 |
|
Jan 01, 2010, 06:51 PM // 18:51
|
#101 | |||||
|
Grotto Attendant
Join Date: Apr 2007
|
1. This is bad. Worse than I knew... which was plenty bad already.
2. The character-name question is not going to protect GW accounts when the NCSoft account is compromised because of the old support tickets that contain character names. The best quick fix would be to delete all the old support tickets ASAP. Since that requires NCSoft to cooperate, it probably won't happen. Plan B. Change the GW security question so that the user may specify ONE particular character name as the only correct answer. (Presumably everyone has an obscure character that's never been used in a support ticket.) 3. Read #2. It's important. 4. Again, I want to call for EITHER Let us sever our GW accounts from the NCSoft account OR Remove the NCSoft account's ability to reset the GW password (from the GW side). 5. Quote:
Hopefully the knowledge that ANYONE can now hack any account, might pressure NCSoft into finally acting. 6. Quote:
Quote:
Quote:
I'm sure there's thousands of other programming errors that could produce a similar result. That's just the one that came to my mind. Quote:
Well, I guess I have one more thought to add: You'll never get a judge or jury to understand how accounts are getting hacked and how exactly that fails to live up to the level of care a reasonable and prudent game company would use. But, "you knew there was a big hole in your security and you just sat there and denied it while doing nothing to fix it" is something that everyone understands. As is often the case, the coverup is more damning than the negligence. Last edited by Chthon; Jan 01, 2010 at 06:54 PM // 18:54.. |
|||||
|
|
Jan 01, 2010, 06:52 PM // 18:52
|
#102 | |
|
Krytan Explorer
Join Date: Aug 2009
Location: wouldn't you like to know?
Guild: ^yea KFC just subscribed to me for 1 year^
Profession: P/
|
Quote:
|
|
|
|
|
Jan 01, 2010, 06:53 PM // 18:53
|
#103 | |
|
Forge Runner
Join Date: Nov 2005
|
Quote:
Probably not in any way related to what's going on here because if all this is true, people can log on to accounts that haven't been logged on to in ages. Anyway, just posting this to point out that one should never underestimate the power of bad coding. Last edited by Gli; Jan 01, 2010 at 06:55 PM // 18:55.. |
|
|
|
|
Jan 01, 2010, 06:56 PM // 18:56
|
#104 |
|
Jungle Guide
Join Date: Aug 2007
|
Just a note of caution for those trying to log in and out multiple times to see if this works,
I would be worried that as part of the "solution" they might start banning all accounts that logged in and out a large number of times in a short period of time. I understand the desire to see if this is real, but it's going to be tough to use the defense that you were just trying to help if they get over aggressive with the ban bat. |
|
|
|
Jan 01, 2010, 06:57 PM // 18:57
|
#105 | |
|
Forge Runner
Join Date: Jul 2005
|
Quote:
Thinking they didn't fixed it ASAP and people are still doing that, well that is hard to gulp down. Yet, clearly the beans(account info) got spilled somewhere. |
|
|
|
|
Jan 01, 2010, 06:59 PM // 18:59
|
#106 |
|
Desert Nomad
Join Date: Jul 2007
Location: Cuba
|
I hope players keep reminding anet that the current lack of security on ncsofts website is unacceptable and must be fixed.
|
|
|
|
Jan 01, 2010, 07:01 PM // 19:01
|
#107 |
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
Well when I bought the game, I put my trust in Anet, didn't even know who NCSoft was. Is seperating the GW account from the main account and destroying old tickets + personal info even an option?
|
|
|
|
Jan 01, 2010, 07:03 PM // 19:03
|
#108 | |
|
Desert Nomad
Join Date: Jul 2008
Location: Singapore
Guild: Royal Order of Flying Lemmings [ROFL]
Profession: Mo/
|
Quote:
|
|
|
|
|
Jan 01, 2010, 07:18 PM // 19:18
|
#109 |
|
Site Contributor
Join Date: Apr 2007
Location: Phoenix, Arizona
Guild: Blinkie Ponie Armie [bpa]
Profession: N/Mo
|
Yeah... I really want my accounts unlinked at this point. I don't care how safe you are, how crazy your PW is, it doesn't MATTER if this is true.
Ugh. |
|
|
|
Jan 01, 2010, 07:21 PM // 19:21
|
#110 | |
|
Departed from Tyria
Join Date: May 2007
Guild: Clan Dethryche [dth]
Profession: R/
|
Quote:
|
|
|
|
|
Jan 01, 2010, 07:23 PM // 19:23
|
#111 |
|
Forge Runner
Join Date: Aug 2007
Location: WHERE DO YOU THINK
Profession: W/
|
Perhaps we should all start sending EMails to ANet/NCSoft requesting a bit of info on What The RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOing Hell they plan on doing about this...
Or perhaps just letting us un link from that useless website. |
|
|
|
Jan 01, 2010, 07:24 PM // 19:24
|
#112 |
|
Forge Runner
Join Date: Jan 2007
|
OH i get it now, you put a random acct name in the URL and bam, you can change their shit. HahahhaHAHHAA LOLOLOLOLOOOLOLLOO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!
|
|
|
|
Jan 01, 2010, 07:24 PM // 19:24
|
#113 |
|
Lion's Arch Merchant
Join Date: Apr 2005
Location: in my house
|
This is a very serious issue. If Arenanet was 1% serious they would force NCSoft to act now. This is the most stupid security issue a game company can have.
But it is NCSoft we're talking about here. From the great country of Denial of everything they do wrong. So if something is done, it might be in 2 years (and probably just make it worst) If at least it asked for anything at all other than writing new password to change it. Even without the login issue it is stupid to make changing password this simple. Edit: Maybe we should suggest to people who have been hacked to get themselves a random account from NCSoft. Since this is how it look right now, a big Jar of publicly exposed accounts that anyone can pick in. Last edited by Juhanah; Jan 01, 2010 at 07:41 PM // 19:41.. |
|
|
|
Jan 01, 2010, 07:31 PM // 19:31
|
#114 | |
|
Grotto Attendant
Join Date: May 2005
Location: The Netherlands
Guild: Limburgse Jagers [LJ]
Profession: R/
|
Quote:
|
|
|
|
|
Jan 01, 2010, 07:35 PM // 19:35
|
#115 |
|
Frost Gate Guardian
Join Date: Nov 2009
Location: CA
Guild: Wars
|
"hurrr durrrr 99% of hacked accounts are through the fault of the players themselves durr hurrr hurrrr"
What now, douchebags? |
|
|
|
Jan 01, 2010, 07:37 PM // 19:37
|
#116 | |
|
Forge Runner
Join Date: Jan 2006
Location: On Earth
Profession: W/P
|
Quote:
|
|
|
|
|
Jan 01, 2010, 07:38 PM // 19:38
|
#117 |
|
Ascalonian Squire
Join Date: Nov 2007
|
I just went to my master plaync account and did not see any old tickets. I've only used the account for the free storage pane. Am I not looking in the right place on my nc account for old information?
And will having a different email accounts on gw and plaync be beneficial? |
|
|
|
Jan 01, 2010, 07:41 PM // 19:41
|
#118 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Couple that with the trick to generate legit account names and I'm stunned we haven't ALL been hacked by now. |
|
|
|
|
Jan 01, 2010, 07:42 PM // 19:42
|
#119 | |
|
Forge Runner
Join Date: Jan 2007
|
Quote:
|
|
|
|
|
Jan 01, 2010, 07:43 PM // 19:43
|
#120 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
If your character names are splurged in support tickets (or your NCsoft account name matches your forums name, and you've posted your IGN in forums)... and you want to protect yourself in the meantime... changing your character names is an option. But you have to pay for that... which sucks royally. I still did it though - actually I did it as soon as character names become part of our account security. I changed the names of all characters whose names I had posted in forums or anywhere. I had to pay for that "insurance", I can't risk my main character getting deleted. Last edited by Riot Narita; Jan 01, 2010 at 07:46 PM // 19:46.. |
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 10:15 AM // 10:15.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("