1  |   Order by index

Aug 11, 2002, 11:42am

Due to recent events in the UK (such as the 2 girls that have been abducted after using the internet on a chat room) I think its
important that AW does its bit to help keep people secure, citizenships is pretty secure with a cit being able to block someone
pretty much forever, however for tourists its a little bit less so.

I think that to do our bit for security I propose a set of drastic measures.
- Browser ID: A key that is stored on the Active Worlds server but NOT accessible to anyone outside AWCorp that is a
individual key based on the browser type, and computer hardware but also does not give any information about the hardware itself.
This can be used to identify each user individually no matter what. AWC should also be able to ban people from worlds based on this
code if the world owner requests it.
- Fixed Tourists Name: Currently anyone can be impersonated by copying someone's tourist name, this must be fixed as its possibly
the worst security risk in AW. Even as tourists people should have the option to reserve a unique tourist ID that they can log on
with using a password that is kept valid as long as they are on at least once every 30 days, although AWCorp will inevitably presume
this will cut registrations, it will also dramatically increase security.
- Chat Training: Citizens and Tourists should be offered free training on AW regarding how to stay safe in chat rooms, no other chat
service offers this whatsoever, and it would be very good for publicity as well.

If we ever intend for Active Worlds to become the true forefront we must make sure even the tourists are safe, after all, im sure we
will all feel great if someone is lured to their death by someone on AW by manipulating tourist mode after we have been reassured it
was too much hard work.

I would like a responce from AWC on this 1, we already know that people like Flagg, Shamus and Kellie read the NG's and it would be
very much apreciated if we could have a public statement on this most serious of matters. Infact, I think that this outweighs
anything that AWC could put effort into at this time.

- Mark
- AWTeen Major Events, AWTeen Bots / Effects

Aug 11, 2002, 12:08pm

A 'browser ID' would be hard to figure. People already got pissed about the
computer ID when it was introduced. Also, what would be in this 'browser
ID'? Every serial number that your OS can get, you can change. I suppose
the only *true* secure ID on your computer would be your proc serial, but
most processors don't have software accessible serial numbers.

Proc ID: Few machines have them.
MAC Address: Very few people have them, buy a new NIC, you have a new one.
Can be changed.
GUID: Changes every restart.
HD Serial: Can be changed.
BIOS Serial: Reflashing your bios changes this.

There's nothing on current computers that could be 100% secure. The only
real way would be putting an EEPROM with its write fuse blown controlled
through a I2C/SMbus on the motherboard. Would be extremely cheap way to
tracking new generation motherboards. Sadly, very few people would purchase
these new generation mobos due to the serial number stored on their
hardware. Personally, I wouldn't.

-Joe


[View Quote]

Aug 11, 2002, 2:42pm

How about PHP download script on the browser that creates a individual browser key based on hardware?

[View Quote]

Aug 11, 2002, 3:42pm

All the hardware IDs and the like could be changed, so when they come on
next, the key is different.

-Joe

[View Quote]

Aug 11, 2002, 3:50pm

what about software IDS?
[View Quote]

Aug 11, 2002, 8:10pm

Software ids would be sooooo easy to change. Any person with a hex editor
could change your current hardware ID.

-Joe

[View Quote]

Aug 12, 2002, 2:15am

why the hell r little kids getting abducted all the timer? just have the
parents keep their stupid little brats inside and off the damn internet!!
they don't belong in chat rooms anyway if they're gonna misuse them by
giving out personel info...stupid idiots
[View Quote]

Aug 12, 2002, 2:16am

and dude...two tourists can not have the same name, lol
[View Quote]

Aug 12, 2002, 3:07am

Ok, lets convert this from TardSpeak to English.
[View Quote] [W]hy the hell [are] little kids getting abducted all the [time]? [J]ust
have the

> parents keep their stupid little brats inside and off the damn internet!!

parents keep their stupid little [kids] inside and off the damn internet!!

> they don't belong in chat rooms anyway if they're gonna misuse them by

[T]hey don't belong in chat rooms anyway if they're [goning] to misuse them
by (what are you doing on the internet then?)

> giving out personel info...stupid idiots

giving out personal information... Stuipd idiots.

Wow, your poor grasp of the english language makes me rench up my guts. I
mean, really. What are you doing on the computer when you speak at the
level of a second grader and spell much worse. If you tell people not to
use the net when they're kids, why the hell are you on it? Were you born
retarded or did you work at it?

-Joe


[View Quote]

Aug 12, 2002, 3:09am

Read before you spout. Once one tourists session expires, anyone can come
on with his name.

-Joe

[View Quote] TardToEnglish: Dude, two tourists can't have the same name,
LOLOLFROROFLOLOL!!!

Dolt...

[View Quote]

Aug 12, 2002, 3:27am

[View Quote] gee, I hope you're next...

Aug 12, 2002, 3:55pm

When I create various files that need to make sure they are none distributable I ask the person its for for to run a program on their computer which takes their HD serial, Reg version etc and creates a 20 - 50 byte long number which they then give me. I then use another proggy to change that number into an encrypted script, I then hardcode the encryption string into the program + the internal version of the number generater and encoder. The bot then creates the new string and compares em, if they are not the same the product self corrupts or just wont work.

The idea is if a script could be made to compile into the browser on download based on Hardware info that will be deleted after the key is made. It could be worked into the browser if done right (I have no idea how to get a script to create individual browsers) and not many people are going to go changing their hardware settings every day.

-Mark

[View Quote]

Aug 12, 2002, 4:28pm

You can change one assembly instruction and bypass that. Just change the "jump to X only if the following is true" instruction into
"jump to X" and your "protection" is defeated.

-Agent1

[View Quote]

Aug 12, 2002, 5:00pm

Encrypted functions and encrypted source code, how the heck are they meant to find and defeat that? I mean it would stop most people, obviously not the major hackers

[View Quote]

Aug 12, 2002, 7:45pm

[View Quote] What are you talking about? Just because the source is encrypted, doesn't mean they can't just hex edit the binary.

> I mean it would stop most people, obviously not the major hackers

It doesn't even take a "major hacker" to do this - just look up a couple of assembly instructions and change one for another.

-Agent1

Aug 15, 2002, 7:00pm

O_O


[View Quote]

Aug 17, 2002, 6:36am

*Shrug* if that's his attitude I don't see why not, he obviously is completely oblivious to the fact that most these kids actually end up dead, maybe if he ended up the same way he might learn a bit of appreciation for the fact in the few millions of a second before he was brain dead.

-Mark
-Don't think me cruel, im just the messenger

[View Quote]

1  |   Order by index