u/Alive_Ad2841

Image 1 — Should I talk to my psychologist about this?
Image 2 — Should I talk to my psychologist about this?

Should I talk to my psychologist about this?

For context, I am 22F, diagnosed “Cluster B NOS” at 19. I also have PTSD. My traits have been leaning more towards narcissistic and antisocial behaviours the past few years as I grow into adulthood. This is part of the reason I’m in therapy as well.

Long story short I took the test and these are my results… current psychologist has experience in the clinical environment and has been in the field 20+ yrs so I feel like she can see right through me.

Should I show her this? Or wait it out and see if she recommends an assessment based on our sessions?

u/Alive_Ad2841 — 14 days ago
▲ 2 r/Debt

Collections company faked payments on credit report. What can I do?

Hi everyone,

I’ve been dealing with debt from some bad credit decisions at 18–19, and it’s been in collections for about 2 years. I’ve since improved my habits and I’m planning to start repaying everything once I graduate.

One of my debts (~$3,085) is close to being statute-barred in my province (2 years since last payment). When I checked my credit report, I noticed it shows payments that I never made. This was a Fairstone retail card, and I haven’t paid anything since it went to collections. The balance also hasn’t gained any interest. Essentially what they’ve done from what I’ve been reading is “re-aged” the debt so it has a worse effect on my score.

The collection agency is known for shady practices, so I’m not sure what the best move is. Should I dispute it now, wait until it’s statute-barred in about 8 months and then dispute it, or just leave it alone and let it fall off my report in a few years?

For context, I’m a student and can’t really work right now, so I haven’t been paying collections. I do plan to pay everything off once I’m financially stable after graduating.

Any advice is appreciated.

reddit.com
u/Alive_Ad2841 — 15 days ago

Banned by company RIGHT AFTER submitting proof of bug!

Hey all, I just need to rant a little bit and want to know if this has happened to anyone else??

**LONG POST SORRY BUT TDLR AT THE END!!**

So I've been hunting for about 5 years, done some good work, lots of experience. Recently submitted a report to a program NOT triaged by H1, but by the platform's own security team. Won't disclose the name here for obvious reasons, trying to leave out info to prevent identification.

On May 28th, found a bug that allowed me to access privately streamed videos. Found it by enumerating their user base via their API in terminal. Gave me username, country, account type, etc. Then took the 9k+ lines of data, fed it into a shell command to find live stream links. Was able to bypass a 403 status using browser console to reveal what was playing, something that needed to be paid for to watch.
Recorded all of this, including the initial discovery, included it in my report. Submitted it with confidence I'd be paid fairly and the bug would be patched.

Been going back and forth with this platform since May 30th, constant loop of we need more proof when I already gave them numerous video PoC's, screenshots, detailed report. I obliged and remained professional even thought it was very annoying.

They also claimed the user data I found was public even though some users were set to private. This should obviously not be available at the scale it was and not to mention unauthenticated with no rate limiting.

Fast forward to yesterday, get an email at 1am stating they banned me from the program. Their comment was: “Liars are not tolerated, you were trying to trick the system by misdirecting the triage team via id substitution” This is a B.S excuse and has nothing to do with my report at all. They banned me RIGHT after I submitted more evidence proving my finding too which is very convenient to me.

So now I'm pissed asf. This vulnerability met all criteria for a 3k+ payout and I’ve wasted lots of time providing evidence just to be banned in the end with no payout… Just seems like the company is cheap and doesn't want to pay me, considering they played needs more info tag with me even though PoC and steps to replicate on their own was provided multiple times.

Has this happened to anyone else? If so, what did you do? This has never happen to me in my 5 years of hunting!!

TL;DR: Found legit bug (auth bypass on private streams + 9k+ user IDs exposed), submitted video PoC, company kept asking for more proof for 2 weeks, then banned me RIGHT after I gave them exactly what they asked for, using a fake excuse (id substitution) that has nothing to do with my report. Escalated to H1. Has this happened to anyone else?

reddit.com
u/Alive_Ad2841 — 16 days ago