There is a not so new but very booming exploit going around.
The following post is a post I made on our servers enjin and some parts of it will have *'s to block slanders and badwords toward the hacker.
There have been alot of Hackings and Exploits going on. Too much of our users are being attacked with it. Do not fall for traps.
There is a new exploit in minecraft where you can download a program or just generaly code a language breach that can decode and decrypt your 'LastLogin' file found in the .Minecraft folder.
For anyone reading this. If someone asks you for your .minecraft be smart. Sure, send em it. Probably a good idea to Delete the LastLogin part of it. Then send them it. 2 of our staff members have been hit by the same probably 45 year old no life whos living with their mom who thinks they are cool because they can remove messages on skype after admitting to hacks.
They also have a very VERY small **** not visable to the human eye.
Secure Shell and LastLogin are obviously 2 whole different things but 1 thing is for sure that this guy means serious stuff. Keep your passwords long and possibly it might be best to MIGRATE your accounts (Just requires you putting your EMAIL as your username).
Probably not a good idea to put all the same passwords for everything, because if someone cracks ONE password, they will test other stuff and get into more than just your minecraft.
No word yet on how this person got into |removed|'s SSH.
As far as I'm aware, most people don't have a SSH, well, i don't anyway. But if you do and you know how to change the passwords and keep it locked on it, TELL US. If we are told we can get |removed| back on [advert].
Basic Info:
Don't share your lastlogin. That Gypsy Coding that you see in notepad is easily cracked.
Don't keep passwords short, keep them long and confusing.
Don't use the same password for anything, if you have a bad memory for passwords, write them down.
Migrate your Minecraft account, its safer that way.
Thats all I have to say. - Dy1an362.
The hacker in question is known by two usernames:
|removed|
|removed|
Here is a screenshot of the hacker admitting to hacking our friend |removed| and then removing the message.
|image removed|
Please protect yourself from this at any costs. Hopefully Mojang will make better coding to protect itself from being so easily cracked.
There is a new exploit in minecraft where you can download a program or just generaly code a language breach that can decode and decrypt your 'LastLogin' file found in the .Minecraft folder.
For anyone reading this. If someone asks you for your .minecraft be smart. Sure, send em it. Probably a good idea to Delete the LastLogin part of it. Then send them it.
Or you could follow the Minecraft Terms of service and not redistribute the Minecraft files.
Don't share your lastlogin. That Gypsy Coding that you see in notepad is easily cracked.
Don't keep passwords short, keep them long and confusing.
Don't use the same password for anything, if you have a bad memory for passwords, write them down.
Migrate your Minecraft account, its safer that way.
I think most of this stuff should just be common sense. Unless you do something stupid you should have no way that you can get hacked.
I edited your post to remove all usernames (including the screenshot with some usernames in it), as banlists/user callouts are not allowed on this site due to the potential for abuse and other issues. Please do not re-add them or I will have to remove this topic.
If you wish, you can edit your topic to remove the "|removed|" placeholders I inserted, just don't readd the screenshot or usernames.
“Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.” — Albert Einstein
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
1. like mute said don't distribute minecraft's files
2. ssh is a bad attack vector because most personal computers don't run the service by default, let alone you would need to know login info for the machine to use ssh. (correct me if i'm wrong but you have to install it to windows.)
As to everyone else who is coming up with their own personal solutions you aren't really helping the matter.
Ignorance is bliss, and a Minecraft hack program could distribute rats, key loggers and all sorts of other crazy cool stuff that means you DO NOT have to distribute your lastlogin file to get your password stolen.
The things you mentioned can easily be avoided by not going to unsafe sites, opening suspicious emails, downloading files from random places, etc.
There have been alot of Hackings and Exploits going on. Too much of our users are being attacked with it. Do not fall for traps.
This is not an "exploit" or a "Hack" this is simple social engineering. Nothing about the design of Minecraft can really prevent this. If you run code, you give it your trust to access files on your system, including those in the Local Roaming folder or Home path (*nix and OSX). The fact that a malicious program can be run and access the cached login information for Minecraft is an issue of code trust on the part of running the program to begin with, not an issue with the fact the data is stored.
There is a new exploit in minecraft where you can download a program or just generaly code a language breach that can decode and decrypt your 'LastLogin' file found in the .Minecraft folder.
Explained above. the .lastlogin file stored the encrypted (sorta) password. This is absolutely no different than using the "remember" option on sites like this one. The data is stored locally.
For anyone reading this. If someone asks you for your .minecraft be smart. Sure, send em it. Probably a good idea to Delete the LastLogin part of it. Then send them it. 2 of our staff members have been hit by the same probably 45 year old no life whos living with their mom who thinks they are cool because they can remove messages on skype after admitting to hacks.
Well, truly, they are merely taking advantage of genuinely stupid or ignorant people. If you send an otherwise anonymous third party some of your files, you should know what you are sending them. Sending your .minecraft is against the Minecraft Terms of Service. Enjin has, to my experience, been generally quite responsible in this regard, and I know at least one staffer (he works on the main Enjin Bukkit plugin, to my knowledge) so I sort of doubt you actually have any pull with the organization. Not that that changes things, but I want to make it clear to others that they do, in fact, know the difference between an exploit and a social engineering attack that requires being on the other side of the airtight hatchway.
They also have a very VERY small **** not visable to the human eye.
This adds nothing to your argument. This is just unreasonable name-calling. Clearly this person was smarter than the people he or she engineered into getting their .lastlogin file.
Secure Shell and LastLogin are obviously 2 whole different things but 1 thing is for sure that this guy means serious stuff.
No. It's social engineering. The effectiveness of social engineering merely relies on the naivety of those being taken advantage of.
Keep your passwords long and possibly it might be best to MIGRATE your accounts (Just requires you putting your EMAIL as your username).
Long passwords will do absolutely nothing. the .lastlogin information isn't really encrypted by any particularly advanced method; it uses PBEWithMD5AndDES with a pre-defined password that is generally well-known (I won't repeat it here, though). It is designed to save the password and keep it at least a bit more secure than Windows 9x's .pwl files. In order for somebody to have access to this file they either need to get the target to run their code. Generally, by that time, the security battle is lost- you've run malicious code.
Probably not a good idea to put all the same passwords for everything, because if someone cracks ONE password, they will test other stuff and get into more than just your minecraft.
No word yet on how this person got into |removed|'s SSH.
They probably used the same password for the SSH as they did for the minecraft account.
This "exploit" is easy to mitigate. If you are paranoid just reset the password via the appropriate link on minecraft.net, and set it to something random, and then don't check to save. Of course it's probably better to just not run things you don't trust. Minecraft "hack" tools are particularly odorous in this regard.
As far as I'm aware, most people don't have a SSH, well, i don't anyway. But if you do and you know how to change the passwords and keep it locked on it, TELL US. If we are told we can get |removed| back on [advert].
If you don't know how to change your SSH password then you shouldn't be using a Shell in the first place. with few exceptions Secure Shells use a *nix based prompt. If you don't have basic familiarity with *nix commands... well, why are you using a shell...? Anyway, the command is passwd (while logged in). Of course if you ran malicious code it could have easily installed network filter hooks and/or keyloggers, so they'll be able to know the new password because you basically gave it to them.
Don't share your lastlogin. That Gypsy Coding that you see in notepad is easily cracked.
It's not coding. It's data encrypted using a static secret key using the PBEWithMD5AndDES Algorithm. (well technically that the name that Java uses).
Don't keep passwords short, keep them long and confusing.
This will do nothing to mitigate when you stupidly run code willy nilly without a cursory check of what it actually does.
Migrate your Minecraft account, its safer that way.
it still uses .lastlogin, so it's not safer. Though I'd argue that the problem isn't one of safety but rather stupidity and/or naivety.
That's a good question. However I think the spirit of their response was much like what I posted: don't go downloading random programs. People get burned by this sort of thing most typically because they are so excited to download and use that "become Op on any server" launcher they don't think twice about running it. AV's stop some malicious code but by definition many kinds of malicious code are not detectable, particularly those that take advantage of social engineering. Once the program runs it can easily find and read any .lastlogin file; any protection past that is pointless. Even as a Limited user a program has quite a bit of access to various files and folders, so in many ways, particularly in this respect, you've already lost. And most of them go a step further and simply add a manifest to request admin permissions. People are stupid enough- or, rather, excited at the prospect of being Op on any server or whatever the program promises- that they will simply allow it. At that point, it can do whatever it wants. Nobody can help them at that point. They are compromised, and the exploit was not a software one, but a human one- inherent trust.
Yes. Because it's a dupe. That video you watched on www.yuotube.com? It contained a rat that is now in your computer without you even knowing.
Browsers typically run under a limited user account. launching programs from within a sandboxed browser requires the use of exploits to work on the browser in question. Many of these are very involved and even the most silent have various warning signs. Most sites like those noted (eg typo sites) generally just phish. Others will ask to install a plugin, or simply send you to another site. None of them can, without user intervention, install a RAT, because even if they can take advantage of a browser exploit, they are still limited by the stripped Token that the Browser runs under (Unless the person us running the browser as an Admin, in which case they should be flogged anyway). At that point they would need to use a privilege escalation vulnerability in the OS, and these are few and far between and not generally something you can run from within a browser through something like Javascript. Flash, maybe, Java? Also maybe. Either way, these are the exception rather than the rule. And I've yet to hear of any modern one that can actually perform a silent drive-by download.
You know that mod you downloaded and installed that wouldn't get past the black loading screen because it wouldn't install correctly? It just installed a rat onto your computer.
This is more plausible. Like I mention before, it's a case of code trust. Of course a well designed one wouldn't prevent the game from launching, since that's bears investigation and puts the mod under a microscope. It's also worth noting the wrong terminology: The Remote Access Trojan would be the Mod itself; the payload would be the remote shell. It's worth noting that even the firewall built into Windows will flag this as suspicious; It will likely use a different port than Minecraft, so if it was allowed already, that should (to a responsible user) raise a red flag. Again, it's more a User-side problem.
Once again, infecting any ones computer is childs play. I just listed 2 completely possible ways of doing it and at least one person would have fallen for it.
Ok. Infect mine then. You say it's Child's play but I disagree. Infecting a persons computer is nothing like a terrible B-Movie. The methods you mention are both incomplete and not entirely user unpreventable. Proper vigilance can easily stop their attempts, except in the most elaborate cases, but those are rare and most typically done at a larger scale through organized underground crime rings.
For this I meant there are quite a few sites that can give you an idea of how trustworthy a site is. You can check and see what it says about the link you were given and if it has no information about it you should obviously be careful.
You know that mod you downloaded and installed that wouldn't get past the black loading screen because it wouldn't install correctly? It just installed a rat onto your computer.
Delete last login before installing any mods and run Minecraft in offline mode the first time you use it to make sure it works.
The following post is a post I made on our servers enjin and some parts of it will have *'s to block slanders and badwords toward the hacker.
There have been alot of Hackings and Exploits going on. Too much of our users are being attacked with it. Do not fall for traps.
There is a new exploit in minecraft where you can download a program or just generaly code a language breach that can decode and decrypt your 'LastLogin' file found in the .Minecraft folder.
For anyone reading this. If someone asks you for your .minecraft be smart. Sure, send em it. Probably a good idea to Delete the LastLogin part of it. Then send them it. 2 of our staff members have been hit by the same probably 45 year old no life whos living with their mom who thinks they are cool because they can remove messages on skype after admitting to hacks.
They also have a very VERY small **** not visable to the human eye.
Effected Members:
- |removed| [LASTLOGIN]
- |removed| [SSH (Secure Shell).
Secure Shell and LastLogin are obviously 2 whole different things but 1 thing is for sure that this guy means serious stuff. Keep your passwords long and possibly it might be best to MIGRATE your accounts (Just requires you putting your EMAIL as your username).
Probably not a good idea to put all the same passwords for everything, because if someone cracks ONE password, they will test other stuff and get into more than just your minecraft.
No word yet on how this person got into |removed|'s SSH.
As far as I'm aware, most people don't have a SSH, well, i don't anyway. But if you do and you know how to change the passwords and keep it locked on it, TELL US. If we are told we can get |removed| back on [advert].
Basic Info:
Don't share your lastlogin. That Gypsy Coding that you see in notepad is easily cracked.
Don't keep passwords short, keep them long and confusing.
Don't use the same password for anything, if you have a bad memory for passwords, write them down.
Migrate your Minecraft account, its safer that way.
Thats all I have to say. - Dy1an362.
The hacker in question is known by two usernames:
|removed|
|removed|
Here is a screenshot of the hacker admitting to hacking our friend |removed| and then removing the message.
|image removed|
Please protect yourself from this at any costs. Hopefully Mojang will make better coding to protect itself from being so easily cracked.
Or you could follow the Minecraft Terms of service and not redistribute the Minecraft files.
I think most of this stuff should just be common sense. Unless you do something stupid you should have no way that you can get hacked.
If you wish, you can edit your topic to remove the "|removed|" placeholders I inserted, just don't readd the screenshot or usernames.
"Never try to teach a pig to sing; it wastes your time and it annoys the pig." — Robert Heinlein
1. like mute said don't distribute minecraft's files
2. ssh is a bad attack vector because most personal computers don't run the service by default, let alone you would need to know login info for the machine to use ssh. (correct me if i'm wrong but you have to install it to windows.)
The things you mentioned can easily be avoided by not going to unsafe sites, opening suspicious emails, downloading files from random places, etc.
This is not an "exploit" or a "Hack" this is simple social engineering. Nothing about the design of Minecraft can really prevent this. If you run code, you give it your trust to access files on your system, including those in the Local Roaming folder or Home path (*nix and OSX). The fact that a malicious program can be run and access the cached login information for Minecraft is an issue of code trust on the part of running the program to begin with, not an issue with the fact the data is stored.
Explained above. the .lastlogin file stored the encrypted (sorta) password. This is absolutely no different than using the "remember" option on sites like this one. The data is stored locally.
Well, truly, they are merely taking advantage of genuinely stupid or ignorant people. If you send an otherwise anonymous third party some of your files, you should know what you are sending them. Sending your .minecraft is against the Minecraft Terms of Service. Enjin has, to my experience, been generally quite responsible in this regard, and I know at least one staffer (he works on the main Enjin Bukkit plugin, to my knowledge) so I sort of doubt you actually have any pull with the organization. Not that that changes things, but I want to make it clear to others that they do, in fact, know the difference between an exploit and a social engineering attack that requires being on the other side of the airtight hatchway.
This adds nothing to your argument. This is just unreasonable name-calling. Clearly this person was smarter than the people he or she engineered into getting their .lastlogin file.
No. It's social engineering. The effectiveness of social engineering merely relies on the naivety of those being taken advantage of.
Long passwords will do absolutely nothing. the .lastlogin information isn't really encrypted by any particularly advanced method; it uses PBEWithMD5AndDES with a pre-defined password that is generally well-known (I won't repeat it here, though). It is designed to save the password and keep it at least a bit more secure than Windows 9x's .pwl files. In order for somebody to have access to this file they either need to get the target to run their code. Generally, by that time, the security battle is lost- you've run malicious code.
They probably used the same password for the SSH as they did for the minecraft account.
This "exploit" is easy to mitigate. If you are paranoid just reset the password via the appropriate link on minecraft.net, and set it to something random, and then don't check to save. Of course it's probably better to just not run things you don't trust. Minecraft "hack" tools are particularly odorous in this regard.
If you don't know how to change your SSH password then you shouldn't be using a Shell in the first place. with few exceptions Secure Shells use a *nix based prompt. If you don't have basic familiarity with *nix commands... well, why are you using a shell...? Anyway, the command is passwd (while logged in). Of course if you ran malicious code it could have easily installed network filter hooks and/or keyloggers, so they'll be able to know the new password because you basically gave it to them.
It's not coding. It's data encrypted using a static secret key using the PBEWithMD5AndDES Algorithm. (well technically that the name that Java uses).
This will do nothing to mitigate when you stupidly run code willy nilly without a cursory check of what it actually does.
it still uses .lastlogin, so it's not safer. Though I'd argue that the problem isn't one of safety but rather stupidity and/or naivety.
That's a good question. However I think the spirit of their response was much like what I posted: don't go downloading random programs. People get burned by this sort of thing most typically because they are so excited to download and use that "become Op on any server" launcher they don't think twice about running it. AV's stop some malicious code but by definition many kinds of malicious code are not detectable, particularly those that take advantage of social engineering. Once the program runs it can easily find and read any .lastlogin file; any protection past that is pointless. Even as a Limited user a program has quite a bit of access to various files and folders, so in many ways, particularly in this respect, you've already lost. And most of them go a step further and simply add a manifest to request admin permissions. People are stupid enough- or, rather, excited at the prospect of being Op on any server or whatever the program promises- that they will simply allow it. At that point, it can do whatever it wants. Nobody can help them at that point. They are compromised, and the exploit was not a software one, but a human one- inherent trust.
Browsers typically run under a limited user account. launching programs from within a sandboxed browser requires the use of exploits to work on the browser in question. Many of these are very involved and even the most silent have various warning signs. Most sites like those noted (eg typo sites) generally just phish. Others will ask to install a plugin, or simply send you to another site. None of them can, without user intervention, install a RAT, because even if they can take advantage of a browser exploit, they are still limited by the stripped Token that the Browser runs under (Unless the person us running the browser as an Admin, in which case they should be flogged anyway). At that point they would need to use a privilege escalation vulnerability in the OS, and these are few and far between and not generally something you can run from within a browser through something like Javascript. Flash, maybe, Java? Also maybe. Either way, these are the exception rather than the rule. And I've yet to hear of any modern one that can actually perform a silent drive-by download.
This is more plausible. Like I mention before, it's a case of code trust. Of course a well designed one wouldn't prevent the game from launching, since that's bears investigation and puts the mod under a microscope. It's also worth noting the wrong terminology: The Remote Access Trojan would be the Mod itself; the payload would be the remote shell. It's worth noting that even the firewall built into Windows will flag this as suspicious; It will likely use a different port than Minecraft, so if it was allowed already, that should (to a responsible user) raise a red flag. Again, it's more a User-side problem.
Ok. Infect mine then. You say it's Child's play but I disagree. Infecting a persons computer is nothing like a terrible B-Movie. The methods you mention are both incomplete and not entirely user unpreventable. Proper vigilance can easily stop their attempts, except in the most elaborate cases, but those are rare and most typically done at a larger scale through organized underground crime rings.
For this I meant there are quite a few sites that can give you an idea of how trustworthy a site is. You can check and see what it says about the link you were given and if it has no information about it you should obviously be careful.
Delete last login before installing any mods and run Minecraft in offline mode the first time you use it to make sure it works.