FYI 4

[ 4] Tynian: Password advisory
Fri Feb 19 11:55:25 1999
To: all
This advisory is to warn you to use a different password for every online
game that you play. Online games should be treated as 'untrusted', and
you should presume that passwords that you provide to the game could be
used against you in some manner.

There have been reported instances of characters on TFC being hacked into.
In at least one instance, it is apparent that the attacker had gotten the
password from another MUD. If you use the same password on more than one
online game, please change your password here ASAP. The character Toupta
was broken into, and (failed) attempts have been made on Daelin and
Beelzebub from the same source. NEVER use the same password for an online
game as you have for your account(s) with an Internet Service Provider
(ISP). Although many MUD's and other online games encrypt passwords that
are stored in player files, not all games do. It is also possible to run
password cracking software against the player files to decrypt these
passwords, or 'sniff' a given network to capture passwords.

Recommended practice is to use a different password for every character,
or at least every site that you play on, and to choose a password that
contains mixed case, punctuation or other symbols, and using words that
can't be found in the dictionary.

Although I can assure my players that I will not attempt to use their
character passwords to try to break into other characters/accounts,
don't take my (or anyone else's) word for it. Assume that your password
can somehow be captured, and protect yourself by making it of limited
use to the attacker.

I have contacted the ISP the person/people used for the latest attacks,
and have provided them with the information I have. The ISP is
investigating. Based on my own investigation, I have banned one account/
site from accessing TFC.

Tynian.