Re: mud code stolen

From: Jourge Fuzz Bush (modem-burn@geocities.com)
Date: 12/04/98


Doppleganger Software wrote:
>
> >The best way to insure that your code will not be accesible to *anyone* is
> >to use a Macintosh, from there up you'll deal with ever more problems
> >where the unixen are in both ends (linux in one end, IRIX in the other) of
> >security <--> insecurity, with the different flavors of windows right in
> >the middle.
>
> <grin>  I love hearing things like this said.  And actually, I'd place
> Windows more towards the insecure end.  Why?  Programs like Back Orifice
> can let a person take complete control of a Windows machine.  Heck, there
> are other backdoors in Windows systems that don't even require the user
> to run a program at the server end.  There was a report on it on the
> local news last night.  The reporter is even considering talking to me
> about Back Orifice and other security things in a follow-up story.  It
> sounds strange, but it is true: The MacOS is the most secure OS on the
> internet.  By default NOTHING can be accessed by people.  Even Linux has
> that problem of permissions for viewing and such.  In fact, that is
> probably the easiest 'exploit' out there if you run your MUD on a server
> with other MUD's.  The best wat to protect yourself is to put your MUD in
> a directory, and then remove all permissions on that directory except for
> yourself.  That way, no one can even get in there.  Also, don't have
> symbolic links into that directory.  Your home directory can be open to
> others, for things like web pages, and lynx bookmarks, but always
> remember to keep sensitive stuff, like code or passwords, inside that
> protected directory.
>

I'm sorry but people who don't know how to clean a simple trojan in
windows that are making a mud should definatly consider changing os's
because trojans are lame things and very easy to remove. You just search
for the virus name usally some regular exe (explor.exe rather than
explore.exe) Or use nortan antivirus it detecs trojans as well. Once
that's done remove the line that executes the program from the registry.
Two simple steps. If they can't remove a trojan they deserve something
like this to happen, then maybe they will look into security features.
And if any of you are worried about passwords being cracked by a brute
force cracker do this: (only on windows) alt+some random number. Then
let go of alt. This will make a wierd character not on the keyboard.
like пилаж.
Most brute force crackers only use leters a-z and 0-9.

Anyways to conclude if you are planning on running a mud make sure to
make it secure, check out information pages on the inet so you can see
exactly what it is that is insecure on your os. If anyone needs the
information on removing trojans like back oriface or netbus or anything
e-mail me personally. If anyone needs other security information I'm
proly not the best person to ask although I do know a bit on most os's.

l8er,






> >For information about specifics on security issues for unix you can check
> >here, both the problems and their solutions:
> >
> >http://www.rootshell.com/
>
> Good suggestion.  This site happens to be one of the best for learning
> about new hacking methods and tools.  it's where I first learned about
> Back Orifice...
>
> >For windows... Well, you can never be sure with Windows... You protect
> >everything and then a jerk comes up with a winnuke program and nukes you
> >out the net.
>
> WinNuke is the least of your problems on a Windows machine....Back
> Orifice and other security exploits are MUCH more of a concern.  All
> WinNuke can do is force you to restart the computer.  The others can take
> over the computer, and completely disable it.
>
> ---
> "One hundred years from now, none of this will matter because you and I
> will be dead -- unless the Grim Reaper has switched his record-keeping to
> a Windows 95-based system, in which case we all might live forever. "
> -- Associated Press
>
>      +------------------------------------------------------------+
>      | Ensure that you have read the CircleMUD Mailing List FAQ:  |
>      | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
>      +------------------------------------------------------------+


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST