Re: mud code stolen

From: Mark A. Heilpern (heilpern@mindspring.com)
Date: 12/03/98


At 11:04 AM 12/3/98 -0500, you wrote:
>As a bit of an experiment to test the general security and privacy of user
>data, I just checked the server on which my mud resides.  I was able to take
>the code from EVERY mud on the box.  It took me about five minutes to do
>this.  I'm no hacker and certainly no genius.  If I could do this, you all
>could.

Just because you can do that on your server is no reason for everyone else
on a shared server to panic. The users on your server, assuming it is a Unix
machine, evidentally have not got the proper understanding of what it takes
to guard files against unauthorized access. (I'm assuming, of course, that
the machine you're on does not have any exploitable security holes.)

That being said, if you do not trust the people who have root access to your
server (either because you don't trust their morals, or you don't trust their
ability to keep their system up to date with regards to security) then you
can never trust the safety of your code left on that server.


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST