Copy Link
Add to Bookmark
Report
United States Underground 028
uSu - united States underground Written By:Lurch
WARNING TO PCB SYSOPS! BACKDOOR IN VIG's ProVote!
[uSu]
O.K.,this is a very short and informative text. It will help 2 kinds of people:
1 - smart sysops who read warnings to prevent their system from being hacked
2 - hackers/feds to trash the stupid boards who don't listen
Anyway, about reason number 2...well, yeah, the feds can get this file, and,
no matter how you try, unless a SysOp is protected against this, a fed can get
full access on a PCBoard board through Vigilante's ProVote. So, I suggest you
tell this to all friendly SysOps, or, give them this file to read.
Disclaimer: O.K., welp, there shouldn't be much said, there is no illegal
activity described in this TXT, so, just, fuck you if you don't like my
language, and, go fuck your mom if you're a fed, since, I can assure you that
you will not be able to use this on any good board.
-----------------------------------------------------------------------------
O.K., to start off, this only concerns PCBoard BBS running Vigilante's ProVote.
There is a back door. I do not believe it was planned, but, it might have been.
Or, maybe it was just Vig's mistake. Anyway, 2 things I want to mention
before beginning...Number 1, I love ALL that VIG writes, I feel he is the
greatest PPE writer of this time. Every PPE that he wrote works great, and, so
far, I guess this is the only back door. Number 2, I thought for a long time
before releasing this text...This is a very useful way to hack into a board,
and, many times get NR for a LONG time(usually hours, but, sometimes more). I
have tried it, and, I am kinda sad to release this info, 'cuz, after this, I
can't use it anymore... Or, at least I presume I can't use it.
Anyway, to get to the fucking point of the text and stop talking about
bullshit.
In Vigilante's ProVote(or at least the copy that I and everybody else I know
has) there is a file called CARPET.RED, it has a very good idea to it,
basically it lets those who are the SysOps friends, or those who need to be
able to get on the system easily and quickly by the SysOp's wish, get the
landslide vote access. It's a great idea, however, there is no password. Vig,
you should have thought of this... Vigilante's name appears in that list in
the distributed package... I doubt many SysOps take it out, because, they are
all grateful that they have Vig's PPE's, and, would gladly let him on the
board, or simply, because they don't know about the damn file. Anyway, if a
person logs on as one of those people specified in the file, they get automatic
access, the level that is given to people who pass the voting by a landslide.
This is usually an N/R or a very low ratio access, with lots of time. If a
person logs on to the board, enters the nup, in most cases, and, enters their
name to be VIGILANTE, they will not even have to fill out 1 infoform...They
will be displayed the file called CARPETED.PCB, and proceed to the bbs with
full access. Even if Vig's name was taken out of the list, a hacker can find
out the SysOp's friends, and, attempt logging on with those handles. The only
way I know that this can be detected is through the caller's log, and through
a caller ID... But both of these mean that the user has gotten the access.
Pretty neat, huh? Well, there are 3 ways to strip your BBS of this little
backdoor, bug, or, whatever you want to call it.
1)
What to do: Get rid of all names, or at least Vig's in the CARPET.RED
Disadvantage: You rid yourself of a wonderful feature of PV.
2)
What to do: Put a @HANGUP @ in to the end of CARPETED.PCB, and, insert a nice
little message in the file itself, something like "Fuck you hacker/fed!"
Disadvantage: Then if Vig logs on he will get the message and be logged off
just like a hacker, I don't think he'll appreciate that.
3)
What to do: Let's all ask Vig to add some kind of password system. It's not
easy, because, many times the users placed into CARPET.RED are asked or invited
by the SysOps to call over the nets. So, something VERY innovative, (maybe
PGP) has to be used here...I dunno, but, it's something to think about Vig.
Disadvantage: none
My choice...welp, I'd be honored if Vig logged on to my board. So, I wouldn't
choose number 2, if you think your board is too lame or too fucking small for
him to call, then, maybe you can do it. I would recommend doing number 1
until Vig finishes number 3, if he ever does...
To finish up this text, I'd like you to all distribute it. uSu also currently
needs more kickass writers, so, please apply. We specialize in HPAVT texts,
so, we are not particularly looking for coders, but, coders who can write on
the topics of Virii and Trojans are welcome.
Two more thing before I go... I hope this doesn't upset Vig, I am still a
great fan of his, and, am looking forward to seeing and using many PPE's by
him. And, I would like you all to consider the shit Microsoft and IBM are
planning for us... UNiX is a very difficult system, so, I doubt everyone will
use it, OS/2 is just another Windows or Mac, so, there is not much difference.
MS-DOS and PC-DOS are said to stop production when CHICAGO is officially
released. Please keep a copy of DOS on your drive. Or, at least somewhere on
disk, I can not imagine a world full of genius people all using the damn point
and click interface.
That's it, live long, have phun, drink Coke 'cuz Pepsi sucks.
LurcH
[uSu]
VÅä R DS, SH Å Vä RäVîR, ¤D PRSPäR!