licenses

Discussion:

licenses

(too old to reply)

Julian

2023-11-21 10:30:21 UTC

It's often that nethack and angband servers ask you to overturn your computer's security and play them even though they don't have the proper certificates.

It's a glaring oversight. Is it too hard or are they hacking your computer?

Janis Papanagnou

2023-11-21 13:14:09 UTC

Permalink

Post by Julian
It's often that nethack and angband servers ask you to overturn your
computer's security and play them even though they don't have the
proper certificates.
It's a glaring oversight. Is it too hard or are they hacking your computer?

Curious; what security measure do these servers ask to overturn?
(And which nethack/angband servers do so?)
And what is the (security-) problem if you play on a server that
has no server-certificate?
I mean; if you connect to that server and ask to play through
telnet or ssh a text-based game... - what can a nethack server
software do on your system beyond sending you ANSI codes that
disturb your screen? (What could they hack on your computer?)
Server spoofing, DNS spoofing? But with what consequences here?

I'm not too deep into that matter, so since you've identified
a "glaring oversight" you could probably enlighten the issue a
bit for us. - It's certainly interesting to know if there's an
issue.

Janis

Julian

2023-11-21 17:12:39 UTC

Permalink

Post by Janis Papanagnou

Curious; what security measure do these servers ask to overturn?
(And which nethack/angband servers do so?)
And what is the (security-) problem if you play on a server that
has no server-certificate?
I mean; if you connect to that server and ask to play through
telnet or ssh a text-based game... - what can a nethack server
software do on your system beyond sending you ANSI codes that
disturb your screen? (What could they hack on your computer?)
Server spoofing, DNS spoofing? But with what consequences here?
I'm not too deep into that matter, so since you've identified
a "glaring oversight" you could probably enlighten the issue a
bit for us. - It's certainly interesting to know if there's an
issue.
Janis

Both nethack 3.6.7 and puTTy have this warning on Windows 11:

WINDOWS PROTECTED YOUR PC

Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
_More info_

There is a button labelled "Don't run"

I'm not a malicious hacker, therefore I don't know what all they could do with this, maybe install a backdoor? Etcetera. It suggests to me that there has been some bypass of security. I don't want to make an accusation, but the lure of an unprotected computer is more power than many can handle.

Patashu

2023-11-22 05:33:40 UTC

Permalink

Post by Julian

Post by Janis Papanagnou

Curious; what security measure do these servers ask to overturn?
(And which nethack/angband servers do so?)
And what is the (security-) problem if you play on a server that
has no server-certificate?
I mean; if you connect to that server and ask to play through
telnet or ssh a text-based game... - what can a nethack server
software do on your system beyond sending you ANSI codes that
disturb your screen? (What could they hack on your computer?)
Server spoofing, DNS spoofing? But with what consequences here?
I'm not too deep into that matter, so since you've identified
a "glaring oversight" you could probably enlighten the issue a
bit for us. - It's certainly interesting to know if there's an
issue.
Janis

WINDOWS PROTECTED YOUR PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
_More info_
There is a button labelled "Don't run"
I'm not a malicious hacker, therefore I don't know what all they could do with this, maybe install a backdoor? Etcetera. It suggests to me that there has been some bypass of security. I don't want to make an accusation, but the lure of an unprotected computer is more power than many can handle.

Windows Defender blocks rarely downloaded apps by default. The information you learned is, sadly, 'not many people download and play Nethack' and 'not many people downlod and use PuTTY'. You didn't learn whether they have a virus or not - it didn't even check.

If you want a second opinion, you can send a program to https://www.virustotal.com/gui/ and see what it thinks.

Prtr. Mandrake

2024-01-07 12:12:33 UTC

Permalink

Post by Patashu

Post by Julian

Post by Janis Papanagnou

Curious; what security measure do these servers ask to overturn?
(And which nethack/angband servers do so?)
And what is the (security-) problem if you play on a server that
has no server-certificate?
I mean; if you connect to that server and ask to play through
telnet or ssh a text-based game... - what can a nethack server
software do on your system beyond sending you ANSI codes that
disturb your screen? (What could they hack on your computer?)
Server spoofing, DNS spoofing? But with what consequences here?
I'm not too deep into that matter, so since you've identified
a "glaring oversight" you could probably enlighten the issue a
bit for us. - It's certainly interesting to know if there's an
issue.
Janis

Windows Defender blocks rarely downloaded apps by default. The information you learned is, sadly, 'not many people download and play Nethack' and 'not many people downlod and use PuTTY'. You didn't learn whether they have a virus or not - it didn't even check.
If you want a second opinion, you can send a program to https://www.virustotal.com/gui/ and see what it thinks.

It wasn't 100 % on (nethack == harmless) It feels that there is WORM
in there.

Ben Collver

2024-01-08 00:56:50 UTC

Permalink

Post by Prtr. Mandrake
It wasn't 100 % on (nethack == harmless) It feels that there is WORM
in there.

Identified presence of Purple Worm in NETHACK.EXE

<https://nethackmonsters.art/monsters/w-purple_worm-magenta-ascii.webp>