MUD Security

In his holidays, Bob would come back to college and play AberMUD on my system… One day, on a whim, I fed the MUD persona file passwords into Crack as a dictionary… Being the lazy guy I am, I forgot to remove the passwords from the Crack dictionary, and when I posted the next version to USENET, the words went too. It went to the comp.sources.misc moderator, came back over USENET, and eventually wound up at Bob’s company. Round trip: ~10,000 miles.

Being a cool kinda student sysadmin dude, Bob ran the new version of Crack when it arrived. When it immediately churned out the root password on his machine, he damn near fainted… The moral of this story is: never use the same password in two different places, and especially on untrusted systems (like MUDs).

MUD Frequently Asked Questions.

See the Internet security section for additional security information. This page describes MUD specific security issues.

Fortunately, MUD’s are among the most secure of the Internet technologies, because each user interacts with a central server and others can’t access a player’s computer directly. Your primary security risk on a MUD is to confidentiality. Specific issues are described below:

  • Confidentiality. Your conversations on a MUD may be logged by other users, and used later in ways you don’t want, by, for example, posting them on the web or Usenet newsgroups. Unless you use your real name (not recommended), this is not a large risk.
  • Harassment. Your character may be affected by other characters in ways that you don’t want. For example, another player with more knowledge of how the MUD works may do things to you that you don’t like, like picking you up and putting you in a different room. In extreme cases, especially on action oriented MUD’s, your character may by killed by another character, and you will have to start your session over. But you knew that was a risk when you started the game…