From: DragonMUD [ 4000] [ 4000 (
Date: 04/22/95

You have a point there but I think we should drop this subject.
Now you are playing with fire. If you want to bring up ethics pleaz do it 
else where this is just going to start another email war which can be 
avoided. I am sure someone (I am not going to mention names) will bring 
up the question 'who defines ethical' or 'What is the definition of 
ethical?' why should we go into a war if we don't have to? pleaz ppl 
think about what you are saying before you say, we are supposed to be 
working together not biteing at each others throats!

		- David 'Dave' Berthiaume of DragonMUD [ 4000]
------------------------------------------------------------------------------                      |        |

On Sat, 22 Apr 1995, Chris Herringshaw wrote:

> Well, I believe at this point we are talking more about ethics 
> than a security risk.  The risk is not so much that a hacker
> can penetrate your system (which they can), but that an
> unethical administrator can procure player passwords, which
> as Andy pointed out, are often related to unix passwords,
> or player on another mud game.  Most users are not smart
> about choosing passwords, which is as close to a fact as it needs
> to be in this case.
> ====================================================================
> Christopher Herringshaw     Networking and Special Projects Division
> Medical Center Information Technology (MCIT)
> University of Michigan Medical Center, B1911 CFOB
> 1414 Catherine Street, Ann Arbor, MI 48109-0704       (313) 747-2778
> ====================================================================
> On Sat, 22 Apr 1995, Spawn@KrimsonMud wrote:
> >
> > Anyway, this is ridiculous.  Everyones complaining about crypt() being a 
> > security risk... Well, any decent hacker that can get into the shell and 
> > use the mudpasswd.c (whatever), modified of course, to change anyones 
> > password in the game without knowing it.  Not to mention purgeplay.  Yes, 
> > it's entirely possible that in a text file the same hacker can set up his 
> > level, play arond with things, but you can easily change that back and 
> > site ban provided it's straight ASCII.  What are you going to do in the 
> > other case?  Purge the entire player file because a person changed a 
> > password or used a modified purgeplay to set the delete flag on anyone 
> > they want....  REALLY safe there.
> > 
> > 

This archive was generated by hypermail 2b30 : 12/07/00 PST