 |
|
Jan 24, 2010, 08:25 PM // 20:25
|
#181 |
|
Wilds Pathfinder
Join Date: Jan 2006
Location: Italy
Profession: E/
|
I think it's about time gaming companies stopped treating their customers like they are retarded by default. Such assumptions are to be made by developers when designing software, not by employees in contact with their user base.
Last edited by Akaraxle; Jan 24, 2010 at 08:28 PM // 20:28.. |
|
|
|
Jan 24, 2010, 09:18 PM // 21:18
|
#182 | ||||
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
On the other hand using the example of your particular guild to demonstrate that there are players that didn't get the pane without other data doesn'r prove anything. Quote:
Thousands of accounts compared to hundreds of thousands is a small percentage, so people can't just say "its impossible for so many to have security flaws or done some less licit activity or just got scammed". We are in agreement here. Quote:
Quote:
I don't understand why everything that Anet/NCSoft says is false and misleading and why everything that the person(s) that brought up the "random logging exploit" is to be believed without a doubt and with no proof. Unless you think THOUSANDS of accounts hacked represent something in a universe of HUNDREDS OF THOUSANDS accounts. Last edited by Improvavel; Jan 24, 2010 at 09:21 PM // 21:21.. |
||||
|
|
|
|
Jan 24, 2010, 09:37 PM // 21:37
|
#183 | ||
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
If we deduce that some hacks went unreported because they were not discovered (dead accounts) and others went unreported because people didn't feel like signing up for this fansite, we can conclude that more accounts were hacked. At that point, brute force (even on the NCMA password reset mechanism) as an explanation for the expected number of "I have a secure password, no keylogger and don't share credentials" stories breaks down. Quote:
In my view, this is why the hacks stopped and the phishing started once those barriers went up. |
||
|
|
|
|
Jan 24, 2010, 11:10 PM // 23:10
|
#184 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
Yeah, I would be very annoyed if it happened to me and a single account hacked to NCSoft vulnerabilities is very bad. But unfortunately even much more important websites get hacked. But short of "all of us are in eminent risk!" and short of explaining all single hack. |
|
|
|
|
|
Jan 24, 2010, 11:15 PM // 23:15
|
#185 |
|
Pyromaniac
Join Date: Aug 2005
Profession: Mo/W
|
I pretty much spent my GW career only knowing a couple people hacked. The number of people I knew that got hacked easily quintipled around the late summer to early winter, though.
|
|
|
|
|
Jan 25, 2010, 02:59 AM // 02:59
|
#186 |
|
Grotto Attendant
Join Date: Apr 2007
|
Improvavel, I was going to respond to you, but as I continued reading your posts over the last couple pages, it became clear to me that you're trolling.
So this is all the answer you're going to get: Since the moment I became convinced that the NCSoft site was vulnerable, I've stayed the hell away from it. My account there is already as secure as I can possibly make it, so going there only increases my risk. I believe the reports of the wrong-account-log-in bug are true because (1) certain people who have a reputation for honesty in my eyes have confirmed it, (2) too many people have confirmed it for them all to be trolls/attention trollops, (3) several people who have confirmed it have something to lose if caught lying -- good reputations on this forum built up over a substantial period of time, and, in one case, a modship, (4) no one has anything to gain by falsely confirming, (5) this sort of bug is concordant with the level of crappy design evidenced by the various brute force vulnerabilities, and (6) there is obviously something wrong with the NCSoft site -- everything in NCSoft and a-net's behavior, except their official statements, points towards that conclusion; as does the amazing coincidence that, as soon as they added third login credential and requirement of knowing the old password to change the password, reports of account theft went way down, and reports of phishing attempts went way up. [edit: apparently "RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GO" is a censored word.] Last edited by Chthon; Jan 25, 2010 at 03:09 AM // 03:09.. |
|
|
|
|
Jan 25, 2010, 04:44 AM // 04:44
|
#187 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
Basically what I've seen in these forums was that massive thread around the new year. I don't know the original poster and basically I've only seen another person backing it up. If I'm wrong please be kind (no irony) to point where it was confirmed by other people - about the log bug. Maybe you are in possession of information that I don't have, but I haven't seen that information disclosed in these forums - and I mean specifically about the log bug. All was said was "when you log you might randomly access other people accounts". Damn, if it is just that simple hackers can simply throw computational power and make thousands/millions of loggings - a simple script will do that. Getting it to change the password previous to the old password requirement and nabbing the email address doesn't seem particularly harder. Had you answered that you actually seen that bug happen I would be more inclined to believe so, although I would still take it with a grain of salt as I only know you as a forum poster. As why would people spread false information or what motivation would they have for that, I've no clue, but just because I can't imagine it, it doesn't mean that it doesn't exist - and again I don't know any of the people, either personally or just trough the game/forums. Where do you get your numbers of reported hacks/phishings/etc? Are you just basing them on the forum reports? Or do you have better numbers? If do you have are they publicly accessible or can you share them? What I've seen, and I admit I might not have looked exhaustively, was loads of rage against Anet but actually not that many people supporting the log bug claim. And my reservations about this log bug claim, isn't because I don't believe NCSoft website can be hacked - it is because that bug seems so simple that any half assed programmer could take advantage of it. Had the claim been "NCSoft website has been hacked and some information was stolen" I wouldn't have so many reservations. Additionally if the bug existed is it solved now? Or did they just add the old password requirement? Were any other changes made to the website? People make claim there was (still is?) a log bug, people claim there were never so many GW hacks, etc. But is there any evidence that I or any other simple forum poster in here can see? Any numbers on hacking? Even any "before there was like 5 threads per time period about hacking on guru and now its 15" data? If you want to believe I'm a troll it is up to you, but it seems it is "Either you take the OP poster and a few other posters word or you take Anet word". And I can't even take your word on the bug claim, as you have not experienced it and neither did I, which doesn't prove anything. Without evidence I can't take either Anet word or the posters word. What I have is 10 GW accounts under my responsibility or someone really close, as in real life close, all linked and not hacked, which again proves nothing. Last edited by Improvavel; Jan 25, 2010 at 05:01 AM // 05:01.. |
|
|
|
|
|
Jan 25, 2010, 09:42 AM // 09:42
|
#188 | |
|
Desert Nomad
Join Date: Jul 2006
Profession: D/
|
Quote:
|
|
|
|
|
|
Jan 25, 2010, 05:20 PM // 17:20
|
#189 | |
|
Academy Page
Join Date: Oct 2006
|
Quote:
A great example of this is smokers, no matter how high cigarette prices go, people still smoke. The time for client respect is gone, it's a take it or leave it situation. |
|
|
|
|
|
Jan 25, 2010, 05:38 PM // 17:38
|
#190 | ||||||
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
Quote:
Quote:
2. By all indications, the bug is fickle. Neither your nor NCSoft's attempts could reproduce it. Others claim to have reproduced it within less than 1000 tries.Surely whatever impeded you and NCSoft also impeded the thieves. 3. While the Chinese government may have top-notch hackers on payroll, most gold sellers do not. 4. While the log-into-somone-else's-account bug is dramatic and damning, it's not the worst problem with the NCSoft site by a longshot. The file mirroring and SQL injection vulnerabilities reported by Mung on AionSource are far, far worse. A sophisticated attacker could do much more damage than we've seen so far. Quote:
Quote:
Quote:
|
||||||
|
|
|
|
Jan 25, 2010, 05:50 PM // 17:50
|
#191 | |
|
Wilds Pathfinder
Join Date: Apr 2006
Guild: [DVDF] Gp
Profession: Me/A
|
Quote:
So no way to manipulate or change anyone elses data? Sorry ive not kept as upto date on this or looked very indepth as you have so im more than likley recalling it wrong xD |
|
|
|
|
|
Jan 25, 2010, 06:13 PM // 18:13
|
#192 | |||||
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
Quote:
Quote:
Quote:
Quote:
And only because you referred "he said/she said", I could say I find it funny that even if this subject started in Aion forums the NCSoft response clearly mentioned "a thread on a third-party Guild Wars forum this New Year's". Considering that NCSoft in the past was quick to point that the most likely reasons for being hacked was dealing with RMT, user vulnerabilities/error and 3rd party websites, I could imagine some people being annoyed with NCsoft. Which is interesting on the recent news of the attacks on the Guru. But I'm out of this question now and not feeling worried. Maybe silly me. Lets just hpe for the best. Curiously had you said you have seen this bug, I would have believed you Chton - see you don't need to be a mod to have respect - even if I think you are a bit silly about discord. Dunno why I would take your word for it, but I would. I'm dropping (or hopping to drop) this subject, although still interested in evidence should it appear. Peace. |
|||||
|
|
|
|
Jan 25, 2010, 08:03 PM // 20:03
|
#193 | |
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
|
|
|
|
|
|
Jan 25, 2010, 11:30 PM // 23:30
|
#194 |
|
Krytan Explorer
Join Date: Sep 2006
Location: Treehouse #1
Profession: W/
|
Well now, it has been said before, but this GSU (Giant Sample of Untruths) article is just a feeble attempt at trying to CTA (Cover Their Asses) and 'attempting' to fool the fools, but only making themselves look like fools in the process.
Simply ridiculous. FTL NCSoft and to a degree ANet too. (See, I can use acronyms too!) |
|
|
|
|
Jan 26, 2010, 02:54 AM // 02:54
|
#195 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
@ Improvavel: I know you're not a troll. You're asking reasonable questions that a newcomer to the discussion would ask. There was an active thread (ok, fine, locked but maintained) that Inde maintained with 100+ reports, plus all the deleted threads from July-November. I wasn't able to get an accurate count at the time, but there were literally in the low hundreds of reports of NCMA hacks without obvious causal attribution. Induct from there to the number of hacks using the NCMA that didn't get posted, and you get the idea. Think about it this way - consider the number of people you know that would post if they got hacked, against the number that are not active/registered and would not do so. The only reasonable conclusion is that there were a lot of unreported hacks. |
|
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 09:28 AM // 09:28.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("