Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Entertainment Games Science

Colorado Researchers Crack Internet Chess Club 130

Posted by timothy from the that's-nice-dear-and-how-was-class dept.
edpin writes "University of Colorado at Boulder students hacked the 30,000-plus-member Internet Chess Club as part of research funded by the National Science Foundation. With guidance from University of Colorado at Boulder computer security researcher John Black, two students reverse-engineered the service to up their ranks and steal passwords." Update: 10/10 23:05 GMT by T : Reader Bryan Rapp points out that this story duplicates the one posted last month -- sorry about that.
This discussion has been archived. No new comments can be posted.

Colorado Researchers Crack Internet Chess Club More

Colorado Researchers Crack Internet Chess Club

Comments Filter:

  • Another dupe, timothy? (Score:5, Informative)

    by Anonymous Coward on Sunday October 10, 2004 @06:01PM (#10488178)
    Internet Chess Club Security Defeated [slashdot.org]

  • Re:This isn't really useful... (Score:4, Informative)

    by AEton ( 654737 ) on Sunday October 10, 2004 @06:12PM (#10488255)
    If I were you, I wouldn't be proud [everything2.com] of being Bobby Fischer [slashdot.org].

  • Web Programmers (Score:4, Informative)

    by Jesus IS the Devil ( 317662 ) on Sunday October 10, 2004 @06:16PM (#10488283)
    I've seen way too many programmers who think they're the world's greatest gift to mankind, but don't know the FIRST RULE of developing web applications:

    NEVER TRUST USER INPUT

    This leads to stupid hacks like sql injection, html injection (leads to XSS), etc etc.

    Not saying this is how it happened, but I wouldn't be the least bit surprised if this is how it happened.

  • Re:I wonder... (Score:2, Informative)

    by Vole_of_Wrath ( 789989 ) on Sunday October 10, 2004 @06:49PM (#10488466)
    As a student of University of Colorado, living in the dorms no less, CU is VERY uptight about their internet security. They have almost every port closed from the outside, and they dont let you access the internet without several dozen procedures to make sure your computer is safe. I'm not saying it isn't foolproof, but it's like Fort Knox :X
  • You can edit your personal settings to not show stories by him though.

  • Academic research reporting should be left... (Score:1, Informative)

    by Anonymous Coward on Sunday October 10, 2004 @08:10PM (#10488927)
    to academics and not institutions.

    In all fairness... after reading the original paper, I asked ICC if they are aware of the problem and directed me to their security help file. ICC did fix one problem regarding membership payments:

    http://www.chessclub.com/help/security

    "Question: Is my credit card secure at ICC?

    ICC has upgraded the way we process online payments. You can check out our new secure web payment forms at https://www.chessclub.com/store/members/payment.ph p

    When you access the web form, your browser shows a "locked padlock" icon that indicates your communication with ICC are encrypted and secure. ICC takes great care in protecting financial information. See help privacy for more information. In almost ten years of service, no member has ever lost a penny of their money because of poor security at ICC."

    Now if only someone could divulge Madonna's online name so all the chess geeks could finger her.

  • Re:Bah (Score:3, Informative)

    by jnguy ( 683993 ) on Sunday October 10, 2004 @09:22PM (#10489286) Homepage
    A chess club where grandmasters play, and the general population has confidence in, I would imagine its fairly secure.

  • ICC Security Improvements (Score:5, Informative)

    by gmacd997 ( 811854 ) on Sunday October 10, 2004 @10:03PM (#10489534)
    The Internet Chess Club (ICC) has taken steps to improve security since this paper was published.

    For details on the paper and ICC's response see the help file at:
    http://www.chessclub.com/help/blackpaper

    For details on how ICC protects user's security see:
    http://www.chessclub.com/help/security

    For details on how ICC protects user's privacy see:
    http://www.chessclub.com/help/privacy

    An excerpt from the /blackpaper help file:

    Question: What is ICC doing to improve security?

    ICC is doing three main things to improve security:

    1) ICC has changed our payment systems so that all online credit card payments go through secure web forms. You can check out our new secure web payment forms at https://www.chessclub.com/store/members/payment.ph p When you access the web form, your browser shows a 'locked padlock' icon that indicates your communication with ICC are encrypted and secure. ICC takes great care in protecting financial information. See http://www.chessclub.com/help/privacy for more information.

    2) ICC is updating Timestamp to close the cracks identified in the paper. This process will take some time to complete. As Black, Cochran, and Gardner show in their paper, getting Timestamp security right is a complex task. Ultimately, when we deploy a new version of Timestamp, ICC users will need to upgrade their chess client software to take advantage of the increased security.

    3) ICC is doing an internal security review. ICC is committed to keeping confidential data secure through upgrades to our servers and client programs. We are actively engaged in improving our current security mechanisms, while at the same time, devoting substantial resources to catching cheaters.

    ...

    If you have any questions or comments, you can ask a question in Channel 1, the Help Channel, send a message to ICC or send an email to icc@chessclub.com.

    Also, ICC is not suing anyone over the paper by John Black, Martin Cochran, and Ryan Gardner.

    George MacDonald
    General Manager
    Internet Chess Club

Slashdot Top Deals

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Close