152.  
153. John Doe
154. Scrap the project. there are over 700 sql injections. go buy like Social Fox
155. SocialFox is a great script.
156. and i would back it
157.  
158. Steven Vulich
159. I'm a good guy that will be attacked and that's fine, but let's have a solution instead of doing it your way. It's not cool.
160. Scrap the network?
161. Seriously? That will never happen.
162.  
163. John Doe
164. no not the network the Script.
165.  
166. Steven Vulich
167. What do you mean the script
168.  
169. John Doe
170. the php script
171.  
172. Steven Vulich
173. Php is common language
174.  
175. John Doe
176. no
177.  
178. Steven Vulich
179. That I know
180.  
181. John Doe
182. i said the php script
183. everything from database to /home/public_html/ files
184.  
185. Steven Vulich
186. If I had your info I would pass it along to my staff
187.  
188. John Doe
189. https://www.phpfox.com/
190. go there and check that out
191. do you live in commieforna?
192.  
193. Steven Vulich
194. I understand you are a coder possibly, but I do not understand the language on code. These guys work for a major establishment and should know what they're doing.
195.  
196. John Doe
197. if they did why would i be adamant about your security problems. i hope your not paying them. and i hope you did not get them off of like any php coder website.......
198.  
199. Steven Vulich
200. What do you think of Facebooks script?
201. Not at all, they are reputable
202.  
203. John Doe
204. i can say that it does not leak user information, like database user information.
205.  
206. Steven Vulich
207. They didn't use any open source for our data base
208.  
209. John Doe
210. you dont have to.
211.  
212. Steven Vulich
213. What's the solution
214. And I will pass it along
215.  
216. John Doe
217. if you dont mind me asking who are you going though to build this. i admire your idea its why i am asking but you cannot just toss a script and say hay its safe join... with out actually doing the pentesting yourself.
218.  
219. Steven Vulich
220. Testing has been performed on the current database
221. I can't say until I can confirm who you are. I'm sure you understand.
222.  
223. John Doe
224. no no no i mean on the website its self.
225.  
226. Steven Vulich
227. Yes
228. Testing on security?
229. This would be easier on the phone. Lol
230.  
231. John Doe
232. what do you mean who i am. i am the one who is telling you that your script has over 700 flaws.
233. over 700 bugs
234. if you will
235.  
236. Steven Vulich
237. Call?
238.  
239. John Doe
240. no.
241.  
242. Steven Vulich
243. If I will
244. ?
245.  
246. John Doe
247. no mic no camera this is a desktop pc
248.  
249. Steven Vulich
250. No phone?
251.  
252. John Doe
253. i have a phone but i am not going to give you the opportunity to grab my ip though VOIP.
254.  
255. Steven Vulich
256. I'm sure I could put a program on Facebook and identify a billion flaws. I need to know more. And appreciate you trying to help.
257. Why would I want your ip?
258. I'm not like that
259.  
260. John Doe
261. because i do not know if you are a Libscum trying to track me. i dont know if you are going to try to cause me harm do to finding flaws in your site i dont know you at all.
262.  
263. Steven Vulich
264. Look, I'm a veteran and served my country, a prior police officer for good intent of society. I have no hidden intent to do anything like that.
265. And a family man
266. I am kind of offended by the assumption of that, but understand you do not know me personally
267.  
268. John Doe
269. lol do you know how many times i have heard that? and come to pass that it was a fed.. and i cut communication with them.
270.  
271. John Doe
272. look i am not out here to bash your idea but if you are what i think you are. then its not a good idea to just publish a website and have people join with out testing it 1st i tested for my own security i wanted to know if it was true did you put the google ads up on that if you did they are causing lag. i had to use AdBlocker just to get the site not to lagg. if you want suggestions i have given them to you. PHPFox is one of the best social network scripts out there use it also buy SSL for your website and get it off of ubuntu.
273.  
274. John Doe
275. the Apache PHP is outdated. - you may only have 2 ports open but they are not locked down. 80,22 change your SSH port to something like 1000 or something 22 is to common.
276.  
277. Steven Vulich
278. It lags because it's not fully live.
279. From what I understand
280. Once live it will be smooth
281.  
282. John Doe
283. no its going to lag worse when its live and you have over 300 people accessing it at one time. how much bandwidth do you currentlly have per month?
284. no it wont. i promise you on this.
285.  
286. Steven Vulich
287. Do you know Bob or Vincent? If you do then I don't need to say their last names.
288.  
289. John Doe
290. nope
291.  
292. Steven Vulich
293. If not no worries
294.  
295. Steven Vulich
296. Hmm, ok. So what do you think I should do from here?
297. And because I don't know you or your past, why should I scrap the script at you telling me to? Curious
298. If you said that to mark zuckerberg he would laugh in your face
299. Just curious
300.  
301. John Doe
302. i am just looking out for innocent people trying to make a difference in the world. tell people that the date is going to be moved up. go look in to phpFox, and start adding security via. .HTaccess and .STaccess files blocking proxys and scanners
303.  
304. Steven Vulich
305. From my point of view. Why should I do something that drastic because you so to do it? I'm sure you understand me asking that
306.  
307. Robert
308. thats a 1st part. buy a SSL Cert for https:// and then come back and ask me to poke it.
309.  
310. Steven Vulich
311. Moving a launch date is huge, I can't just because a stranger that I don't know says do it.
312. Ok
313. We have an ssl
314.  
315. John Doe
316. you do not have to take my word but when your website is compromised by some lib scumbag trying to cause hell for patriots thats 100% on you.
317. its not installed then.
318. my browser would inform me on that.
319.  
320. Steven Vulich
321. How can you help protect it?
322.  
323. John Doe
324. thats not a relative question. as i am not part of your staff.
325. the question is how Can I Secure my website.
326. do you run Cpanel?
327. i never looked
328.  
329. Steven Vulich
330. I caution you to not hack into our systems
331. If that's what s your referencing
332.  
333.  
334. John Doe
335. im not hacking anything.
336. i was not hired to hack anything bud,
337. i was requested - to see if the site was secure and safe to use.
338. my 1st advice would be. go on google and find out how to hide open directory's. maybe add index.html files with redirects to main page or 404 not found pages.
339. i am watching one of your videos. on your page you seem like a legit guy trying to do something legit. but you need to fix fix fix.
340. if you want my advice! just give me the go ahead to pen test further. and i can report back to you what i find. - call it humanitarian work. but i am not blasting it i actually thing its a great idea. but if its not tight you will run in to large groups of problems.
341. Think*
342.  
343. Steven Vulich
344. I really do appreciate that and I will forward that to my team to see if maybe they overlooked something. They are doing security checks for the last couple days and are just about done. I will have them go through with a finer tooth comb to ensure everything is protected. ??????
345. I really am a legit guy and doing this for everyone and have only best intent with it all. ??????
346. More and more people will see that as time passes and will hopefully have a trusted community. ????????
347. I do appreciate your feedback and having the ability to address this concern Robert. ?? I am always willing to take in help when it's with good intent.
348. Let me have my team go through and recheck as they move forward. If you are as good as I think you may be I may have a job for ya down the road. ????. Not sure if your open to that but I will always be in need of great developers and security staff. ????
349.  
350. John Doe
351. do you? because i just seen some concerning things on your fb page. kinda made me feel as if you have double standards! when it comes to people expressing something other then what you want to hear.... but it could be me.
352.  
353. Steven Vulich
354. Which part? Might be a misunderstanding
355.  
356. John Doe
357. blocking people and making everyone you know block them to. so they cannot see what they have to say.
358.  
359. Steven Vulich
360. I go on the fly on my videos
361. Only when it's false information. Not censoring on opinions
362.  
363. John Doe
364. you do know haters are your biggest fans right... this is what i have learned over the past 15 years ??
365.  
366. Steven Vulich
367. There is no censoring
368.  
369. John Doe
370. they spread the word faster then normal users.
371. then the haters register to see whats up.
372. you need to block bots. your going to get a ton of them.
373. you should let people hate. ?? and spread false narratives to the people it will bring in more.
374. but fix your security. and i will be back in about a month to scan again. if i manage to get access to sensitive parts. i will let you know block and secure. trust me. i have 8 vulnerability they are only on 1 page. ?? Register.php ?? but thats a false positive. i put it there.
375. also in blog post Turn off Source, because there is script that can be posted to bypass hp sanitation.
376. PHP Sanitation.
377. go though your php.ini file have them lock it down. and update GD Librarys apache & php.
378.  
379. Steven Vulich
380. I can never agree with anyone to spread hate. Morally that is wrong. I can't be about that.
381.  
382. John Doe
383. hate? no they have an opinion on your website. you should let them voice it.
384. you even said it here Disappointing times in Social Media?? InfinitySN is going live at the end of the month! NO CENSORING?? FREEDOM OF SPEECH IS ALWAYS PROTECTED?? See you soon!! Get ready to connect with Like-Minded People on a new Social Network??????????????
385. you know people are going to come cause some shit.
386. lol
387. i just hope you lock down anything you need to lock down before hand i have seen this happen time and time again. its why i made a non bias website! its not even a social network its a money making website lol. no chat i removed it do to people causing problems.