Valhalla Legends Archive

Quote from: $t0rm on September 23, 2004, 08:13 PM
The entire point of a *server* is for *public access*. If you didn't want me entering, you should have configured your firewall rules not to let me in.

That's a retarded way to think of things, and it's one of the main problems with the Internet and the attitude of people online.  We've had big discussions about this attitude at work.

Let's look at it this way.  If somebody doesn't lock the door to their house, is it ok for you to walk in and rummage around?  If you leave a note to people to "Just come in and get cookies", and you leave cookies and milk on the table, is it ok for somebody to walk in and steal your tv?  

It's the same thing on the Internet.  Just because your server is configured incorrectly does not give people the right to wander in and rummage around.  It's ok if they leave you a note saying "Your door is unlocked" or even if they lock your door for you, but to wander in and look around just because they forgot to lock the door is illegal, immoral, and just plain rude.

It's assholes who think that's ok who piss me off.

Quote from: LoRd[nK] on September 24, 2004, 06:05 AM
Even though I'm completely against the use of stolen material, I do have this to say.

Things have been stolen since the dawn of time, bitching about it isn't going to unsteal them or change anything at all for that matter.  

And people have been killing each other, that doesn't make it right.

Quote
It's not as if the code wasn't planned on being open source from the begining.  madd0x himself had told me that he had released bits and pieces of the code all over the internet in various forums

I never heard about this.  Links?

Quote

Quoteas well as TheMinistered who was randomly handing out the code to those who he felt worthy

No, that never happened

Quoteand UserLoser who was publically posting War3 packet information on his BnetDocs knockoff

He posted public domain information (srp).

QuoteThe reason I italicized stolen is because I've talked to the person in question and I doubt someone with his intelligence could brute even a 1 character password

It wasn't a 1 character password, it was simply one that many people knew.  And i find it quite unlikely that the person who released it is the same person that stole it.  Nobody ever said it was.

QuoteThe originally planned-to-be open source code was just sitting there waiting to be released and all it needed was someone to come along and release it in some form or another.  Who cares who/how/when/where/why it happened?  Fact is it was going to happen sooner or later.

And you might say that he ruined it for everybody else.

QuoteThe only problem I have with the leaking of the code is something that iago mentioned somewhere on the first page about asking for support.  Personally I find this as stupid as stealing a car and coming back the next day asking how to set the clock.  I think all threads asking for support of such code should be trashed on sight instead of turning into a 5 page argument on coding ethics every time.

I agree with that part.


But overall, you're still posting about stuff that you have no idea about.  

QuoteAnd people have been killing each other, that doesn't make it right.

It's not a case of right or wrong because we all already know it was wrong (I believe I mentioned this?).  This is a case of people's inability to move on.

QuoteI never heard about this.  Links?

I would but your original posts concerning it have since vanished from the General Computing & Misc. forum.

Ask madd0x about the information released to forums because I don't know nor do I care about that information - I'm only going on what he said.

Quote
No, that never happened

Ofcourse it did.  I got my copy of the code from him months before the leaked release after only talking to him for about 5 minutes.  Then once again from madd0x about a month later which was when he told me about his releases of the code to forums and how he wished for the code to go public but he wanted to be the one to release it.

Quote
He posted public domain information (srp).

Nah, he posted the packet structure of every packet required to login on War3.

QuoteIt wasn't a 1 character password, it was simply one that many people knew.  And i find it quite unlikely that the person who released it is the same person that stole it.  Nobody ever said it was.

I never said it was a 1 character password, I was merely giving an example.

So now many people knew a password to a server which contained this valuable, top secret code and then that same server was "accidentally" left on for an extended amount of time without being monitored?  Not only did a lot of people have the password but those people who did weren't even people who should have been given the password to begin with?  I smell conspiracy and since TheMinstered and madd0x were already leaking the files to random people, my claim isn't unjust.  Ever wondered why there's little or no posts from TheMinistered or madd0x concerning the leaking of the code and the posts that were made don't show any signs of anger?  They were the one's who did the majority of the more complicated work, so it would only be logical that they would be the most upset over it's unsupported release.  One also wonders why someone picky about function naming and such would choose a password which granted near root access to his system to be as simple as "1234".  These things can't just be coincidences.  But like I said, this thread isn't about that.

QuoteAnd you might say that he ruined it for everybody else.

I wouldn't say that... it's out there so the idiots who don't know how to use it can and thanks to UserLoser, Google and a few others it's documented so those who wish to understand it have the resources needed to do so.

Edit:  Fixed a few spelling and grammar errors I made as well as some things I left out because I was tired and in the middle of doing homework.

Quote from: LoRd[nK] on September 24, 2004, 09:23 AM

QuoteAnd you might say that he ruined it for everybody else.

I wouldn't say that... it's out there so the idiots who don't know how to use it can and thanks to UserLoser and a few others it's documented so those who wish to understand it have the resources needed to do so.

What I meant was, it was only a small matter of time before it was going to be released anyway, along with documentation and clean code that always works.  Unfortunately, after this happened, the people who were working on it gave up and didn't bother.

Well, iago, you're simply wrong. TCP and the Internet, by design, is supposed to be for *public access*. Why do you think there's little/no basic security built into the core protocols? Because it's designed to be for *public* information exchange.

If you wanted it to be secure, you'd not listen on a public port. In addition, you should at a minimum put a message in the banner and use SSH.

In addition, the "locked door" analogy sucks; stop using it. Your property is defined _by law_ as yours, and you can do what you may with trespassers. In this case, you're connecting your computer to a *global information network*, which has a purpose of sending data between two or more nodes on that network. There's no law anywhere that says "You aren't allowed to send data to _this_ machine on the Internet", or "You aren't allowed to send _this_ stream of bytes to a given machine".

Your server is not your property. It's offering services to the public internet. In fact, the connection is likely owned by the ISP. Sending bytes is not a crime. Stop trying to make it one.

Quote from: $t0rm on September 24, 2004, 02:02 PM
Well, iago, you're simply wrong. TCP and the Internet, by design, is supposed to be for *public access*. Why do you think there's little/no basic security built into the core protocols? Because it's designed to be for *public* information exchange.

If you wanted it to be secure, you'd not listen on a public port. In addition, you should at a minimum put a message in the banner and use SSH.

In addition, the "locked door" analogy sucks; stop using it. Your property is defined _by law_ as yours, and you can do what you may with trespassers. In this case, you're connecting your computer to a *global information network*, which has a purpose of sending data between two or more nodes on that network. There's no law anywhere that says "You aren't allowed to send data to _this_ machine on the Internet", or "You aren't allowed to send _this_ stream of bytes to a given machine".

Your server is not your property. It's offering services to the public internet. In fact, the connection is likely owned by the ISP. Sending bytes is not a crime. Stop trying to make it one.

It is a crime actually. I can find it easily in European law since I'm familiar with that. In US law, I googled up the federal law about it. There's a requirement of the information obtained being worth $5000. Any reasonably large application stolen meets that requirement - $5000 would amount to about 100 hours of work.

You said that the indication of something being for private access was having a banner instead of just admitting everyone immediately. This has to be adopted to the protocol used for the private service - in a protocol such as telnet you might use a banner. This site had the equivalent of a banner - a prompt asking for a password. That's enough to indicate that the site is not intended for public consumption.

IIRC, in the recent affair in the congress where people had accessed documents on an open file share, it was said to be unauthorized access. They were supposed to have known better.

Quote from: $t0rm on September 24, 2004, 02:02 PM
Sending bytes is not a crime. Stop trying to make it one.

By your logic, is opening a door, walking, and picking something up a crime?  

Quote from: LoRd[nK] on September 24, 2004, 09:23 AM

QuoteAnd people have been killing each other, that doesn't make it right.

It's not a case of right or wrong because we all already know it was wrong (I believe I mentioned this?).  This is a case of people's inability to move on.

You're not supposed to "move on" when someone has been brutally & unjustly murdered.  Society has its punishments for people who infringe on other's natural rights.


iago/$t0rm:
Who votes someone should walk into $t0rm's house this weekend & rummage around?
The server is private property paid for & maintained by its owner...how does that make it open to public attacks?

Quote from: CrAz3D on September 24, 2004, 04:09 PM

Quote from: LoRd[nK] on September 24, 2004, 09:23 AM

QuoteAnd people have been killing each other, that doesn't make it right.

It's not a case of right or wrong because we all already know it was wrong (I believe I mentioned this?).  This is a case of people's inability to move on.

You're not supposed to "move on" when someone has been brutally & unjustly murdered.  Society has its punishments for people who infringe on other's natural rights.


iago/$t0rm:
Who votes someone should walk into $t0rm's house this weekend & rummage around?
The server is private property paid for & maintained by its owner...how does that make it open to public attacks?

You can't dwell on the past no matter what the crime is.

Quote from: LoRd[nK] on September 24, 2004, 05:28 PM
You can't dwell on the past no matter what the crime is.

No, all you can do is punish those who committed the crime and their supporters (including anyone who uses the code) by constantly reminding them how bad they are.

Quote from: Adron on September 24, 2004, 05:33 PM

Quote from: LoRd[nK] on September 24, 2004, 05:28 PM
You can't dwell on the past no matter what the crime is.

No, all you can do is punish those who committed the crime and their supporters (including anyone who uses the code) by constantly reminding them how bad they are.

Constant criticism will most likely not affect those people in any way so I hardly see it as a punishment to anyone other than those of us who have to see the same argument brought up a thousand times over.

Quote from: LoRd[nK] on September 24, 2004, 05:41 PM
Constant criticism will most likely not affect those people in any way so I hardly see it as a punishment to anyone other than those of us who have to see the same argument brought up a thousand times over.

Lies, I good ol fashion flogging will do the trick.

Quote from: iago on September 24, 2004, 03:42 PM

Quote from: $t0rm on September 24, 2004, 02:02 PM
Sending bytes is not a crime. Stop trying to make it one.

By your logic, is opening a door, walking, and picking something up a crime?  

If it's on your *legally defined property*, then yes, it is.

Quote from: LoRd[nK] on September 24, 2004, 09:23 AM

Quote
He posted public domain information (srp).

Nah, he posted the packet structure of every packet required to login on War3.

http://www.ietf.org/rfc/rfc2945.txt
http://srp.stanford.edu/doc.html

Uh oh, they posted information on various methods of using SRP for authentication

Quote from: $t0rm on September 24, 2004, 07:00 PM

Quote from: iago on September 24, 2004, 03:42 PM

Quote from: $t0rm on September 24, 2004, 02:02 PM
Sending bytes is not a crime. Stop trying to make it one.

By your logic, is opening a door, walking, and picking something up a crime?  

If it's on your *legally defined property*, then yes, it is.

You're saying that people don't own their computers?

The thing is, crime is crime.  If you're infringing on somebody's rights, no matter how or where, it's crime. Just because you put a computer between you and them doesn't make it more right, it makes it more anonymous.  Stealing is stealing, vandalism is vandalism.  It's no different.