We are happy to announce that Living Internet is now part of BroadbandNow! Read here to find out more.

MUD Security

In his holidays, Bob would come back to college and play AberMUD on my system… One day, on a whim, I fed the MUD persona file passwords into Crack as a dictionary… Being the lazy guy I am, I forgot to remove the passwords from the Crack dictionary, and when I posted the next version to USENET, the words went too. It went to the comp.sources.misc moderator, came back over USENET, and eventually wound up at Bob’s company. Round trip: ~10,000 miles.

Being a cool kinda student sysadmin dude, Bob ran the new version of Crack when it arrived. When it immediately churned out the root password on his machine, he damn near fainted…
The moral of this story is: never use the same password in two different places, and especially on untrusted systems (like MUDs).

MUD Frequently Asked Questions.

See the Internet
section for additional security information. This page describes
MUD specific security issues.

Fortunately, MUD’s are among the most secure of the Internet technologies, because each user interacts with a central server and others can’t access a player’s computer directly. Your primary security risk on a MUD is to confidentiality.
Specific issues are described below:

  • Confidentiality. Your conversations
    on a MUD may be logged by other users, and used
    later in ways you don’t want, by, for example, posting them on the web orUsenet newsgroups. Unless you use your real name (not recommended), this is not
  • Harassment. Your character may be affected by other
    characters in ways that you don’t want. For example, another player with more
    knowledge of how the MUD works may do things to you that you don’t like, like
    picking you up and putting you in a different room. In extreme cases, especially
    on action oriented MUD’s, your character may by killed
    by another character, and you will have to start your session over. But you knew that was a risk when you started the game…