Curse

jonnieboi05 · May 14, 2009, 01:14 AM // 01:14

Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.

~LeNa~

uzumaki · May 14, 2009, 02:20 AM // 02:20

Quote:

Originally Posted by JonnieBoi05

Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.

~LeNa~

That's funny, i have 11 too and have also played for 3 years. I got most of my accounts by hacking but have never been hacked myself.

\0/ reap the benefits, free z keys and travellers gifts.

Daesu · May 14, 2009, 03:48 AM // 03:48

He probably downloaded a trojan.

Brett Kuntz · May 14, 2009, 04:57 AM // 04:57

Guild Wars Account Security is fine. Your account was stolen because you failed to protect it. This is 100% your fault.

shogun avatar · May 14, 2009, 05:23 AM // 05:23

Quote:

Originally Posted by JonnieBoi05

Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.

~LeNa~

Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.

Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)

There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day

Gigashadow · May 14, 2009, 06:29 AM // 06:29

Quote:

Originally Posted by shogun avatar

Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.

Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)

There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day

From what you have said above, you almost certainly got keylogged, rather than someone trying out random combinations and randomly stumbling across your account name and password. It can happen even if you think you've been completely safe, and have never downloaded or run anything suspicious. Frequently there are security vulnerabilities in regular software you already have, and Adobe Flash is the prime candidate for these sorts of attacks.

Brute forcing passwords in games pretty much doesn't happen unless the hacker obtained the game's password file (that consists of the password hashes) to run dictionary attacks on, which doesn't happen. Keylogging is the most probable cause.

Also, disabling an account after 3 incorrect attempts is not a good solution, because then you could grief someone's account by failing to enter the correct password.

There are tons of Flash vulnerabilities, there's about one critical vulnerability a month; I know, because last year my WoW account got keylogged from a Flash vulnerability that was only 2 days old. For example (this is just one), here's a critical Flash vulnerability from Feb 24 of this year that lets any Flash app take control of your computer.

http://www.adobe.com/support/securit...apsb09-01.html

You can find others here:

http://www.adobe.com/support/security/

Now maybe in your case it was something other Flash, but either way, a keylogger installed by exploiting buggy software you already have installed is the most likely cause, not a script sitting there spamming arenanet's login servers with every possible account name and password.

jonnieboi05 · May 14, 2009, 07:07 AM // 07:07

Quote:

Originally Posted by shogun avatar

Quote:

Originally Posted by JonnieBoi05

Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.

~LeNa~

Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.

Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)

There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day

Please... I doubt it... With a password like his? And "never telling anyone his email?" Almost ALL account thefts are from actions/programs on behalf the owners end.

Quote:

Originally Posted by Gigashadow

From what you have said above, you almost certainly got keylogged, rather than someone trying out random combinations and randomly stumbling across your account name and password. It can happen even if you think you've been completely safe, and have never downloaded or run anything suspicious. Frequently there are security vulnerabilities in regular software you already have, and Adobe Flash is the prime candidate for these sorts of attacks.

Brute forcing passwords in games pretty much doesn't happen unless the hacker obtained the game's password file (that consists of the password hashes) to run dictionary attacks on, which doesn't happen. Keylogging is the most probable cause.

Also, disabling an account after 3 incorrect attempts is not a good solution, because then you could grief someone's account by failing to enter the correct password.

There are tons of Flash vulnerabilities, there's about one critical vulnerability a month; I know, because last year my WoW account got keylogged from a Flash vulnerability that was only 2 days old. For example (this is just one), here's a critical Flash vulnerability from Feb 24 of this year that lets any Flash app take control of your computer.

http://www.adobe.com/support/securit...apsb09-01.html

You can find others here:

http://www.adobe.com/support/security/

Now maybe in your case it was something other Flash, but either way, a keylogger installed by exploiting buggy software you already have installed is the most likely cause, not a script sitting there spamming arenanet's login servers with every possible account name and password.

Thank you. PC-knowledged ftw.

~LeNa~

Strife17 · May 14, 2009, 07:35 AM // 07:35

i once got scared when i thought i had a keylogger on my computer.

i was online and suddenly i log off out of nowhere. checked my internet connection and it was fine. so it wasn't a DC. so i figured.. hmm some bitch is trying to steal my account, no f**king way..
so i changed my password everytime i logged on

since i don't know much of computers, like how to remove it with anti-virus or how to format your computer

now my friend has formatted my computer (for other reasons too) and well still have everything

subarucar · May 14, 2009, 10:56 AM // 10:56

Quote:

Originally Posted by kunt0r

Guild Wars Account Security is fine. Your account was stolen because you failed to protect it. This is 100% your fault.

True story.

Of all the online games i have played/own, and accounts i use, never once has one been hacked.
Iv'e never had problems with NCsoft support either, of the 3 times i have contacted them, i have always had a reply within 24 hours.

Empress Amarox · May 14, 2009, 03:55 PM // 15:55

I have a little tip for account security...

Go here: http://rumkin.com/tools/password/pass_gen.php
Set it to +Num +alpha +ALPHA and 15 characters

Generate a string. Examples:

Code:

UW7zYy8mOBYotoH
GodxLZ0FaTl683I
nLctogzeulOaduA
O43ozroiKWXKtxb
1QpFMq5n50QYbrA
zWNCWZNMXw5Lh4O
zBCTYhGe971CHLX
DrjWv2Pu4FLlE1r
fODxiJVbwzn1OqC
Bw3xCyuu7ZZzmQD

Now, take that string, and replace some random characters with a couple alt codes, without typing the rest of it, ever.

Now, download this: http://passwordsafe.sourceforge.net/
Put your password in there, and never ever type it.

Account secure, even if you do get a keylogger.

Gigashadow · May 14, 2009, 06:29 PM // 18:29

The other thing you can do, which is what I do, is just use the -password switch to the gw.exe command line to specify your password for your Guild Wars shortcut, so that you don't ever type it, so no keylogger will catch it. Just double click the icon on your desktop and you're in game without having to type anything, it's very convenient. Obviously if your machine is not physically secure from other people, don't do this.

notskorn · May 14, 2009, 07:31 PM // 19:31

Its not their fault someone had your password, its yours

Empress Amarox · May 17, 2009, 05:47 PM // 17:47

Quote:

Originally Posted by Gigashadow

The other thing you can do, which is what I do, is just use the -password switch to the gw.exe command line to specify your password for your Guild Wars shortcut, so that you don't ever type it, so no keylogger will catch it. Just double click the icon on your desktop and you're in game without having to type anything, it's very convenient. Obviously if your machine is not physically secure from other people, don't do this.

I don't entirely think that may be safe... If you have a trojan, you're storing that password unencrypted in a shortcut, so they could just view the shortcut and easily get your password.

But, that may just be me being paranoid... That's why I made a post about encrypted shortcuts... http://www.guildwarsguru.com/forum/s...31#post4635631

Gigashadow · May 17, 2009, 07:54 PM // 19:54

Quote:

Originally Posted by Empress Amarox

I don't entirely think that may be safe... If you have a trojan, you're storing that password unencrypted in a shortcut, so they could just view the shortcut and easily get your password.[/url]

If you have a trojan, your machine is already totally compromised by having hostile code executing on it, so at that point you just have to play the odds and hope that whatever other defense you took is obscure and specific enough.

Even passwordsafe isn't completely safe, as at some point the unencrypted password has to be entered into a field somewhere, even if by cut and paste from the clipboard.

If you use a special executable with an encrypted password that launches GW.EXE, it could just watch and see what gw.exe (rather than the launcher) actually gets launched with, since gw.exe takes the plaintext password as a parameter.

Luckily though, trojans are just opportunistic keyloggers that try to catch passwords for ANY game, bank account, or really anything you enter into a password field in any application or web page. They aren't specific to Guild Wars, and certainly not enough to look around your machine hoping you are one the 0.01% of the GW population that puts a -password switch on the gw.exe shortcut. Or so I hope anyway

At some point you just have to balance convenience vs paranoia.

I'd say though that installing a virus scanner is definitely worthwhile for anyone who doesn't have one. I used to never use one, because I was always paranoid about installing anything, and always kept up to date on security updates. I also know how badly most of them slow down machines. I would check my system once a year and then immediately uninstall the scanner, and I always came up clean. However, for the first time, last year, I got keylogged through no fault of my own; shitty adobe products like Flash are filled with security holes that can be exploited to allow arbitrary code to run on your system, and need to be kept up to date every month. I then realized the days of doing without a permanent virus scanner were over.

Luckily Kaspersky is very low overhead and doesn't bog down my system. I wasn't at all surprised that the only vulnerabilities it ever finds on my machine are in adobe software.

Darkobra · May 17, 2009, 09:25 PM // 21:25

Quote:

Originally Posted by shogun avatar

had same password for 3 years

Am I the only one who sees the problem here?

Red Sonya · May 17, 2009, 10:03 PM // 22:03

Stop visiting porn sites and downloading game torrents and you will 99.9% stop getting hacked. Continue to visit them then quit coming to forums complaining you got hacked. The percentage of people who visit porn sites and download game torrents have a 75%+ chance of getting a key logger trojan or a virus. The other is thinking no one around you could know your password. There are people out there with photographic memories that can just watch you type on your keyboard from a distance and tell you what you typed. Who's been sitting beside you watching you play?

Medion · May 17, 2009, 10:03 PM // 22:03

Quote:

Am I the only one who sees the problem here?

I never understood this. If you don't tell anyone your password, how is changing a password regularly safer than keeping the same for a long period of time?

Gigashadow, you don't like Flash very much I take it?

sykoone · May 19, 2009, 01:37 AM // 01:37

Wow. How many people does it take to gripe at the guy's security, and ignore his actual complaint. It wasn't so much about being hacked, as it was being unable to reset his own password without going through NCSoft support.

It should take more than just an old->new password. They should, at the very least, require the account name and email verification to change the password. And, if the password needs to be reset without inputting the old password as well, there should be a block placed on the account until it goes through support. At least that way there's a chance that some of your stuff and characters will still be there when it's done.

pinguinius · May 19, 2009, 02:23 AM // 02:23

Quote:

Originally Posted by sykoone

Wow. How many people does it take to gripe at the guy's security, and ignore his actual complaint. It wasn't so much about being hacked, as it was being unable to reset his own password without going through NCSoft support.

His original complaint is stupid. It's essentially "Baww, someone got my super duper awesome password because I suck at the internet and a gaming company who has no financial motive to give a shit doesn't give a shit. They should change their system because I'm a retard."

Yeah, no. Quit being bad and no one will get your password. If you got it stolen it's because you have dickish friends or went to a dubious GW fansite and downloaded an exe or didn't have noscript on. Period.