 |
|
May 31, 2010, 06:16 PM // 18:16
|
#61 | |
|
Jungle Guide
Join Date: Oct 2005
Location: Wessst Siiide, USA
Profession: Mo/
|
Might be time for password change.
Quote:
|
|
|
|
|
May 31, 2010, 06:43 PM // 18:43
|
#62 | |
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
1. 10x more NCSoft account credentials were stolen than WoW account credentials. What's the most likely explanation for that? There are 10x as many NCSoft accounts in existence as there are WoW accounts, so being stolen at the same rate resulted in 10x as many NCSoft accounts being stolen? No, that premise is precisely the opposite of reality. There are more WoW accounts. NCSoft accounts have more monetary value, so they were targeted more by the thieves? Again, the premise is contrary to reality. WoW accounts are worth more cash. NCSoft customers are 10x dumber on average than WoW customers and 10x more likely to fall for phishing? Perhaps, but it seems unlikely. The most logical explanation is that a NCSoft account is 10x easier to steal because they have serious security flaws. 2. How often do you log into your NCSoft account? Probably not very often. You could have a keylogger on your system for months and it would never pick up your NCSoft password because you never type in your NCSoft password. Ergo, it's unlikely that they keylogged 2 million NCSoft passwords. 3. While there were phishing attempts for the NCSoft password reported on Guru, none that had the sort of volume you'd expect from something that would net 2 million suckers. Unless the phishing was targeted in a way that largely avoided people who post on Guru, we should have seen a lot more reports of attempted phishing than we did. Ergo, it's unlikely that they phished 2 million NCSoft passwords. |
|
|
|
|
|
May 31, 2010, 07:11 PM // 19:11
|
#63 | |
|
Krytan Explorer
Join Date: Nov 2006
Guild: Pita Bread And Scud Missiles Ai[iiii]
|
Quote:
Did you know that thank you is not nine chars? I mention this only because I couldn't just post a thank you. Had to add additional characters. All done. |
|
|
|
|
|
May 31, 2010, 08:56 PM // 20:56
|
#64 | |
|
Desert Nomad
Join Date: Mar 2008
|
Quote:
 All I wanted to say is that the newly discovered trojan isn't the actual danger: the actual danger is probably found elsewhere (hello NCSoft, how's your website?) So there's really nothing new to report. 
|
|
|
|
|
|
May 31, 2010, 09:02 PM // 21:02
|
#65 | |
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Quote:
|
|
|
|
|
|
May 31, 2010, 09:47 PM // 21:47
|
#66 |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Now, this is worth concern. 3,700 banned players QQing is irrelevant. This is a big deal. NCSoft has routinely failed at security, and that doesn't seem to be changing.
I for one believe that this should be the point of public outcry. Legitimate players stand to lose their accounts daily because of this, and in far greater numbers than 3,700. This is a major issue, and major steps need to be taken immediately to fix this situation. I would highly recommend the route Blizzard has taken with the authenticator program, as that has been wildly successful.
__________________
|
|
|
|
|
Jun 01, 2010, 02:16 AM // 02:16
|
#67 |
|
Furnace Stoker
Join Date: Jun 2005
Guild: Quite Vulgar [FUN]
|
2 million infected computers is a very small slice of the overall world wide population of online gamers.
About a year ago I knew something was up when you see more and more accounts being hacked over different games. I think the hackers are ahead of the curve on security. Security can only be reactive. I like authenticators. At least its a physical device with a less chance of being corrupted. Though I'm sure its only a matter of time before some one figures out a way to hack those as well. |
|
|
|
|
Jun 01, 2010, 02:20 AM // 02:20
|
#68 | |
|
The Fallen One
Join Date: Dec 2005
Location: Oblivion
Guild: Irrelevant
Profession: Mo/Me
|
Quote:
Authenticators, on the whole, are the most secure method of account security on the planet, period.
__________________
|
|
|
|
|
|
Jun 01, 2010, 02:48 AM // 02:48
|
#69 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
The reason that players aren't deeming this "newsworthy" is that we already knew that NCSoft had security issues. As of right now, the existence of this database is less of a concern than you might think.
Symantec is claiming that: - somebody is running a botnet - said botnet tests prospective credentials in online games - the botnet's dictionary is from another source, probably bulletin boards This is basically the scenario I proposed in December, except that I posited the use of brute force using the password reset function (a botnet could have snagged many accounts per day this way). The obvious explanation for the observation that NCSoft accounts were disproportionately compromised is that the botnet was applying brute force to the NCSoft website. The entry mechanism could have been the login bug that some players claimed to have discovered on January 1 (but ANet vehemently denied), or it could have been the reset mechanism. Since those problems were almost certainly unique to NCSoft, it would explain why Blizzard's accounts were less likely to be compromised. Either way, those issues have been fixed. I've verified that the password reset loopholes have been closed using some less valuable accounts, and the cessation of the rash of hacks conclusively suggests that any means of directly accessing another user's NCSoft account has been removed. Further, the attack mechanism strongly implies this. The thieves are targeting NCSoft accounts in the same way that they would target Blizzard or anyone else. The moral of the story is: don't use your GW access credentials for anything else, and for the time being you should be fine. Authenticators would be great, and I sincerely hope that they implement them for GW2. I approve of anything that increases the costs of hacking accounts by six orders of magnitude. |
|
|
|
|
Jun 01, 2010, 02:58 AM // 02:58
|
#70 |
|
Ascalonian Squire
Join Date: Apr 2010
Profession: W/D
|
Not trying to start any flaming here.. just a simple question as I have no idea what this is all about or what it is doing... but is it at all possible that any of this issue could have caused some false positives for any of the 3,700 account bans?
|
|
|
|
|
Jun 01, 2010, 03:50 AM // 03:50
|
#71 |
|
Academy Page
Join Date: Nov 2009
Location: Texas
Guild: CGU
Profession: P/
|
thats kinda a scary thought that lots of the people banned could argue that it was stolen by someone else o.o
|
|
|
|
|
Jun 01, 2010, 04:11 AM // 04:11
|
#72 | |
|
Jungle Guide
Join Date: Jun 2008
Location: Australia, what you want my home address?
Guild: [CAT]
Profession: Mo/
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 06:28 AM // 06:28
|
#73 |
|
Core Guru
 
Join Date: Feb 2005
|
This is the original article:
http://www.symantec.com/connect/blog...ials-uncovered NCSoft's website wasn't compromised, these 2 million accounts are from other means, such as hacking fansite forum databases, phishing, and keylogging. NCSoft likely has more total subs than Blizzard, which may be why there is more accounts. Also, a PlayNC account can have more than one game linked to it. Lineage 1, Lineage 2, Aion, Guild Wars, and City of Heroes are all very popular MMO's right now, and have been for a while. NCSoft's account security is more than fine, really all people need is a username and password, and their account security will be as good as it gets. Even a random password of length 5 can't be guessed in anyone's lifetime. There are companies out there that do nothing but steal accounts all day long, month after month. When Oct 2009 - Dec 2009 came around and there was an increase in NCSoft (Aion and Guild Wars mostly) accounts being hacked, I did some research. Here is what I came up with over Christmas Break 2009, in a single weekend, in my spare time: I acquired a total of 200,000+++ database accounts from various Aion and Guild Wars fansites. After writing some text parsers and other various tools to sort and consolidate them into one giant ass file, I had 185,000 e-mails with matching MD5 hashes and Salts in a format hashcat liked. I then set out and downloaded some simple dictionaries, the two best ones were milw0rm's and Argon's List ver2. I made another text script to consolidate and remove duplicate words from the dictionaries, and once again, form a giant ass dictionary. I can't remember how many words there were, but it was something like 40 million. So here we go, I have a Quad Core at 4.4GHz, 1680MHz memory at CAS 6, and a 4GHz QPI bus, and it took almost exactly 5 hours to dictionary attack all 185,000 accounts. Now before I give you the stats, I want to explain to you my theory that I wrote down before I set out to do all this. My theory that was that 1% of fansite users are dumb enough to use the same email and password as their game accounts. Boy was I wrong. -185,000 forum/gamesite accounts (email and hash+salt) -54,366 used easily guessed passwords (md5 cracked) (29.4%) -Of those 54k, 10,873 were the same email/passwords as used on NCSoft accounts (20%) In several hours over the course of a weekend, in my spare time, I gained access into 10,900 NCSoft accounts purely based on the stupidity of people using the same email/passwords on various fansites as their NCSoft account. Most of these same fansite databases were hacked in Oct 2009 by the companies I explained above (the ones who steal accounts 24/7 as a full time business), resulting in an increase of NCSoft accounts being hacked in Nov 2009. Essentially, the rumors that NCSoft was compromised were a direct result of that French (?) fansite and it's 200,000 users being compromised. Some of you might question how I had the time to log into all those accounts! Well I didn't! I emailed those 54,366 to an NCSoft database guy who ran a script to match my potential accounts against actual accounts, to see how many matched. That's where the 10,900 number comes from. So I didn't actually log into anyone's account. But if I were a mean person, and I wasn't just doing all this out of shear curiosity, then I would have sold that list of 54,366 to that company I mentioned above for... probably $1 per account.  So let this be a lesson to you all, don't be one of the 20% of morons out there that use the same password on public fansites and your game account. You will get hacked eventually, and all the A/V firewall spybuster software in the world wont protect you from being a dummy. In my original post I made a summary of the data. I actually did two different tests using just milw0rm's dictionary of 84k words (Test #1) and then a second test using a larger dictionary (40m words). The 10,900 was never confirmed, but it can be assumed it would be fairly accurate. The 6,400 from 32k accounts was confirmed. 1st Test: 32,000 recovers 6,400 (20%) were confirmed NCSoft accounts 2nd Test using 40 million word dic: 54,366 recovers 20% of that would be 10,873 (unconfirmed) NCSoft Note: Some of you might wonder why NCSoft would cooperate with me (Brett) on the accounts. I have proven to be a pretty trustworthy guy in the community, and I am also under legal obligation, so the data was always safe. This experiment was all done in the name of science! Now we have a pretty solid statistic on how many dummies out there use the same weak passwords on public sites as well as their important private accounts. |
|
|
|
|
Jun 01, 2010, 08:26 AM // 08:26
|
#74 | |
|
Auctions Mod
Join Date: Jan 2006
Location: UK
Guild: Mystic Spiral [MYST]
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 08:49 AM // 08:49
|
#75 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 11:22 AM // 11:22
|
#76 | |
|
Ascalonian Squire
Join Date: Feb 2006
Profession: R/E
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 11:37 AM // 11:37
|
#77 | |
|
Krytan Explorer
Join Date: Aug 2007
Location: Alexandria, Scotland
Guild: The Charter Vanguard [CV]
Profession: W/
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 06:36 PM // 18:36
|
#78 | |
|
Core Guru
Join Date: Feb 2005
|
Quote:
|
|
|
|
|
|
Jun 01, 2010, 06:52 PM // 18:52
|
#79 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Brett,
The dispute has always been over volume. I believe what you're saying. However, I believe that your hypothesized vector of attack has always been assumed to be present among the more sophisticated. Claiming that your method is causal basically requires believing that the attackers were dumb before (July? October?) but suddenly got smart. By contrast, believing in NCSoft vulnerabilities requires believing that the hackers were smart to begin with but got smarter after reviewing the condition of the site, and altered the vector of attack as a result. The math associated with brute forcing birthday password resets using botnets is just too attractive to a professional hacker. Especially given that we now know that botnets are being used. In short, I accept the contention that what you describe is part of the explanation, but reject ANet's contention that it constitutes the full explanation. Too many educated people aware of good security practices got hacked for me to believe that this was a simple case of BBS hacking and social engineering. The explanation just doesn't fit the data. |
|
|
|
|
Jun 01, 2010, 07:39 PM // 19:39
|
#80 | |
|
Krytan Explorer
Join Date: Nov 2006
Guild: Pita Bread And Scud Missiles Ai[iiii]
|
Quote:
|
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 05:33 AM // 05:33.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("