Disturbing NVDA Remote Rumor: any ruth or verification?


Buddy Brannan
 

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on using NVDA remote, I recommend you stop now and remove it. There is at least one exploit where someone can crash a system, whether or not it is enabled to be controlled. This exploit is being used by Tyler Spivy, one of the authors of the project. Many more may exist and through an inspection of the code probably do. Please circulate this to as many people as possible. Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would hope he'd grown up since those. If true, this certainly won't help open source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name


 

It strikes me that the add-on is apparently not developing anymore. See their issue tracker at https://github.com/NVDARemote/NVDARemote/issues.


Artin Dekker
Beheerder win10-nl mailgroep
https://win10-nl.groups.io/g/algemeen

Op 10-10-2016 om 16:43 schreef Buddy Brannan:

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on using NVDA remote, I recommend you stop now and remove it. There is at least one exploit where someone can crash a system, whether or not it is enabled to be controlled. This exploit is being used by Tyler Spivy, one of the authors of the project. Many more may exist and through an inspection of the code probably do. Please circulate this to as many people as possible. Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would hope he'd grown up since those. If true, this certainly won't help open source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name






 

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name


Buddy Brannan
 

On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name










 

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name










Buddy Brannan
 

On a shared copy of the post, he posted a comment to the effect that the exploit was with NVDA itself, by sending a large amount of text through it all at once. I don't even know if he's on this list and can elaborate himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name

On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name















 

Hi,
Some synthesizers are known to crash under some circumstances. If it can be
reproduced on all synths, then this is something to do with NVDA's speech
module, otherwise I'd question what synth people involved in this rumor were
using. I'll write a formal response to this once I gather more information.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:39 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

On a shared copy of the post, he posted a comment to the effect that the
exploit was with NVDA itself, by sending a large amount of text through it
all at once. I don't even know if he's on this list and can elaborate
himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based
on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or
verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com>
wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if
the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed
is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is
enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name















jeremy <icu8it2@...>
 

I don't really have any opinions on weather or not Tyler S had malicious intent in the development of the remote AddOn, but I do think it'd be just a little weird for him to do such a thing, most especially for the rest of his contributions he's made towards other accessible projects.

I'd also point out that Tyler S wasn't the only one who assisted in the development of the Addon, something I didn't see mentioned in the fb post. As I recall, the development was carried out by two people, so if it does turn out that something weird is going on, I'd be looking at everyone, not just one dude who's done a hell of a lot for the accessible community.

Buddy Brannan wrote:

On a shared copy of the post, he posted a comment to the effect that the exploit was with NVDA itself, by sending a large amount of text through it all at once. I don't even know if he's on this list and can elaborate himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name














Lino Morales
 

Well this sucks loads if this is true, but Tyler is on this list I think he should come come clean and answer for himself before we all jump to conclusions.

On 10/10/2016 10:43 AM, Buddy Brannan wrote:
Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on using NVDA remote, I recommend you stop now and remove it. There is at least one exploit where someone can crash a system, whether or not it is enabled to be controlled. This exploit is being used by Tyler Spivy, one of the authors of the project. Many more may exist and through an inspection of the code probably do. Please circulate this to as many people as possible. Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would hope he'd grown up since those. If true, this certainly won't help open source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name






Lino Morales
 

Yes you are correct. Christopher Tauth was the other DEV.

On 10/10/2016 3:40 PM, Jeremy wrote:
I don't really have any opinions on weather or not Tyler S had malicious intent in the development of the remote AddOn, but I do think it'd be just a little weird for him to do such a thing, most especially for the rest of his contributions he's made towards other accessible projects.

I'd also point out that Tyler S wasn't the only one who assisted in the development of the Addon, something I didn't see mentioned in the fb post. As I recall, the development was carried out by two people, so if it does turn out that something weird is going on, I'd be looking at everyone, not just one dude who's done a hell of a lot for the accessible community.

Buddy Brannan wrote:
On a shared copy of the post, he posted a comment to the effect that the exploit was with NVDA itself, by sending a large amount of text through it all at once. I don't even know if he's on this list and can elaborate himself.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:27 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi,
Okay... I'd like to know where Tyler L is getting this information. Based on
that post, it appears someone may have told him what's up. I'm keeping an
eye on Twitter to find out what's up as well.
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 10:10 AM
To: nvda@nvda.groups.io
Subject: Re: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

This should work:
https://m.facebook.com/story.php?story_fbid=10210482594480519&id=1214464156&
refid=17&ref=m_notif&notif_t=feed_comment_reply&_ft_=top_level_post_id.10210
482594480519%3Atl_objid.10210482594480519%3Athid.1214464156%3A30606112949941
4%3A2%3A0%3A1477983599%3A-8014300897192678334&__tn__=%2As


--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name




On Oct 10, 2016, at 1:02 PM, Joseph Lee <joseph.lee22590@gmail.com> wrote:

Hi everyone,
I was alerted to this by Derek Riemer, and am keeping an eye on this
development. According to what I'm seeing, this is quite disturbing if the
claims are to be believed. What we need at this point is evidence that
proves what the below Facebook message says (one of the evidence needed is
the URL to that post).
Cheers,
Joseph

-----Original Message-----
From: nvda@nvda.groups.io [mailto:nvda@nvda.groups.io] On Behalf Of Buddy
Brannan
Sent: Monday, October 10, 2016 7:43 AM
To: nvda@nvda.groups.io
Subject: [nvda] Disturbing NVDA Remote Rumor: any ruth or verification?

Just saw this on Facebook:

All of my blind NVDA friends: If you have used, currently use or plan on
using NVDA remote, I recommend you stop now and remove it. There is at
least
one exploit where someone can crash a system, whether or not it is enabled
to be controlled. This exploit is being used by Tyler Spivy, one of the
authors of the project. Many more may exist and through an inspection of
the
code probably do. Please circulate this to as many people as possible.
Thanks.


Disturbing if true. Given some of Tyler's past exploits, well, one would
hope he'd grown up since those. If true, this certainly won't help open
source in general, NVDA in particular, or future crowdfunding for AT.

--
Buddy Brannan, KB5ELV - Erie, PA
Phone: 814-860-3194
Mobile: 814-431-0962
Email: buddy@brannan.name