Where's that stunned smilie again?

Congrats to Tass for being so honest Who would hack the ACDG though?

-Jam

<---

What's the e-mail addy of the person who sent the passwords to Tassadar?

Couldn't Tass just PM you without trying first?



Edit: In the meanwhile, waiting for the alternative password.

There's an interesting array of viruses around nowadays - would it be possible to send whoever it is a tonne of them?

Two things.

Firstly, which faction was the one where the password was the same as the original? I already know it's not the PUT, so who was it?

Secondly.....I won't be granting access to the University datalinks to Tass, and if he doesn't like that, he can go jump. And if my people don't like that, well....they can vote me out after we switch to Democracy.

Well - to amswer a number of questions:

the "informant" is:

hackerz0r@yahoo.com

or at least it displayed as: (RazorBlade:hackerz0r@yahoo.com)

The Hive's was the one that matched the original

And while some may be able to live without succumbing to temptation I think for most of us the instinct would be to try them to see if Razor blade was full of it or not.

My theory (unproven, but having "slept on it") is that RB knew the Hive password, and from that knowledge deduced where in the file the password interrogation and answer lay, and added these alternate passwords, as they bear little resemblance to the originals.

I have (will) also e-mail them (their respective ones) to the alternate turn-players, Maniac, Kody (oh - no need to as that didn't have an alternate, being the original), johndmuller et al

And Archaic: Tass already (now) has access to the PUT gameturns - it's only the Private Forums he can't visit.

I did test these alternate passwords on a number of extant PBEMs I had on file to see if they were "backdoor" generic, and none worked (see Buster's reasoned reply in the CGN forums, reproduced below):

***************************************

Oh, this looks like great fun.

First I haven't tried the alternative I will take your word for it.

re your suggestion re Tassador, I am polling opinion in our private forum.

Third, at the outset we all agreed that intregity and honesty in playing was the key. All of us have strange applicants to join our factions, some may have crept in, though that is not the issue here.

Maybe the way forward now is to do what most pbem games do. Post notification in the turn track thread but not the turn itself. Instead send to 3/4 leading members of the next faction and let them distribute it within their own faction. So even if you do have the passwords or alternatives unless you have the save you will soon be out of date.

I think Buster has got it correct in his post.

How could RazorBlade have added alternate passwords??? The only way I see, presuming that he worked from the Hive password, is that "RazorBlade" is one of the Hive turn players, who consciously meddled with the ACDG turn before posting it in the turn tracking thread.

I agree that Captain Herclues has a good idea to deal with this. I know that other cheats exist that could have made the game entirely unplayable, but the game has survived so far based on players' integrity and honor. I believe in the ACDG we have to largely rely on the same thing once again.

After some replays, this is what it appears to be.

The hacked passwords are not generic "backdoor" ones, as they don't work with the original game (remember that we restarted the game - the original Hive turn is still hanging in the turn reporting thread)

Nor does my - or Maniac's - theory of recently added, alternate passwords hold water. They work with the restarted Hive and Uni 2105/6 turns (also still hanging in the turn reporting thread)

So Buster's theory that there are prolly several combinations that work with any one "official" password would seem to hold true.

As i had assigned Buster his usual PBEM password I have asked him to check in other games to see if the "hacked" one will also open those turns (even with a different faction than the Drones.) If it does, then that would validate his theory.

G.

I don't understand what that means. Do you mean that for example if "victory" was the official password, that "yrotciv" would also work? How then can the complete non-resemblance between the official and alternate passwords be explained?

....that is all i can say...the cycon is very shaken by this news...

Well isn't this fun?

I must have read Googlie's email about this just before Poly went down for the day, cause it seems that I've had entirely too much time to think about this, mostly reinventing the wheels that have already been posted here.

In our (pirates) case, the alternate password is so appropriarte that the notion that it just happened to parse into the same encrypted internal representation as the real password is incredibly difficult to believe, unless the encryption is so totally simplistic that thousands of alternate passwords exist and the hacker could have his pick. I don't know about the rest of your alternates (and don't tell me what they are either), but ours was every bit as directly related to our faction as the ones the Googster himself assigns in games he CMN's, so if yours were also closely related to your faction, then the odds would infinitely surpass astronomical. Of course, only the PUT and ourselves have factions that a non SMAC person would easily understand, so oddly tangential passwords might qualify too - in fact, any non-gibberish alternate pw is most unlikely in this scenario. Perhaps your alternate pw's are all gibberish, and ours was a once in a million lifetimes coincidence, but somehow I expect you all to have Googlie style passwords.

I tested our alternate out in 1 other PBEM .sav file I had and to my relief it did not work, but that doesn't really rule out there being a modest set of alternate pw's for each faction that rotate according to some arbitrary determinent that each game generates and saves, so until a lot of people have tried out a lot of games, the possibility of there being hardwired passwords of some sort can't be completely ruled out (although evidence to date is encouraging).

I can imagine that the game could have some kind of undocumented (and presumably unused) provision for alternate passwords - it would actuallly be useful - a provision that didn't survive the final cut, but much of whose code is still in the program. I can easily imagine a hacker armed with a real password tracing the code while it executed the password check and figuring out what it did. If there was such vestigial alternate pw code in there, it would make it very easy for the hacker to use that info to know how &/or where to stuff their new ones.

Having had too much time to think about this, I even thought of a scenario where a very good hacker (and at this point you have to ask yourself why a very good hacker would bother with this) could modify the save file in such a way as to create a backdoor into our computers (using one of those techniques you read about like buffer overflows, however they do their thing) - and this would be one of the hard to believe parts - and having gotten this backdoor into our computers while we are running this modified save file, the hacker uses his control of our computer only to fool it into accepting one of these alternate passwords, not to attack Microsoft or the Pentagon, or to transfer our life savings to his Swiss Bank account (Have you checked yours today?), but just so they can impress Tass with how good a hacker they are.

Assuming that the Pandora's box of hardwired backdoor passwords has not been discovered here, that it is some hack or other that would have to be done to each each PBEM separately - assuming that, the next most disturbing thing is that if this exploit entailed somehow inserting these alternate passwords into the game file, that implies the complicity of one of the players with access to the turn file that ultimately is used as the "real' turn and passed along through the chain. Unless some of the factions have strange (and probably prohibitively time consuming) turn handling procedures, we are talking about a very limited number of people, especially if it were to develop that this exploit only worked after a certain point in the game, and save files from before that point would not respond to the new pw's.

The point here is that if this required the modification of the save file to work, which seems possible, and maybe even probable, then it also required some one of us to do it consciously (i.e. the hacker is one of us) or else it required one of us to knowingly replace the game file with one they had gotten from a Hacker and then send it on to the rest of us unsuspecting innocents to run on our machines with potentially really unpleasant consequences. How irresponsible can you get? I really hope that one of those incredibly unlikely scenarios is true instead.

Greetings!

Yes, this was quite shocking as I thought it was from someone (maybe Looniversity or Drones) wanting to flame me, but when I opened it...The words shocked me.

Maniac: I would not have taken the email seriously had the passwords not worked.
MWIA: Unfortunately, the only virus I have a sample of is SirCam, but thats not effective enough for this infidel
Archaic: Googlie and I suspected this, however all I need is access to your save files which I now already have. Your forums are unimportant to me.
Hercules: I do appreciate you upholding democracy and if I do indeed get access to your forums, I will wave a magick wand and near a certain base, a fountain of Xenorum shall appear which shall feed all of Peace!!!

I don't know why anyone would take the time to hack an ACDG file. It seems that there are more important targets out there, and obviously someone in the ACDG (probably in the Hive) did set out to hack these files.
As I asked GooglieGod: Why would they send them to me? I do know that certain peoples propaganda against me did give me a reputation of a cheater, however I've already turned myself in once...It makes no sense.
And who could it be? The few people I suspect (and have talked with GooglieGod about) are HIGHLY unlikely. For a moment, I did suspect someone, in a twisted plot to try to get me thrown out of the ACDG, did this.

Anyway, I am deeply shocked and appaled at the actions of this person and if they thought they were doing me any favors....I did not and do not want them. If you are reading this...Heed my call. While I may become a god due to your actions, they have tainted the game and if your intentions truely were to please me in some perverse way, I would be more pleased if you did not do any other actions of this sort.

Googlie: I doubt that the passwords were created through a generator as the password for CyCon and the backdoor for it were too different. However I may be wrong.