1  2  3  |   Order by index

Mar 14, 2004, 10:47am

I deleted it and emptyed my trash before thinking about emailing it to
abuse, I never looked at it.

[View Quote]

Mar 14, 2004, 11:43am

I receieved that email and I don't even own a world!

Tart Sugar
I used to be Snow White but I drifted.

[View Quote]

Mar 14, 2004, 12:18pm

its someone thats in the ng's. thats where he's getting the email addys
[View Quote]

Mar 14, 2004, 12:20pm

if i can find out who has been in all those worlds i will send the name to
awi. they will be able to get the cit# and know who they r
[View Quote]

Mar 14, 2004, 1:20pm

Well here's the deal. The way AW protects OP PWs isn't bad, it is just old.
There first mistake was not really taking legal action against matt, and
just saying they did. Remember the last list of op pws that went around.
That was because of AWProxy 3.1 that was still floating around. After aw
disabled use of the 3.2 browser that was solved, but now matt decided to
release his AWProxy 3.4 that he stole from a certain someone. Now that, that
is floating around, no pw will be safe again. That fact of the matter is
this 99% of people on aw wouldn't have the ability to decrypt op pws if the
encryption method wasn't practically public. What I don't understand is back
in the day when they changed the encryption method for cit pws why they
didn't change it for op pws too...hmmm? So the solution is simple change the
encryption method and all pws will be safe, because those that can actually
get it again, certainly wouldn't be releasing any lists :)

-Mod
[View Quote]

Mar 14, 2004, 1:26pm

Ciena, it does not need to be a cit. The only thing it needs is a way
to find out the url of the OP (any AW browser cache will help), and to
know/guess the name of objects/avatars (easily done by turning on
"print object errors in chat window", most worlds have objects with
errors). The rest is done thru the web. The thief will be much
obliged if commonly used objects, objects which can be found
unpassworded, are passworded in that particular OP. This makes the
task of cracking the password much easier. Also, one should never
password the avatars.dat or the SEQ files, because they can be found
unpassworded in the browser's cache. Even so... passwords can be
cracked.

[View Quote] >what about if everyone on that list that runs a bot in their world get
>together and see if there is a common cit thats been in all those worlds.
>can maybe narrow it down on who it might be. maybe from the last 3 months?
>or at least the last month. anyone that u dont know that comes in your
>world. It wont prove who it is but at least be a suspect. Any thoughts on
>this idea?
>
[View Quote]

Mar 14, 2004, 2:39pm

Umm Mod - they changed the encryption for cit pws to PC-Specific?

~John

[View Quote]

Mar 14, 2004, 2:39pm

How could you transfer worlds from one comp to another for hosting w/o re
entering op pw?

~John

[View Quote]

Mar 14, 2004, 3:25pm

yes i know but he got our email adresses from the NG's he had to be a cit to
send me an email from the ng
[View Quote]

Mar 14, 2004, 3:27pm

also there is another cit that has hacked into unis and is capable of this
is a cit named AW. we had trouble with him in DLP.
[View Quote]

Mar 14, 2004, 3:46pm

[View Quote] >yes i know but he got our email adresses from the NG's he had to be a cit to
>send me an email from the ng

No he doesn't. He can read and collect info from the ngs even if he's
not a cit... he or she.

Alex

Mar 14, 2004, 3:55pm

I know a citizen in AW named AW that would never hack anyone. Folks please
make sure you don't suspect our AW Citizen with the other one being accused
of things in DLP.
Thanks:)
Bit:)

[View Quote]

Mar 14, 2004, 4:29pm

ooooh ok it was the AW in DLP that hacked my world there. I didnt know there
was 2 of them sorry.
[View Quote]

Mar 14, 2004, 6:13pm

oh ROFL!

I thought... im stupid.... you mean change it but not make it the same as...
ROFL!

~John

[View Quote]

Mar 14, 2004, 6:41pm

We at Taurius would like to thank the Academy for the award of top twenty
(19??) worlds worth hacking. We accept this award with humility but declare
ourselves undeserving as 99% of our objects are unpassworded Mega objects so
cannot claim any prize for them. And as for that other 1% we are pleased and
amazed to be honoured with such acclaim. We only bothered passwording last
month and look forward to repasswording everything again. We wish to thank
our mentor and teacher (who wishes to remain nameless due to possible
lawsuits LOL) and apologize to him and the thieves for any inconvenience our
badly made objects may cause or have caused due to our only starting very
recently in this endeavour. Some of our objects cause enough lag to crash
Windows, for this we apologize. One such object actually causes such a
problem as to have made us have to format our computers. Some of our objects
seem to have some kind of hidden booby traps, for this we apologize. One
such object causes AW browser to close down, also making it impossible to
get close enough to the object to destroy it before crashing. If these
objects are placed in your home world, you cannot even get into AW itself
because you will crash before you can change your 'home' (you will have to
uninstal AW and reinstal). A few techies and even AW cannot figure this one
out. Taurius is a very small world and we really do not know what were are
doing or not doing with objects as use no programs except paper, pencils and
a big eraser but we walk now with pride knowing that our badly made objects
are worth stealing and can make it onto a list of top 20 worlds.
We thank you
sweets
PS: We password to protect the public, not to protect our objects LMAO

Mar 14, 2004, 6:52pm

ROFL


For that you get the best submission to the NG award


Humour makes the world go round

Share and Enjoy


[View Quote]

Mar 14, 2004, 7:06pm

i dont think the hacker is doing it to steal objects or he would keep his
mouth shut. He could give a rats ass about our objects. All he wants is the
kicks of being able to screw us up and give our pw's to everyone else to
steal our objects.He gets his kicks just in being able to do this and and
for us to know that he can. I would think it is a male cit and he's between
the ages of 14 and18 and for some reason this gives him the feel superiority
and that he has control over our paths and us. He loves to see us struggle
over repasswording our objects, loves the attention he is getting while
remaining annonymous, and to show the other bad boys just how bad he really
is. Of course he doesnt realalize he is just a sick hateful jerk! anyway
thats my profile of him, which doesnt mean anything lol. Just my thoughts.


[View Quote]

Mar 14, 2004, 8:30pm

Well there is the solution all along for object theft.
Just upload some viruses to a few objects (let your builders know which
ones) and viola! The theif is detained for a bit.
Great idea sweets!...lol:)

Mar 14, 2004, 9:01pm

LMFAO, I like this:

Vega
Object password: grimmsoft9999
Object Path: themask.3dhost.net/themask

That object password is obviously wrong, LMFAO

--

Signed,
TheMask

:: Owner of Delusional-Minds Hosting ::
Free world hosting.. Just a T-Gram will do it.

http://www.delusional-minds.com

[View Quote]

Mar 15, 2004, 12:40am

heh ya, the cit pw encryption used to be the same as the op pw one, why they
just didn't change it when they changed the cit pw encryption (not to the
same thing:P) is beyond me

-
M
-
[View Quote]

Mar 15, 2004, 4:07am

god, it doesnt have a virus or anything.. scaredycat

[View Quote]

Mar 15, 2004, 4:46am

got another one and it was said to have a avatar in it, not for me, sent
that to abuse too
[View Quote]

Mar 15, 2004, 4:49am

well from what I understand, you can read them, and not have to be a
cit, but then I could have been misinformed
[View Quote]

Mar 15, 2004, 4:49am

or did it? idk, and idcare

[View Quote] > god, it doesnt have a virus or anything.. scaredycat
>
[View Quote]

Mar 15, 2004, 2:22pm

Unfortunately names can be changed as often as socks, underwear, or even
more often LOL. Best to get Cit#s and even then they may have more than one,
or may enter as a tourist ... in which case you need the IP addy ... even
better yet would be computer ID!

LNH



[View Quote]

Mar 15, 2004, 2:24pm

HAHAHAHA ... gotta love that! *In with the top 20 of honored worlds*

LNH



[View Quote]

Mar 15, 2004, 4:35pm

To give you all an impression how long it takes to decrypt a file or
find a password, I give you some numbers.

I post this since some people seem to think that the so-called "password
crackers" are some higher beings with abilties not from this world -
which they are not, it actually takes less of a brain that a script
kiddy would need...

This only applies to retrieving a password form a zip file when you have
the file, it does NOT apply to obtaining a password in the course of
transmission (eg. by listening to the server-client data exchange).

What I needed:

a) the zipped file - password protected
b) the zipped file - without password

Usually a potential attacker can easily obtain the second by buying an
object. Now he downloads the encrypted version from the developers OP
(which usually has the same name, or the name can be obtained somehow).

What I needed to do:

Run a zipcrack program (which can be easily obtained by buying or
leeching it).

Results:

- With a password of 9 characters or less, I needed 24s (SECONDS!) to
un-encrypt the password - leaving now the whole OP open for
all-you-can-download actions, a 10 character password took no longer
than 34s. (System: P4/3500 MHz)

Conclusion:

Passwords of 10 characters or less are unsafe to a degree that you can
as well not use a password at all, while longer password are not more
safe, but only less unsafe.

It would nt take me wonder when most worlds from the "cracked" passwords
list had only short passwords, which could be obtained literally in a
matter of seconds.

Suggestions:

1) NEVER encrypt any file on your OP that exists somewhere unencrypted
already. If it does, change the original (unzipped) file and add
something or remove something, so that it is NOT IDENTICAL anymore to an
unencrypted version. Note especially that avatars.dat, ALL sequences and
ALL sounds are ALWAYS unencrypted in the cache folder of the AW browser,
so encrypting any of these files is an open invitation to casual
password-snatchers.

2) NEVER use short passwords (not here and not in any other
environment), try to use whole sentences with words that are not in a
dictionary and add some non-letter-non-digit characters.

3) As a developer, NEVER give out any files that are identical to the
protected ones on your OP, always add or remove something from the
original file before sending it to a buyer. Change the file name, too,
to make it more difficult to obtain certain model names (to prevent easy
downloading of big numbers of files from the OP).

Comment:

The near practical impossibility of (1) makes, in fact, all password
attempts pointless, as does any public building with encrypted objects,
as does any building with encrypted objects with citizens whom you do
not trust 300+%.

Additional risks include password retrieval from the network traffic
and/or obtaining it from other flaws in the system.

I'd classify the whole protection system of objects as low grade at
maximum and generally not useable to ensure the protection of
copyrighted material - and, as I have posted before, every developer
should be (and is?) aware of that. And to add, I do not see any
convenient or practical method of protection that cannot be overrun;
there ARE safe methods, but they will impose a level of inconvenience
and unpracticability that are not really justified for this environment.
What good will it do when you can protect your material and nobody will
see it anymore since nobody wants to bear the burdens of running the
software then. And the same goes to sophisticaed methods of obscuring OP
and objects names - remember, these things SHALL be downloaded, and
everything that SHALL be downloaded, WILL be downloaded (whether in the
right and lawful way, or not).

The key here is to make people sensible and aware of the work involved
in creating things - many, especially the worldowners of respected
worlds, will pay the developers for designs they get, while there will
always be a number of (mostly casual worldowners) who will leech them
from whatever source and by whatever method. And there is no point in
trying to pursue them either, due to the practical law and cost
obstacles involved.

My point is that business will continue as usual, designers build mainly
for a handful of worldowners who buy their work (and are proud that they
bought it, after all, it shows also style and class to their visitors),
and some others (without style, class, and even not admired by more than
a few even less capable pals of theirs) will continue to leech what they
can get. C'est la vie - it won't destroy our hobby and it won't drive
away developers, as long as these developers do not try to make a living
out of their work, but see it as a nice, additional, not guaranteed,
income.

Mar 15, 2004, 5:01pm

Excellent advice and information!!! Thanx kf, for your time and effort to
teach others!


[View Quote]

Mar 15, 2004, 5:02pm

I didn't look at it because the title said OP passwords.

[View Quote] > god, it doesnt have a virus or anything.. scaredycat
>
[View Quote]

Mar 15, 2004, 5:02pm

I got that email also which went right into my trash bin and I emptyed
my trash bin.

[View Quote] > got another one and it was said to have a avatar in it, not for me, sent
> that to abuse too
[View Quote]

1  2  3  |   Order by index