Focus on the topic. Please? Your attention span isn't very long.aP|Nelg wrote:He's got a valid point, Z-Man is pretty much ignoring his questions.sinewav wrote:Want to feel secure? Take the advice from this thread and construct a stronger password. It's good practice and it really shouldn't matter which server have been compromised. Protect yourself all of them, now.ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
PSA: Pick good passwords, armathentication not super-secure
- [Anonymous]
- Round Winner
- Posts: 204
- Joined: Thu Mar 19, 2015 11:54 am
Re: PSA: Pick good passwords, armathentication not super-sec
Re: PSA: Pick good passwords, armathentication not super-sec
I understand the curiosity of wanting to know which server was the compromised. But please understand, knowing that would likely cause a major disruption as people go on a witch-hunt, pick sides, and argue about "the community" until threads are locked and people banned. None of that is helpful and distracts from the most important point: The server doesn't matter. We all need stronger passwords. And not just in Armagetron.
I changed mine immediately after reading this thread. I don't believe Z-Man is dodging the question, he's a busy guy. But I wouldn't fault him if he did since a fair percentage of people here want to paint him as a villain regardless of his good intentions or deeds. So relax.
I changed mine immediately after reading this thread. I don't believe Z-Man is dodging the question, he's a busy guy. But I wouldn't fault him if he did since a fair percentage of people here want to paint him as a villain regardless of his good intentions or deeds. So relax.
- Attachments
-
- SSR.PNG (4.58 KiB) Viewed 5595 times
Re: PSA: Pick good passwords, armathentication not super-sec
Heh. I meant to answer Convict's question, but then forgot. Sorry, busy. It would have been what sinewav just said. Plus, best case scenario: I tell you the name of the server that has been floated up, it's indeed a dangerous one! What happens next? They change the name. I tell you the IP or block it from the masters? They switch to a different host. So in the best case, nothing is gained.
If you want to be selective where you sign in, a whitelist approach is better. Disable auto-login and only authenticate when you need to, on servers you trust. Connect to them over bookmarks, not the server browser.
Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
If you want to be selective where you sign in, a whitelist approach is better. Disable auto-login and only authenticate when you need to, on servers you trust. Connect to them over bookmarks, not the server browser.
Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
Re: PSA: Pick good passwords, armathentication not super-sec
PMedZ-Man wrote:Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
- [Anonymous]
- Round Winner
- Posts: 204
- Joined: Thu Mar 19, 2015 11:54 am
Re: PSA: Pick good passwords, armathentication not super-sec
Don't want to be counterproductive, but from my point of view you could also start a witch-hunt and possibly damage the whole tournament if you don't name the faulty party, thereby making all ladle servers look untrustworthy because it could be any of them. So do you plan to quietly exclude that party from future tournaments? I don't think that a few individuals who change their passwords to something more complicated (no matter how justified as a PSA like this one might be) can really change the situation significantly. I already assume there's an aspect about this whole story that I'm missing though...
Re: PSA: Pick good passwords, armathentication not super-sec
My focus was entirely on the topic. Inlighten me on which part wasn't on topic, Rookie.[Anonymous] wrote:Focus on the topic. Please? Your attention span isn't very long.ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
@Duke: If you see this message, check your HFT logs because this guy (Rookie, under the alias of £Renkie& and logged in as Amaso@forums) said to me when I was under alias "If you login to my server, your password is mine".
I told him that I couldn't care less and that I'm ConVicT; He replied with "you saw nothing".
Maybe he was joking, but seeing as he's never done trolling here under alias, I wouldn't doubt it.
This is all assuming you care about the security here, not to mention that if I'm correct, you're his host.
Just to clarify here, I'm not pointing fingers, I'm just letting you know to keep a close eye.
Thanks, I appreciate it more coming from a trusted moderator.Z-Man wrote:"" "" ""
Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
I won't PM you what I've heard because Nelg already has, and it's his clique that I saw talking about it.
/me actually agrees with Word for once.Word wrote:Don't want to be counterproductive, but from my point of view you could also start a witch-hunt and possibly damage the whole tournament if you don't name the faulty party, thereby making all ladle servers look untrustworthy because it could be any of them. So do you plan to quietly exclude that party from future tournaments? I don't think that a few individuals who change their passwords to something more complicated (no matter how justified as a PSA like this one might be) can really change the situation significantly. I already assume there's an aspect about this whole story that I'm missing though...
I think even if you're not gonna say which server, you could at least PM the people who care enough to ask: "Stay away from <server> if you're still worried even after following my password suggestions"
I don't have anything important with the same password as tron but I do use it as a gaming passord. My steam account and my Minecraft account, etc.
They're all changed now thanks to your post.
But still, knowing what server to avoid would help.
Not only that, if you out the server every time, they'll end in giving up.
Plus you underestimate what you can find out by actually playing the game. If someone was stealing passwords, I can almost guarantee that I'd find out who/where/why.
Example: I know that it was Durf told Swag how to steal passwords from Ladle servers.
'nother: I'm almost certain it was Swag that DDoSd' all of those servers that time during a Ladle tourney.
I'm sure it took down a few Rx servers.
Did I/he even write this or was my/his password stolen because not enough information...?
Re: PSA: Pick good passwords, armathentication not super-sec
You underestimate how much you can find out by just sitting on your fat behind, waiting for information to flow in
I can say as much: The ladle coup would have targeted me only (remember, each password has to be brute forced individually) and would have involved a new ladle server. The established ones are trustworthy.
I can say as much: The ladle coup would have targeted me only (remember, each password has to be brute forced individually) and would have involved a new ladle server. The established ones are trustworthy.
- compguygene
- Adjust Outside Corner Grinder
- Posts: 2346
- Joined: Thu Aug 21, 2008 12:09 pm
- Location: Cleveland, Ohio
- Contact:
Re: PSA: Pick good passwords, armathentication not super-sec
For those who may now scrutinize the Ladle servers carefully. I have been hosting one, which has an old, and not current IP address on the wiki. The current IP address/port, which I will update on the wiki is 192.223.24.194:4534. It has only been up for 2 days, as I just got a new VPS 2 days ago to replace the old one that I was disatisfied with.
Armagetron: It's a video game that people should just play and enjoy
https://bit.ly/2KBGYjvCheck out the simple site about TheServerPharm
https://bit.ly/2KBGYjvCheck out the simple site about TheServerPharm
Re: PSA: Pick good passwords, armathentication not super-sec
Thanks for the update, Z-Man. My intention wasn't to criticize any trustworthy hoster who has been around for a long time (e.g. compguy), I just thought it kind of affects all of them if somebody is suspected but not named - that simply are the preconditions of a witch-hunt. That being said, we really shouldn't start one if the problem is solved soon.
-
- On Lightcycle Grid
- Posts: 20
- Joined: Wed Feb 18, 2015 9:35 pm
Re: PSA: Pick good passwords, armathentication not super-sec
It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now
Trying to find this server is like picking a needle from a bowl of rice now
Re: PSA: Pick good passwords, armathentication not super-sec
You're not swag, you're rookie...xXSyagehtllikXx wrote:It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now
- [Anonymous]
- Round Winner
- Posts: 204
- Joined: Thu Mar 19, 2015 11:54 am
Re: PSA: Pick good passwords, armathentication not super-sec
Last time I checked ConVict said I was "Rookie"!aP|Nelg wrote:You're not swag, you're rookie...xXSyagehtllikXx wrote:It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now
This is an out rage! Seems like anyone new to the community on these forums are assumed to be a troll. Sigh...
May we get back on topic? Please? I believe the best way to avoid this server is to tell us which one it may be.
Re: PSA: Pick good passwords, armathentication not super-sec
That won't help because they can move the server to a new address and rename it. The only thing you need to do is increase the complexity of your password and play on trusted servers.[Anonymous] wrote:I believe the best way to avoid this server is to tell us which one it may be.