[ut2003io] UTelAdSE beta 3

[-SF-]Shockwave shockwave at clanshortfuse.com
Thu Nov 14 11:44:44 EST 2002


Hello Robert,

> Thats true, but it isn't running as a real user, hence, no permissions to
> change actual files.
>

While your statement is correct regarding the ability of an attacker to
manipulate the operating system by intercepting the name and password of the
game server administration settings, it supposes that the credentials of an
existing user are not used.  Knowing the average user's penchant for
standardizing user names and passwords, this could easily become a security
issue.  Your statement also doesn't address the ability of an attacker to
tamper with the game server itself.

If security is needed, perhaps the telnet administration tool mentioned
could be run on the game server itself.  If this is possible, then you could
simply use a secure client to connect to the server.  This way your
communications session would be encrypted and telnet wouldn't need to be
allowed outside of the target system.  I'm not familiar with the tool, but
this should theoretically work.  =)


Shockwave


----- Original Message -----
From: "Robert Brandtjen" <rob at prometheusmedia.com>
To: <ut2003 at icculus.org>
Sent: Thursday, November 14, 2002 11:32 AM
Subject: Re: [ut2003io] UTelAdSE beta 3


> On Thursday 14 November 2002 09:56 am, [-SF-]Shockwave wrote:
> > Since we're on the topic of security, it should also be mentioned that
the
> > UT2003 web interface doesn't employ any encryption scheme either.  ;)
>
> Thats true, but it isn't running as a real user, hence, no permissions to
> change actual files.
>
> --
>  Robert Brandtjen
>  --------------------------------------
>  Web Site Creation and Hosting Services
>  Hostmaster at prometheusmedia.com
>  www.prometheusmedia.com
>





More information about the ut2003 mailing list