ThreadBoard ArchivesSite FeaturesActiveworlds SupportHistoric Archives |
Please read / AW HACKED (General Discussion)
Please read / AW HACKED // General DiscussionbaronJul 13, 2003, 5:52pm
In article <3f11b745$1 at server1.Activeworlds.com>, tony at homeunix.uni.cc says...
[View Quote] That's why you have su in *nix, runas in Windows. You don't need to write in MS Word as administrator. -- ../B bowenJul 13, 2003, 5:52pm
[View Quote]
Things like bash and gcc, yeah. ;)
Totally the opposite with windows. It's made me log in as administrator to install things that really shouldn't need it. I think it might've been AIM. At that point I said "hah, I guess I'll just stay administrator." -- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu bowenJul 13, 2003, 5:53pm
[View Quote]
What if you're not the administrator of the box?
-- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu baronJul 13, 2003, 6:02pm
In article <3f11b8c7$1 at server1.Activeworlds.com>, Bowen at andras.net says...
[View Quote] One of us has missed the point, lets start again :) You don't have to be logged on as a privileged user in any OS for 98% of the tasks a normal user performs, you can use su or runas to temporarily gain privileges for administrative tasks. If you mean not having the root or admin password then tough luck, you can't perform administrative tasks...check with your admin. -- ../B bowenJul 13, 2003, 6:03pm
[View Quote]
And if the admin is not available?
-- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu baronJul 13, 2003, 6:10pm
In article <3f11bb1f$1 at server1.Activeworlds.com>, Bowen at andras.net says...
[View Quote] Contact him using phone, e-mail, shout, smoke signs, message in a bottle, pigeons. The point is if you don't have the root pass you are not authorized to do tasks that require it...c'est la vie. If you ever administer a corporate network feel free to give the domain admin password to the secretaries so that they can install ICQ because the group policy restricts it :) -- ../B themaskJul 13, 2003, 6:16pm
Bah M a t t can't do a thing but harrass. He's just another newb using
programs with exploits that his friends probally used. mike zimmerJul 13, 2003, 6:33pm
bowenJul 13, 2003, 6:34pm
[View Quote]
There's webicq. AIMexpress is a little weird.
-- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu pc hamsterJul 13, 2003, 7:17pm
Hi everyone:
[View Quote] Boy, is THIS a contradictory statement OR WHAT??? That's just like victims of domestic violence telling the police every time they're summoned "my boyfriend beats me up, but I still love him".just as they're putting the boyfriend in handcuffs and about to stuff him in the squad car. PC Hamster --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.491 / Virus Database: 290 - Release Date: 6/18/2003 imagineJul 13, 2003, 7:21pm
You guys make useing a bot sound scarry. I am one of those people who knows
nothing aobut a bot except for how to turn it on and say go. I may never turn on my bot again lol Imagine [View Quote] agent1Jul 13, 2003, 8:30pm
[View Quote]
I'm not an expert with the WinNT branch of Windows, but that's probably because the install program had to write to the registry and to the Program Files directory. Requiring administrator privileges to modify system components is a good idea, not a bad one. If you want to run the program after that, you should do it with a non-administrator account.
-- -Agent1 tony mJul 13, 2003, 9:01pm
[View Quote]
> Totally the opposite with windows. It's made me log in as administrator to install things that really shouldn't need it. I think it might've been AIM. At that point I said "hah, I guess I'll just stay administrator."
This is why the RunAs service exists :) I have never logged into Administrator in months; anything that required admin goes through RunAs (I have shortcuts on my desktop to control panels that invoke RunAs) goober kingJul 13, 2003, 9:29pm
You know the argument is getting ridiculous when you're arguing over a
hypothetical situation. Bowen, do you think that, just once, you could actually argue about the topic at hand, instead of trying to divert it in ten different directions (i.e. admin availability, ICQ installation, etc)? :P [View Quote] [View Quote] -- Goober King Arguing over futility awnews at awnews.org ferruccioJul 14, 2003, 12:56am
ZARU has confronted me as well, trying to get me to join this group. Kol is
the apparent "leader" and the gang is called "P r D o". pretty much useless info, but I have kol and ZARU joining me a lot talking about it amongst eachother. baronJul 14, 2003, 2:35am
In article <3f11cd58 at server1.Activeworlds.com>, imagines at joimail.com says...
> You guys make useing a bot sound scarry. I am one of those people who knows > nothing aobut a bot except for how to turn it on and say go. I may never > turn on my bot again lol > > Imagine > You don't need to be scared, you need to be cautious. If you use common sense and run only trusted programs you should be fine. I disagree that if you have technical knowledge you can handle unknown programs; maybe you can, maybe you can't...depends on the programmer's skills to hide malicious content. Even an advanced user can overlook malicious behavior because it's a simple fact, code can do *anything* on computers. Trust is an issue too, who can you trust? Let's not forget a couple years back when someone earned the community's trust with a text to speech program only to release a password stealing bot a couple weeks later. -- ../B bowenJul 14, 2003, 3:18am
[View Quote]
ICQ installation was brought up by Baron, talk to him. Admin
availablity fits right into the argument of windows program installation. Which then fits, like a glove, into this "AW HACKED" issue. Ding dong, the witch is dead. -- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu bowenJul 14, 2003, 3:21am
[View Quote]
Non-admins can write to the registery as far as I'm aware. Deleting is
another issue (I think you can set rights for that sort of thing). As for keeping required system components in program files... that's a stupid idea. :-\ Maybe something more along the lines of C:\windows\shell\ would be more in order for programs windows requires. This would then allow non-administrators to install programs. There's also something that should be quite like that personal firewall (forget it's name) that pops up authorization for programs to open up ports (thus allowing people better control over things that might be viruses... and things that shouldn't contact hosts on the internet.). I don't know, those seem like better measures for allowing the system to be more secure while allowing normal users a little bit more leeway. -- --Bowen-- No of SETI units returned: 27 Processing time: 22 days, 8 hours. (Total hours: 536) www.setiathome.ssl.berkeley.edu strike rapierJul 14, 2003, 4:08am
Your right of course, these bots do sound scary, but then again the same
goes for any program you use, anything you download and any Macros that you run on your computer... People need to, and most do, that operating systems do not posses the intelligence needed to do things like detect viruses etc. Some good anti-virus programs have the 'bloodhound' feature which looks for pieces of code that could be a virus or trojan, by looking though the binary data of a file before it is run and looking for things like DLL references (for things like Kernel32.dll Keyloggers), but allot of systems don't have this... As for bots in AW, you have to be very careful due to 1 fact, unless your bot happens to be running though a certain illegal program with logging set to full, you have absolutly no idea what a program is doing under normal situations, some you can run in dissasebmly and see certain calls, like wipe all objects __aw_imp type things... But thats not always the case, how do you know the bot isnt going to appear in some random part of a public world with its name as your priv? (Hint: Use special characters) or just pop into the hackers world instead and say the password out loud? Oh, and don't forget that almight bollocks up, the programmer accidenly adding using the privilege password string for something like bot name, world, etc). But seriously, if your careful you won't have this problem. Bots like Xelagot, Preston, Magsbot, Chazbot, ChatRelayBot etc are all perfectly safe as far as anyone can work out, and their owners are trusted people who put their bots on trusted websites. Some people have to take risks with things like Beta bots, but they have to accept they may have problems with the bot.... Just remember, be a paranoid and you stand a better change (I run 3 firewalls, 1 encrypted proxy, 2 pieces of Anti-Virus with auto update every 6 hours, packet sniffers, decompilers, cyphered disks, always-on Windows Update etc) and I still don't think im 100% safe, on the other hand if you use say Windows straight out the box you might as well take a sledge hammer to your Hard Disk's). Anyway, im sure I've scared you enough, just be careful :) - Mark [View Quote] goober kingJul 14, 2003, 9:06am
No, actually it doesn't. Baron only mentioned ICQ as a joke, and he even
said that OSes have nothing to do with the conversation in a previous post. The topic was about malicious bots and what AWI can do to stop them, not about Windows admin privileges, installing ICQ, or any of that crap. But that's all beside the point. My point is you do this all the time, picking up on some innocuous tidbit and running with it. Just yesterday, I left for a few hours, came back to the NGs and found 40-some-odd new messages in here, and about half of them were you and Baron going back and forth about crap. Oh, and Baron, stop encouraging him. :P [View Quote] [View Quote] -- Goober King Stick to the point awnews at awnews.org zerge aka rexoryJul 14, 2003, 2:33pm
sad thing it happen , but before blaming a bot or keylogger , i would make
sure your friends dont give out the ppw on purpose katerineJul 14, 2003, 3:11pm
I don't know how to say it to be heard but no untrustable bots were used on
Gala. I had doubt about 2 bots I didn't know much about, competent people made tests (I thank them for that) and they found no backdoor and nothing was sent via these bots. For the rest, I might be french but I am not completely stupid : we are only two to know the password and we didn't give it away. Both the owner and my computer are pretty safe, never had viruses or trojan or things like that. So, the "bot theory" is to exlude and the "user error" theory is to exclude as well. "zerge aka rexory" <erik.faes1 at pandora.be> a écrit news:3f12db47$1 at server1.Activeworlds.com: > sad thing it happen , but before blaming a bot or keylogger , i would > make sure your friends dont give out the ppw on purpose > > bowenJul 14, 2003, 3:13pm
[View Quote]
If you don't like it, why are you continuing it? Filter me for goodness
sake. -- --Bowen-- No of SETI units returned: 30 Processing time: 23 days, 18 hours. (Total hours: 570) www.setiathome.ssl.berkeley.edu zerge aka rexoryJul 14, 2003, 3:27pm
some guy called arcior gave it to matt on msn , and i know thta for sure ,
how do you know for sure it didnt , and you think you know how it happend ? and french doesnt make you stupid , i am belgian , cant be worse :) weizerJul 14, 2003, 3:43pm
Isn't it Alcior ? The guy who owns "FRANCE!" ? I thinks its other nickname
is AgentSmith. "zerge aka rexory" <erik.faes1 at pandora.be> a écrit dans le message de news: 3f12e7e4 at server1.Activeworlds.com... > some guy called arcior gave it to matt on msn , and i know thta for sure , > how do you know for sure it didnt , and you think you know how it happend ? > and french doesnt make you stupid , i am belgian , cant be worse :) > > modJul 14, 2003, 3:55pm
Ok guys I read these ngs and just HAD to respond to this thread, because
frankly Strike Rapier was the closest to getting what actually happened here correct. It was in fact the Tunnel bug in the world server that was used to take over Gala. Also, Sleepy E isn't the only one who knows how to do it, there are a few others :P.(anyone who really wanted to know how would find so in the differences in the world servers after the tunnel bug was fixed, 'nuff said) Anyways to give a basic overview basically what happened was the culprits used an application to connect to the ip/port hosting the world server, and it pretty much bumped the hoster out of control of it. From here you can do a variety of things since technically you are hosting the world ;-). One of these things is load a propdump, which happened in this case. To the world owner of Gala. Make sure you are using the latest build of the world server. The reason why this world was targeted is because whoever was hosting it, was running an older version of the world server where the tunnel bug still hasn't been fixed. There are quite a few people out there who still aren't upgrading the world server. Anyways. M A T T doesn't have the capability to do this, it wasn't him, trust me. Open your eyes people :) take a look at the obvious before assuming M A T T does everything, he is not capable of doing anything significant in AW. He just uses cheap tricks. Tunneling is way above his level. So to the world owner of Gala take a look at your world logs, you will be able to tell that control was taken over from the world in there :) Also take a look at the brief moment the world went WFS, that was when it happened. I just figured I would set you guys straight on what happened :) -Cheers Mod [View Quote] binarybudJul 14, 2003, 3:59pm
zerge aka rexoryJul 14, 2003, 4:11pm
omg mod you evil hacker you :) , btw , i heard a wholegalaxy was deleted
that way last week ! katerineJul 14, 2003, 4:19pm
Gala is running on the latest server since the day that server went out.
|