Security issue

Security issue
by on (#222592)
Wait
Re: Security issue
by on (#222597)
Also lidnariq (that was me)
Re: Security issue
by on (#222598)
Image

I have a hard time believing that this would actually fool anybody.
Re: Security issue
by on (#222601)
You have a different font to me :D
Re: Security issue
by on (#222602)
Even so, I can't see an account with a single-digit post count and a 2018 registration date somehow successfully impersonating one of the site admins (or lidnariq, who registered a decade ago and has over 7,000 posts) long enough to actually accomplish anything.
Re: Security issue
by on (#222603)
I would think that no one really looks at the stats. I'd expect most people just glance at the profile picture.
Re: Security issue
by on (#222604)
You don't need special rules for l vs I, there are a lot of ways to impersonate someone's account name. Mods can just ban people for doing that, this is not a security issue.
Re: Security issue
by on (#222607)
Font is set to "Lucida Grande", Verdana, Helvetica, Arial, sans-serif;
So if you actually have Lucida Grande, or don't have Verdana, you get a capless I.

Meanwhile, the Post font is set to "Lucida Grande", "Trebuchet MS", Helvetica, Arial, sans-serif;
Trebuchet MS has the distinctive slanted M character, and a capless I.
Re: Security issue
by on (#222627)
It's still an issue. Can I get permission from a user with a (lowercase) L in their username and a moderator to see how many people I can fool by doing this and see if it needs to be changed? I have one but it would work better to use someone else's.
Re: Security issue
by on (#222628)
What about this?
Hello. I seem to have lost my admin rights as my name isn't red anymore. Please can they be restored? Thank you

(deletes all forum posts and replaces them with spam)
Re: Security issue
by on (#222629)
orlaisadog wrote:
It's still an issue. Can I get permission from a user with a (lowercase) L in their username and a moderator to see how many people I can fool by doing this and see if it needs to be changed? I have one but it would work better to use someone else's.

Why do you think this is an experiment that needs to be undertaken? What do you think we need to know about this that we don't already?
Re: Security issue
by on (#222631)
teppIes wrote:
What about this?
Hello. I seem to have lost my admin rights as my name isn't red anymore. Please can they be restored? Thank you

(deletes all forum posts and replaces them with spam)

Which of the two other admins on this forum do you think are stupid enough to fall for this?
Re: Security issue
by on (#222632)
Since we know the admin for ages and know their writing pattern, this is not something that would happens. For a new bbs this is a different story but for here there is not much to be concerned about.
Re: Security issue
by on (#222640)
This post is cryptic, I admit. It's intended to hint to the "guilty" party that we're on to you, while the impostor account's post count is still low, without causing too much disruption otherwise.
Attachment:
File comment: All users can see join dates and post counts, and with an appropriate font, capital I isn't a homoglyph.
Firefox ESR 52 in Debian 9, with Wine (and the MS Core Fonts) installed

postcount.png
postcount.png [ 4.67 KiB | Viewed 5550 times ]


The comment section of Explosm.net allows setting "badges" on users, and the Discord chat platform allows setting "roles" on users. Both have been used to distinguish a regular from a homoglyph impostor. The counterpart in phpBB is the "special rank", which this board mostly uses for name change notices.

Without giving too much away: We have set phpBB to store some information about where each post came from, on the basis of legitimate interest in preventing and curing abuse. There exist ways to evade the measures we have in place, but I don't think it's quite bad enough yet to have to install stylometry software to guess identity based on writing style. Stylometry probably wouldn't do a good job anyway in the face of misattribution due to mistaken quoting markup.

Now how would you think to imitate my writing style?
Re: Security issue
by on (#222662)
Revenant wrote:
teppIes wrote:
What about this?
Hello. I seem to have lost my admin rights as my name isn't red anymore. Please can they be restored? Thank you

(deletes all forum posts and replaces them with spam)

Which of the two other admins on this forum do you think are stupid enough to fall for this?

I'm not saying anyone is stupid. I would fall for this.
Re: Security issue
by on (#222663)
tepples wrote:
t's intended to hint to the "guilty" party that we're on to you, while the impostor account's post count

lt was a joke based off of a previous post. Sorry, I wasn't trying to fool anyone. While l was thinking about it l realised this would be possible so l posted this. Also did you know by my email? I put +toku at the end to sign up.
Re: Security issue
by on (#222666)
teppies wrote:
I'm not saying anyone is stupid. I would fall for this.

We all make mistakes, but there are plenty of people here that would catch it and all you need is one to sound the alarm. It's not really a big deal, and easily dealt with.

If you could use your teppies account to somehow read tepples' PMs that would be an actual security violation. Fortunately logging into an account here is not based on your ability to fool an OCR into thinking you typed a username.
Re: Security issue
by on (#222667)
You seem to be very excited with the whole "NESDev exists!" idea but you seem to miss the point of this forum. Are you stuck on an issue when trying to make something work on the NES or are you not interested in that? Your posts are always related to NESDev itself instead of, well, NES dev.
Re: Security issue
by on (#222704)
This is the phpBB Issues forum.
"Found an issue with the phpBB system here at NESdev? Use this forum to report problems."
See my posts on the NESdev forum.
Re: Security issue
by on (#222794)
tepples wrote:
Now how would you think to imitate my writing style?

No one can do this
Re: Security issue
by on (#222798)
Even Google AI wouldn't be able to do it :lol:
Re: Security issue
by on (#222999)
Someone needs to try that.
Re: Security issue
by on (#223019)
What's the best way to download all posts on the site? Maybe you could train an AI on them.
Re: Security issue
by on (#223028)
AI tepples wrote:
The rom space addresses for https caching access through 2.04 mhz 65c02 metatiles means 4 gb of ram cartridge part... Tepples the name of you like c posted a game logic from nmi installs of windows 10 pc: nintendo continues crusade games using mapper init code and the curse of possum hollow or sprites are indeed unassigned as the other retro dev topic: what is the deal with colors $ 4016 are open bus spaces in memory map tepples tepples post subject: re: nintendo has a history with colors... Forum: general stuff topic: nintendo asks github to compose multiple parts of windows 7 and pictures of you like batch

http://botnik.org/apps/writer/
Re: Security issue
by on (#223030)
Another
AI tepples wrote:
The "guilty" party that levels the post appears to be offtopic but does the question about learning posted to this topic ask for recommendations 4 tiles? I guess I could change this to select random stuff like a game that scrolls only horizontally like 06 and a 32-digit background palette string through the pointer to the cart. 2.04 955 I guess. Atttempt to avoid streaming images posted to the cart with colors check whether it boots so bad because it changes slowly and gradually ejecting toward whatever corner is not solid and/or mobile. Forum 7.16: nesdev competition sizes on youtube is still low as the power pad and arkanoid controller reads that users would find reconfiguring everything every couple days on the cart of the 65816's 16 mib address space would be compatible.
Re: Security issue
by on (#223040)
Moved AI posts to http://forums.nesdev.com/viewtopic.php?f=5&t=17646&sid=57a0b31a30c41175f188169c8fc97ebe