1  2  3  |   Order by index

Jul 14, 2003, 4:29pm

The world is a 3.4 build 56, binding to a non-default port.
The bug is present in this version ?

It was part of the Beta test program and has always been updated the same
day a new worldserver version became available, up to the current version.


"mod" <mod at darkbirdie.com> wrote in
news:3f12ee85$1 at server1.Activeworlds.com:

> Ok guys I read these ngs and just HAD to respond to this thread,
> because frankly Strike Rapier was the closest to getting what actually
> happened here correct. It was in fact the Tunnel bug in the world
> server that was used to take over Gala. Also, Sleepy E isn't the only
> one who knows how to do it, there are a few others :P.(anyone who
> really wanted to know how would find so in the differences in the world
> servers after the tunnel bug was fixed, 'nuff said) Anyways to give a
> basic overview basically what happened was the culprits used an
> application to connect to the ip/port hosting the world server, and it
> pretty much bumped the hoster out of control of it. From here you can
> do a variety of things since technically you are hosting the world ;-).
> One of these things is load a propdump, which happened in this case. To
> the world owner of Gala. Make sure you are using the latest build of
> the world server. The reason why this world was targeted is because
> whoever was hosting it, was running an older version of the world
> server where the tunnel bug still hasn't been fixed. There are quite a
> few people out there who still aren't upgrading the world server.
> Anyways. M A T T doesn't have the capability to do this, it wasn't him,
> trust me. Open your eyes people :) take a look at the obvious before
> assuming M A T T does everything, he is not capable of doing anything
> significant in AW. He just uses cheap tricks. Tunneling is way above
> his level. So to the world owner of Gala take a look at your world
> logs, you will be able to tell that control was taken over from the
> world in there :) Also take a look at the brief moment the world went
> WFS, that was when it happened. I just figured I would set you guys
> straight on what happened :)
>
> -Cheers
> Mod

Jul 14, 2003, 4:31pm

dont tell me it can be done on build 56 also :O

Jul 14, 2003, 4:32pm

Which 1 was that?

Kewl! Lol!

~John

[View Quote]

Jul 14, 2003, 5:29pm

On 14 Jul 2003 13:27:00 -0400, "zerge aka rexory"
[View Quote] >some guy called arcior gave it to matt on msn , and i know thta for sure ,
>how do you know for sure it didnt , and you think you know how it happend ?
>and french doesnt make you stupid , i am belgian , cant be worse :)
>


wow, ik ben frans en nederlander... in frankrijk hebben we
zwitsermoppen, in nederland belgenmoppen :)

non, la stupidité n'est pas la proprieté exclusive d'un peuple!

Alex

Jul 14, 2003, 5:43pm

Your guesses are wrong in my opinion. Gala has the latest world
server, and the bot that entered the world and did the mischief was
wearing the privilege cit and password of the caretaker.
Simultaneously with that bot, a load of tourists entered... possibly
already warned and prepared for the "fun". A xelagot was there
invisible at the time, and clearly recorded the privilege citizen
number of the mischievous bot.... and all the chat. As I frankly
don't know what this tunnel thingy is, I cannot comment further, but
maybe ActiveWorlds representatives can clear up the matter?

As far as tests were done on all bots that the caretaker has used,
none of them is a password stealer. The caretakers did not give away
their priv password to anyone.

Any more suggestions that have not been made?

Alex

[View Quote] >Ok guys I read these ngs and just HAD to respond to this thread, because
>frankly Strike Rapier was the closest to getting what actually happened here
>correct. It was in fact the Tunnel bug in the world server that was used to
>take over Gala. Also, Sleepy E isn't the only one who knows how to do it,
>there are a few others :P.(anyone who really wanted to know how would find
>so in the differences in the world servers after the tunnel bug was fixed,
>'nuff said) Anyways to give a basic overview basically what happened was
>the culprits used an application to connect to the ip/port hosting the world
>server, and it pretty much bumped the hoster out of control of it. From here
>you can do a variety of things since technically you are hosting the world
>;-). One of these things is load a propdump, which happened in this case. To
>the world owner of Gala. Make sure you are using the latest build of the
>world server. The reason why this world was targeted is because whoever was
>hosting it, was running an older version of the world server where the
>tunnel bug still hasn't been fixed. There are quite a few people out there
>who still aren't upgrading the world server. Anyways. M A T T doesn't have
>the capability to do this, it wasn't him, trust me. Open your eyes people :)
>take a look at the obvious before assuming M A T T does everything, he is
>not capable of doing anything significant in AW. He just uses cheap tricks.
>Tunneling is way above his level. So to the world owner of Gala take a look
>at your world logs, you will be able to tell that control was taken over
>from the world in there :) Also take a look at the brief moment the world
>went WFS, that was when it happened. I just figured I would set you guys
>straight on what happened :)
>
>-Cheers
>Mod
>
>
[View Quote]

Jul 14, 2003, 6:06pm

Because I know you have a spark of insight within you that occasionally
comes out to remind the world that it still exists. Hell, if the
original conversation was about Windows admin privs, you'd be shining
right now. Your thought process just seems to be in the right place at
the wrong time.

And, for the record, this would be my response to anyone who uses the
"If you don't like it, filter me!" excuse to act like a moron. I firmly
believe that even the lowest of the low has the potential to surprise
you with the occasional insight. I just try to accelerate the process by
verbally browbeating it out of them. *smirk*

[View Quote] --
Goober King
Beaten like a red-headed step-child
gooberking at utn.cjb.net

Jul 14, 2003, 6:26pm

lopen 2 nederlanders naast elkander , zegt de ene tege de andere , mag ik nu
in het midde lope ?
of waren het 2 belge ? :P

Jul 14, 2003, 6:27pm

alcior , simple as that , i think this asks for msn logs :)

Jul 14, 2003, 8:04pm

If this can bring light in this dark situation, please do so


"zerge aka rexory" <erik.faes1 at pandora.be> wrote in
news:3f131222 at server1.Activeworlds.com:

> alcior , simple as that , i think this asks for msn logs :)
>
>
>

Jul 14, 2003, 8:32pm

[View Quote] Wait, is that the answer to the question nobody asked... like the lisa
simpson of AW.

--
--Bowen--

No of SETI units returned: 30
Processing time: 23 days, 18 hours.
(Total hours: 570)
www.setiathome.ssl.berkeley.edu

Jul 14, 2003, 8:32pm

[View Quote] I mean, "I really love everyone...l,l;,l,,,, unb theeee comm
unityyy ..........." Yeah, that's what I meant.

--
--Bowen--

No of SETI units returned: 30
Processing time: 23 days, 18 hours.
(Total hours: 570)
www.setiathome.ssl.berkeley.edu

Jul 14, 2003, 11:45pm

[View Quote] <snip>

> And, for the record, this would be my response to anyone who uses the
> "If you don't like it, filter me!" excuse to act like a moron. I firmly
> believe that even the lowest of the low has the potential to surprise
> you with the occasional insight. I just try to accelerate the process by
> verbally browbeating it out of them. *smirk*
>

Well,,, I learned a lot from Eep :)

Meanwhile I propose to Bowen to put his keyboard aside for a couple days and check if the weather is good outside! You'll be surprized how great is to be outdoors:)

--
Andras
"It's MY computer" (tm Steve Gibson)

Jul 15, 2003, 1:43am

Yeah I totally agree. Good idea. I need this as well. hehe

-Weizer
"andras" <andras at andras.net> a écrit dans le message de news:
3f135cca$2 at server1.Activeworlds.com...
[View Quote]

Jul 15, 2003, 3:25am

[View Quote] Uh, Bowen goes outdoors more than you think. Bowen works 40 hours a
week, sorry to burst that bubble that you think I'm Eep, or Strike.

--
--Bowen--

No of SETI units returned: 30
Processing time: 23 days, 18 hours.
(Total hours: 570)
www.setiathome.ssl.berkeley.edu

Jul 15, 2003, 4:41am

sniff sniff - I smell frittes


[View Quote]

Jul 15, 2003, 10:05am

Going to work doesn't count as "going outdoors" unless you work in
construction or landscaping. Otherwise, you spend the entire day locked
up in a building, either at the office or at home.

Oh, and you give yourself too much credit. Eep and Strike can be
absolutely virulent when need be. You just seem to aspire to be annoying. :P

And neither Eep nor Strike ever talked in the 3rd person. :P

[View Quote] [View Quote] --
Goober King
Outside looking in
awnews at awnews.org

Jul 15, 2003, 11:31am

L'intelligence non plus !

"xelag" <xelag at digitalspace.com> a écrit
news:kn06hvkfvledpt8ne10q1rl78gncsqneq0 at 4ax.com:
> non, la stupidité n'est pas la proprieté exclusive d'un peuple!
>
> Alex

Jul 15, 2003, 3:16pm

[View Quote] Regardless, his point was that he wanted me to get away from the computer.

> Oh, and you give yourself too much credit. Eep and Strike can be
> absolutely virulent when need be. You just seem to aspire to be
> annoying. :P

Hardly.

> And neither Eep nor Strike ever talked in the 3rd person. :P

And your point is? Most authors write in 3rd person too, I'm not
exactly speaking with my mouth here, am I?

--
--Bowen--

No of SETI units returned: 30
Processing time: 23 days, 18 hours.
(Total hours: 570)
www.setiathome.ssl.berkeley.edu

Jul 15, 2003, 4:33pm

Ayiyiyiyi....

I'm not going to start with you, Bowen. Just stick to the original topic
at hand from now on. Think you can handle that? :P

P.S. It's a rhetorical question. You don't have to answer it. :P

[View Quote] --
Goober King
Rhetorically challenged
awnews at awnews.org

Jul 15, 2003, 8:33pm

[View Quote] Too late. You always seem to go back to the "I'm not going to start"
after you already do. But that would mean, *gasp*, you'd have to not
respond to something. You're worse than _me_ when it comes to things
like that. A thread goes out of control? Who comes to the rescue?!
Goober. (if it involves me, Agent1 and goober and BB) Ah, the mighty
morphin ... somethings.

--
--Bowen--

No of SETI units returned: 30
Processing time: 23 days, 18 hours.
(Total hours: 570)
www.setiathome.ssl.berkeley.edu

Jul 16, 2003, 12:33pm

"katerine" <removethisailleurs at ailleurs3d.com> wrote this
(news:Xns93B7957BE65AFCatherine at 64.94.241.201) in general.discussion on
13 Jul 2003:

> I forgot to mention it because it was obvious for me that of course no
> privileges password was given to anyone.
> Only the world owner and I know them.
> And there are not passwords like "toto" :)
> Besides, if you read the chat, they say that they only need any
> privilege password, not necessary the owner's one.
> Not to "show up" but just for info, I am not exactly a newbie on AW
> (1997).
>
> The answer from AW came today, if I thank them for the quick reply on
> a sunday, it's indeed a .. quick reply :
>
> "Ya someone got ahold of a PPW. Most likely someone downloaded a bot
> that sent the PPW to the hacker.."
>
> Now I don't know for JermeL, but I didn't run anything else than a
> Preston and a Xelagot bot on his world.
>
> In any case, I do not agree for putting the blame on the owner (or
> me), because, if it is really possible to get any ppwd you want with a
> malicious bot, it is still an AW security hole.
> That should not be possible and that should be fixed asap.
>

What they meant was, someone would run a bot, and that bot would send the
ppw typed into it to somewhere, as well as logging into AW. This is a
trojan horse and it's not AWI's problem, or an AW security hole :)

Jul 16, 2003, 1:33pm

"rossyboy" <rossyboy at swcity.net> a écrit
news:Xns93BA9E54CF2A4Ro1124 at 64.94.241.201:

> What they meant was, someone would run a bot, and that bot would send
> the ppw typed into it to somewhere, as well as logging into AW. This
> is a trojan horse and it's not AWI's problem, or an AW security hole
> :)

I understand that and I agree that it could have been one of the most
logical explanation.

That is why I had a phone talk with JermeL and asked him which bots he used
in Gala.
Besides Xelagot, Preston and one bot from Andras, only 2 others bots were
used.
These 2 bots got cheked and they are "clean" : nothing is sent via none of
these bots.

I asked him if he ever had any viruses or trojan on his computer.
The answer is no.
(Same for me)
I also asked him if he is using others programs ( like MSN, ICQ, and so on
....) with the same password.
The answer is still no.

Someone said something about tunnel/channel connection.
Most of the world.log file look like this :

Sun 07/13/03 04:29:30 64.94.241.235:4159 -1 CONNECTED
Sun 07/13/03 04:29:30 64.94.241.235:4159 -1 TUNNEL CONNECT
Sun 07/13/03 04:29:31 64.94.241.235:4159 -1 CHANNEL OPEN
24.209.88.140:45015 channel=2
Sun 07/13/03 04:29:31 64.94.241.235:4159 -1 CHANNEL MESSAGE
2 (33 bytes)
Sun 07/13/03 04:29:31 Gala 24.209.88.140:45015 -1 IDENTIFIED
'"DOOMED"' 0 0

Sun 07/13/03 04:30:16 64.94.241.235:4159 -1 CHANNEL OPEN
66.20.55.226:2313 channel=3
Sun 07/13/03 04:30:16 64.94.241.235:4159 -1 CHANNEL MESSAGE
3 (33 bytes)
Sun 07/13/03 04:30:16 Gala 68.201.45.185:1624 0 TERRAIN QUERY 0
0 3320 [0]
Sun 07/13/03 04:30:16 Gala 66.20.55.226:2313 -1 IDENTIFIED
'"Johnny"' 0 0

"Not an AWI problem", not a trojan problem, it look like it is nobody's
problem.
Another X-Files ?

Jul 16, 2003, 4:25pm

Lots of programs, such as AIM need to be installed as admin because they
want to install links for all users of the machine, which requires admin
rights. If the makers of those programs were security-minded, they wouldn't
do so, there would be an option to choose whether to install for only the
current user or all users. However, some companies just want their software
as visible as possible. In the case of AIM, I believe the only reason they
force admin rights is to write to Documents and Settings\All Users\Start and
Documents and Settings\All Users\Desktop, when they should be writing to the
equivalent folders for the current user.

Writing to Program Files only requires Power User (ie: standard user)
rights.

It is the fault of the software producers, not the OS, in this case.

--
-Rich
[View Quote]

1  2  3  |   Order by index