PDA

View Full Version : log ins with passwords


Spore
22 Oct 2006, 23:43
People Have been impersonating me & friends for a long time. trying to ruin our reputation and the Reputation of my clan..
Something must be done.
My WA name is AF1xVeggiexTm.

ANd btw int wasn't me spamming up AG.

franpa
22 Oct 2006, 23:59
yep its NAILS and possibly blitza

Plutonic
23 Oct 2006, 00:03
hey veggie, i noticed this too, irritating

Lex
24 Oct 2006, 02:55
I've also been impersonated recently. If you saw a Lex in #AG or in a public game in the past month, it wasn't me. I haven't been hanging around #AG recently.

Diablo vt
24 Oct 2006, 19:30
I've also been impersonated recently. If you saw a Lex in #AG or in a public game in the past month, it wasn't me. I haven't been hanging around #AG recently.


That has been happening a lot lately. One of my mates on there was impersonated and rumours spread about him.:confused: . Yes something should be done about this username and password thing.

[UFP]Ghost
24 Oct 2006, 22:37
yep it's been happening a lot on wormnet a bunch of people in AF1 were impersonated. it's getting a bit annoying but i don't think there is much we can do about it.

Dando
25 Oct 2006, 18:31
There are definately things that can be done about it. A proper password/username system works.

Diablo vt
25 Oct 2006, 22:33
Ghost;539756']yep it's been happening a lot on wormnet a bunch of people in AF1 were impersonated. it's getting a bit annoying but i don't think there is much we can do about it.


Someone from NNN got impersonated.:mad: .

MadEwokHerd
29 Oct 2006, 11:25
There are definately things that can be done about it. A proper password/username system works.

Perhaps, but WA never had one of those. If they restored logins to the way they used to be you'd still have impersonations; they'd just be more credible.

franpa
29 Oct 2006, 12:25
nah you wouldnt... a space in a name is denoted by a underscore... and if you have a proper register to play system then its pretty hard to forge if the server is secure :P

yakuza
29 Oct 2006, 12:33
Perhaps, but WA never had one of those. If they restored logins to the way they used to be you'd still have impersonations; they'd just be more credible.


They might be more credible, but they'd happen 0.0001% as much as they happen today.

MadEwokHerd
29 Oct 2006, 12:54
I doubt it, given how easy the system is to exploit. If you need some actual arguments against logins beyond their lack of security, I'll point out that only the "Autologin" link works in Wine; Linux users would be effectively locked out of WormNET.

yakuza
29 Oct 2006, 13:05
I doubt it, given how easy the system is to exploit. If you need some actual arguments against logins beyond their lack of security, I'll point out that only the "Autologin" link works in Wine; Linux users would be effectively locked out of WormNET.



If logins where working, as they used to work, there wouldn't be half the impersonating there is.

Most impersonators are 12 year old wormers from Poland that can barely change their regional settings without help.

Needless to say there weren't as many impersonations back then. I don't even remember any famous case in which a famous wormer got impersonated by someone else who obtained his password and had access to his real nickname.

franpa
29 Oct 2006, 13:06
um upgrade it to work with wine? and it does mean that if someone does then we an block there ip address...

MadEwokHerd
29 Oct 2006, 13:16
Upgrade WHAT? What are you even talking about? The problem on wine is probably caused by some crazy obscure difference in the window management, and if we knew what caused it we'd probably have a work-around if not an outright fix for it by now.

The problem isn't obtaining passwords. I'm sure you all use strong passwords that aren't in the dictionary and mix upper/lowercase letters and numbers.

No, the problem is that the server isn't secure, and it's very difficult if not impossible given the current protocol to create a secure wormnet server. I could've given you step-by-step instructions when there were logins to impersonating another user, no password required. The only reason this wasn't a bigger problem was that it was overshadowed by more serious and technically simpler exploits like disconnecting.

Edit: I wouldn't have given them to you of course, but I'd gladly do it now. Knowledge of the wormnet protocol is so widespread (heck, just check the Worms Knowledge Base (http://wiki.thecybershadow.net/WormNET_%28Worms_Armageddon%29)) that we'd have people exploiting it instantly, and given that the traffic was all unencrypted plain text I'm surprised we didn't see more of it then.

yakuza
29 Oct 2006, 13:22
I'm not debating the insecurity of the old login system.

I'm just saying there would be loads less impersonations.

MadEwokHerd
29 Oct 2006, 13:29
Not if methods for getting past it were well-known, and I believe they would be. It doesn't even require someone malicious. Just someone trying some things and maybe he sends the program to a few friends and it leaks out (it's happened before with programs that take much more technical skill than this). Or maybe I'd have to do it myself so that the Wine users, who as I said earlier would be locked out of wormnet, can play online.

yakuza
29 Oct 2006, 14:01
There weren't half the impersonations back then as there are today.

Usually those impersonating, like I already said, are 11-13 year olds, usually from Poland, who do it to seek attention or spam the channels.

Even if a program was made that allowed impersonating there would still be less impersonating, because as it is now, it requires 0 effort.

I understand you don't want it to happen because that would stop you and your Wine pals from playing worms, but that shouldn't bias your judgment as it's pure logic, and too obvious, that if logins would come back there would be less people impersonating, with a program or without.

MadEwokHerd
29 Oct 2006, 21:07
If it weren't a problem for Wine users I'd dislike it as a very incomplete and hackable solution. I believe re-adding would be deceptive if there is no security behind it. I don't care if it would discourage people if it's done by luring other people into a false sense of security. But I wouldn't hate it enough to circumvent it, as that would only hurt the situation; it wouldn't serve to inform any more people of how insecure the logins are than simply talking about it on the forums.

But it would be a problem for Wine users, and that's unacceptable.

[UFP]Ghost
30 Oct 2006, 04:34
well something has to be done. and if wine users can't use that one the way it is then they should make a fix. I think we should reinstate th old 1 until someone makes a new one but i don't know how long that will be.

Plutonic
30 Oct 2006, 08:38
You could always reimplement the old scheme but have auto-login not require a password but at the same time append AL or something to the name. That way names can be reserved and anyone using autologin to imitate players will be easier to spot. Wine users will be able to register their names and although unable to use them at the moment will still be able to play.

Joeyjoejoe
9 Nov 2006, 06:30
Yes definitley a problem. My friend (Ben-Jee-Man) was impersonated.

franpa
9 Nov 2006, 07:52
at the screen that says internet or network it shows and allows you to edit your name... why not make it also show/edit your psasword? then you can leave the auto login interface the same.