Curse

Miscreant_Moon · Jan 21, 2010, 12:46 AM // 00:46

So You've Been Hacked...

http://bifftheunderstudy.wordpress.c...e-been-hacked/

greenthumb · Jan 21, 2010, 12:56 AM // 00:56

Quote:

We have a team of security professionals with years of experience in massively multiplayer games and online security in Seoul, Seattle, Austin, and Brighton that is striving to make our servers as secure as they can be. Any vulnerability that is discovered is addressed and fixed.

I appreciate the efforts to provide such a statement by NCsoft.

I don't believe there's been adequate accountability on the part of NCsoft (or at least not publicly acknowledged). The additional security measure taken on New Year's Day seemed to address an obvious, glaring security hole. I'm not an IT or security specialist, but the ability to change GW account credentials without any authentication or control (in that event that the NCsoft master account was compromised) seems like a fairly obvious security hole. E.g., a player might've had lax account credentials for the NCMA (sharing login and password on a compromised site), but might've maintained a strong unique password for their GW account, but that wouldn't necessarily matter and could be circumvented easily because of the NCMA security design.

That issue seemed to be a noted issue since at least October from what I can glean. I just wonder how many account thefts could've been prevented if NCsoft took that measure earlier rather it require major escalation on New Year's Day to make such a change.

Given NCsoft has so many security professionals with so many years of experience, I do wonder why it took months for such an obvious security hole to be addressed (obvious to a layperson such as myself). Players need to be educated and do more, but with a large population of players, there will be varying levels of sophistication. Lapses by players which might enable their accounts to be compromised doesn't excuse NCsoft from their own conduct or failure to act that facilitates player accounts to be compromised.

End · Jan 21, 2010, 12:57 AM // 00:57

Quote:

Originally Posted by Regina Buenaobra

NCsoft has published a message from our Game Surveillance Unit today, regarding account security. For the full message, please go to the NCsoft web site.

You should just remove the link. Your just gonna piss more people off....but of course your not going to read this. Theres to many people pissed off already to notice this little message here.

Edit: I have nothing against anet in terms of security I commend them on their fast action adding in a new security feature before ncsoft even began to look at the issue.

isildorbiafra · Jan 21, 2010, 01:03 AM // 01:03

I take this like the bimonthly skillupdate and every other thing they said they were going to do; but never did. All lies!

Cacheelma · Jan 21, 2010, 01:07 AM // 01:07

Quote:

Originally Posted by Illfated Fat

This isn't meant to play kiss-ass for NCSoft

That's EXACTLY what it is.

But to be honest this whole thing is really tiring. Let's not open this can of worm again. I don't see any good coming out of it anytime soon.

Martin Alvito · Jan 21, 2010, 01:18 AM // 01:18

Quote:

As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised.

Don't insult my intelligence. It makes me very angry.

Quote:

We'll continue to audit our systems, and you will see some dramatic changes in the next few months. NCsoft views account security as a very important matter.

See, the issue is that if there weren't problems, you would not take action. Action is costly, so you wouldn't expend resources on the site unless you thought the downside risk from not taking action was greater than the cost of taking action. Your behavior reveals that your denial is a lie.

Gun Pierson · Jan 21, 2010, 01:22 AM // 01:22

Quote:

Originally Posted by Cluebag

You hear that Linsey, you big dummy? Stop using bots, buying in-game money, downloading keyloggers and all that other stuff that must have happened, since NCSoft security is bulletproof.

She's a cute dummy though, but that's my opinion

To NCSoft...Yes there's a war going on I agree with that, but it has been going on for years. Yes we must all fight it together, but in case you didn't know, the grunts are fighting for months now and where the hell were you? More so, people changed their passwords after the alarming message on the GW log in screen and many got their account raped after that action. But you didn't fool me, same old password since release thank you. However you did trick me into getting the free storage pane which forced me to link my GW account to an NCSoft main account. Which reminds me, I saw a thread about a list with accounts info that was stolen somehow.

People got wrong support tickets and so on. So I'm not sure what you can do for us in this war as from what I understand it will take some time before the extra security or whatever it is you talk about gets into operating mode.

You make Anet and the players look bad NCSoft and I didn't even like you before all this. If it wasn't for GW2, I would never buy a product from you again.

YunSooJin · Jan 21, 2010, 02:25 AM // 02:25

Quote:

Originally Posted by Illfated Fat

My, what cynics you all are ; ).

Of course articles such as Jennings' will contain some sort of 'political' agenda, but in the grand scheme, the intent comes from a good place. They hear us - heck - they even quoted one of us. Our words are not going unread. True, we can point fingers at mistakes, but they can also do it to us (yes - I'm looking at all you people who leave your account open to vulnerabilities).

This isn't meant to play kiss-ass for NCSoft - organizations are never even close to perfect, especially with a convoluted structure of departments. If we snap our fingers, changes won't - believe it or not - happen overnight. When you deal with the many thousands of people that they do, with all sorts of details and complications, there is hardly a simple fix at the switch of a button. It is not unreasonable for their time-line to be estimated in weeks, or even months.

It is our account security but worse things could go wrong if they hasten a response. How many of you guys have actually seen the structure behind the interface we see, both for the website and multiple games they create? At best, it is organized chaos. One fix here could result in a bug there, or another vulnerability elsewhere, etc. etc. Trust me - you want these people to be as meticulous as the can.

Thanks for looking into it and hearing us. You guys aren't perfect, the gamers aren't perfect. Sometimes you guys screw shit up and so do we. Let's call it even?

Probably give you more perspective if you got hacked and then read that little gem of theirs. Hopefully you will learn to gain perspective simply by using that hypothetical as a mental exercise, although if it still doesnt bring perspective maybe being hacked is what's needed *shrug*.

thedarkmarine · Jan 21, 2010, 02:46 AM // 02:46

Quote:

Originally Posted by Martin Alvito

Don't insult my intelligence. It makes me very angry.

See, the issue is that if there weren't problems, you would not take action. Action is costly, so you wouldn't expend resources on the site unless you thought the downside risk from not taking action was greater than the cost of taking action. Your behavior reveals that your denial is a lie.

Every buy insurance?

Lord Dagon · Jan 21, 2010, 02:59 AM // 02:59

And you know what the sadest thing about this is? even past the account secrutiy adn their blatent lie that NCSoft has no flaws? its that Neither Martine or Regina will ever read the thread that they created ever again. And i mean NEVER. Its just "here you go guys *they go hide in the lead bomb shelter*" . it seems they just want us to sit in our own stew here.. or the fact they truely believed that this conformation would make us happy and start skipping down a nice gold bricked lane. Its the fact that they see us w/ the intelligence of cows and the value of how much crap we buy from them. good day anet *htits them w/ a white glove* its time for war -.-

Kattar · Jan 21, 2010, 03:03 AM // 03:03

Quote:

Originally Posted by Tobi Madera

And you know what the sadest thing about this is? even past the account secrutiy adn their blatent lie that NCSoft has no flaws? its that Neither Martine or Regina will ever read the thread that they created ever again. And i mean NEVER. Its just "here you go guys *they go hide in the lead bomb shelter*" .

Regina's reading the thread right now. Just because you can't see her doesn't mean she's not here.

Martin Alvito · Jan 21, 2010, 03:07 AM // 03:07

Quote:

Originally Posted by thedarkmarine

Every buy insurance?

You buy insurance when there is risk.

End · Jan 21, 2010, 03:07 AM // 03:07

Quote:

Originally Posted by Katsumi

Regina's reading the thread right now. Just because you can't see her doesn't mean she's not here.

And just because you can see her with a little star next to her name doesn't mean she is.
I am frankly surprised she even bothered to post in This thread...but its hard to ignore 59 pages of posts....

We'll see what happens here

Kattar · Jan 21, 2010, 03:10 AM // 03:10

Come come, End, just educating the new user of how the forum works.

Why would they idle in threads all day though? To fool the mod staff?

Eh, I've been watching them enough to know their habits. They have been reading this thread. Sadly you just have to take my word for it.

End · Jan 21, 2010, 03:12 AM // 03:12

Quote:

Originally Posted by Katsumi

Why would they idle in threads all day though? To fool the mod staff?

Actually I've found that this site dosen't update that down there often...had my ex-guild leader listed as reading a thread....two hours after they logged out and closed firefox...

Or yeah idling just for gits and shiggles

edit: not to mention anyone can look at how many people are viewing...and checking out how many names it displays...and relies some people be hiding...

Kattar · Jan 21, 2010, 03:19 AM // 03:19

Quote:

Actually I've found that this site dosen't update that down there often...had my ex-guild leader listed as reading a thread....two hours after they logged out and closed firefox...

When you spaz around the forum half the day like I do, back and forth between profiles and threads, it does.

But regardless, this is a little off topic.

End · Jan 21, 2010, 03:22 AM // 03:22

Quote:

Originally Posted by Katsumi

When you spaz around the forum half the day like I do, back and forth between profiles and threads, it does.

But regardless, this is a little off topic.

I keep important and trolly threads open in their own tab and browse in another...btw you might want to delete this after you read it...it's completely off topic...

@ChrisWorld below me...last night I think it was one of those ad people was listed as banned with a green dot

Giga_Gaia · Jan 21, 2010, 03:32 AM // 03:32

What is this pathetic attempt to cover your incompetence, NCSoft? A giant wall of text (that I actually read) which basically tells nothing useful except to say "hey, other companies are being targeted as well so we're not the only ones. Sure Google managed to protect their customers while we still won't admit that we suck at security; but hey it's your fault if you get hacked".

And reading the Aion forums, it's clear that NCSoft really doesn't know how to do business. You never, ever use that kind of attitude like GM Ash did when dealing with your clients. I could go on but what's the point.

End · Jan 21, 2010, 03:35 AM // 03:35

Quote:

Originally Posted by Giga_Gaia

You never, ever use that kind of attitude like GM Ash did when dealing with your clients. I could go on but what's the point.

Makes me miss Tabula Rasa....Seemed that the GM's for TR actually cared about the game... (15 minutes from sending in a support ticket to getting a response in game)

Diana Belevere · Jan 21, 2010, 04:05 AM // 04:05

Quote:

Originally Posted by Theocrat

It was indeed. But clearly in her case it was not an issue of her doing something wrong; that only applies to the rest of us.

Speaking of Linsey, does anyone have any proof of her supposed hacking? I heard it was posted on her facebook or something like that. I havent seen screenshots or seen it posted anywhere else.