Subj : Re: The Documentary... To : alt.bbs.synchronet From : Sinister x Date : Sat Aug 13 2005 12:15 am From Newsgroup: alt.bbs.synchronet "Frank Vest" wrote in message news:ZEcJe.9100$6D5.4383@newssvr29.news.prodigy.net... > To be honest, and in my own humble opinion: What "we", the BBS Sysops, > programers and other developers, need to be careful about is to not lose > the things that made "us" (see definition of "we") what we are. One > critical thing, IMHO, is the security that BBSs have. It's more likely > that you will die in a wreck than to get a virus from a BBS. Other > security risks seem to be less as well. It's estimated that an unprotected > computer on the inter net will last a few seconds before being hit. I can > sit on my BBS via dial-up for all day and not worry. Even via > telnet, being attacked just don't happen. I laugh when those "security > check" site (DSL Reports and such" flash that warning that I have a telnet > port open and could be hacked. :) > At any rate, I hope the developers of the future keep that level of > security in mind. To me, this is one of the major problems with Internet > and a major downfall. Not to mention, of course, spam and such. It's actually funny that you mention this, just this last week my school got hacked (http://www.dfw.com/mld/dfw/news/state/12333650.htm) all b/c the original developers didn't put in server-side security measure to protect against people using the POST method to inject form data (instead they had only client javascript security measures). How idiotic do you have to be to do something like that? Furthermore, that puts ME at risk since I have financial aid through the school, for something that a mere 50-100 lines of code could have stopped instantly. At any rate... back to your post... you're absolutely right on that one. BBS's typically fall under the radar nowadays for all kinds of things. Security is a big one, what major player in the hacking game wants to try and hack a software like synchronet when there are much bigger fish to fry like IIS and Apache? Furthermore, with all of the DRM stuff coming about, and the MPAA/RIAA coming around and suing people left and right for p2p's, it will be the older unchecked technologies like irc and telnet that go largely unchecked b/c by and large the mass populous of the instant messaging, double-clicking world has long forgotten these technologies. Now that's not to say that bbs coders shouldn't attempt to make their software as secure as possible. For the software that I'm coding right now I've implemented one-way encryption of passwords b/c if some user has access to read mystic's users.dat on my system they'll instantly have access to any passwords in plaintext, that's just not good. Besides that, any software that's out there has the potential for being hacked (but the question is, as stated, if anyone would actually devote the time who has the skill to hack such software). The major argument about telnet's vulnerability is that it is plaintext, and can be packet sniffed on a local LAN, but a wrapper through ssh could fix that in a heartbeat. Besides this, how many people who bbs are in a situation where more than one person in their household knows how to bbs and FURTHERMORE knows anything about packetsniffing? Probably very few, I think I might actually be the only one since I get online from my g/f's sometimes and she calls my board... but that would be in my favorite since she doesn't know anything about packetsniffing (and not like we don't know each others' passwords anyway...). --- Synchronet 3.13a-Win32 NewsLink 1.83 .