ElfenLied Client (V1.26)

[Pico]

I rather not post anymore links to the official threads, I don't want to seem like i'm advertising my website. So here's the direct link:

http://www.elfenliedfansite.com/client/ELFclient.exe

It was started about a week ago in the ELF community, and i'm releasing a few updates here and there (Busy with the abridged thing). Not sure where I want to go with this yet, so im just messing around with it. I plan on adding Nana's everyday life in the next update since Dan's approval. Its coded in C#. Take a look, comment, tell me what you think!

Pico

[Oblivion Shinma]

What kind of client is this anyway?
Internet browser?
OS?

[Pico]

Sorry discontinued the client, another ELF member named "Rusty" will be coding a new one, much better. It was a mixture Oblivion, or at least - attempted to be!

My last client released is a live chat for ELF members, you can check it out:

http://www.elfenliedfansite.com/client/ELFchat.exe

Pico

[GrimDark]

to expand on what Oblivion Shinma said:

-you gave us some unknown ___client.exe
-you didn't say what it is
-only fools d/l unknown executable files ( FREESEX.exe's found on the net)
-seriously, wtf is this

[Pico]

I wont respond to your post. As stated above, the client has been discontinued and is being programmed by another one of my members.

[Oblivion Shinma]

All traces of trust = Lost...

[Pico]

Ahh Oblivion, you mistake me for someone who cares!

[Oblivion Shinma]

Ahh Oblivion, you mistake me for someone who cares!

Ahahaha!

Respect you keep. No trust, though, you virus posting vandal.

[Pico]

Hehe, I like you

To be honest mate, I'm someone who cant really post viruses around since it sort of would discredit all of the hard work ive done ELF! If the exe comes from elfenliedfansite.com, be sure to know its safe. To answer your questions, the client basically had features built in that let ELF members access ElfenLied content via a fast portable program. Some features also included a built in flash chat for the members, but it was taking too much of my time to finish coding, so another member offered to work on it.

Err, that's about it. Nothing to worry about, sorry for the misunderstanding! Its good that your all so.. cautious

Pico

[Galenmereth]

Never been to your fansite, and never heard of it before. I'd still be cautious if I was a 'dos user, but l'd download a universal binary version any day if you had one :3

[bucko]

If the exe comes from elfenliedfansite.com, be sure to know its safe.

That's a bold claim; if malicious hackers were to gain access to your site due to a software bug or whatever, they could replace the exe file with their own. Are you asserting that it's impossible to break into your web server?

I hear it's not too expensive to get an official certificate that you can use to sign executables (around $50, perhaps?). If you were to do that, people would at least be able to verify that you wrote it. If you write malicious software under that signature, it can be revoked (I think?), so it has an additional angle of trust associated to it.

Another way to increase trust is to open source the project. For some reason, if you provide source code, people will gladly download and run any executable. They can't even check you made the executable from the source, but they'll download it anyway. Because they're stupid, I suppose.

At any rate, people have good reason to be careful. It only takes one trojan writer to find a few topics and write a bit of malicious software that looks relevant to start up a minature botnet.

[Pico]

If I were to try and get people hacked, i would go to a more active forum

No, my server isn't impossible to get hacked, neither is ebay, paypal, download.com, filehippo, ect. I'm not paying 50 bucks or releasing my source code for a client I made in 7 days for my members I'm not begging you to download it! Its not even working no

I apprecate the feedback through, love how i'm labeled as a hacker/asshole in this community now. Ahhhh

I don't think its a bold statement, my servers are secure, my ftp is secure, my passwords are secure, and no-one has any motive to do that to me. Additionally, you should have a updated anti-virus to help you out for those of you who are paranoid ^^

So lets stop all of this nonsense already and download my virus keylog- I mean,"software that looks relevant" client! wooh!

[bucko]

You really aren't helping yourself too much in this argument. You didn't even fight my suggestion that a specific, targeted attack against a minor forum population might pay off for trojan authors. Of course a virus scanner wouldn't detect such an attack because it would be new. I don't even believe that virus scanners are a good protection against modern day threats, which normally exploit so-called zero-day vulnerabilities on a large scale.

Personally, I believe you; I just have no real interest in use of the software. I've heard of no instance of such a targeted attack, probably because the big ones are still so successful. What I'm trying to get over to you, though, is that I don't believe your website is secure. Hell, I'm not so pretentious that I believe any of my websites are secure, and I have checked through the code pretty thoroughly.

It's a nice looking website, but I suppose all of the integration and so-on that you've done means you're using third party forum and chatbox components. PHPBB, the most popular forum software, still occasionally patches security bugs. Do you check for updates on your software literally every day and install them immediately?

If you have a tool anywhere on the site allowing image/whatever upload, how confident are you that it won't also allow a maliciously disguised flash applet? How confident are you that you have prevented people from fooling your browser into loading such an applet?

I also find it amusing that you claim your "FTP" is secure. FTP isn't secure; it sends all passwords and data in plaintext, which can be sniffed (and edited!) by a malicious hacker who has access to any machine anywhere between you and your server. You also appear to implicitly trust your hosting company to not do anything malicious to your website. If one of their employees were compromised, think about how many websites would end up vulnerable...

I don't know. There's so many attack vectors nowadays that you need multiple layers of virtual machines to steer clear of them all, and very few people do that. I'm disturbed by your refusal to admit that you might have made a mistake in any of these attack vectors more than I'm disturbed by your hosting an executable file.