Re: Minecraft "Insecure Mode" Detection Script

[Ron <ron () skullsecurity net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Jan 2011 15:22:46 -0800 Fyodor <fyodor () insecure org> wrote:
> On Thu, Jan 13, 2011 at 01:13:02PM -0600, Ron wrote:
> > I personally think that unless it's big, noisy, slow, or pointless,
> > it should be included.
> >
> > Somebody doing a vulnerability scan of their network might see no
> > vulnerabilities, even though this vulnerability exists.
>
> I agree that it should be included if people consider it a
> vulnerability.  But it seems to me more of a configuration preference.
> It tests whether the game allows you to play with any username you
> choose, or if you need to go register a free account at minecraft.net
> first.
>
> We can put it back if people want it included with Nmap.  Of course
> even if it isn't in Nmap proper, anyone can download and use it from
> the seclists link.
>
> I also think the script could be even more useful if it could gather
> more useful information than just this one boolean config value.  Then
> it would be like some of our other *-info scripts.
>
> Cheers,
> Fyodor
Ah, okay, I didn't understand it properly. When I saw "insecure mode", I mentally mapped it into a vuln. 

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk0vosIACgkQ2t2zxlt4g/TPUwCfbeZ95rr2mb7Sjyf4KxcFZ6vI
ltkAn00ftFMhftacVwJRFm0quIiqZk2+
=2MO3
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/