 |
|
May 08, 2010, 10:35 AM // 10:35
|
#121 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
They don't need the GW password. They glitch into a random NCsoft master account (again, no password required), where they can set a new GW password without knowing the old one. They'll see your GW login ID there too. Now all they need is a character name. If you used the same email address for GW and any forum... forums have been hacked, user details stolen - including email addresses. Now they check the GW login email address against the list of addresses stolen from forums... if they find a match, they search forum posts to see if a character name was posted. I imagine most of that will be done automatically by software. See what a ridiculous situation that is? We have to use different email addresses everywhere (if you didn't make a new email address for GW 5 years ago... it's too late now). AND we must not reveal our character names anywhere. And we have to jump through these hoops, because NCsoft doesn't take security seriously. Last edited by Riot Narita; May 08, 2010 at 10:38 AM // 10:38.. |
|
|
|
|
May 08, 2010, 12:32 PM // 12:32
|
#122 |
|
Lion's Arch Merchant
Join Date: Sep 2006
Guild: Alchemy Incorporated
Profession: Mo/E
|
People who forget their Guild Wars passwords and need a reset probably don't have a lot to lose if their account is hacked. People like me who have spent literally thousands of hours in the game, who are emotionally tied to their characters, who accidentally type their GW password into their work applications out of sheer habit -- the ones that know their passwords are also the ones with the most to lose -- both emotionally and from in-game acquisitions -- if their account is compromised.
Guild Wars was my first on-line game. When I started it I didn't really understand the need for security. Who wants to break into my game anyway? What are they gonna do, play my character and keep me from seeing a mission? Consequently, because of my ignorance, my GW account name wasn't as secure as it should be, at least from people who were a little bit familiar to me. I mean, it asks for an e-mail address so I gave it the e-mail I was most likely to use. Then I had a problem and needed support. To get support I had to make an NC Soft Master Account. Again in ignorance I chose an account name I could easily remember. Now, even though I have made sincere and honest efforts, explaining exactly why I need changes made, asking support to change my GW account name, asking support to unlink my account so that I can increase my own security by changing my account name, asking for any help I can get with this, they will do nothing for me. Nothing. They won't allow me to cancel the contract that I made that allowed them to alter my GW account and thereby prevent me from changing my account name (people who haven't linked to NC Soft can change the e-mail address that comprises their GW account). They won't even abide by their own privacy agreement and remove all personal information (which would include the e-mail address used for GW effectively rendering the NC Soft Master Account useless). They don't keep their bargains. Now that I'm not so ignorant I still can't close any of the security holes that I created because the options are denied me simply because I screwed up and linked my account to NC Soft. Now you tell me that one of the very few steps involved with security between NC Soft and my Guild Wars account has been removed and I shouldn't care because it's not a big deal anyway. ANY layer of security on my account is a big deal. A huge deal. It could very easily matter, because there aren't a lot of good layers to begin with. And NC Soft won't allow me to change that. It matters. They need to fix it back. If they are going to go backwards with security then they need to allow us to step out of our relationship with them, unlink our game and cancel the Master Account. *off topic* Please do something to make the in-game store in GW2 available without an NC Soft account. I love buying the extras, but I will never again link ANYTHING to NC Soft. If they were reasonable in their business relationships it would be different but, unfortunately, they are not not. |
|
|
|
|
May 09, 2010, 02:37 AM // 02:37
|
#123 | ||||||||
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
Quote:
Quote:
2. It is massively inconvenient to have to safeguard your IGN as an account credential. It makes arranging any sort of activity outside of the game -- from trading to joining a guild to forming a group -- a downright dangerous thing. See Riot Narita's post for more on what a hassle that is. I daresay that the inconvenience of needing to protect your IGN is a bigger inconvenience to more people than the inconvenience of the few idiots who can't remember their passwords. 3. EVEN IF you were correct that the IGN was a sufficient wall (and a convenient one) -- and you aren't -- it would still remain the wiser practice to have more than one effective security feature in place. And let's be honest here, right now IGN is the ONLY effective security feature we have right now. As recently as a few months ago it was possible to break the NCMA through any one of (1) brute force against the password reset, (2) glitching into someone else's account, (3) file mirroring the whole domain, (4) monkeywrenching the javascript(!!?) functions used for user verification, or (5) SQL injection (possible, unverified how far one could get this way). Unless and until NCSoft is ready to admit those problems existed and put forth some evidence that they've been fixed, I'm going to make the reasonable presumption that the NCMA remains utter Swiss cheese. To illustrate that point, try to answer this simple question: Assume that on 7/1/2010 someone associated with an RMT business interested in stealing accounts, who already knows how to compromise NCMAs, will figure out how to obtain a list correlating NCMAs and IGNs. How many of those GW accounts would be stolen before you even know about the problem? How many more will be stolen before you can figure out how he's doing it? How many more yet before you can fix the problem? Now, how many accounts would be stolen if the old-password requirement had remained in place? Quote:
Quote:
...having your account stolen? ...having your account stripped and/or characters deleted? ...having to constantly guard your IGN? Quote:
Quote:
Quote:
There does not have to be a conflict between the interests of the tiny minority of morons who can't remember their passwords and the rest of us who would rather have a secure account. You should be able to design the NCMA to give the user the option to choose between more security or more "convenience." Let the morons opt out of the old-password requirement. Or let me opt in to the old-password requirement. Or, better yet, let me opt to sever my GW account from the NCMA -- which I will do in a heartbeat, and that will be the end of the problem. |
||||||||
|
|
|
|
May 09, 2010, 03:09 AM // 03:09
|
#124 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Can't speak to the other issues, as I'm not qualified to evaluate more advanced security issues. |
|
|
|
|
|
May 09, 2010, 12:20 PM // 12:20
|
#125 | |
|
Krytan Explorer
Join Date: Mar 2008
Location: England
Profession: Me/
|
Quote:
|
|
|
|
|
|
May 09, 2010, 08:17 PM // 20:17
|
#126 | |
|
Krytan Explorer
Join Date: May 2005
Location: NC, USA
Guild: Ohm Mahnee Pedmay [Hoom]
|
Quote:
 . |
|
|
|
|
|
May 10, 2010, 05:05 AM // 05:05
|
#127 | |
|
Jungle Guide
Join Date: Aug 2007
|
Quote:
|
|
|
|
|
|
May 10, 2010, 06:47 AM // 06:47
|
#128 | |
|
Forge Runner
Join Date: Jul 2006
Profession: R/
|
Creating any NCSoft or ANet web-account linked to my game-account will be the last thing I do.
Quote:
|
|
|
|
|
|
May 10, 2010, 12:16 PM // 12:16
|
#129 | |
|
La-Li-Lu-Le-Lo
Join Date: Feb 2006
|
Quote:
__________________
Stay Breezy
|
|
|
|
|
|
May 10, 2010, 01:13 PM // 13:13
|
#130 |
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
Anet should at least give us the courtecy to untie the GW account from the NSMA.
|
|
|
|
|
May 10, 2010, 03:22 PM // 15:22
|
#131 |
|
Lion's Arch Merchant
Join Date: Nov 2008
Location: WI
Guild: Dark Phoenix Risin [DPR]
Profession: R/
|
Nobody really knows how hackers do what they do or where they get their information but regardless of security measures, they try to find ways around them to steal people's stuff.
In my situation that I posted on Page 3 - Post 52, the account of mine that was stolen was a secondary account. I was not the original creator of the account. The only person that knew the original NCSoft info was the creator and even he did not remember his NCsoft username and password. I had since changed the GW password so now I was the only person that knew the game login password. The original owner and I were the only 2 that knew the game login username. IGN's were never posted on any website or attached to any outside source but IGN's can be found easily enough by searching in the friends log, but they still would have had to tie it to this account. I guess what I'm saying is what possible security breach could have been used to gather the info needed to hack this account? Something somewhere allowed a hacker to get access without knowing this information. The other issue I still have is that since I am not the original creator of the account, I am out of luck even though I am the one contacting support with documentation. However, the person that now has control, and would have had to hack through some part of the GW/NCSoft security does not have to prove anything. It's the attitude that we don't care unless you can prove yourself that is most disappointing. |
|
|
|
|
May 10, 2010, 03:51 PM // 15:51
|
#132 | |
|
Forge Runner
Join Date: Apr 2008
Location: Texas
Guild: Reign of Judgment [RoJ]
Profession: Me/
|
Quote:
|
|
|
|
|
|
May 10, 2010, 05:54 PM // 17:54
|
#133 |
|
Ascalonian Squire
Join Date: Oct 2007
|
Been a long time lurker and infrequent player of the game, and this is a concern for me. Its clear plaync doesnt know how to handle security, ill buy GW2 for sure but it will never be linked to my plaync master account.
|
|
|
|
|
May 10, 2010, 06:20 PM // 18:20
|
#134 |
|
are we there yet?
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
|
petition to unlink....next on the list of petitions!
(twould be signed by just about everyone I know, and their brother)
__________________
 where is the 'all you can eat' cookie bar? |
|
|
|
|
May 10, 2010, 06:28 PM // 18:28
|
#135 | |
|
Forge Runner
Join Date: Apr 2008
Location: Canada
Profession: E/
|
Quote:
|
|
|
|
|
|
May 11, 2010, 03:06 AM // 03:06
|
#136 |
|
Grotto Attendant
Join Date: Apr 2007
|
Note to a-net: This issue is not going to go away until some corrective action is taken.
|
|
|
|
|
May 11, 2010, 05:35 AM // 05:35
|
#137 | |
|
Guest
Join Date: Jul 2005
Profession: Me/
|
Quote:
|
|
|
|
|
|
May 11, 2010, 05:46 AM // 05:46
|
#138 |
|
are we there yet?
Join Date: Dec 2005
Location: in a land far far away
Guild: guild? I am supposed to have a guild?
Profession: Rt/
|
I think I also remember them saying something about make overs not being possible at one point too....though the not enough resources (eg, they dont really care) is probably the most likely reply. Still would be nice to have the option and not need to 'look over you shoulder' all the time.
__________________
where is the 'all you can eat' cookie bar? |
|
|
|
|
May 11, 2010, 10:50 AM // 10:50
|
#139 |
|
La-Li-Lu-Le-Lo
Join Date: Feb 2006
|
Gaile said everything was impossible. She also said you could hit teammates with Poison Arrow. General rule of thumb: ignore Gaile. When it comes to these sorts of things, almost anything is possible; it's simply a matter of making somebody care enough to get around to doing it.
__________________
Stay Breezy
|
|
|
|
|
May 12, 2010, 12:12 PM // 12:12
|
#140 |
|
Wilds Pathfinder
Join Date: Jun 2005
Location: Georgia, US
|
There is a god damn security breach. Nothing is ever 100% safe. I don't understand what is so god damn hard to grasp. It's a simple software engineering concept that all your programmers should have learned in intro courses.
Your dev's can't balance, your programmers fails at basic software concepts, your customer support are terrible, and your publisher is terrible and is the major cause for the security breach for both your game accounts and you players' private and personal information. I can't believed you failed at everything imaginable. You should take a lesson from Blizzard. They have authenticators and flexible account management. They have good customer support both in game in the case of GM's, and a phone line you can actually call and get a live person to talk to within 10 minutes. They also have god damn account activity tracing and rollbacks. They have better security and security recovery. You bet your entire company's future on GW2? You might want to offer the same service a six year old game have. How am I supposed to feel safe buying GW2? My account is just going to get hacked, private info released, and wait about a week getting an email back from support telling me to be more careful with my account as they can do nothing but tell me crap any non-idiot on the internet knows. You have a security problem. Just because you can't find it doesn't mean it doesn't exist. If you found it it wouldn't be a problem now would it? Asking you to fix things is really that hard? It's obviously broken. You don't have enough resources to fix it? Then why would I want to pay money again to get screwed over again? I remember when GW just came out and I was deciding whether I should play WoW or GW. I flipped a coin and fate chose GW. Maybe I should have stared fate in the face and told it no. |
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 02:51 AM // 02:51.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("