Wednesday, September 14, 2005

Working on a worm for my friends?

Much as I am tempted to mock (being a cynic) Bite's otherwise admirable launch in Latvia September 15, I'm not going to develop certain themes, like the possible new Latvian curse - Go suck on your SIM card!! (he,he it's TOXIC).
So its time for some internet and IT related stuff. It looks like someone is working on the world's first social software worm aimed at the Latvian friendship site draugiem.lv (with more than 375 000 registered users). The progress of this creature, called Draugster, is documented in a blog (yes, there are other blogs, thousands, perhaps, in Latvia, though mostly in Latvian). The link is lethal.fabrika.lv.
Meanwhile, Lauris Liberts of Draugiem.lv and Valdis Skesters, Latvia's anti-virus guru, are throwing a few slings at each other for allegedly getting hacked and leaking the passwords to the freemail site inbox.lv. Skesters, whose company owns inbox, says that a hack of draugiem in July 2004 (listed on the same blog above), may have led to the leakage of inbox passwords, since the members hacked had inbox addresses.
Liberts politely says this is bullshit, draugiem passwords are encrypted and not even system admins can get to them. Sure, lots of people got inbox addresses so they could be invited to draugiem and many may have used the same password, foolish in anyone's book. But if there were leaks, it was because of the carelessness of the inbox users -- not logging out, blabbing about their password and the like. Not something you can blame the design of inbox for, but not exactly happening in Liberts' part of cyberspace, either.

3 comments:

gusc said...

I must say that there always is a posibility to get data sent form user to server using simple network package capturing tools (like Packetyzer). You just have to sit on one HUB or run this programm on router to get all the passwords you need from your inside network/neighbour computers. And that's only because draugiem.lv is simple http traffic not encrypted https.

Juris Kaža said...

Thanks (paldies) gusc! I trust your expertise, and your comment supports what Lauris says, namely, that the inbox/draugiem dual purpose passwords aren't coming from INSIDE draugiem, but from outside (sniffed, as you seem to be suggesting), or obtained by other means.

Redbird said...

Oh? Encrypted passwords, are they? Well, that's news.