uSu - united States underground Written By:Lurch WARNING TO PCB SYSOPS! BACKDOOR IN VIG's ProVote! [uSu] O.K.,this is a very short and informative text. It will help 2 kinds of people: 1 - smart sysops who read warnings to prevent their system from being hacked 2 - hackers/feds to trash the stupid boards who don't listen Anyway, about reason number 2...well, yeah, the feds can get this file, and, no matter how you try, unless a SysOp is protected against this, a fed can get full access on a PCBoard board through Vigilante's ProVote. So, I suggest you tell this to all friendly SysOps, or, give them this file to read. Disclaimer: O.K., welp, there shouldn't be much said, there is no illegal activity described in this TXT, so, just, fuck you if you don't like my language, and, go fuck your mom if you're a fed, since, I can assure you that you will not be able to use this on any good board. ----------------------------------------------------------------------------- O.K., to start off, this only concerns PCBoard BBS running Vigilante's ProVote. There is a back door. I do not believe it was planned, but, it might have been. Or, maybe it was just Vig's mistake. Anyway, 2 things I want to mention before beginning...Number 1, I love ALL that VIG writes, I feel he is the greatest PPE writer of this time. Every PPE that he wrote works great, and, so far, I guess this is the only back door. Number 2, I thought for a long time before releasing this text...This is a very useful way to hack into a board, and, many times get NR for a LONG time(usually hours, but, sometimes more). I have tried it, and, I am kinda sad to release this info, 'cuz, after this, I can't use it anymore... Or, at least I presume I can't use it. Anyway, to get to the fucking point of the text and stop talking about bullshit. In Vigilante's ProVote(or at least the copy that I and everybody else I know has) there is a file called CARPET.RED, it has a very good idea to it, basically it lets those who are the SysOps friends, or those who need to be able to get on the system easily and quickly by the SysOp's wish, get the landslide vote access. It's a great idea, however, there is no password. Vig, you should have thought of this... Vigilante's name appears in that list in the distributed package... I doubt many SysOps take it out, because, they are all grateful that they have Vig's PPE's, and, would gladly let him on the board, or simply, because they don't know about the damn file. Anyway, if a person logs on as one of those people specified in the file, they get automatic access, the level that is given to people who pass the voting by a landslide. This is usually an N/R or a very low ratio access, with lots of time. If a person logs on to the board, enters the nup, in most cases, and, enters their name to be VIGILANTE, they will not even have to fill out 1 infoform...They will be displayed the file called CARPETED.PCB, and proceed to the bbs with full access. Even if Vig's name was taken out of the list, a hacker can find out the SysOp's friends, and, attempt logging on with those handles. The only way I know that this can be detected is through the caller's log, and through a caller ID... But both of these mean that the user has gotten the access. Pretty neat, huh? Well, there are 3 ways to strip your BBS of this little backdoor, bug, or, whatever you want to call it. 1) What to do: Get rid of all names, or at least Vig's in the CARPET.RED Disadvantage: You rid yourself of a wonderful feature of PV. 2) What to do: Put a @HANGUP @ in to the end of CARPETED.PCB, and, insert a nice little message in the file itself, something like "Fuck you hacker/fed!" Disadvantage: Then if Vig logs on he will get the message and be logged off just like a hacker, I don't think he'll appreciate that. 3) What to do: Let's all ask Vig to add some kind of password system. It's not easy, because, many times the users placed into CARPET.RED are asked or invited by the SysOps to call over the nets. So, something VERY innovative, (maybe PGP) has to be used here...I dunno, but, it's something to think about Vig. Disadvantage: none My choice...welp, I'd be honored if Vig logged on to my board. So, I wouldn't choose number 2, if you think your board is too lame or too fucking small for him to call, then, maybe you can do it. I would recommend doing number 1 until Vig finishes number 3, if he ever does... To finish up this text, I'd like you to all distribute it. uSu also currently needs more kickass writers, so, please apply. We specialize in HPAVT texts, so, we are not particularly looking for coders, but, coders who can write on the topics of Virii and Trojans are welcome. Two more thing before I go... I hope this doesn't upset Vig, I am still a great fan of his, and, am looking forward to seeing and using many PPE's by him. And, I would like you all to consider the shit Microsoft and IBM are planning for us... UNiX is a very difficult system, so, I doubt everyone will use it, OS/2 is just another Windows or Mac, so, there is not much difference. MS-DOS and PC-DOS are said to stop production when CHICAGO is officially released. Please keep a copy of DOS on your drive. Or, at least somewhere on disk, I can not imagine a world full of genius people all using the damn point and click interface. That's it, live long, have phun, drink Coke 'cuz Pepsi sucks. LurcH [uSu] V”Åä Ÿ”R D”S, SH’œœ ­Å œ­Vä Ÿ”RäVîR, ’¤D PR”SPäR! .