Curse

Lucci_Slevin · Jan 06, 2010, 07:09 PM // 19:09

She wants to contact the people who claimed they managed to log onto stranger's NCSoft master account. Remember this is not the same thing as the Aion website glitch.

Posting for exposure. Mods feel free to merge into the sticky I guess.

Quote:

Oh, you can be sure the code is being scoured, as well. But when issues get reported, there's great value in direct replication and testing, so that's what the team member did (and is probably still doing). In addition to the logging that was put in place, we're just not seeing a single instance of switching between NCMAs through any means.

I'm still hoping to hear from someone who stated that he or she experienced this issue. They can get in touch with me, Regina, Martin, or support. I'm still hopeful that the two or three people who claimed they have personally experienced a switch between NCMAs will contact one of us. Right now, testing can't find it, logging doesn't see it, and no one has stepped forward to provide details. -- Gaile 18:31, 4 January 2010 (UTC)

Quote:

Yes, there are a few of people claiming personal experience with this, but as far as I know, none of them have stepped forward to discuss the matter with us, the people who are the path to testing and resolution. (I believe Regina may have gotten some rather vague info, but as far as I know, none of us have enough details to be worthwhile.)

I have made it very clear that we welcome the reports of people who have experienced this glitch. PMs have been sent. Posts have been made. And info is still not forthcoming. If you or someone you know experienced this situation -- actually personally experienced this situation -- please write me at [email protected]. Thanks. -- Gaile 06:57, 6 January 2010 (UTC)

Hells Fury · Jan 06, 2010, 09:20 PM // 21:20

I'm looking forward to see someone stepping up and admitting he was able to log into others accounts (maybe transfer just an ecto or two for rainy days).

Mercesa · Jan 06, 2010, 09:22 PM // 21:22

OMFG I KNEW THAT I LOST MY ACCOUNT AND IT WAS NOT MY FAULT!

Anyway finally they admit that It's not the player their fault but the company their fault.
Don't hate the player hate the game.

Black Metal · Jan 06, 2010, 09:37 PM // 21:37

The last time someone stepped up to duplicate a known bug (mapping to Mallyx's outpost), they were greeted with an in-game ban (one of them has posted here about this recently).

MMSDome · Jan 06, 2010, 09:39 PM // 21:39

It's a shame I don't remember my NCSoft account username or PW because then I could help out!

MisterB · Jan 06, 2010, 09:41 PM // 21:41

Quote:

Originally Posted by Black Metal

The last time someone stepped up to duplicate a known bug (mapping to Mallyx's outpost), they were greeted with an in-game ban (one of them has posted here about this recently).

I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.

snoozer80 · Jan 06, 2010, 09:44 PM // 21:44

they may ban those ppl which accidently found that glitch cause they may blame them they stripped those accounts..

Black Metal · Jan 06, 2010, 09:49 PM // 21:49

Quote:

Originally Posted by MisterB

I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.

It was where you could map right to Mallyx and fight him, instead of having to do all the DOA areas first. Basically you get his green drop and the gemstones, but as legit drops from killing him.

Enko · Jan 06, 2010, 09:55 PM // 21:55

Quote:

Originally Posted by MisterB

I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.

fenix and i were banned for about 4 hours after we sent in the duping method. gaile got our accounts fixed almost immediately after we got a message to her.

MisterB · Jan 06, 2010, 10:04 PM // 22:04

Right. I was posting about 2 separate exploits. The duping one was when 2 guru members duplicated a red dye as pointed out above. Their accounts were returned after the automatic bot ANet ran banned all the duped item accounts.

But as far as I know, it was impossible to map to the Ebony Citadel of Mallyx outpost initially without hacking the client to allow that. Other people could tag along in the party of someone who hacked their client to get there or someone who was "anchored" there from their hall.

Shayne Hawke · Jan 06, 2010, 10:10 PM // 22:10

Since it seems that the people who are getting logged into this way are people who are logging into their NCSMA from elsewhere, I'm going to put this under "Things To Not Do". No point in trying to crack into someone else's account if it's going to make my own vulnerable at the same time.

Grunntar · Jan 06, 2010, 10:28 PM // 22:28

Quote:

Originally Posted by Mercesa

Anyway finally they admit that It's not the player their fault but the company their fault.
Don't hate the player hate the game.

Umm, huh? She is saying that they can't duplicate this, implying that it's not possible. That's about 180 degrees away from "yes, it's possible, and it's our fault..."

I'd recommend that you re-read the original post.

Black Metal · Jan 07, 2010, 12:22 AM // 00:22

Quote:

Originally Posted by Shayne Hawke

Since it seems that the people who are getting logged into this way are people who are logging into their NCSMA from elsewhere, I'm going to put this under "Things To Not Do". No point in trying to crack into someone else's account if it's going to make my own vulnerable at the same time.

Precisely my point. Say in the near future they figure out how to track who is doing this (say, anyone who has tried to log on 200 times in an hour). Then people trying on Gaile's behalf get thrown into that pool, and poof, you are perma'd.

Besides that, I sure as hell don't want someone to get into my NCSMA by doing Gaile's bidding.

Cuilan · Jan 07, 2010, 12:44 AM // 00:44

I'm not bothered by there being security related glitch.

I'm not bothered by them not knowing what is wrong.

I am bothered by the fact they are still allowing people to log into their NCsoft accounts. All log ins should have been disabled right when they knew something like this was up. No excuses.

Grunntar · Jan 07, 2010, 01:04 AM // 01:04

Quote:

Originally Posted by Cuilan

I am bothered by the fact they are still allowing people to log into their NCsoft accounts. All log ins should have been disabled right when they knew something like this was up. No excuses.

I'm guessing that they don't think that there actually is a problem with the NCsoft accounts (NCMAs). The only people that "know" that there is an problem with the NCMAs is the player base. So from NCsoft's point of view, "why fix it if it ain't broke!"

But even if they did think that there were problems, they wouldn't be able to instantly disable the NCMAs, since there are things that need to happen which depend on these accounts, so at this time, they are required. NCsoft wouldn't be able to disable the master accounts until substitute processes were put into place.

Dzjudz · Jan 07, 2010, 01:13 AM // 01:13

So Cuilan, when some random person makes a random accusation about guild wars being easily hackable, without actual proof or it being reproducible, anet should just shut down guild wars for all of us? Or do you see how that might be the wrong action?

Faer · Jan 07, 2010, 01:37 AM // 01:37

Just so everybody knows, screenshots of you being inside of somebody else's account aren't good for anything apparently. I'm not exactly sure what they want from the community, really. Anything the community can possibly provide (unless they do some illegal shit to the NCSoft website) is too "vague" and not "worthwhile".

...meh. At least we got that previous password thing in there.

Regina Buenaobra · Jan 07, 2010, 01:55 AM // 01:55

Theocrat: Any information provided will be followed up on by the NCsoft security team. At this point they're focusing on trying to replicate the error. Screen shots help, but they just show that there might be a bug, and the security team is digging much deeper, by trying to verify that the error exists. We sincerely appreciate those few people who have provided us with information.

Please keep in mind that, so far, we have discovered no malicious compromises having occurred in the manner described (random account switches). As I told you all before, we have added additional logging and security measures to further strengthen existing processes and preventative systems.

Lucci_Slevin · Jan 07, 2010, 02:01 AM // 02:01

Quote:

Originally Posted by Theocrat

Just so everybody knows, screenshots of you being inside of somebody else's account aren't good for anything apparently. I'm not exactly sure what they want from the community, really. Anything the community can possibly provide (unless they do some illegal shit to the NCSoft website) is too "vague" and not "worthwhile".

...meh. At least we got that previous password thing in there.

I imagine they need stuff like time/date, account names and IPs et al.

Kattar · Jan 07, 2010, 02:02 AM // 02:02

Automated login scripts and the like don't seem to produce the bug. It's has to be a human doing it. Someone I have no reason to doubt set up a script to do that and was unable to log in. Another person was able to reproduce it first try. Another user reported getting into a different account after a few more tries. Several hundred, I believe.

That may be the reason you haven't been able to reproduce it up to now.

Short of recording everything we do, there's no other proof we can give to you. But we do care about this, that's why some of us put in the work. Take it or leave it.

(I would name names, but I really don't see the need to, especially if it may result in some kind of disciplinary action from NCsoft.)