Blue's News artwork by Walter |2| Costinak <2@2design.org>
Mail Bag

Saturday, January 3, 1997

Date: Sat, 3 Jan 1998 030627 -0500
Subject: mailbombing

[NOTE This message was remailed by an anonymous remailing system. The original sender is unknown, and has inserted the From header. This information has not been verified. As with all mail or news messages, you should examine the headers carefully before responding. Direct questions about this system to <admin@anon.efga.org>.]

You ought to be ashamed of yourselves for advocating the mailbombing of someone who posted info on a security problem to BugTraq.

You deserve to be mainbombed yourselves.

An interesting, if hypocritical, point. I do not now, nor have I ever advocated mail bombing anyone. As you'll note, that even letters in my mailbag have the email addresses removed (unless otherwise requested) to prevent retaliation over controversial opinions.


Date: Fri, 2 Jan 1998 164739 -0700 (MST)
From: JBS
Subject: Q2 Server Crashers

I have to disagree with "paranrml" - we give the hooligan(s) who crashed the Q2 servers too much credit for cognitive thinking if we believe it was done for personal "publicity".

I think it is more accurately equated with "pulling the wings off of flies."  A simple case of someone with arrested emotional development seeking self-gratification through a sadistic act.

We may WANT to believe the cause for the attacks was some warped desire to strike out at the Quake "community" - by definition, that makes the "community" (us) worthy of attack - but the reality is likely to be much simpler and not about us at all, just like most other kinds of crime.

On the other point, the reporting of "news" inherently includes opinion - on decides what to report and what to ignore, after all.  As "paranrml" said, you do an excellent job of making the decisions about what to report, and in an entertaining fashion.  If you had tried to portray the story as the results of your expert analysis, THAT would have been wrong.  Simply saying what you believe to be correct is not wrong, even if it inadvertanly costs someone their e-mail account...and I think "peedee" better re-evaluate his position as the caster of the first stone...


Date Fri, 02 Jan 1998 201208 -0500
From "Mopar (Chris Lemos)"
Subject i gotta say this about qcrash

Ok, I will concede it is possible that someone OTHER then Peedee started crashing the Q2 severs. I did a little digging and found his source code post on Bugtrax. If you look at what he posted there, it says "thank you for using Eclipse". What I will say though, is he is probably responsible for the large amounts of those attacks. It takes a smarter then average guy to have figured that out in the 1st place, and I bet that person probably kept it within a very small circle, if not to himself. What peedee did was allot worse, he posted it for every little wannabee "leet" hacker. Best I can tell, I received the version I sent you, the one that says "qcrash" within hours of peedee posting it. Some little wannabee found it, renamed it, and started passing it around IRC. I'm sure most of the people were like me, just grab it to see what it was (hell, last compiler I bought was FORTH, hehehe), but I bet there were plenty of people who may not have been able to write it, but were able to use it. Same problem with winnuke, it would have been no big deal if some bozo hadn't made a win95 version and given it  to every 12 year old on AOL.

There used to be a bug site called "burnt toad" I think. When that guy would post the source to something like qcrash, he would make a small change in the source. To someone who could actually LEARN something from studying the code, this was a GLARING, totally obvious line in the code to keep it from compiling. The other 99.9% of the world would just stare at it wondering why it won't compile on their "leet" system. That is the more responsible approach that guys like Peedee should take in the future.

/rant off

                                                   Mopar


Date:    Sat, 03 Jan 1998 003849 -0600
From:    Mike
Subject: Hypocrite?

please read to the end.

------------------------

I also refrain from printing stories about cheats, hacks,       cracks, and proxy bots that help players cheat in Internet play unless it is already extreme public knowledge, or the post will help combat the cheating. I love gaming, and in my opinion those things are detrimental to everyone's enjoyment.

--------------------------------------------------------

[Quote of my post about trying to be a "responsible journalist" in yesterday's MailBag snipped -- Blue]

--------------------------------------------------------

Now, I am not a fan of cheating over the net, it makes the game un enjoyable for the rest of the players. However, if you consider yourself to be truly a journalist, wouldn't those cheats/hacks/whatevers also be real news, and therefore "newsworthy". For example if a Hindu ( for lack of a better choice ) was appointed to write an article on the Pope, should he hold back information that might make his religion seem the wrong one or "inferior" ? Isn't that what you are doing? Since you personally don't like cheating then you are holding back information on how to cheat. So would you think it right if you were a big fan of cheating, and would not post anything but cheats and hacks, to see someone else  not post stuff about it since they personally were against it?

Publicly posting news of cheats in most circumstances simply encourages cheating. I will do anything I can do to prevent that, and have always worked diligently to help put an end to any instances of cheating of which I become aware. As shown in your quote above, this policy is clearly stated. You could also accuse me of hypocrisy for not posting the addresses of sites where games are being pirated, but I think that's obviously irresponsible. If I am a hypocrite, so be it, I will stay that way, and all who are put off by that can, obviously, freely pass over my site in favor or one more "ethical" by your definition.


And finally, a post about Peedee's bugtraq post:

Date: Fri, 2 Jan 1998 231901 -0600
From: Steve Schroeder
Subject: peedee Bugtraq post of Dec 24th to Dec 25th

Blue,

Peedee did apparently post on Bugtraq for the Dec 24 to Dec 25th digest.  Below is his mail.   I don't know peedee and he still may have been malicious but he did do the usual "let's get it fixed thing by posting it to BUGTRAQ".  Of course contacting Id would have been better (and he may have done so).

Steve Schroeder

Still waiting for Quake II for Linux myself.

Date:    Wed, 24 Dec 1997 182254 -0500
From:    profound darkness
Subject: Quake II Remote Denial of Service

Hello bugtraq readers,  this message will detail a security flaw in Id Software's game, Quake II.

When a user runs a Quake II server, the attacker can send a couple of spoofed udp packets with the return address of 127.0.0.1 to the server port and this will cause the Quake II server to go into a cycle of trying to start a game with itself.  Thus, the server will crash.

There is currently no official patch for this problem, however for a temporary fix, you can setup a firewall and deny all incoming udp packets from 127.0.0.1 to your Quake II server port.

I have included source code to show you that this hole does indeed exist, and I ask that you do not run this on any Quake II server's that you do not have permission to do so on....

Previous Mailbag