Not much to do with hacking *accounts*. When you telnet, your traffic is going plain-text, and you bet your arse people are looking at that.
I agree. I'm just unsure what BBS transported information people would want to take, and even if they did, what result or outcome would even come out of it? So they see echomail, usernames and passwords for bbs, etc. What can even be done with that?
See https://en.wikipedia.org/wiki/Nothing_to_hide_argument
...or actually, I just posted a copy of the Nothing to Hide documentary (2017) you're free to snag.
I'd like some input on ideas for securing BBSing. Some things I've implemented / want to implement in ENiGMA 1/2 around this area:
I'd like to see 2FA logons myself. now it'd be sweet if we could do it like say blizzard (gaming company) handles their 2FA, logon, and the app on the phone prompts you to hit accept or decline. Not sure if that's feasible but hey just an idea :)
It's actually quite easy to hook up to some 3rd party auth's like Google authenticator such that you could use your phone for 2FA for example. I may look into that in the future!
I need to hit you up on how to do some configuring of enigma...
By all means, ask away. If you need more immediate responses,
#enigma-bbs on FreeNode, but any channel you can reach me works :)
I've joined your irc channel. I'll hit you up with some questions this weekend. need to start really messing around with it and get some questions together :)
viola!
FWIW, RiPuk just submitted a huge PR that cleans up some structure/locations of files that should make things much easier once
it's fully merged -- and very easy to run in Docker; e.g., you could
viola!
Many parties gather ALL the data they can on your every move - every
word you say, post you make, site you visit, etc. This builds a profile
as such. "I have nothing to hide".
so /they/ gather data from me bbs'ing and scrape through (for example) spooknet's postings while they're at it?
i'm not that worried about it to be honest. there's already a profile of me because of work stuff. i've also had a blog since '00 or so and i
bleed everything to facebook.
so /they/ gather data from me bbs'ing and scrape through (for example spooknet's postings while they're at it?
i'm not that worried about it to be honest. there's already a profile me because of work stuff. i've also had a blog since '00 or so and i bleed everything to facebook.
The scary part is FB. I call it stalkerbook. FB scares me more than the NSA .
Sadly it is used more to find/stalk younger kids more than I like to
think about why I keep my profile private and have done the same for my
The scary part is FB. I call it stalkerbook. FB scares me more than NSA .
Sadly it is used more to find/stalk younger kids more than I like to
think about why I keep my profile private and have done the same for my baby sister in law. No one is allowed to friend me that is not already there.
The scary part is FB. I call it stalkerbook. FB scares me more NSA .
Sadly it is used more to find/stalk younger kids more than I like to think about why I keep my profile private and have done the same for baby sister in law. No one is allowed to friend me that is not alrea there.
I tried to figure out the interface however i gave up. I prefer text based interfaces like BBS's since there is so much less "work". If I can't view it in a text interface I am really not a fan of it. :D
I'd like some input on ideas for securing BBSing. Some things I've implemented >/ want to implement in ENiGMA 1/2 around this area:know
* (Have) SSH and Secure WebSockets (wss://) support. Plain text (Telnet)
across the internet is simply a bad idea.
* (Have) Strong PBKDF2 password hashing. No one should know or be able to
your password.access
* (Have) ACS flags around secure state. If you're not secure, you can't
file/message/whatever features
* (ToDo) Public key login. Securely upload a public key and switch your
account to requiring public key vs password for SSH
* (ToDo) Secure-lock account. Allow a user to set their account to secure
only. Logins will no longer be allowed if non-secure.
* (Have) HTTPS (TLS) downloads.
* (ToDo) HTTPS (TLS) uploads. SFTP may be a option here (inc d/l of course)
Bigger future work I'd like to do:
Fully E2E encrypted messaging network. This would only be available to users >with previously mentioned secure ACS (else a 3rd party may be going >non-secure).
...thoughts, comments, ideas, rants?
--- ENiGMA 1/2 v0.0.8-alpha (linux; x64; 6.11.3)
* Origin: Xibalba -+- xibalba.l33t.codes:44510 (700:100/9)
That's great, I just wonder if it's needed for a BBS? Seems like lots of work that although is awesome, how many people are actively trying to hack bbs accounts? Not very many I suspect.
...thoughts, comments, ideas, rants?
i like the sound of that. how would you plan to go on with the public key logins to the bbs?
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 513 |
Nodes: | 10 (1 / 9) |
Uptime: | 12:29:04 |
Calls: | 8,287 |
Files: | 15,518 |
Messages: | 928,497 |