1  |   Order by index

Mar 14, 2004, 11:16pm

Just got another stupid email from with an attachment..may not want to
download it. The script kiddy probably attached a virus, and even if its not
a virus, its disrespectful to the avatars creator to download the avatar
mentioned:

Tsk Tsk Tsk. You all had to brag in the Newsgroups about the PHP Scripts and
pretty muched beg us to show you that even PHP Scripts are not helpful. And
to prove that...we ripped Lady Mur's new $50 Leprachaun Avatar even though
its supposed to be protected by CodeWarrior's "1337" PHP Script. Sorry AW,
You Lose!

So Consider The Avatar Included In The Attachment An Early St. Patrick's Day
Gift From Your Favorite Eastern Europe Hacker, Chris Stevens.

~The Death Squad~

Mar 14, 2004, 11:17pm

*from matt possibly according to AWI

[View Quote]

Mar 14, 2004, 11:42pm

I'm real sorry for Lady Murasaki. Your AV that you just created is now
spammed out.

--

Signed,
TheMask

:: Owner of Delusional-Minds Hosting ::
Free world hosting.. Just a T-Gram will do it.

http://www.delusional-minds.com

[View Quote]

Mar 14, 2004, 11:51pm

I added the email address of the person (Christopher Stevens) to MSN...they
were offline, and coincidently, are an "unknown member" with no profile. M a
t t however, was on his MSN account at the time that email went out. With a
common name like "Christopher Stevens" and an account that looks like it was
registetered with the sole intentions to harass people annonymously, it
wouldn't surprise me if that's just one of Matt's decoy accounts

[View Quote]

Mar 14, 2004, 11:52pm

and meh at all my typos. Ive been up since friday -____-

[View Quote]

Mar 15, 2004, 12:16am

Nope, doesn't look like there's any virus included in that.

It seems to be the actual rwx file complete with all the textures.

-Jeremy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeremy Booker - Owner / Webmaster
JTech Web Systems
www.JTechWebSystems.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Therefore do not worry about tomorrow, for tomorrow will worry about
itself. Each day has enough trouble of its own." -Mathew 5:34




[View Quote]

Mar 15, 2004, 12:25am

[View Quote] > Just got another stupid email from with an attachment..may not want to
> download it. The script kiddy probably attached a virus, and even if its not
> a virus, its disrespectful to the avatars creator to download the avatar
> mentioned:
>
> Tsk Tsk Tsk. You all had to brag in the Newsgroups about the PHP Scripts and
> pretty muched beg us to show you that even PHP Scripts are not helpful. And
> to prove that...we ripped Lady Mur's new $50 Leprachaun Avatar even though
> its supposed to be protected by CodeWarrior's "1337" PHP Script. Sorry AW,
> You Lose!
>
> So Consider The Avatar Included In The Attachment An Early St. Patrick's Day
> Gift From Your Favorite Eastern Europe Hacker, Chris Stevens.
>
> ~The Death Squad~
>
>
>

Folks! All those emails are useless for any forensic action without the full header!
Post them please (use the "View Message Source" option of you mail client).

Thanks,
--
Andras
"It's MY computer" (tm Steve Gibson)

Mar 15, 2004, 12:42am

From : Christopher Stevens <christopher_stevens1 at hotmail.com>
Sent : Monday, March 15, 2004 1:09 AM
To : admin at rdescape.co.uk, alex at virtual-studios.net,
alphabit2003 at swbell.net, baronjutter at shaw.ca, carlbanks at triplehelix.info,
dmmercury at houston.rr.com, ironhead at digitalpassage.com, jennifer755 at cox.net,
JerMe at nc.rr.com, john1018 at comcast.net, kfoerst at sbcglobal.net,
majmatrixx at excite.com, maki at awmaki.com, matt_scriven195 at hotmail.com,
nikona at comcast.net, richard.lazenby1 at ntlworld.com, ricky at whaletech.net,
startrek3 at earthlink.net, tartsugar at comcast.net, temp1 at floridawolf.com,
thelady263414 at hotmail.com, toastersarecool at hotmail.com, twisti at charter.net,
xelag at digitalspace.com
Subject : Active Worlds Objects Not Safe Evern With PHP Scripts,
Sorry (NOT)

Attachment : RippedMurasakiAV.zip (162 KB)

I already forwarded it to abuse

[View Quote]

Mar 15, 2004, 1:24am

Return-Path: <christopher_stevens1 at hotmail.com>
Delivered-To: 2-ricky at whaletech.net
Received: (qmail 19480 invoked from network); 13 Mar 2004 23:35:10 -0000
Received: from bay9-f47.bay9.hotmail.com (HELO hotmail.com) (64.4.47.47)
by air391.startdedicated.com with SMTP; 13 Mar 2004 23:35:10 -0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Sat, 13 Mar 2004 15:36:53 -0800
Received: from 67.27.63.25 by by9fd.bay9.hotmail.msn.com with HTTP;
Sat, 13 Mar 2004 23:36:52 GMT
X-Originating-IP: [67.27.63.25]
X-Originating-Email: [christopher_stevens1 at hotmail.com]
X-Sender: christopher_stevens1 at hotmail.com
From: "Christopher Stevens" <christopher_stevens1 at hotmail.com>
To: alex at virtual-studios.net, admin at rdescape.co.uk, alphabit2003 at swbell.net,
baronjutter at shaw.ca, carlbanks at triplehelix.info,
clikclikboom2828 at hotmail.com, dmmercury at houston.rr.com,
ironhead at digitalpassage.com, jennifer755 at cox.net, JerMe at nc.rr.com,
john1018 at comcast.net, kfoerst at sbcglobal.net, majmatrixx at excite.com,
maki at awmaki.com, matt_scriven195 at hotmail.com, nikona at comcast.net,
richard.lazenby1 at ntlworld.com, ricky at whaletech.net, startrek3 at earthlink.net,
tartsugar at comcast.net, temp1 at floridawolf.com, thelady263414 at hotmail.com,
toastersarecool at hotmail.com, twisti at charter.net, xelag at digitalspace.com
Bcc:
Subject: Here Ya Go, More Active Worlds Object Passwords! From: The Death
Squad
Date: Sat, 13 Mar 2004 18:36:52 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY9-F47wrTeiHA925l0008d7eb at hotmail.com>
X-OriginalArrivalTime: 13 Mar 2004 23:36:53.0513 (UTC)
FILETIME=[10B09F90:01C40954]



--

Signed,
TheMask

:: Owner of Delusional-Minds Hosting ::
Free world hosting.. Just a T-Gram will do it.

http://www.delusional-minds.com

[View Quote]

Mar 15, 2004, 1:40am

I just noticed something somewhat strange...the person sending these emails
knew to email me at my hotmail account (couldnt be more specific with the
header due to that) rather then my yahoo account which is registered with
the NGs...so I doubt theyre getting all their email addys from the NGs. Why
they're emailing the people they do, makes no sense whatsoever

Mar 15, 2004, 2:26am

The person doing this is herself an arsehole. Whether she is
eventually caught and punished, is a matter to be seen. But one thing
is without doubt, she's an arsehole and stinks. Let's call her
MATTRESS, she seems to hate MATT :)

Alex

PS: she = he, can't be bothered to specify, so I just flipped a die.

PPS: she might even hate being called she!

On 14 Mar 2004 20:16:44 -0500, "alaskanshadow"
[View Quote] >Just got another stupid email from with an attachment..may not want to
>download it. The script kiddy probably attached a virus, and even if its not
>a virus, its disrespectful to the avatars creator to download the avatar
>mentioned:
>
>Tsk Tsk Tsk. You all had to brag in the Newsgroups about the PHP Scripts and
>pretty muched beg us to show you that even PHP Scripts are not helpful. And
>to prove that...we ripped Lady Mur's new $50 Leprachaun Avatar even though
>its supposed to be protected by CodeWarrior's "1337" PHP Script. Sorry AW,
>You Lose!
>
>So Consider The Avatar Included In The Attachment An Early St. Patrick's Day
>Gift From Your Favorite Eastern Europe Hacker, Chris Stevens.
>
>~The Death Squad~
>
>

Mar 15, 2004, 10:00am

and
And
Day

It's important to note that this person had to email the avatar to
everyone. Simply giving out the password to Lady M's OP was
not sufficient as it would have been in the past.

Giving out passwords is no longer sufficient to cripple someones
ability to protect their intellectual property. Someone will have
to go into the business of obtaining, hosting and distributing the
illegal files if they want to be taken seriously as a 'threat'

Can you see these kind of people in future emailing everyone
*all* of the files from *all* of the paths? If everyones path
were protected with some level of scripting so that only
hackers have the ability to obtain the files, then the hackers
will have to do a lot more work, spend a lot more bandwidth
actually stealing and distributing the files than they do now by
simply emailing everyone a list of passwords.

With server side security, the game is changed. In the old days,
cowards used to give out passwords, and reasonably honest people
used to go and help themselves, or simply hijack the OP path
completely and use it directly in their own worlds.

Now, even if you know someones password, you still have to
get your hands dirty obtaining the content. You used to be able
to just help yourself to the goodies... now you have to pick the
lock to get at the stuff, and 99% of the people who *might* take
the stuff if it is just sitting there won't have a clue how to do that.

They have proven that "PHP scripts are helpful". They sent out a
list of passwords, and a lot of people are capable of going to those
peoples paths, downloading the files with an ordinary web browser,
and unpacking and using the contents. Since the files from most
OPs can be obtained by simply going there with a normal browser,
it is difficult to enforce any sort of concept of said files not
being intended for public availability.

But they had to actually go and get Lady M's avatar and email it
to everyone because they know that very few people will be capable
of going and getting it themselves. Lady M finds that helpful, and
it's not their place to decide what she finds helpful.

And they should quit pretending that this is somehow between them
and AW. They are not doing any harm to AW, they are harming nice
people who have kids and who struggle to put a little extra bread on the
table now and then. There is no nobility in what they do to these
people. They are no better than street thugs who mug old ladies
for their Bingo money, and at least street thugs have the balls to look
their victims in the eye when they rob them.

But thanks to their publicity, I had three people email me to enquire
about protecting their OP paths.

And Lady M also informs me that she has never had so many people
inquire about purchasing an avatar until this latest blatant attempt
at poisoning commerce within the AW community.

Mar 15, 2004, 4:56pm

Went into my trash and my trash was empyted.

[View Quote]

Mar 15, 2004, 6:15pm

It's not *that* hard to "get the goods" as you put it...

All you need is a facility whereby you can form your own http headers
(specificly the user-agent header). A normal browser can't do this. PHP
can... Given a little inginuity, I'm sure you could turn the PHP script
on itself, so to speak. Use a PHP script to form a request for the
files, setting the user-agent header as needed, and submit that request
to the all holy PHP path script.

The problem is we can only check the user-agent header, which can be
spoofed as described above.

What we need is some from of authorization between the activeworlds
server and the web server. The web server needs to be able to verify
that any given request is coming from an AW browser, and not any other
program. A possible way to impliment this could be a version of the AW
server that interfaces with the webserver though an Apache module. This
would allow the server to work out a simple challenge/response system.
The browser get "session-id" of sorts from the aw server, and then
submits that with each request to the web server. The webserver can
verify this though its awserver module and decide whether it should
allow access to the file or not. The session-id would have to be
encrypted in some form or fassions to prevent sniffing, and would have
to change with *every* request to the server.

That's only half the story though... A system somewhat like what is
described above has a sole purpose of insuring that only a AW browser
can download the files. Eventully, the files have to be stored
somewhere on the local system for the purpose of caching. To combat this
threat, strong encrypting (128 bit) with public/private keys and pass
phrases should be used. This would mean, without being able to intercept
a key, it would take hours upon hours of brute force hacking time to
unzip the file (as opposed to several minutes, or just seconds now). So,
if someone did in fact get a hold of the OP files, they still couldn't
open or use them without a lot more effoft.

-Jeremy



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeremy Booker - Owner / Webmaster
JTech Web Systems
www.JTechWebSystems.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Therefore do not worry about tomorrow, for tomorrow will worry about
itself. Each day has enough trouble of its own." -Mathew 5:34




[View Quote]

Mar 15, 2004, 6:41pm

Well, what you describe is not the open AW approach anymore, but a
proprietary system, like others have, too.

And for such, you would not write modules to plug them into a webserver
- in fact, you would not even need a webserver anymore but can set up a
simple fileserver using a proprietary protocol.

Encoding is also not necessary when you implement a proprietary storing
format (you even cann add then knicknacks like watermarking, etc.) and
add a program through which objects, mp3, jpgs, etc. will be converted
into this format.

I am not sure, if I want this <g> - or better, I am sure I do not want
it, since the open and simple approach of AW is one of its strongest
points. AW was not meant to be a proprietary system with increased
support for copyright protection.

Why not make it really perfect and give each developer a unique key, let
them sign each sold item too and put it all on an authentication server
that keeps track how often, when and by whom it was accessed, and, at
the end of the month, writes a bill for license fees - would be fair,
secure ... and like many other things in these days, like shooting with
a cannon on a fly. :-)




[View Quote]

Mar 15, 2004, 7:29pm

Well if you think it is that simple, who am I to argue.

But you have proved my point. Most people don't have a clue
how to write a PHP script to do what you describe.

And you obviously haven't actually done it since it
won't work.

[View Quote]

Mar 15, 2004, 8:13pm

> And you obviously haven't actually done it since it
> won't work.

....Don't challenge me... :-)

-Jeremy



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jeremy Booker - Owner / Webmaster
JTech Web Systems
www.JTechWebSystems.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Therefore do not worry about tomorrow, for tomorrow will worry about
itself. Each day has enough trouble of its own." -Mathew 5:34




[View Quote]

Mar 15, 2004, 9:21pm

Codewarrior I just got this today, read below this is a Citname Kate,
direct from Starfleet with the IP I posted for him, and also for
Jupiter. Take note, this person is still MATT 2.3ax, lets tell them AWI
to delete this account, and ban this person from ALL reading and or
posting, plus getting onto AW. Votes FBI NSA and more. Posting this on
the FBI site is a bit

[View Quote] How to download objects/textures from "secured" object paths .
______________________________________________________________

Eat Your Words CodeWarrior:

First of all download Getright at www.getright.com.
Now the files are protected by an user agent, and a optional by a
referer, i
wont
spend time explaining that, but its something sent by the AW browser to
verify its
a real browser and allowed to download these files.
Its very easy to spoof this, in other words, pretending to be the AW
browser.

We open the programm getright and go to the getrigth configuration in
the
tool menu.
here we go to the protocol settings found in the menu on your left under
Advanced.
First of all We enter the user agent which is
"ActiveWorlds/3.40 (498)". Don't include the parentheses.
Then we select "send referer in http requests" and select also "none
except
Getrights...."
After this we press the "Special "referer values" button. We will use
the LM
avatar as
example for this, so in the serverbox we enter "murasaki3d.net" since
thats
the domain name,
always enter those without the "www" part. In the refererbox we enter
"aw://64.94.241.250:5670/jade"
where jade is the worldname and has to be written in lower case.We press
"add" and then "ok".
We are all set now, and download the avatar. We go to the menu file,
select
new url to download,
and enter the following url to download
"http://murasaki3d.net/ideajuice/opfetch.php?jade&/avatars/m3d_leprachau
nav.zip".
Note: Don't leave out Http:// or the download will not start.
After we have it downloaded, we unzip it with the op pw
"f8767U31c897k19007Y86o97u" and then you have a $50 avatar
for free along with any other models, avatars, or textures that you want
from any Object Path anywhere.


~The Romanian Death Squad~

------------------------------
< Open Note To CodeWarrior >

Well, now its not just us who
know how to rip stuff off of
a "protected" Object Path. It
is now public. Go ahead and try
something else so you can be
publicly ridiculed again you
sorry excuse for a PHP scripter.

Nothing Is SAFE, Get Over It
------------------------------

_________________________________________________________________
Frustrated with dial-up? Lightning-fast Internet access for as low as
$29.95/month. http://click.atdmt.com/AVE/go/onm00200360ave/direct/01/

Mar 15, 2004, 10:20pm

I just sent princess nerwen a couple of emails. I think that we have
to be very careful not to publish this arsehole's emails here, and
that is exactly what she has done, including Lady Murasaki's password.
LM may have changed it or not, but that is not our business. I know
princess nerwen did not mean harm, but still, we need to use our
brains carefully. Please DO NOT post the contents of this sort of
email here, you are just doing exactly what the culprit wants.

Alex

On 15 Mar 2004 18:21:34 -0500, "princess nerwen" <jennifer755 at cox.net>
[View Quote] >Codewarrior I just got this today, read below this is a Citname Kate,
>direct from Starfleet with the IP I posted for him, and also for
>Jupiter. Take note, this person is still MATT 2.3ax, lets tell them AWI
>to delete this account, and ban this person from ALL reading and or
>posting, plus getting onto AW. Votes FBI NSA and more. Posting this on
>the FBI site is a bit
>
[View Quote]

Mar 16, 2004, 4:37am

I agree. Posting every email that that moron sends you is just adding
to his idiotic games. He just wants the attention, don't give it to him.

[View Quote]

Mar 21, 2004, 4:20pm

Mozilla can with a plugin.

[View Quote]

1  |   Order by index