Slashdot Mirror
Colorado Researchers Crack Internet Chess Club
edpin writes "University of Colorado at Boulder students hacked the 30,000-plus-member Internet Chess Club as part of research funded by the National Science Foundation. With guidance from University of
Colorado at Boulder computer security researcher John Black, two students reverse-engineered the service to up their ranks and steal passwords." Update: 10/10 23:05 GMT by T : Reader Bryan Rapp points out that this story duplicates the one posted last month -- sorry about that.
Internet Chess Club Security Defeated
As I'm Bobby Fischer.
It seems like only yesterday that the site was hacked, and now it has happened again?
Those admins need a good kick up the backside.
by influencing crackers to dupe their cracks, thus saving other organisations from their unwanted attention.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Exactly why killing a man is part and parcel of becoming a homicide detective. Errr, wait, it's not.
Yes, you have to know how crimes are committed to solve/prevent them, but committing those crimes is not the only way to gain that knowledge.
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
Internet Chess Club has more than 30,000 members worldwide and claims Madonna, Nicolas Cage, Will Smith and Gary Kasparov as players.
One of these things is not like the others,
One of these things just doesn't belong,
Can you tell which thing is not like the others
By the time I finish my song?
nah just get rid of timothy
Umm they were sniffing network traffic, not doing "injections"...
But keep on trucking web guru!
[I can picture a world without war, without hate. I can picture us attacking that world, because they'd never expect it]
The Internet Chess Club (ICC) has taken steps to improve security since this paper was published.
/blackpaper help file:
h p When you access the web form, your browser shows a 'locked padlock' icon that indicates your communication with ICC are encrypted and secure. ICC takes great care in protecting financial information. See http://www.chessclub.com/help/privacy for more information.
...
For details on the paper and ICC's response see the help file at:
http://www.chessclub.com/help/blackpaper
For details on how ICC protects user's security see:
http://www.chessclub.com/help/security
For details on how ICC protects user's privacy see:
http://www.chessclub.com/help/privacy
An excerpt from the
Question: What is ICC doing to improve security?
ICC is doing three main things to improve security:
1) ICC has changed our payment systems so that all online credit card payments go through secure web forms. You can check out our new secure web payment forms at https://www.chessclub.com/store/members/payment.p
2) ICC is updating Timestamp to close the cracks identified in the paper. This process will take some time to complete. As Black, Cochran, and Gardner show in their paper, getting Timestamp security right is a complex task. Ultimately, when we deploy a new version of Timestamp, ICC users will need to upgrade their chess client software to take advantage of the increased security.
3) ICC is doing an internal security review. ICC is committed to keeping confidential data secure through upgrades to our servers and client programs. We are actively engaged in improving our current security mechanisms, while at the same time, devoting substantial resources to catching cheaters.
If you have any questions or comments, you can ask a question in Channel 1, the Help Channel, send a message to ICC or send an email to icc@chessclub.com.
Also, ICC is not suing anyone over the paper by John Black, Martin Cochran, and Ryan Gardner.
George MacDonald
General Manager
Internet Chess Club