|
|
2 May 2008, 12:08
|
#51
|
self-entitledly superior
Join Date: Aug 2004
Location: Finland
Posts: 341
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Phil^
If the arbiter uses one-way hashes to encode the passwords used for login ( I think this likely, its like a standard method of doing simple authentication )
|
As hilarious as it may sound, at least Angels arbiter had all usernames and passwords in plaintext a few rounds ago. I know because I was asked to add access to everyone into eXilition arbiter cause we wanted to use it instead of the Angels tools.
There was also this infamous arbiter that didn't require any passwords at all!
|
|
|
2 May 2008, 12:09
|
#52
|
mz.
Join Date: Aug 2005
Posts: 8,587
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by SteInMetz
Care to elaborate?
|
You can't use a packet sniffer to change the internal workings of programs.
__________________
The outraged poets threw sticks and rocks over the side of the bridge. They were all missing Mary and he felt a contented smug feeling wash over him. He would have given them a coy little wave if the roof hadn't collapsed just then. Mary then found himself in the middle of an understandably shocked family's kitchen table. So he gave them the coy little wave and realized it probably would have been more effective if he hadn't been lying on their turkey.
|
|
|
2 May 2008, 12:09
|
#53
|
Registered User
Join Date: Oct 2003
Location: Norway
Posts: 367
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Hude
As hilarious as it may sound, at least Angels arbiter had all usernames and passwords in plaintext a few rounds ago. I know because I was asked to add access to everyone into eXilition arbiter cause we wanted to use it instead of the Angels tools.
There was also this infamous arbiter that didn't require any passwords at all!
|
But then again. Only stupid ppl have arbiters like that.
And yeah we know who it is!
__________________
NewDawn - Soaring where angels fear to fly
|
|
|
2 May 2008, 12:12
|
#54
|
NewDawn
Join Date: Oct 2003
Location: Stavanger, Norway
Posts: 468
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
You can't use a packet sniffer to change the internal workings of programs.
|
No, but why would you need to change how the program works, when you can just sniff the data without changing anything?
__________________
Proud to be Newdawn
|
|
|
2 May 2008, 12:16
|
#55
|
Insomniac
Join Date: May 2003
Posts: 3,583
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
You can't use a packet sniffer to change the internal workings of programs.
|
You dont need to change internal workings of programs - merely intercept the traffic at the network layer. That is what he was getting at, since irc traffic is plaintext unless done over ssl
Im really struggling to see where you saw "packet sniffing == program internals monitoring and altering" in the original post you objected to.
|
|
|
2 May 2008, 12:23
|
#56
|
Registered User
Join Date: Nov 2003
Posts: 898
|
Re: Alligations of Admin Abuse
akmaster is our intel officer, your thinking of jedi who got all his intel from kenneh in r24
__________________
R4-5 DDK
R6 Vanx
R7-R10 FAnG
R10 Eclipse
R10.5-R13 FAnG
R20-23 CT
R23 (CT BG) ToF
R24-R82... CT
|
|
|
2 May 2008, 12:24
|
#57
|
Registered User
Join Date: Oct 2003
Location: Norway
Posts: 367
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
I forget unimportant shit all the time.
|
There's your answer Phil!
__________________
NewDawn - Soaring where angels fear to fly
|
|
|
2 May 2008, 12:25
|
#58
|
Netgamers IRC/CSC
Join Date: Oct 2007
Posts: 14
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by jerome
what's funny is no one cares that a certain other irc oper we all know and love has been working as CT's intel officer for ages (well i don't know if he still is, r24 was definitely one, i've been told at least 2 other rounds too..) what about where he gets his definite intel yo
|
I'm not aware of any other official complaints regarding any other staff, and I'm certainly not inclined to comment (once again) on the wisdom of "ADMIN MUST = CHEAT".
If you have any evidence, please present it through the proper channels. Otherwise please dont troll my thread.
|
|
|
2 May 2008, 13:55
|
#59
|
mz.
Join Date: Aug 2005
Posts: 8,587
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Phil^
You dont need to change internal workings of programs - merely intercept the traffic at the network layer. That is what he was getting at, since irc traffic is plaintext unless done over ssl
Im really struggling to see where you saw "packet sniffing == program internals monitoring and altering" in the original post you objected to.
|
Ahh, wait, now I see what he was getting at. Ok, my posts on the subject make no sense in this context, ignore them.
__________________
The outraged poets threw sticks and rocks over the side of the bridge. They were all missing Mary and he felt a contented smug feeling wash over him. He would have given them a coy little wave if the roof hadn't collapsed just then. Mary then found himself in the middle of an understandably shocked family's kitchen table. So he gave them the coy little wave and realized it probably would have been more effective if he hadn't been lying on their turkey.
|
|
|
2 May 2008, 14:49
|
#60
|
BA :P)
Join Date: May 2005
Posts: 76
|
Re: Alligations of Admin Abuse
Quote:
I'm not aware of any other official complaints regarding any other staff, and I'm certainly not inclined to comment (once again) on the wisdom of "ADMIN MUST = CHEAT".
If you have any evidence, please present it through the proper channels. Otherwise please dont troll my thread
|
As you need PA users for the future of Netgamers I do believe it is your job to prove he didn’t "Cheat".
He clearly has passed on passwords that is not in question. This in itself has broken the trust between NG and its users. You passing it off as "Well you prove he used net gamers to do it" Is not the way to treat your customers.
His position gave him the ability to do it whether he used his position is irrelevant.
His actions alone have got him into this position. NG are showing disrespect and ignorance with their attitude to this matter with regards to its users and the feeling that NG are not to be trusted.
There are plenty of other more trustworthy IRC suppliers out there.
__________________
BA - Æ Sports it's in the Game
|
|
|
2 May 2008, 15:07
|
#61
|
Guest
|
Re: Alligations of Admin Abuse
quakenet ftw.
|
|
|
2 May 2008, 16:50
|
#62
|
Mind-boggling
Join Date: Dec 2006
Location: Devon, England
Posts: 1,468
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by jerome
what's funny is no one cares that a certain other irc oper we all know and love has been working as CT's intel officer for ages (well i don't know if he still is, r24 was definitely one, i've been told at least 2 other rounds too..) what about where he gets his definite intel yo
|
what was even funnier was when that 'certain other irc oper we all know and love' came into Urwins.priv and took control of channel while being in CT...
*cough cough*
__________________
You have enemies? Good. That means you've stood up for something, sometime in your life. (Winston Churchill)
R21-Randy Dandys Winners R21
1:9:5 -SoClose- -YetSoFar-
You have pending friend requests from Newt.
|
|
|
2 May 2008, 16:51
|
#63
|
break it down!
Join Date: Feb 2005
Posts: 2,087
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Phil^
If the arbiter uses one-way hashes to encode the passwords used for login ( I think this likely, its like a standard method of doing simple authentication ) , and there was not a brute force attack on a significant scale in order to gain access then its highly unlikely that their arbiter is the source of the breach, he would have had to gain the passwords from an alternate source in order to do what he did.
|
Someone could have given them to him?
Quote:
Originally Posted by Kargool
The question again to me is simply: How can netgamers accept that one of their admins is using these kind of ways to obtain passwords/logins.
|
What kind of ways? Nothing has been found to suggest that Expl8 used his access to get the passwords, so netgamers isn't accepting this.
Quote:
Originally Posted by are
Drug dealers may not become doctors and if they already are, they loose their license permanently. People abusing others sexually are not allowed to teach children, no matter how rehabilitated they are, no mater if they originally abused a child.
And in the same way, someone that already stole passwords from somewhere should not given the opportunity to do it in an easy way anymore.
This is why I expect NG team to remove the server and admin in question, regardless if he actually used the server/admin power to gain this info or not.
|
Stupid comparison on the basis that you list things which are illegal. Expl8 has never agreed to refrain from accessing the arbiters/websites of other alliances. He is playing the game as it should be played; gaining access to another alliance's arbiter by any means that isn't breaking in or abusing IRC access is fine, as without the access he's just a normal player.
__________________
I put the sex in dyslexia!
|
|
|
2 May 2008, 17:17
|
#64
|
Registered User
Join Date: Nov 2003
Posts: 898
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by _Kila_
gaining access to another alliance's arbiter by any means that isn't breaking in or abusing IRC access is fine, as without the access he's just a normal player.
|
erm no thats still illegal in the uk!!
__________________
R4-5 DDK
R6 Vanx
R7-R10 FAnG
R10 Eclipse
R10.5-R13 FAnG
R20-23 CT
R23 (CT BG) ToF
R24-R82... CT
|
|
|
2 May 2008, 17:24
|
#65
|
mz.
Join Date: Aug 2005
Posts: 8,587
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by BADA
His position gave him the ability to do it whether he used his position is irrelevant.
|
If he didn't use his position, then his position didn't give him the ability to do it, thus whether or not he used his position is very relevant.
Quote:
Originally Posted by [DDK]gm
erm no thats still illegal in the uk!!
|
I wouldn't be so quick to say this is definitely illegal. No breaking in has occured (at least, no proof has surfaced, which is effectively the same thing), and I hardly think using someone's login and password can be considered illegal, if the someone in question gave them up willingly.
But if you're so certain, why don't you get the police involved?
__________________
The outraged poets threw sticks and rocks over the side of the bridge. They were all missing Mary and he felt a contented smug feeling wash over him. He would have given them a coy little wave if the roof hadn't collapsed just then. Mary then found himself in the middle of an understandably shocked family's kitchen table. So he gave them the coy little wave and realized it probably would have been more effective if he hadn't been lying on their turkey.
Last edited by Mzyxptlk; 2 May 2008 at 17:29.
|
|
|
2 May 2008, 17:41
|
#66
|
Registered User
Join Date: Nov 2003
Posts: 898
|
Re: Alligations of Admin Abuse
they didnt give thier passwords willingly, 15-20 usernames and passwords for the top ten alliances including hc's.
what do you meen no proof has surfaced??? expl8t logged into several alliances tools with usernames and passwords that did not belong to him. the only thing there is no proof for is where exactly he got those passwords and he cant give a suitable explaination for that.
__________________
R4-5 DDK
R6 Vanx
R7-R10 FAnG
R10 Eclipse
R10.5-R13 FAnG
R20-23 CT
R23 (CT BG) ToF
R24-R82... CT
|
|
|
2 May 2008, 18:43
|
#67
|
Netgamers IRC/CSC
Join Date: Oct 2007
Posts: 14
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by CBA
what was even funnier was when that 'certain other irc oper we all know and love' came into Urwins.priv and took control of channel while being in CT...
*cough cough*
|
*sigh*, The incident to which you are refering was carried out in accordance with our policy for settling alliance HC channel ownership disputes.
Of course we could have just left your HC to have ban wars, and your irc tools bot to be banned/suspended/disconnected, but we were asked to intervene by your alliance HC. So we did.
Please dont troll, or reference cases without the full facts.
Again, if you have any legitimate complaints, please seek the correct channels and present your evidence rather than trolling my thread.
|
|
|
2 May 2008, 18:58
|
#68
|
Guest
|
Re: Alligations of Admin Abuse
lol, like CBA has an alliance.
|
|
|
2 May 2008, 19:09
|
#69
|
Netgamers IRC/CSC
Join Date: Oct 2007
Posts: 14
|
Re: Alligations of Admin Abuse
I believe he was simply a member at the time. I dont think anyone else was anything but thankfull to have thier channels restored to order and the IRC tools bot back up and running, but there we go.
|
|
|
2 May 2008, 19:33
|
#70
|
break it down!
Join Date: Feb 2005
Posts: 2,087
|
Re: Alligations of Admin Abuse
yeah; I wouldn't respond to CBA's posts, he's a known idiot.
__________________
I put the sex in dyslexia!
|
|
|
2 May 2008, 19:45
|
#71
|
break it down!
Join Date: Feb 2005
Posts: 2,087
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by [DDK]gm
erm no thats still illegal in the uk!!
|
There are no laws against logging into a website using the username/password of another person. That's why websites have their own EULAs claiming this. Your alliance arby, sadly, doesn't have one.
Quote:
Originally Posted by [DDK]gm
what do you meen no proof has surfaced??? expl8t logged into several alliances tools with usernames and passwords that did not belong to him. the only thing there is no proof for is where exactly he got those passwords and he cant give a suitable explaination for that.
|
If you can prove anything; action will be taken. So far people have accused Expl8 of exploting his position and it was investigated, there was no evidence to suggest that he had abused these powers. So long as you can't prove anything; there's not much you can do without moving towards a totalitarian stance which, as much as I love Stalin and Hitler, I don't think netgamers would like to take.
He's innocent until proven guilty. As far as everyone is aware; Expl8 got these logins without using his admin status. If you wish to dispute this; provide the nice people at netgamers evidence and they'll remove his access.
Here's an analogy for you - you find your grandmother laying at the bottom of the stairs. She's dead. Now, someone comes along and accuses you of killing her on the basis that you have a penknife in your pocket. The autopsy reveals no stab wounds, but you get a bunch of mongs screaming that you still killed her and that despite lack of stab wounds, it was you because you have a knife.
__________________
I put the sex in dyslexia!
|
|
|
2 May 2008, 19:49
|
#72
|
Registered User
Join Date: Nov 2003
Posts: 898
|
Re: Alligations of Admin Abuse
kila read what i said and stop being a moron
__________________
R4-5 DDK
R6 Vanx
R7-R10 FAnG
R10 Eclipse
R10.5-R13 FAnG
R20-23 CT
R23 (CT BG) ToF
R24-R82... CT
|
|
|
2 May 2008, 20:34
|
#73
|
Registered User
Join Date: Dec 2004
Posts: 383
|
Re: Alligations of Admin Abuse
2 impossibles (kila reading, and kila stopping being a moron) do not make a possible gm
epl8 or w/e his name is made a boo boo. regardless of how he got them he shouldn't have become involved with them. thats the only boo boo we can prove, that he was involved, when he REALLY REALLY shouldnt of bin.
he should be removed. quite why he hasnt been removed is amazing.
|
|
|
2 May 2008, 20:36
|
#74
|
Registered User
Join Date: Jul 2006
Posts: 255
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by _Kila_
There are no laws against logging into a website using the username/password of another person.
|
whilst trying to not get into some shit legal debate about this i think you'll find that the Computer Misuse Act 1990 states;
Quote:
"The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence.
|
http://www.opsi.gov.uk/acts/acts1990...00018_en_1.htm if your interested.
and CBA, considering your were only in the urwins channel for 10 minutes preceding the incident you refer to and were kicked 10 minutes after it id hardly say you were an authority on the issue which went down pretty much exactly as jedi says.
__________________
[F-Crew], Wolfpack, Destiny, Urwins, Ascendancy & Jenova
-Cead
Last edited by Ceadrath; 2 May 2008 at 21:52.
|
|
|
2 May 2008, 21:03
|
#75
|
Registered User
Join Date: Dec 2004
Posts: 383
|
Re: Alligations of Admin Abuse
caedrath just won the whole debate from this thread, and jbg's thread hands down.
sit down and shut up asc
gj caedrath
|
|
|
2 May 2008, 21:07
|
#76
|
Registered User
Join Date: Jul 2006
Posts: 255
|
Re: Alligations of Admin Abuse
ea man, ea
__________________
[F-Crew], Wolfpack, Destiny, Urwins, Ascendancy & Jenova
-Cead
|
|
|
2 May 2008, 21:08
|
#77
|
Banned
Join Date: May 2001
Location: Further to the right
Posts: 19,441
|
Re: Alligations of Admin Abuse
Bar the fact that doesn't apply to me at all...
__________________
Some might ask what good is life without purpose but I'm anticipating a good lunch.
|
|
|
2 May 2008, 21:11
|
#78
|
Registered User
Join Date: Nov 2003
Posts: 898
|
Re: Alligations of Admin Abuse
JBG your country has simular laws, infact nearly every one does
__________________
R4-5 DDK
R6 Vanx
R7-R10 FAnG
R10 Eclipse
R10.5-R13 FAnG
R20-23 CT
R23 (CT BG) ToF
R24-R82... CT
|
|
|
2 May 2008, 22:14
|
#79
|
Registered User
Join Date: Dec 2004
Posts: 383
|
Re: Alligations of Admin Abuse
soz ceadrath, im pretty lazy at typing, in case u didnt notice in the other thread where i got severly owned (lolz) coz my typing aint up to scrath with some others who u just completly owned.
still very good job man
|
|
|
2 May 2008, 22:52
|
#80
|
mz.
Join Date: Aug 2005
Posts: 8,587
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Ceadrath
whilst trying to not get into some shit legal debate about this i think you'll find that the Computer Misuse Act 1990 states;
Quote:
The only precondition to liability is that the hacker should be aware that the access attempted is unauthorized. Thus, using another person's username or identifier (ID) and password without proper authority to access data or a program, or to alter, delete, copy or move a program or data, or simply to output a program or data to a screen or printer, or to impersonate that other person using e-mail, online chat, web or other services, constitute the offence.
|
|
Authority from whom? I would argue that I implicitly give you permission to use my login name and password if I give them to you.
__________________
The outraged poets threw sticks and rocks over the side of the bridge. They were all missing Mary and he felt a contented smug feeling wash over him. He would have given them a coy little wave if the roof hadn't collapsed just then. Mary then found himself in the middle of an understandably shocked family's kitchen table. So he gave them the coy little wave and realized it probably would have been more effective if he hadn't been lying on their turkey.
|
|
|
2 May 2008, 23:04
|
#81
|
Registered User
Join Date: Dec 2004
Posts: 383
|
Re: Alligations of Admin Abuse
that would be assuming that the passwords/login were 'given' to expl8.
but then id refer back to the argument that jsut because you have been given login details by a sites owner, that doesnt neccessarily transfer you the rights to pass on those details, or give you the rights to allow other users to access the data/site using your details
|
|
|
2 May 2008, 23:11
|
#82
|
Registered User
Join Date: Jul 2006
Posts: 255
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
Authority from whom? I would argue that I implicitly give you permission to use my login name and password if I give them to you.
|
this really brings us back to how the passwords were gathered in the original case, and im pretty sure that all the accounts logged in on wernt given to anybody.
__________________
[F-Crew], Wolfpack, Destiny, Urwins, Ascendancy & Jenova
-Cead
|
|
|
2 May 2008, 23:21
|
#83
|
mz.
Join Date: Aug 2005
Posts: 8,587
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Ceadrath
this really brings us back to how the passwords were gathered in the original case, and im pretty sure that all the accounts logged in on wernt given to anybody.
|
Still, until you (general you) can prove the passwords were retrieved illegitimately, you really haven't got a case. If you did have any evidence, you would have stepped forward with it now (if not on the forums, then in a message to the NG staff). Since you didn't, I'm going to assume you don't have any. Similarly, the NG staff searched for evidence and found none. This in turn makes me think there isn't any.
I'm getting rather tired of repeating the innocent until proven guilty argument. If I find myself in a situation where I have to do it again, I might even yawn. Don't put me through that.
__________________
The outraged poets threw sticks and rocks over the side of the bridge. They were all missing Mary and he felt a contented smug feeling wash over him. He would have given them a coy little wave if the roof hadn't collapsed just then. Mary then found himself in the middle of an understandably shocked family's kitchen table. So he gave them the coy little wave and realized it probably would have been more effective if he hadn't been lying on their turkey.
|
|
|
2 May 2008, 23:26
|
#84
|
LCH
Join Date: Nov 2006
Location: JNC
Posts: 154
|
Re: Alligations of Admin Abuse
Im just curious how my account were able to be used when I haven't given out my pw out
__________________
ToF | LCH | CT | p3nguins | Apprime |
JNC - One Addiction, One Passion and One Goal
16:57 [Satyr] gonna play speedy tomorrow dude?
16:58 [Satyr] need a couple of gays to have some fun
14:44 [@Oizo]: i need more penis
22:27 [@Jumper] im not hardcock
Viking hoisting the Raven Banner high!
|
|
|
2 May 2008, 23:29
|
#85
|
Registered User
Join Date: Jul 2006
Posts: 255
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by jelle
Im just curious how my account were able to be used when I haven't given out my pw out
|
This.
And the same ip being used to log into dozens of different accounts that the users themselves deny giving anyone the password to. Surely you can see how this points to the direction of illegitimate methods being used to gain said passwords, especially considering the advantages said person has when it comes to access.
__________________
[F-Crew], Wolfpack, Destiny, Urwins, Ascendancy & Jenova
-Cead
Last edited by Ceadrath; 2 May 2008 at 23:46.
|
|
|
2 May 2008, 23:38
|
#86
|
Registered User
Join Date: Dec 2004
Posts: 383
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
Since you didn't, I'm going to assume you don't have any. Similarly, the NG staff searched for evidence and found none. This in turn makes me think there isn't any.
|
assuming jelle is telling the truth. then there is evidence. sumwhere. its just that those who have it or have knowledge of it arent the type who would forward that to NG staff.
Last edited by DarkHeart; 2 May 2008 at 23:50.
|
|
|
2 May 2008, 23:45
|
#87
|
Netgamers IRC/CSC
Join Date: Oct 2007
Posts: 14
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by jelle
Im just curious how my account were able to be used when I haven't given out my pw out
|
I have nothing but sympathy for users who feel they have been compromised by this incident. Please feel free to PM me on irc, and I'll do my best to give you some pointers for tightening your own security.
|
|
|
2 May 2008, 23:56
|
#88
|
LCH
Join Date: Nov 2006
Location: JNC
Posts: 154
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Jonneh
I have nothing but sympathy for users who feel they have been compromised by this incident. Please feel free to PM me on irc, and I'll do my best to give you some pointers for tightening your own security.
|
Ty but no need anymore. Main thing is i didn't give out my pw to anyone but somehow someone used my login.
__________________
ToF | LCH | CT | p3nguins | Apprime |
JNC - One Addiction, One Passion and One Goal
16:57 [Satyr] gonna play speedy tomorrow dude?
16:58 [Satyr] need a couple of gays to have some fun
14:44 [@Oizo]: i need more penis
22:27 [@Jumper] im not hardcock
Viking hoisting the Raven Banner high!
|
|
|
3 May 2008, 00:38
|
#89
|
Banned
Join Date: May 2001
Location: Further to the right
Posts: 19,441
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by [DDK]gm
JBG your country has simular laws, infact nearly every one does
|
I was referring to awareness.
__________________
Some might ask what good is life without purpose but I'm anticipating a good lunch.
|
|
|
3 May 2008, 02:09
|
#90
|
Registered User
Join Date: Oct 2003
Location: Norway
Posts: 367
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Mzyxptlk
Still, until you (general you) can prove the passwords were retrieved illegitimately, you really haven't got a case. If you did have any evidence, you would have stepped forward with it now (if not on the forums, then in a message to the NG staff). Since you didn't, I'm going to assume you don't have any. Similarly, the NG staff searched for evidence and found none. This in turn makes me think there isn't any.
I'm getting rather tired of repeating the innocent until proven guilty argument. If I find myself in a situation where I have to do it again, I might even yawn. Don't put me through that.
|
The problem is as follows.
Its impossible to find any proofs! NEWSFLASH
Since when would a server admin / owner leave trace of him browsing logs ?
I am pretty sure on that wouldn't happend.
So back to the NEWSFLASH
Its impossible find any proofs from NG's view.
__________________
NewDawn - Soaring where angels fear to fly
|
|
|
3 May 2008, 03:24
|
#91
|
h3ll's angels
Join Date: Nov 2006
Location: Chapel Hill, NC
Posts: 273
|
Re: Alligations of Admin Abuse
Guys, cheating is completely fine. Just don't get caught, and if you do, just 'forget' you were cheating. But if you DO get caught (with hard evidence) then we can all agree cheating is wrong.
__________________
[18:04] * h3ll has quit IRC (Ping timeout)
Last edited by zebra; 3 May 2008 at 03:30.
|
|
|
3 May 2008, 10:30
|
#92
|
Doh!
Join Date: Apr 2001
Location: Nemo Mortalium Omnibus Horis Sapit
Posts: 1,720
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by jelle
Ty but no need anymore. Main thing is i didn't give out my pw to anyone but somehow someone used my login.
|
When you logon to the IRC server you use your Nick/password to verify to P who you are, all it takes is for the server admin etc to get your username and password is to review the log that P has within it. The same applies to any other IRC server that has authentication using a bot.
The fact that this (idiot) gleaned the passwords from a forgotten source is evidence enough to remove him from the server, his claim that and subsequent investigation by NG that he did not abuse any priviledges or access he has, is a complete smoke screen.
reviewing an IRC log is not detectable by any means fair or foul, as long as nothing is changed within the log it remains what it is, a record of the activity of the bot.
All our usernames and passwords are sent in plain text to P unlike the NG website which encrypts them.
Players (and I was one of them) use the same login/user details for the same sites, my login for NG was the same as my Alliance Login, and was abused by this person (or he gave it to someone to abuse) my alliance web site logged activity from an IP address in a completely different country to where I live and the person used that access to look up our membership details, which in fact gave that person an entire member list and the coordinates of all our players.
Fortunately for me at least, my game login is completely different and does not use the same password, although I did change it a few days ago when I became aware of this issue.
Where that leaves everyone in regard to the law? I have no idea ?
What it does do is remove any trust the players may have had in using the NG network or website.
Regardless of "innocent until proven guilty" the person should have his access removed as the player base obviously cannot trust him.
The issue in regards to Planetarion, it was suspected he may have accessed players accounts. From what I have read and understood no planets were accessed so therefore no breach of game rules was made.
His actions that allowed himself or others to access alliance websites has nothing to do with Planetarion, so therefore he could not be punished or have his planet closed (if he had one) as he did not break their rules.
No doubt the Planetarion community (all of it) condemn his actions and probably despise him for it there remains no way that he can be punished for game abuse.
|
|
|
3 May 2008, 16:02
|
#93
|
Netgamers IRC/CSC
Join Date: Oct 2007
Posts: 14
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Judge
When you logon to the IRC server you use your Nick/password to verify to P who you are, all it takes is for the server admin etc to get your username and password is to review the log that P has within it. The same applies to any other IRC server that has authentication using a bot.
The fact that this (idiot) gleaned the passwords from a forgotten source is evidence enough to remove him from the server, his claim that and subsequent investigation by NG that he did not abuse any priviledges or access he has, is a complete smoke screen.
reviewing an IRC log is not detectable by any means fair or foul, as long as nothing is changed within the log it remains what it is, a record of the activity of the bot.
|
I do hate to correct you, but you're simply wrong. There is no big text file of passwords stored anywhere in P. The database which contains your passwords is md5 encrypted, and once the incoming message is matched to the users password it is flagged a successful login and the plain-text password is never stored.
You are correct when you say that the messages you send to P accross IRC from your client are plain text.
|
|
|
3 May 2008, 18:24
|
#94
|
former and current VGN HC
Join Date: Apr 2002
Location: Stuttgart, Germany
Posts: 149
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Jonneh
You are correct when you say that the messages you send to P accross IRC from your client are plain text.
|
As well as all other messages and anyone on the line between you, the irc server you connect to and the irc server that hosts the target of your (login) info. However, people that sit right next to / on the box that is the irc server have quite easy possibilities to dump all traffic outside the server software.
You don't need to abuse your admin powers, it is enough you abuse the coincidence you are owner of the host that hosts the irc server. And unless you use some tool that sets your NIC into promiscious mode which leaves and easy-to-delete syslog message on e.g. linux hosts, there *will not be* any evidence you did it. Things that don't leave these traces are e.g. iptables userspace logging rules, if you want extra security against being detected do it right on the router the irc server uses.
So if you actually can proove he used his admin powers, he must be really, really stupid. Ofc he is quite stupid as he uses his own registered fixed IP to access other peoples webpages with login info he should not have, begging to get caught and even named.
But anyway, no evidence needed, it is enough he used the login info and he *could* have gotten it via his admin related powers for the netwprk community not to trus him and this is why I expect him to be removed as admin.
Regards,
_are_
__________________
#VGN, http://vgn.lihas.de/
|
|
|
3 May 2008, 20:30
|
#95
|
I see you!
Join Date: Sep 2002
Location: In any girl
Posts: 2,825
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Jonneh
I do hate to correct you, but you're simply wrong. There is no big text file of passwords stored anywhere in P. The database which contains your passwords is md5 encrypted, and once the incoming message is matched to the users password it is flagged a successful login and the plain-text password is never stored.
You are correct when you say that the messages you send to P accross IRC from your client are plain text.
|
You can see the md5 encryptions right? Afaik, they're hard nuts to crack, but it's doable with a little bit of patience. Right?
This thread is off-topic and should be in PD really :/
|
|
|
3 May 2008, 22:12
|
#96
|
Ubi concordia, ibi victor
Join Date: Dec 2004
Posts: 152
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Kenny
quakenet ftw.
|
__________________
"I'm not saying I don't trust you, and I'm not saying I do. But I don't."
* We do not exist *
|
|
|
3 May 2008, 22:25
|
#97
|
Insomniac
Join Date: May 2003
Posts: 3,583
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Nadar
You can see the md5 encryptions right? Afaik, they're hard nuts to crack, but it's doable with a little bit of patience. Right?
This thread is off-topic and should be in PD really :/
|
You also get a large, if not infinite number of possible strings that would result in that hash, as you would know if you understood the mechanism behind one-way hash functions. Being able to crack a hash is one thing, being able to crack it in a useful manner that would result in a password is quite another
|
|
|
3 May 2008, 23:27
|
#98
|
former and current VGN HC
Join Date: Apr 2002
Location: Stuttgart, Germany
Posts: 149
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by Phil^
You also get a large, if not infinite number of possible strings that would result in that hash, as you would know if you understood the mechanism behind one-way hash functions. Being able to crack a hash is one thing, being able to crack it in a useful manner that would result in a password is quite another
|
Ever heard of rainbow tables and/or google? Non-salted md5 hashes are easy to get a valid possible plaintext for. Especially for easier passwords.
__________________
#VGN, http://vgn.lihas.de/
|
|
|
3 May 2008, 23:37
|
#99
|
Insomniac
Join Date: May 2003
Posts: 3,583
|
Re: Alligations of Admin Abuse
Quote:
Originally Posted by are
Ever heard of rainbow tables and/or google? Non-salted md5 hashes are easy to get a valid possible plaintext for. Especially for easier passwords.
|
Indeed I have, these simply speed up the process of breaking a hash into potential source strings. They do not give a 100% method for reversing a hash.
Rainbow tables are stored results of string -> hash. They let you simply look up the hash and see what the corresponding string that could have generated it is. Similarly, google does the same - lets you look up a hash into a possible source
|
|
|
5 May 2008, 01:45
|
#100
|
Registered User
Join Date: Jan 2001
Posts: 1,663
|
Re: Alligations of Admin Abuse
So which IRC server should we use if we don't trust NG anymore ?
__________________
<smith> You're 15 and full of shit.
<Furious_George> no, im 22
|
|
|
|
All times are GMT +1. The time now is 11:54.
| |