Winboard Forum

Discussions (not only) about Xboard/Winboard, Computer Chess and Chess Programming
http://www.open-aurec.com/wbforum/

Timeseal exploits?

http://www.open-aurec.com/wbforum/viewtopic.php?f=2&t=51949

Page 1 of 1

Timeseal exploits?

PostPosted: 30 Aug 2011, 22:20
by matematiko
From another forum I quote word by word:

Criminal admins at chess-servers

Postby ????????? ยป Aug 30th, '11, 05:30
I want to inform.

I have 30 years experience from computers, univ. education, assembler-programmer in the 80:s.
Also I was one of the first players starting using ics and later fics and ICC (1994->)

To make a long story short now, I will bring details on a special site inside Wordpress, there are
combinations of the newer version Timeseal.exe (225 kb which is an add of about 150 kb to the old
version, by a special reason that will be analyzed in Avast lab and me) and some playing-interfaces,
like Babas-chess that easily can be used as a tool to control player-comps from any server.

I discovered that fairly fast cause an admin opened my security-program for my bank after I had
complained over hes behaviour in a chat-channel. He also started mediaplayer with a short rockmusic-sample
he easily could transmit trough Babas.

When you start using such interfaces you give permission with your firewall to let the program timeseal.exe
and Babas chess communicate in many ways.

(Im not english native, sry if bad written)


Any comments on this?

Re: Timeseal exploits?

PostPosted: 30 Aug 2011, 22:41
by H.G.Muller
Well, timeseal is an executable that you allow to connect to the outside world, so if there is a Trojan horse built into it you are f*cked. It wouldn't even need assistance from the interface to do whatever it wants. But I can't imagine FICS distributing contaminated timeseal binaries (unless hackers cracked their site, and put one there without them noticing).

The timeseal.exe I distribute with WinBoard I obtained directly from Tim Mann, who had sources and fixed a bug in it.

Re: Timeseal exploits?

PostPosted: 31 Aug 2011, 03:56
by matematiko
I do believe that there is plenty of smart people out there with lots of time in their hands always looking for ways to harm others, in this case: computer wise. I wouldn't be surprised if someone got one timeseal.exe infected and is distributing it, but in the other hand the story about ICS admins being the culprits sounds like sci-fi to me.

Thanks for making the observation about the timeseal.exe distributed with WinBoard.

Regards,
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/