It's often that nethack and angband servers ask you to overturn your computer's security and play them even though they don't have the proper certificates.

It's a glaring oversight. Is it too hard or are they hacking your computer?

On 21.11.2023 11:30, Julian wrote:
> It's often that nethack and angband servers ask you to overturn your
> computer's security and play them even though they don't have the
> proper certificates.
>
> It's a glaring oversight. Is it too hard or are they hacking your
> computer?

Curious; what security measure do these servers ask to overturn?
(And which nethack/angband servers do so?)
And what is the (security-) problem if you play on a server that
has no server-certificate?
I mean; if you connect to that server and ask to play through
telnet or ssh a text-based game... - what can a nethack server
software do on your system beyond sending you ANSI codes that
disturb your screen? (What could they hack on your computer?)
Server spoofing, DNS spoofing? But with what consequences here?

I'm not too deep into that matter, so since you've identified
a "glaring oversight" you could probably enlighten the issue a
bit for us. - It's certainly interesting to know if there's an
issue.

Janis

On Tuesday, November 21, 2023 at 7:14:13 AM UTC-6, Janis Papanagnou wrote:
> On 21.11.2023 11:30, Julian wrote:
> > It's often that nethack and angband servers ask you to overturn your
> > computer's security and play them even though they don't have the
> > proper certificates.
> >
> > It's a glaring oversight. Is it too hard or are they hacking your
> > computer?
> Curious; what security measure do these servers ask to overturn?
> (And which nethack/angband servers do so?)
> And what is the (security-) problem if you play on a server that
> has no server-certificate?
> I mean; if you connect to that server and ask to play through
> telnet or ssh a text-based game... - what can a nethack server
> software do on your system beyond sending you ANSI codes that
> disturb your screen? (What could they hack on your computer?)
> Server spoofing, DNS spoofing? But with what consequences here?
>
> I'm not too deep into that matter, so since you've identified
> a "glaring oversight" you could probably enlighten the issue a
> bit for us. - It's certainly interesting to know if there's an
> issue.
>
> Janis

Both nethack 3.6.7 and puTTy have this warning on Windows 11:

WINDOWS PROTECTED YOUR PC

Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
_More info_

There is a button labelled "Don't run"

I'm not a malicious hacker, therefore I don't know what all they could do with this, maybe install a backdoor? Etcetera. It suggests to me that there has been some bypass of security. I don't want to make an accusation, but the lure of an unprotected computer is more power than many can handle.

On Wednesday, November 22, 2023 at 4:12:42 AM UTC+11, Julian wrote:
> On Tuesday, November 21, 2023 at 7:14:13 AM UTC-6, Janis Papanagnou wrote:
> > On 21.11.2023 11:30, Julian wrote:
> > > It's often that nethack and angband servers ask you to overturn your
> > > computer's security and play them even though they don't have the
> > > proper certificates.
> > >
> > > It's a glaring oversight. Is it too hard or are they hacking your
> > > computer?
> > Curious; what security measure do these servers ask to overturn?
> > (And which nethack/angband servers do so?)
> > And what is the (security-) problem if you play on a server that
> > has no server-certificate?
> > I mean; if you connect to that server and ask to play through
> > telnet or ssh a text-based game... - what can a nethack server
> > software do on your system beyond sending you ANSI codes that
> > disturb your screen? (What could they hack on your computer?)
> > Server spoofing, DNS spoofing? But with what consequences here?
> >
> > I'm not too deep into that matter, so since you've identified
> > a "glaring oversight" you could probably enlighten the issue a
> > bit for us. - It's certainly interesting to know if there's an
> > issue.
> >
> > Janis
> Both nethack 3.6.7 and puTTy have this warning on Windows 11:
>
> WINDOWS PROTECTED YOUR PC
>
> Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
> _More info_
>
> There is a button labelled "Don't run"
>
> I'm not a malicious hacker, therefore I don't know what all they could do with this, maybe install a backdoor? Etcetera. It suggests to me that there has been some bypass of security. I don't want to make an accusation, but the lure of an unprotected computer is more power than many can handle.

Windows Defender blocks rarely downloaded apps by default. The information you learned is, sadly, 'not many people download and play Nethack' and 'not many people downlod and use PuTTY'. You didn't learn whether they have a virus or not - it didn't even check.

If you want a second opinion, you can send a program to https://www.virustotal.com/gui/ and see what it thinks.

On Tue, 21 Nov 2023 21:33:40 -0800 (PST), Patashu <patashu0@gmail.com>
wrote:

>On Wednesday, November 22, 2023 at 4:12:42?AM UTC+11, Julian wrote:
>> On Tuesday, November 21, 2023 at 7:14:13?AM UTC-6, Janis Papanagnou wrote:
>> > On 21.11.2023 11:30, Julian wrote:
>> > > It's often that nethack and angband servers ask you to overturn your
>> > > computer's security and play them even though they don't have the
>> > > proper certificates.
>> > >
>> > > It's a glaring oversight. Is it too hard or are they hacking your
>> > > computer?
>> > Curious; what security measure do these servers ask to overturn?
>> > (And which nethack/angband servers do so?)
>> > And what is the (security-) problem if you play on a server that
>> > has no server-certificate?
>> > I mean; if you connect to that server and ask to play through
>> > telnet or ssh a text-based game... - what can a nethack server
>> > software do on your system beyond sending you ANSI codes that
>> > disturb your screen? (What could they hack on your computer?)
>> > Server spoofing, DNS spoofing? But with what consequences here?
>> >
>> > I'm not too deep into that matter, so since you've identified
>> > a "glaring oversight" you could probably enlighten the issue a
>> > bit for us. - It's certainly interesting to know if there's an
>> > issue.
>> >
>> > Janis
>> Both nethack 3.6.7 and puTTy have this warning on Windows 11:
>>
>> WINDOWS PROTECTED YOUR PC
>>
>> Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
>> _More info_
>>
>> There is a button labelled "Don't run"
>>
>> I'm not a malicious hacker, therefore I don't know what all they could do with this, maybe install a backdoor? Etcetera. It suggests to me that there has been some bypass of security. I don't want to make an accusation, but the lure of an unprotected computer is more power than many can handle.
>
>Windows Defender blocks rarely downloaded apps by default. The information you learned is, sadly, 'not many people download and play Nethack' and 'not many people downlod and use PuTTY'. You didn't learn whether they have a virus or not - it didn't even check.
>
>If you want a second opinion, you can send a program to https://www.virustotal.com/gui/ and see what it thinks.

It wasn't 100 % on (nethack == harmless) It feels that there is WORM
in there.

On 2024-01-07, Prtr Mandrake <j63840576@gmail.com> wrote:
> It wasn't 100 % on (nethack == harmless) It feels that there is WORM
> in there.

Identified presence of Purple Worm in NETHACK.EXE

<https://nethackmonsters.art/monsters/w-purple_worm-magenta-ascii.webp>