PSA: Pick good passwords, armathentication not super-secure

What do you want to see here? Some more categories, forums, and mods? Hmm...
User avatar
[Anonymous]
Round Winner
Posts: 217
Joined: Thu Mar 19, 2015 11:54 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by [Anonymous] » Thu Aug 27, 2015 2:59 am

aP|Nelg wrote:
sinewav wrote:
ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
Want to feel secure? Take the advice from this thread and construct a stronger password. It's good practice and it really shouldn't matter which server have been compromised. Protect yourself all of them, now.
He's got a valid point, Z-Man is pretty much ignoring his questions.
Focus on the topic. Please? Your attention span isn't very long.

User avatar
sinewav
Graphic Artist
Posts: 6198
Joined: Wed Jan 23, 2008 3:37 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by sinewav » Thu Aug 27, 2015 3:58 am

I understand the curiosity of wanting to know which server was the compromised. But please understand, knowing that would likely cause a major disruption as people go on a witch-hunt, pick sides, and argue about "the community" until threads are locked and people banned. None of that is helpful and distracts from the most important point: The server doesn't matter. We all need stronger passwords. And not just in Armagetron.

I changed mine immediately after reading this thread. I don't believe Z-Man is dodging the question, he's a busy guy. But I wouldn't fault him if he did since a fair percentage of people here want to paint him as a villain regardless of his good intentions or deeds. So relax.
Attachments
SSR.PNG
SSR.PNG (4.58 KiB) Viewed 678 times

User avatar
Z-Man
God & Project Admin
Posts: 11220
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Z-Man » Thu Aug 27, 2015 5:26 am

Heh. I meant to answer Convict's question, but then forgot. Sorry, busy. It would have been what sinewav just said. Plus, best case scenario: I tell you the name of the server that has been floated up, it's indeed a dangerous one! What happens next? They change the name. I tell you the IP or block it from the masters? They switch to a different host. So in the best case, nothing is gained.

If you want to be selective where you sign in, a whitelist approach is better. Disable auto-login and only authenticate when you need to, on servers you trust. Connect to them over bookmarks, not the server browser.

Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.

User avatar
aP|Nelg
Match Winner
Posts: 542
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by aP|Nelg » Thu Aug 27, 2015 5:34 am

Z-Man wrote:Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
PMed

User avatar
/dev/null
Shutout Match Winner
Posts: 820
Joined: Sat Sep 04, 2004 6:28 pm
Location: Chicago-ish

Re: PSA: Pick good passwords, armathentication not super-sec

Post by /dev/null » Thu Aug 27, 2015 6:12 am

LUKE JR!

User avatar
[Anonymous]
Round Winner
Posts: 217
Joined: Thu Mar 19, 2015 11:54 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by [Anonymous] » Thu Aug 27, 2015 9:14 pm

Interesting

Word
Reverse Adjust Outside Corner Grinder
Posts: 4159
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word » Thu Aug 27, 2015 9:38 pm

Don't want to be counterproductive, but from my point of view you could also start a witch-hunt and possibly damage the whole tournament if you don't name the faulty party, thereby making all ladle servers look untrustworthy because it could be any of them. So do you plan to quietly exclude that party from future tournaments? I don't think that a few individuals who change their passwords to something more complicated (no matter how justified as a PSA like this one might be) can really change the situation significantly. I already assume there's an aspect about this whole story that I'm missing though...

User avatar
ConVicT
Shutout Match Winner
Posts: 1004
Joined: Fri Feb 17, 2012 2:33 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by ConVicT » Thu Aug 27, 2015 10:40 pm

[Anonymous] wrote:
ConVicT wrote:Thanks (you as a dev and moderator) for making my Armagetron experience feel safe and secure.
Focus on the topic. Please? Your attention span isn't very long.
My focus was entirely on the topic. Inlighten me on which part wasn't on topic, Rookie.

@Duke: If you see this message, check your HFT logs because this guy (Rookie, under the alias of £Renkie& and logged in as [email protected]) said to me when I was under alias "If you login to my server, your password is mine".
I told him that I couldn't care less and that I'm ConVicT; He replied with "you saw nothing".
Maybe he was joking, but seeing as he's never done trolling here under alias, I wouldn't doubt it.
This is all assuming you care about the security here, not to mention that if I'm correct, you're his host.
Just to clarify here, I'm not pointing fingers, I'm just letting you know to keep a close eye.
Z-Man wrote:"" "" ""
Oh, and I invite you to privately share the details on the 'bad ladle server' story with the resident Ladle Enthusiast. Or me, if you prefer.
Thanks, I appreciate it more coming from a trusted moderator.

I won't PM you what I've heard because Nelg already has, and it's his clique that I saw talking about it.
Word wrote:Don't want to be counterproductive, but from my point of view you could also start a witch-hunt and possibly damage the whole tournament if you don't name the faulty party, thereby making all ladle servers look untrustworthy because it could be any of them. So do you plan to quietly exclude that party from future tournaments? I don't think that a few individuals who change their passwords to something more complicated (no matter how justified as a PSA like this one might be) can really change the situation significantly. I already assume there's an aspect about this whole story that I'm missing though...
/me actually agrees with Word for once.
I think even if you're not gonna say which server, you could at least PM the people who care enough to ask: "Stay away from <server> if you're still worried even after following my password suggestions"
I don't have anything important with the same password as tron but I do use it as a gaming passord. My steam account and my Minecraft account, etc.
They're all changed now thanks to your post.
But still, knowing what server to avoid would help.

Not only that, if you out the server every time, they'll end in giving up.
Plus you underestimate what you can find out by actually playing the game. If someone was stealing passwords, I can almost guarantee that I'd find out who/where/why.

Example: I know that it was Durf told Swag how to steal passwords from Ladle servers.
'nother: I'm almost certain it was Swag that DDoSd' all of those servers that time during a Ladle tourney.
I'm sure it took down a few Rx servers.

Did I/he even write this or was my/his password stolen because not enough information...?

User avatar
Z-Man
God & Project Admin
Posts: 11220
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne, Jabber: [email protected]
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Z-Man » Thu Aug 27, 2015 11:16 pm

You underestimate how much you can find out by just sitting on your fat behind, waiting for information to flow in :)

I can say as much: The ladle coup would have targeted me only (remember, each password has to be brute forced individually) and would have involved a new ladle server. The established ones are trustworthy.

User avatar
compguygene
Adjust Outside Corner Grinder
Posts: 2332
Joined: Thu Aug 21, 2008 12:09 pm
Location: Cleveland, Ohio
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by compguygene » Fri Aug 28, 2015 2:10 am

For those who may now scrutinize the Ladle servers carefully. I have been hosting one, which has an old, and not current IP address on the wiki. The current IP address/port, which I will update on the wiki is 192.223.24.194:4534. It has only been up for 2 days, as I just got a new VPS 2 days ago to replace the old one that I was disatisfied with.
Armagetron: It's a video game that people should just play and enjoy :)
https://bit.ly/2KBGYjvCheck out the simple site about TheServerPharm

Word
Reverse Adjust Outside Corner Grinder
Posts: 4159
Joined: Wed Jan 07, 2009 6:13 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by Word » Fri Aug 28, 2015 2:36 am

Thanks for the update, Z-Man. My intention wasn't to criticize any trustworthy hoster who has been around for a long time (e.g. compguy), I just thought it kind of affects all of them if somebody is suspected but not named - that simply are the preconditions of a witch-hunt. That being said, we really shouldn't start one if the problem is solved soon.
Attachments
Convict agrees with me? Oo
Convict agrees with me? Oo

xXSyagehtllikXx
On Lightcycle Grid
Posts: 20
Joined: Wed Feb 18, 2015 9:35 pm

Re: PSA: Pick good passwords, armathentication not super-sec

Post by xXSyagehtllikXx » Sat Aug 29, 2015 2:07 am

It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now

User avatar
aP|Nelg
Match Winner
Posts: 542
Joined: Wed Oct 22, 2014 10:22 pm
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by aP|Nelg » Sat Aug 29, 2015 3:22 am

xXSyagehtllikXx wrote:It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now
You're not swag, you're rookie...

User avatar
[Anonymous]
Round Winner
Posts: 217
Joined: Thu Mar 19, 2015 11:54 am

Re: PSA: Pick good passwords, armathentication not super-sec

Post by [Anonymous] » Sat Aug 29, 2015 5:19 am

aP|Nelg wrote:
xXSyagehtllikXx wrote:It's to late. The "server" you speak of will never be stopped. Durf did help me, credit is given where credit is do.
Trying to find this server is like picking a needle from a bowl of rice now
You're not swag, you're rookie...
Last time I checked ConVict said I was "Rookie"!
This is an out rage! Seems like anyone new to the community on these forums are assumed to be a troll. Sigh...
May we get back on topic? Please? I believe the best way to avoid this server is to tell us which one it may be.

User avatar
sinewav
Graphic Artist
Posts: 6198
Joined: Wed Jan 23, 2008 3:37 am
Contact:

Re: PSA: Pick good passwords, armathentication not super-sec

Post by sinewav » Sat Aug 29, 2015 6:24 am

[Anonymous] wrote:I believe the best way to avoid this server is to tell us which one it may be.
That won't help because they can move the server to a new address and rename it. The only thing you need to do is increase the complexity of your password and play on trusted servers.

Post Reply