Eggheads: Feature requests

Wiktor Wodecki wodecki at gmx.de
Thu Sep 12 11:43:00 CST 2002


security through obscurity doesn't work...if they have access to your
shell they simply run your bot through a debugger and get cleartext
passwords next time someobdy uses the bot.

what we would need is an authentication connect to the botnet and no
real userfiles (so you cannot simply conenct a bot, you have to allow it
on the hub, for example). this would prevent others from stealing
passwords. however, if they got root on the shell there's no way in
protecting the passwords, the attacker might simply read out the
memory...

On Thu, Sep 12, 2002 at 04:12:48PM +0000, Ronny V?rdal wrote:
> <some of the content has been removed>
>  
> > That is always a possibility. But i have a stable hub on a good connection
> > and a alt-hub if that one goes down. I'm really willing to take a chance
> > with that rather than to have my userfile cracked on some remote shell.
> > 
> > Minor userfile is ok as long as it doesnt store any passwords and is synched
> > to the real userfile.
> 
> </removement>
> 
> Why not just use another encryption? Make your own encryption module with your own algorithm maybe? Or a not so common encryption (execept double ROT-13 :p), so that it will be harder to decrypt cuz people expect to face blowfish, des3 or md5 or something in your userfile.
>  
> > Andri
> > aka Merlin at IRCnet
>  
> 
> Inputs from ting that is...

-- 
Regards,

Wiktor Wodecki      |    http://johoho.eggheads.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.eggheads.org/pipermail/eggheads/attachments/20020912/d4cad8be/attachment.bin>


More information about the Eggheads mailing list