 |
|
Feb 24, 2009, 05:05 AM // 05:05
|
#141 |
|
Site Contributor
Join Date: Dec 2004
|
Balkoth, you are assuming all the other hacked accounts had trojans such as you. Some people have clearly stated in this thread that their virus scanners came up clean. You could have 2 coincidences that are happening together here.
|
|
|
Feb 24, 2009, 05:10 AM // 05:10
|
#142 | |
|
Ascalonian Squire
Join Date: Apr 2005
Location: Amerika
Guild: [TofT]
|
Quote:
|
|
|
|
|
Feb 24, 2009, 05:13 AM // 05:13
|
#143 |
|
Wilds Pathfinder
Join Date: Aug 2005
Location: Los Angeles, California
Guild: Picnic Pioneers
Profession: E/
|
A few days ago, someone in GToB asked me to join their party and go into the Isle of the Nameless.
That person repeatedly disconnected+reconnected himself, asked me to use skills, and said he was "debugging" something and told me that it was related to the party window/formation. Suspicious? He said something like: [DEBUG] Searching for Agent ID 25 [DEBUG] Searching for Agent ID 26 I haven't noticed anything wrong with my account yet. |
|
|
|
Feb 24, 2009, 05:52 AM // 05:52
|
#144 |
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
There are two things going on:
- people received private messages on guru to buy gold, z-keys and ectos. - accounts get hacked: hacker is mainly interested in gold, z-keys and ectos it seems. This might be coincidence. The hacker(s) might be following this thread too. Last edited by Gun Pierson; Feb 24, 2009 at 05:54 AM // 05:54.. |
|
|
|
Feb 24, 2009, 06:00 AM // 06:00
|
#145 |
|
Site Contributor
Join Date: Dec 2004
|
We have seen screenshots of emails being sent out trying to phish for account information, we have Regina reporting GW2 beta scam websites and youtube videos to get account information, we have Gaile Gray telling us the number of RMT's scamming and stealing accounts, we have people downloading 3rd party programs, we have people who buy GW gold, we have people who admit to not having secure passwords and somehow all of that is ignored in order to try to prove a connection. Maybe that's harsh, and while I do agree something is going on you have to step back and take in the big picture versus grasping.
|
|
|
|
Feb 24, 2009, 06:21 AM // 06:21
|
#146 | |
|
Krytan Explorer
Join Date: Mar 2008
Location: South Texas
Guild: Paper St Fight Club [Soap]
Profession: Mo/
|
Quote:
I logged out...30 minutes later I logged back in to find my main account in GTOB not in TOA where I left her (doing vanquishing in that area so I'm 100% sure that's where i left myself)...I checked storage...They STOLE...theft...stealing... took my stuff (got it? ok just making sure)...330+ectos...100k....q9 VS...everlasting tonic...2 zkeys...maybe something else This was done by the hacker logging in as me and trading my items to his account in place of a Grail of Might (which I never use)... So if you bothered to read any of these posts you would find the same thing happened....we are all very protective of our passwords, accounts, names, whatever...logged in in GTOB and found things missing, so please read the posts first before you QQ our QQ...kthxbai |
|
|
|
|
Feb 24, 2009, 06:31 AM // 06:31
|
#147 |
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
@ Inde: Ofcourse, the chance would be very small.
Changed my mail here as it was linked to my account, replaced it with a new email address, does the old still stay in your list? Anyway they can prolly track him down fast. Last edited by Gun Pierson; Feb 24, 2009 at 06:33 AM // 06:33.. |
|
|
|
Feb 24, 2009, 06:32 AM // 06:32
|
#148 |
|
Site Contributor
Join Date: Dec 2004
|
Nope, you change it, it changes it in the db.
|
|
|
|
Feb 24, 2009, 06:35 AM // 06:35
|
#149 |
|
Forge Runner
Join Date: Feb 2006
Location: Belgium
Guild: PIMP
Profession: Mo/
|
Ok thanks for the info!
|
|
|
|
Feb 24, 2009, 07:04 AM // 07:04
|
#150 |
|
Guest
Join Date: Jan 2007
|
not that it really matters...and I didn't screen shot it.
sometime around the new FF release 3.0.6 (of course I use no script/adblock plus/adblock filtersetG.updater) I think the release was around & about the last holiday event. anywho... and this has NEVER happened to me with this site... I was getting a nice pop-up via FF stating this was an attack site. never happened before, and somehow it just magically went away. I never messed with a single setting. ----------------------------- my GW.exe http://www.virustotal.com/analisis/4...7871121892faba |
|
|
|
Feb 24, 2009, 07:43 AM // 07:43
|
#151 | |
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Quote:
Unfortunately, we get what we pay for.. no monthly fee = little to no in game monitoring of what actually happens. |
|
|
|
|
Feb 24, 2009, 07:54 AM // 07:54
|
#152 | |
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Originally Posted by Jhadur
Do any of the other people getting hacked have their accounts linked to NCSoft? Quote:
Good luck to the guys who got attacked anyway, I hope anet gets to the bottom of this and finds some way to reverse the trades. |
|
|
|
|
Feb 24, 2009, 09:19 AM // 09:19
|
#153 | |
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
Quote:
First of all, the trojans used for gaining access to game accounts do excist. However, when looking at their characteristics they are nothing compared to a banking trojan like Mebroot. Second, while it might look hard to generate a MD5 dictionary or bruteforce them it's not that hard in reality. It's not like we are generating collissions in huge documents. We are talking about bruteforcing strings with known specifications. We can safely asume that most of the passwords will be in the [a-Z][0-9] format. We can also assume that the password length is between 6 (if GW does not enforce a minimum of 8) and about 15 with the majority below 10 characters. That limits the list a lot. Furtermore we can assume that the base of most passwords will be vulnerable against a dictionary attack. So we take the dictionary and MD5 that one. Then we take that same dictionary and start adding numbers, making sure the total length does not exceed 10 (as start). So we start with '0password' to '99PASSWORD' and 'password0' to 'PASSWORD99'. Generating the MD5's on such lists is trivial. And I think lists are available already. The same for SHA1. Now if we were to compute a random string of [a-Z][0-9] things would already be different. Even at 9 characters we would be looking at an astonishing 13.000.000.000.000.000 combinations if I'm not mistaking. Add in an additional 25 uncommon characters and it will be 285.(lots of zero's again). That's very time consuming to brute force. So much for theory. Practice is that people will use passwords that are vulnerable to dictionary attacks most of the time. That's the easiest to remember. If that password is stored as 'plain MD5' in a database and that database is compromised (that's why you should not reuse passwords for things you care about) it's easy to obtain the real password. As for people storing encrypted passwords in databases, it's easy to salt the password. What it does is making each MD5 or SHA1 checksum 'unique'. If the word 'password' is encrypted this would generate a checksum (example, not going to calculate it for real) 'ABCD'. Doing the same with '1password' would generate 'DKFR' while '2password' would generate 'YRFT'. When the salt is long enough it would make the password impossible to obtain. Adding a salt of 3 characters [a-Z][0-9] would make it about 4.000 times harder to crack the password. Doesn't look like much, but consider the 13.(many zeros) and multiply that one by 4000. What I've done in the past is just using the UID to salt passwords. Not on very sensitive information but in general it's good enough. So much on this. Bottom line, use 'special characters' in your password, don't use important passwords on other places, try to avoid words from the dictionary. And..... Why don't you write your password down and put it somewhere safe if you can't remember it because it's too complicated (like A^J$sT%P#@). It's not like someone willing to access your GW account will break into your house to obtain your password. Well, I assume you can trust your family.... The same for other important passwords. Just make sure that if someone does break into your house and obtains the list he/she can't do anything with it (so no UID/pass/application combinations). |
|
|
|
|
Feb 24, 2009, 09:41 AM // 09:41
|
#154 | |
|
Desert Nomad
Join Date: Jul 2005
Guild: Glob of Ectospasm [GoE]
|
Quote:
(If they even looked of course) |
|
|
|
|
Feb 24, 2009, 11:07 AM // 11:07
|
#155 | |
|
Forge Runner
Join Date: Sep 2006
Location: AZ
|
Quote:
 . I hope though if it is identified as a concerted attack, that their position might change for you guys (unlikely - but I hope).I've been somewhat paranoid, as I've been getting a lot of err7s the past few days myself (unusual for me) - got me checking under the bed (so to speak). Last edited by Lycan Nibbler; Feb 24, 2009 at 11:09 AM // 11:09.. |
|
|
|
|
Feb 24, 2009, 11:29 AM // 11:29
|
#156 | |
|
Krytan Explorer
Join Date: Mar 2006
Guild: innergalactic gargleblasters
Profession: W/Mo
|
Quote:
BTW: My husbands account was hit today. 2 characters in GToB.. lost uncustomized torment staff and 400K. In its place he got a fungal wallow.. Oh Goody! So far, my account is safe.. for the time being...or it was 30 minutes ago. Hes not happy and neither am I...I got him a new staff (aint I sweet)...just hope its still there in the morning. This time he customized it. Best of luck to us all on hanging on to our stuff. Just like a lot of folks here, he changed password, did all the usual precautions and still got hit. |
|
|
|
|
Feb 24, 2009, 11:30 AM // 11:30
|
#157 |
|
Ascalonian Squire
Join Date: Feb 2009
|
I've been getting a lot of d/c's and err since the weekend too. It almost never happened before that. It has made me quite nervous about things.
Also, I read the whole string but can't remember if this was mentioned...one commonality in this is it appears everybody has a guru account. At least I haven't seen anywhere else an explosion of complaints about 'I wuz hacked'. |
|
|
|
Feb 24, 2009, 11:42 AM // 11:42
|
#158 | |
|
Jungle Guide
Join Date: Apr 2008
Guild: [bomb]
|
Quote:
My guildie was hacked and he has no guru account and no GWO account etc. He has Ncsoft account though. |
|
|
|
|
Feb 24, 2009, 12:03 PM // 12:03
|
#159 |
|
Jungle Guide
Join Date: Jan 2009
Location: US
|
Guild Wars needs a logging method of ALL trades... with who, what, and when.
|
|
|
|
Feb 24, 2009, 12:38 PM // 12:38
|
#160 |
|
Krytan Explorer
Join Date: Mar 2007
|
Anet does keep logs of trades as well as chat in game. This is why they want to know the outpost, district, and time when a ticket is submitted. It helps narrow down the search for relevant logs of the incident. The reason no items can be replaced is because it can be easily exploited. Since only a very small number of people have been hacked, its not Guru or NCSoft's web site's security, its the people who were hacked.
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bot Stop! they way to stop gold spammers! | bathazard | Sardelac Sanitarium | 22 | Feb 14, 2008 09:03 AM // 09:03 |
| WTF Hackers on GW...? | sunder187 | The Riverside Inn | 143 | Feb 12, 2008 01:05 AM // 01:05 |
| fujin | Technician's Corner | 3 | Nov 12, 2007 01:13 PM // 13:13 | |
| NowTumi | The Riverside Inn | 91 | Dec 12, 2005 10:43 PM // 22:43 | |
| Hackers | Canis Lupus | The Riverside Inn | 4 | Jun 03, 2005 08:45 AM // 08:45 |
All times are GMT. The time now is 02:20 AM // 02:20.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("