|
new list of stolen object passwords circulating (Community)
new list of stolen object passwords circulating // Community
Mar 14, 2004, 10:47am
I deleted it and emptyed my trash before thinking about emailing it to
abuse, I never looked at it.
[View Quote]princess nerwen wrote:
> also sent it to abuse
> "xelag" <xelag at digitalspace.com> wrote in message
> news:1va7509jngk8l5n8scsmfor17k1m5p0j6i at 4ax.com...
> :
> :
> : Let me rephrase: it is only the caretaker's business whether the
> : password has been changed or not. In the case of another world which
> : appears in both lists, I know that the password had been changed
> : recently, and that the password in the new list is the new one.
> :
> : Alex
>
>
|
Mar 14, 2004, 11:43am
I receieved that email and I don't even own a world!
Tart Sugar
I used to be Snow White but I drifted.
[View Quote]"lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
news:4053c681 at server1.Activeworlds.com...
> Most everyone wouldn't bother, whatz the point. I am sad tho, seems I
didn't
> rate to get said email even tho my world is listed ... whatz with that eh?
> LOL
>
> LNH
>
>
>
> "elyk" <kfoerst at sbcglobal.net> wrote in message
> news:4053c62a at server1.Activeworlds.com...
|
Mar 14, 2004, 12:18pm
its someone thats in the ng's. thats where he's getting the email addys
[View Quote]"tart sugar" <tartsugar at comcast.net> wrote in message
news:40546196$1 at server1.Activeworlds.com...
> I receieved that email and I don't even own a world!
>
> Tart Sugar
> I used to be Snow White but I drifted.
>
> "lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
> news:4053c681 at server1.Activeworlds.com...
> didn't
eh?
:)
>
>
>
|
Mar 14, 2004, 12:20pm
if i can find out who has been in all those worlds i will send the name to
awi. they will be able to get the cit# and know who they r
[View Quote]"tart sugar" <tartsugar at comcast.net> wrote in message
news:40546196$1 at server1.Activeworlds.com...
> I receieved that email and I don't even own a world!
>
> Tart Sugar
> I used to be Snow White but I drifted.
>
> "lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
> news:4053c681 at server1.Activeworlds.com...
> didn't
eh?
:)
>
>
>
|
Mar 14, 2004, 1:20pm
Well here's the deal. The way AW protects OP PWs isn't bad, it is just old.
There first mistake was not really taking legal action against matt, and
just saying they did. Remember the last list of op pws that went around.
That was because of AWProxy 3.1 that was still floating around. After aw
disabled use of the 3.2 browser that was solved, but now matt decided to
release his AWProxy 3.4 that he stole from a certain someone. Now that, that
is floating around, no pw will be safe again. That fact of the matter is
this 99% of people on aw wouldn't have the ability to decrypt op pws if the
encryption method wasn't practically public. What I don't understand is back
in the day when they changed the encryption method for cit pws why they
didn't change it for op pws too...hmmm? So the solution is simple change the
encryption method and all pws will be safe, because those that can actually
get it again, certainly wouldn't be releasing any lists :)
-Mod
[View Quote]"lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
news:4054496a at server1.Activeworlds.com...
> AWI ... what is so hard about pw protecting an op? Is there no way to
> protect items we've paid for? I would think this would be your #1 priority
> no? I mean the truth is, I already *paid for stuff* and am using it, I've
> done my part by attempting to pw protect them but truly it's the
> model/object creators that are getting burned here isn't it? Can't you do
> something about it?
>
> Inquiring minds wanna know...
>
> LNH <<< *doesn't get it*
>
>
>
>
>
>
>
|
Mar 14, 2004, 1:26pm
Ciena, it does not need to be a cit. The only thing it needs is a way
to find out the url of the OP (any AW browser cache will help), and to
know/guess the name of objects/avatars (easily done by turning on
"print object errors in chat window", most worlds have objects with
errors). The rest is done thru the web. The thief will be much
obliged if commonly used objects, objects which can be found
unpassworded, are passworded in that particular OP. This makes the
task of cracking the password much easier. Also, one should never
password the avatars.dat or the SEQ files, because they can be found
unpassworded in the browser's cache. Even so... passwords can be
cracked.
[View Quote]On 14 Mar 2004 07:21:38 -0500, "ciena" <nikona at comcast.net> wrote:
|
>what about if everyone on that list that runs a bot in their world get
>together and see if there is a common cit thats been in all those worlds.
>can maybe narrow it down on who it might be. maybe from the last 3 months?
>or at least the last month. anyone that u dont know that comes in your
>world. It wont prove who it is but at least be a suspect. Any thoughts on
>this idea?
>
[View Quote]>"johnf" <johnf at 3d-reality.com> wrote in message
>news:40543f07 at server1.Activeworlds.com...
>bot
>if
>for
>new
>
|
Mar 14, 2004, 2:39pm
Umm Mod - they changed the encryption for cit pws to PC-Specific?
~John
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:4054785a$1 at server1.Activeworlds.com...
> Well here's the deal. The way AW protects OP PWs isn't bad, it is just
old.
> There first mistake was not really taking legal action against matt, and
> just saying they did. Remember the last list of op pws that went around.
> That was because of AWProxy 3.1 that was still floating around. After aw
> disabled use of the 3.2 browser that was solved, but now matt decided to
> release his AWProxy 3.4 that he stole from a certain someone. Now that,
that
> is floating around, no pw will be safe again. That fact of the matter is
> this 99% of people on aw wouldn't have the ability to decrypt op pws if
the
> encryption method wasn't practically public. What I don't understand is
back
> in the day when they changed the encryption method for cit pws why they
> didn't change it for op pws too...hmmm? So the solution is simple change
the
> encryption method and all pws will be safe, because those that can
actually
> get it again, certainly wouldn't be releasing any lists :)
>
> -Mod
> "lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
> news:4054496a at server1.Activeworlds.com...
priority
I've
do
>
>
|
Mar 14, 2004, 2:39pm
How could you transfer worlds from one comp to another for hosting w/o re
entering op pw?
~John
[View Quote]"johnf" <johnf at 3d-reality.com.no-spam-please> wrote in message
news:40548ac0 at server1.Activeworlds.com...
> Umm Mod - they changed the encryption for cit pws to PC-Specific?
>
> ~John
>
> "mod" <mod at darkbirdie.com> wrote in message
> news:4054785a$1 at server1.Activeworlds.com...
> old.
> that
> the
> back
> the
> actually
> priority
> I've
> do
>
>
|
Mar 14, 2004, 3:25pm
yes i know but he got our email adresses from the NG's he had to be a cit to
send me an email from the ng
[View Quote]"xelag" <xelag at digitalspace.com> wrote in message
news:got850hgv0qdco2qrrd6nftaincn69v32j at 4ax.com...
> Ciena, it does not need to be a cit. The only thing it needs is a way
> to find out the url of the OP (any AW browser cache will help), and to
> know/guess the name of objects/avatars (easily done by turning on
> "print object errors in chat window", most worlds have objects with
> errors). The rest is done thru the web. The thief will be much
> obliged if commonly used objects, objects which can be found
> unpassworded, are passworded in that particular OP. This makes the
> task of cracking the password much easier. Also, one should never
> password the avatars.dat or the SEQ files, because they can be found
> unpassworded in the browser's cache. Even so... passwords can be
> cracked.
>
> On 14 Mar 2004 07:21:38 -0500, "ciena" <nikona at comcast.net> wrote:
>
months?
present...
Even
point?
and
here
are
>
|
Mar 14, 2004, 3:27pm
also there is another cit that has hacked into unis and is capable of this
is a cit named AW. we had trouble with him in DLP.
[View Quote]"xelag" <xelag at digitalspace.com> wrote in message
news:got850hgv0qdco2qrrd6nftaincn69v32j at 4ax.com...
> Ciena, it does not need to be a cit. The only thing it needs is a way
> to find out the url of the OP (any AW browser cache will help), and to
> know/guess the name of objects/avatars (easily done by turning on
> "print object errors in chat window", most worlds have objects with
> errors). The rest is done thru the web. The thief will be much
> obliged if commonly used objects, objects which can be found
> unpassworded, are passworded in that particular OP. This makes the
> task of cracking the password much easier. Also, one should never
> password the avatars.dat or the SEQ files, because they can be found
> unpassworded in the browser's cache. Even so... passwords can be
> cracked.
>
> On 14 Mar 2004 07:21:38 -0500, "ciena" <nikona at comcast.net> wrote:
>
months?
present...
Even
point?
and
here
are
>
|
Mar 14, 2004, 3:46pm
[View Quote]On 14 Mar 2004 12:25:09 -0500, "ciena" <nikona at comcast.net> wrote:
|
>yes i know but he got our email adresses from the NG's he had to be a cit to
>send me an email from the ng
No he doesn't. He can read and collect info from the ngs even if he's
not a cit... he or she.
Alex
Mar 14, 2004, 3:55pm
I know a citizen in AW named AW that would never hack anyone. Folks please
make sure you don't suspect our AW Citizen with the other one being accused
of things in DLP.
Thanks:)
Bit:)
[View Quote]"ciena" <nikona at comcast.net> wrote in message
news:4054960d$1 at server1.Activeworlds.com...
> also there is another cit that has hacked into unis and is capable of this
> is a cit named AW. we had trouble with him in DLP.
> "xelag" <xelag at digitalspace.com> wrote in message
> news:got850hgv0qdco2qrrd6nftaincn69v32j at 4ax.com...
worlds.
> months?
on
a
> present...
world
php
> Even
to
script
> point?
> and
(a
> here
> are
>
>
|
Mar 14, 2004, 4:29pm
ooooh ok it was the AW in DLP that hacked my world there. I didnt know there
was 2 of them sorry.
[View Quote]"alphabit phalpha" <alphabit2003(NOSPAM) at swbell.net> wrote in message
news:40549c84 at server1.Activeworlds.com...
> I know a citizen in AW named AW that would never hack anyone. Folks please
> make sure you don't suspect our AW Citizen with the other one being
accused
> of things in DLP.
> Thanks:)
> Bit:)
>
> "ciena" <nikona at comcast.net> wrote in message
> news:4054960d$1 at server1.Activeworlds.com...
this
get
> worlds.
your
thoughts
> on
to
> a
> world
> php
> to
> script
worlds
Stevens
> (a
abuse at activeworlds.com,
they
>
>
|
Mar 14, 2004, 6:13pm
oh ROFL!
I thought... im stupid.... you mean change it but not make it the same as...
ROFL!
~John
[View Quote]"mod" <mod at darkbirdie.com> wrote in message
news:4054785a$1 at server1.Activeworlds.com...
> Well here's the deal. The way AW protects OP PWs isn't bad, it is just
old.
> There first mistake was not really taking legal action against matt, and
> just saying they did. Remember the last list of op pws that went around.
> That was because of AWProxy 3.1 that was still floating around. After aw
> disabled use of the 3.2 browser that was solved, but now matt decided to
> release his AWProxy 3.4 that he stole from a certain someone. Now that,
that
> is floating around, no pw will be safe again. That fact of the matter is
> this 99% of people on aw wouldn't have the ability to decrypt op pws if
the
> encryption method wasn't practically public. What I don't understand is
back
> in the day when they changed the encryption method for cit pws why they
> didn't change it for op pws too...hmmm? So the solution is simple change
the
> encryption method and all pws will be safe, because those that can
actually
> get it again, certainly wouldn't be releasing any lists :)
>
> -Mod
> "lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
> news:4054496a at server1.Activeworlds.com...
priority
I've
do
>
>
|
Mar 14, 2004, 6:41pm
We at Taurius would like to thank the Academy for the award of top twenty
(19??) worlds worth hacking. We accept this award with humility but declare
ourselves undeserving as 99% of our objects are unpassworded Mega objects so
cannot claim any prize for them. And as for that other 1% we are pleased and
amazed to be honoured with such acclaim. We only bothered passwording last
month and look forward to repasswording everything again. We wish to thank
our mentor and teacher (who wishes to remain nameless due to possible
lawsuits LOL) and apologize to him and the thieves for any inconvenience our
badly made objects may cause or have caused due to our only starting very
recently in this endeavour. Some of our objects cause enough lag to crash
Windows, for this we apologize. One such object actually causes such a
problem as to have made us have to format our computers. Some of our objects
seem to have some kind of hidden booby traps, for this we apologize. One
such object causes AW browser to close down, also making it impossible to
get close enough to the object to destroy it before crashing. If these
objects are placed in your home world, you cannot even get into AW itself
because you will crash before you can change your 'home' (you will have to
uninstal AW and reinstal). A few techies and even AW cannot figure this one
out. Taurius is a very small world and we really do not know what were are
doing or not doing with objects as use no programs except paper, pencils and
a big eraser but we walk now with pride knowing that our badly made objects
are worth stealing and can make it onto a list of top 20 worlds.
We thank you
sweets
PS: We password to protect the public, not to protect our objects LMAO
Mar 14, 2004, 6:52pm
ROFL
For that you get the best submission to the NG award
Humour makes the world go round
Share and Enjoy
[View Quote]"sweets" <stylecanin at hotmail.com> wrote in message
news:4054c392$1 at server1.Activeworlds.com...
> We at Taurius would like to thank the Academy for the award of top twenty
> (19??) worlds worth hacking. We accept this award with humility but
declare
> ourselves undeserving as 99% of our objects are unpassworded Mega objects
so
> cannot claim any prize for them. And as for that other 1% we are pleased
and
> amazed to be honoured with such acclaim. We only bothered passwording last
> month and look forward to repasswording everything again. We wish to thank
> our mentor and teacher (who wishes to remain nameless due to possible
> lawsuits LOL) and apologize to him and the thieves for any inconvenience
our
> badly made objects may cause or have caused due to our only starting very
> recently in this endeavour. Some of our objects cause enough lag to crash
> Windows, for this we apologize. One such object actually causes such a
> problem as to have made us have to format our computers. Some of our
objects
> seem to have some kind of hidden booby traps, for this we apologize. One
> such object causes AW browser to close down, also making it impossible to
> get close enough to the object to destroy it before crashing. If these
> objects are placed in your home world, you cannot even get into AW itself
> because you will crash before you can change your 'home' (you will have to
> uninstal AW and reinstal). A few techies and even AW cannot figure this
one
> out. Taurius is a very small world and we really do not know what were are
> doing or not doing with objects as use no programs except paper, pencils
and
> a big eraser but we walk now with pride knowing that our badly made
objects
> are worth stealing and can make it onto a list of top 20 worlds.
> We thank you
> sweets
> PS: We password to protect the public, not to protect our objects LMAO
>
>
|
Mar 14, 2004, 7:06pm
i dont think the hacker is doing it to steal objects or he would keep his
mouth shut. He could give a rats ass about our objects. All he wants is the
kicks of being able to screw us up and give our pw's to everyone else to
steal our objects.He gets his kicks just in being able to do this and and
for us to know that he can. I would think it is a male cit and he's between
the ages of 14 and18 and for some reason this gives him the feel superiority
and that he has control over our paths and us. He loves to see us struggle
over repasswording our objects, loves the attention he is getting while
remaining annonymous, and to show the other bad boys just how bad he really
is. Of course he doesnt realalize he is just a sick hateful jerk! anyway
thats my profile of him, which doesnt mean anything lol. Just my thoughts.
[View Quote].."sweets" <stylecanin at hotmail.com> wrote in message
news:4054c392$1 at server1.Activeworlds.com...
> We at Taurius would like to thank the Academy for the award of top twenty
> (19??) worlds worth hacking. We accept this award with humility but
declare
> ourselves undeserving as 99% of our objects are unpassworded Mega objects
so
> cannot claim any prize for them. And as for that other 1% we are pleased
and
> amazed to be honoured with such acclaim. We only bothered passwording last
> month and look forward to repasswording everything again. We wish to thank
> our mentor and teacher (who wishes to remain nameless due to possible
> lawsuits LOL) and apologize to him and the thieves for any inconvenience
our
> badly made objects may cause or have caused due to our only starting very
> recently in this endeavour. Some of our objects cause enough lag to crash
> Windows, for this we apologize. One such object actually causes such a
> problem as to have made us have to format our computers. Some of our
objects
> seem to have some kind of hidden booby traps, for this we apologize. One
> such object causes AW browser to close down, also making it impossible to
> get close enough to the object to destroy it before crashing. If these
> objects are placed in your home world, you cannot even get into AW itself
> because you will crash before you can change your 'home' (you will have to
> uninstal AW and reinstal). A few techies and even AW cannot figure this
one
> out. Taurius is a very small world and we really do not know what were are
> doing or not doing with objects as use no programs except paper, pencils
and
> a big eraser but we walk now with pride knowing that our badly made
objects
> are worth stealing and can make it onto a list of top 20 worlds.
> We thank you
> sweets
> PS: We password to protect the public, not to protect our objects LMAO
>
>
|
Mar 14, 2004, 8:30pm
Well there is the solution all along for object theft.
Just upload some viruses to a few objects (let your builders know which
ones) and viola! The theif is detained for a bit.
Great idea sweets!...lol:)
Mar 14, 2004, 9:01pm
LMFAO, I like this:
Vega
Object password: grimmsoft9999
Object Path: themask.3dhost.net/themask
That object password is obviously wrong, LMFAO
--
Signed,
TheMask
:: Owner of Delusional-Minds Hosting ::
Free world hosting.. Just a T-Gram will do it.
http://www.delusional-minds.com
[View Quote]"alphabit phalpha" <alphabit2003(NOSPAM) at swbell.net> wrote in message
news:4054dd1e$1 at server1.Activeworlds.com...
> Well there is the solution all along for object theft.
> Just upload some viruses to a few objects (let your builders know which
> ones) and viola! The theif is detained for a bit.
> Great idea sweets!...lol:)
>
>
|
Mar 15, 2004, 12:40am
heh ya, the cit pw encryption used to be the same as the op pw one, why they
just didn't change it when they changed the cit pw encryption (not to the
same thing:P) is beyond me
-
M
-
[View Quote]"johnf" <johnf at 3d-reality.com.no-spam-please> wrote in message
news:4054bcee at server1.Activeworlds.com...
> oh ROFL!
>
> I thought... im stupid.... you mean change it but not make it the same
as...
> ROFL!
>
> ~John
>
> "mod" <mod at darkbirdie.com> wrote in message
> news:4054785a$1 at server1.Activeworlds.com...
> old.
> that
> the
> back
> the
> actually
> priority
> I've
> do
>
>
|
Mar 15, 2004, 4:07am
god, it doesnt have a virus or anything.. scaredycat
[View Quote]carlbanks wrote:
> I deleted it and emptyed my trash before thinking about emailing it to
> abuse, I never looked at it.
>
> princess nerwen wrote:
>
|
Mar 15, 2004, 4:46am
got another one and it was said to have a avatar in it, not for me, sent
that to abuse too
[View Quote]"carlbanks" <carlbanks at triplehelix.info> wrote in message
news:4054546a$1 at server1.Activeworlds.com...
: I deleted it and emptyed my trash before thinking about emailing it to
: abuse, I never looked at it.
:
: princess nerwen wrote:
: > also sent it to abuse
: > "xelag" <xelag at digitalspace.com> wrote in message
: > news:1va7509jngk8l5n8scsmfor17k1m5p0j6i at 4ax.com...
: > :
: > :
: > : Let me rephrase: it is only the caretaker's business whether the
: > : password has been changed or not. In the case of another world
which
: > : appears in both lists, I know that the password had been changed
: > : recently, and that the password in the new list is the new one.
: > :
: > : Alex
: >
: >
|
Mar 15, 2004, 4:49am
well from what I understand, you can read them, and not have to be a
cit, but then I could have been misinformed
[View Quote]"ciena" <nikona at comcast.net> wrote in message
news:40549575$1 at server1.Activeworlds.com...
: yes i know but he got our email adresses from the NG's he had to be a
cit to
: send me an email from the ng
: "xelag" <xelag at digitalspace.com> wrote in message
: news:got850hgv0qdco2qrrd6nftaincn69v32j at 4ax.com...
: > Ciena, it does not need to be a cit. The only thing it needs is a
way
: > to find out the url of the OP (any AW browser cache will help), and
to
: > know/guess the name of objects/avatars (easily done by turning on
: > "print object errors in chat window", most worlds have objects with
: > errors). The rest is done thru the web. The thief will be much
: > obliged if commonly used objects, objects which can be found
: > unpassworded, are passworded in that particular OP. This makes the
: > task of cracking the password much easier. Also, one should never
: > password the avatars.dat or the SEQ files, because they can be found
: > unpassworded in the browser's cache. Even so... passwords can be
: > cracked.
: >
: > On 14 Mar 2004 07:21:38 -0500, "ciena" <nikona at comcast.net> wrote:
: >
: > >what about if everyone on that list that runs a bot in their world
get
: > >together and see if there is a common cit thats been in all those
worlds.
: > >can maybe narrow it down on who it might be. maybe from the last 3
: months?
: > >or at least the last month. anyone that u dont know that comes in
your
: > >world. It wont prove who it is but at least be a suspect. Any
thoughts on
: > >this idea?
: > >
: > >"johnf" <johnf at 3d-reality.com> wrote in message
: > >news:40543f07 at server1.Activeworlds.com...
: > >> One method to make that harder would be to have the script
connect to a
: > >bot
: > >> in global mode in the world, which tells the script if an IP is
: present...
: > >> though obviously this wouldn't stop people standing about in the
world
: > >> stealing objects.. it would stop others.
: > >>
: > >> ~John
: > >>
: > >> "xelag" <xelag at digitalspace.com> wrote in message
: > >> news:5gk750t9gssq1cjbgi8cgi1cr4kngqtlib at 4ax.com...
: > >> > well there are php coded object paths in the list. the point
is, php
: > >> > can only check if the referer (AW browser) is correct... and
the
: > >> > referer can be spoofed.
: > >> >
: > >> > On 13 Mar 2004 22:29:46 -0500, "lady murasaki"
: > >> > <Murasaki at murasaki3d.net> wrote:
: > >> >
: > >> > >Better protection would be php security scripting for the
paths.
: Even
: > >if
: > >> the
: > >> > >get ahold of the object password it makes it extremely
difficult to
: > >> download
: > >> > >files to take advantage of it. CodeWarrior wrote an excellent
script
: > >for
: > >> > >this.
: > >> > >
: > >> > >
: > >> > >"lady nighthawk" <dmurtagh27 at hotmail.com> wrote in message
: > >> > >news:4053c1ce at server1.Activeworlds.com...
: > >> > >> I didn't bother to change my pw from the last time, whatz
the
: point?
: > >> LOL
: > >> > >>
: > >> > >> LNH
: > >> > >>
: > >> > >>
: > >> > >> "xelag" <xelag at digitalspace.com> wrote in message
: > >> > >> news:bq8750tcsqp7f573tkjc5so747gbmslvig at 4ax.com...
: > >> > >> > World owners, I just received an email with a list of
worlds
: and
: > >> > >> > their object passwords, allegedely sent by Chritopher
Stevens (a
: > >new
: > >> M
: > >> > >> > A T T?). I have sent the full list to
abuse at activeworlds.com,
: here
: > >> > >> > are the names of the worlds:
: > >> > >> >
: > >> > >> > Mutation
: > >> > >> > AD&DRPG
: > >> > >> > AWTeen
: > >> > >> > America
: > >> > >> > Ashmore
: > >> > >> > England
: > >> > >> > FRANCE!
: > >> > >> > Amigos3
: > >> > >> > Olympe
: > >> > >> > Tarosaki
: > >> > >> > Legenda
: > >> > >> > brasil3d
: > >> > >> > FemZone
: > >> > >> > Taurius
: > >> > >> > AAWR
: > >> > >> > Russian
: > >> > >> > Spanish
: > >> > >> > Aeon
: > >> > >> > Vega
: > >> > >> >
: > >> > >> > I will only send the details to caretakers who can prove
they
: are
: > >> > >> > such.
: > >> > >> >
: > >> > >> > Alex
: > >> > >> >
: > >> > >>
: > >> > >>
: > >> > >
: > >> >
: > >>
: > >>
: > >
: >
:
:
|
Mar 15, 2004, 2:22pm
Unfortunately names can be changed as often as socks, underwear, or even
more often LOL. Best to get Cit#s and even then they may have more than one,
or may enter as a tourist ... in which case you need the IP addy ... even
better yet would be computer ID!
LNH
[View Quote]"ciena" <nikona at comcast.net> wrote in message
news:4054a494$1 at server1.Activeworlds.com...
> ooooh ok it was the AW in DLP that hacked my world there. I didnt know
there
> was 2 of them sorry.
> "alphabit phalpha" <alphabit2003(NOSPAM) at swbell.net> wrote in message
> news:40549c84 at server1.Activeworlds.com...
please
> accused
> this
way
to
> get
> your
> thoughts
connect
> to
is,
the
paths.
difficult
the
> worlds
> Stevens
> abuse at activeworlds.com,
> they
>
>
|
Mar 15, 2004, 2:24pm
HAHAHAHA ... gotta love that! *In with the top 20 of honored worlds*
LNH
[View Quote]"sweets" <stylecanin at hotmail.com> wrote in message
news:4054c392$1 at server1.Activeworlds.com...
> We at Taurius would like to thank the Academy for the award of top twenty
> (19??) worlds worth hacking. We accept this award with humility but
declare
> ourselves undeserving as 99% of our objects are unpassworded Mega objects
so
> cannot claim any prize for them. And as for that other 1% we are pleased
and
> amazed to be honoured with such acclaim. We only bothered passwording last
> month and look forward to repasswording everything again. We wish to thank
> our mentor and teacher (who wishes to remain nameless due to possible
> lawsuits LOL) and apologize to him and the thieves for any inconvenience
our
> badly made objects may cause or have caused due to our only starting very
> recently in this endeavour. Some of our objects cause enough lag to crash
> Windows, for this we apologize. One such object actually causes such a
> problem as to have made us have to format our computers. Some of our
objects
> seem to have some kind of hidden booby traps, for this we apologize. One
> such object causes AW browser to close down, also making it impossible to
> get close enough to the object to destroy it before crashing. If these
> objects are placed in your home world, you cannot even get into AW itself
> because you will crash before you can change your 'home' (you will have to
> uninstal AW and reinstal). A few techies and even AW cannot figure this
one
> out. Taurius is a very small world and we really do not know what were are
> doing or not doing with objects as use no programs except paper, pencils
and
> a big eraser but we walk now with pride knowing that our badly made
objects
> are worth stealing and can make it onto a list of top 20 worlds.
> We thank you
> sweets
> PS: We password to protect the public, not to protect our objects LMAO
>
>
|
Mar 15, 2004, 4:35pm
To give you all an impression how long it takes to decrypt a file or
find a password, I give you some numbers.
I post this since some people seem to think that the so-called "password
crackers" are some higher beings with abilties not from this world -
which they are not, it actually takes less of a brain that a script
kiddy would need...
This only applies to retrieving a password form a zip file when you have
the file, it does NOT apply to obtaining a password in the course of
transmission (eg. by listening to the server-client data exchange).
What I needed:
a) the zipped file - password protected
b) the zipped file - without password
Usually a potential attacker can easily obtain the second by buying an
object. Now he downloads the encrypted version from the developers OP
(which usually has the same name, or the name can be obtained somehow).
What I needed to do:
Run a zipcrack program (which can be easily obtained by buying or
leeching it).
Results:
- With a password of 9 characters or less, I needed 24s (SECONDS!) to
un-encrypt the password - leaving now the whole OP open for
all-you-can-download actions, a 10 character password took no longer
than 34s. (System: P4/3500 MHz)
Conclusion:
Passwords of 10 characters or less are unsafe to a degree that you can
as well not use a password at all, while longer password are not more
safe, but only less unsafe.
It would nt take me wonder when most worlds from the "cracked" passwords
list had only short passwords, which could be obtained literally in a
matter of seconds.
Suggestions:
1) NEVER encrypt any file on your OP that exists somewhere unencrypted
already. If it does, change the original (unzipped) file and add
something or remove something, so that it is NOT IDENTICAL anymore to an
unencrypted version. Note especially that avatars.dat, ALL sequences and
ALL sounds are ALWAYS unencrypted in the cache folder of the AW browser,
so encrypting any of these files is an open invitation to casual
password-snatchers.
2) NEVER use short passwords (not here and not in any other
environment), try to use whole sentences with words that are not in a
dictionary and add some non-letter-non-digit characters.
3) As a developer, NEVER give out any files that are identical to the
protected ones on your OP, always add or remove something from the
original file before sending it to a buyer. Change the file name, too,
to make it more difficult to obtain certain model names (to prevent easy
downloading of big numbers of files from the OP).
Comment:
The near practical impossibility of (1) makes, in fact, all password
attempts pointless, as does any public building with encrypted objects,
as does any building with encrypted objects with citizens whom you do
not trust 300+%.
Additional risks include password retrieval from the network traffic
and/or obtaining it from other flaws in the system.
I'd classify the whole protection system of objects as low grade at
maximum and generally not useable to ensure the protection of
copyrighted material - and, as I have posted before, every developer
should be (and is?) aware of that. And to add, I do not see any
convenient or practical method of protection that cannot be overrun;
there ARE safe methods, but they will impose a level of inconvenience
and unpracticability that are not really justified for this environment.
What good will it do when you can protect your material and nobody will
see it anymore since nobody wants to bear the burdens of running the
software then. And the same goes to sophisticaed methods of obscuring OP
and objects names - remember, these things SHALL be downloaded, and
everything that SHALL be downloaded, WILL be downloaded (whether in the
right and lawful way, or not).
The key here is to make people sensible and aware of the work involved
in creating things - many, especially the worldowners of respected
worlds, will pay the developers for designs they get, while there will
always be a number of (mostly casual worldowners) who will leech them
from whatever source and by whatever method. And there is no point in
trying to pursue them either, due to the practical law and cost
obstacles involved.
My point is that business will continue as usual, designers build mainly
for a handful of worldowners who buy their work (and are proud that they
bought it, after all, it shows also style and class to their visitors),
and some others (without style, class, and even not admired by more than
a few even less capable pals of theirs) will continue to leech what they
can get. C'est la vie - it won't destroy our hobby and it won't drive
away developers, as long as these developers do not try to make a living
out of their work, but see it as a nice, additional, not guaranteed,
income.
Mar 15, 2004, 5:01pm
Excellent advice and information!!! Thanx kf, for your time and effort to
teach others!
[View Quote]"kf" <none at junk.mail> wrote in message news:4055F6F1.42AB at junk.mail...
> To give you all an impression how long it takes to decrypt a file or
> find a password, I give you some numbers.
>
> I post this since some people seem to think that the so-called "password
> crackers" are some higher beings with abilties not from this world -
> which they are not, it actually takes less of a brain that a script
> kiddy would need...
>
> This only applies to retrieving a password form a zip file when you have
> the file, it does NOT apply to obtaining a password in the course of
> transmission (eg. by listening to the server-client data exchange).
>
> What I needed:
>
> a) the zipped file - password protected
> b) the zipped file - without password
>
> Usually a potential attacker can easily obtain the second by buying an
> object. Now he downloads the encrypted version from the developers OP
> (which usually has the same name, or the name can be obtained somehow).
>
> What I needed to do:
>
> Run a zipcrack program (which can be easily obtained by buying or
> leeching it).
>
> Results:
>
> - With a password of 9 characters or less, I needed 24s (SECONDS!) to
> un-encrypt the password - leaving now the whole OP open for
> all-you-can-download actions, a 10 character password took no longer
> than 34s. (System: P4/3500 MHz)
>
> Conclusion:
>
> Passwords of 10 characters or less are unsafe to a degree that you can
> as well not use a password at all, while longer password are not more
> safe, but only less unsafe.
>
> It would nt take me wonder when most worlds from the "cracked" passwords
> list had only short passwords, which could be obtained literally in a
> matter of seconds.
>
> Suggestions:
>
> 1) NEVER encrypt any file on your OP that exists somewhere unencrypted
> already. If it does, change the original (unzipped) file and add
> something or remove something, so that it is NOT IDENTICAL anymore to an
> unencrypted version. Note especially that avatars.dat, ALL sequences and
> ALL sounds are ALWAYS unencrypted in the cache folder of the AW browser,
> so encrypting any of these files is an open invitation to casual
> password-snatchers.
>
> 2) NEVER use short passwords (not here and not in any other
> environment), try to use whole sentences with words that are not in a
> dictionary and add some non-letter-non-digit characters.
>
> 3) As a developer, NEVER give out any files that are identical to the
> protected ones on your OP, always add or remove something from the
> original file before sending it to a buyer. Change the file name, too,
> to make it more difficult to obtain certain model names (to prevent easy
> downloading of big numbers of files from the OP).
>
> Comment:
>
> The near practical impossibility of (1) makes, in fact, all password
> attempts pointless, as does any public building with encrypted objects,
> as does any building with encrypted objects with citizens whom you do
> not trust 300+%.
>
> Additional risks include password retrieval from the network traffic
> and/or obtaining it from other flaws in the system.
>
> I'd classify the whole protection system of objects as low grade at
> maximum and generally not useable to ensure the protection of
> copyrighted material - and, as I have posted before, every developer
> should be (and is?) aware of that. And to add, I do not see any
> convenient or practical method of protection that cannot be overrun;
> there ARE safe methods, but they will impose a level of inconvenience
> and unpracticability that are not really justified for this environment.
> What good will it do when you can protect your material and nobody will
> see it anymore since nobody wants to bear the burdens of running the
> software then. And the same goes to sophisticaed methods of obscuring OP
> and objects names - remember, these things SHALL be downloaded, and
> everything that SHALL be downloaded, WILL be downloaded (whether in the
> right and lawful way, or not).
>
> The key here is to make people sensible and aware of the work involved
> in creating things - many, especially the worldowners of respected
> worlds, will pay the developers for designs they get, while there will
> always be a number of (mostly casual worldowners) who will leech them
> from whatever source and by whatever method. And there is no point in
> trying to pursue them either, due to the practical law and cost
> obstacles involved.
>
> My point is that business will continue as usual, designers build mainly
> for a handful of worldowners who buy their work (and are proud that they
> bought it, after all, it shows also style and class to their visitors),
> and some others (without style, class, and even not admired by more than
> a few even less capable pals of theirs) will continue to leech what they
> can get. C'est la vie - it won't destroy our hobby and it won't drive
> away developers, as long as these developers do not try to make a living
> out of their work, but see it as a nice, additional, not guaranteed,
> income.
|
Mar 15, 2004, 5:02pm
I didn't look at it because the title said OP passwords.
[View Quote]
> god, it doesnt have a virus or anything.. scaredycat
>
[View Quote]
Mar 15, 2004, 5:02pm
I got that email also which went right into my trash bin and I emptyed
my trash bin.
[View Quote]
> got another one and it was said to have a avatar in it, not for me, sent
> that to abuse too
[View Quote]> "carlbanks" <carlbanks at triplehelix.info> wrote in message
> news:4054546a$1 at server1.Activeworlds.com...
> : I deleted it and emptyed my trash before thinking about emailing it to
> : abuse, I never looked at it.
> :
> : princess nerwen wrote:
> : > also sent it to abuse
> : > "xelag" <xelag at digitalspace.com> wrote in message
> : > news:1va7509jngk8l5n8scsmfor17k1m5p0j6i at 4ax.com...
> : > :
> : > :
> : > : Let me rephrase: it is only the caretaker's business whether the
> : > : password has been changed or not. In the case of another world
> which
> : > : appears in both lists, I know that the password had been changed
> : > : recently, and that the password in the new list is the new one.
> : > :
> : > : Alex
> : >
> : >
>
>
|
|