Curse

Xenex Xclame · Oct 22, 2006, 03:23 PM // 15:23

You threw your whole case out ,about being 100% super secure when you mentioned using the M$oft for security.

For the point like guinevere said ( ill give them the benefit of the doubt and believe them) Anet CAN NOT i repeat CAN NOT restore individual account actions, the only way you could get your items back , is if they did a whole everyone goes back to how many hours it was before you supposedly got "hacked".

So what do you think they preffer 1 pissed off player eachtime this happens or a few million every time some idiot doesnt know how to protect himself?
(PS.Guinevere not talking about you here, read your case)

About Anet and their securty yes it could be better , yes i would like it if you coudl still change your email once linked thru ncsoft, yes i would like a lockdown after 5 fails i would love it if they could restore mistake .But at the current state a few things they can do and said they are doing is figuring out how to make the pass part more secure and i think also they said they would look into the email linking part to ncsoft, about the restore , if we are to believe what they say, they would have to rewrite the game from somewhere near the start.

Loviatar · Oct 22, 2006, 03:29 PM // 15:29

Quote:

Originally Posted by mrgoat

In fact, it's bad to always use a max length password, as that limits the number of possible passwords to c^n, where n is the length of the string and c is the number of allowable characters.

smacks self on head and thanks you.

talk about a blind spot staring you in the face

Sekkira · Oct 22, 2006, 03:35 PM // 15:35

I would like to know people's opinions on how ArenaNet could possibly improve their security? You can't really fall back and say that's their job to improve it while maintaining the stance it needs improvement unless you have sufficient knowledge on the exact security measures they have in place.

Guinevere Ac · Oct 22, 2006, 03:37 PM // 15:37

Quote:

Originally Posted by Sectus

I feel rather disappointing in the community right now. Are you guys always this pessimistic?

"I've been hacked and I lost all my items." And many people assume he lie and gave away his password.

"I hope anet will improve security." And people say anet doesn't care and they'll never do such a thing so don't bother asking.

"I hope anet will be able to restore hacked characters." And people starts talking about how to potentially exploit that system (if your first thought about restoring chars is how to exploit it, that's a really bad sign)

If we want anet to improve on their security and perhaps add a function to restore characters (I'd like to mention that a certain popular MMORPG with 7 million players has a system for restoring hacked characters), then we NEED to let anet know we want that. Saying anet doesn't care, and we shouldn't bother asking just makes it less likely anet will see this is an important issue which needs to be dealt with.

Everyone who's been hacked should come out and say so, and beg anet to improve their rather lousy account security. Otherwise this problem will go unnoticed by anet.

To the OP, I'm really sorry to hear your loss. Do you have any idea how you got hacked? Was it through your email account, someone managed to directly hack into your GW acccount, someone brute forced your password? Some clue might indicate what part of GW's security needs to be re-inforced and may let other players know what to be most careful about.

it's not pessimism. it's realism.
a.net is well aware of the problem and decided not to invest cash in any security improvement measures. that's not an opinion. it's what happened. facts.

Sectus · Oct 22, 2006, 03:40 PM // 15:40

Quote:

Originally Posted by Sekkira

I would like to know people's opinions on how ArenaNet could possibly improve their security? You can't really fall back and say that's their job to improve it while maintaining the stance it needs improvement unless you have sufficient knowledge on the exact security measures they have in place.

-Stop people from getting unlimited re-tries when trying to guess someone's password.

-Be able to change one's username for an account. And be able to write an account name which isn't an email address.

-Add a function to "lock" specific characters. When locked, that character can't be deleted. Unlocking a character takes at least a week.

I'm certain there's other security measures anet could implement as well.

Quote:

Originally Posted by Guinevere Ac

it's not pessimism. it's realism.
a.net is well aware of the problem and decided not to invest cash in any security improvement measures. that's not an opinion. it's what happened. facts.

We don't know anet's real attitude toward this since they don't tell us. Not even what Gaile Gray says can be seen as a proper representative of what anet thinks.

And besides, even if they don't care about improving security we could certainly change their mind. If those who are hacked stay quiet and don't bother with trying to convince anet this is something they need to deal with, they'll think everything is fine because they see no complainers about account security. But if they start to get more and more reports of people being hacked and suggestions for how to improve account security, they'll probably be more aware of the severity of the problem and may act accordingly.

Loviatar · Oct 22, 2006, 03:48 PM // 15:48

Quote:

Originally Posted by Guinevere Ac

it's not pessimism. it's realism.
a.net is well aware of the problem and decided not to invest cash in any security improvement measures. that's not an opinion. it's what happened. facts.

get your facts straight before throwing blame.

Quote:

Company & General

Who is ArenaNet?

ArenaNet is a wholly owned subsidiary of NCsoft Corporation

NCSoft ownes them lock, stock, and barrel.

take it up with them as they (NCSoft) have other known security issues as well.

mrgoat · Oct 22, 2006, 04:03 PM // 16:03

Quote:

Originally Posted by Sectus

-Stop people from getting unlimited re-tries when trying to guess someone's password.

Try to come up with a scheme that doesn't open up large possibilities for denial of service attacks. I can't think of one yet. Doesn't mean someone else can't, but I'm interested in hearing it.

Quote:

-Be able to change one's username for an account. And be able to write an account name which isn't an email address.

Agree Wholeheartedly. It's one thing to brute force an attack on a known username (currently, an email address). It's quite another to brute force an account name you don't know. Just make sure the client doesn't give away information that could let someone enumerate good account names, and this is a good, no, stellar, idea. It won't stop keyloggers, but then, nothing anet does will.

Quote:

-Add a function to "lock" specific characters. When locked, that character can't be deleted. Unlocking a character takes at least a week.

Unless they also get locked out of storage, this does nothing. Characters don't take long to remake. It's all the stuff they have that really matters.

Brett Kuntz · Oct 22, 2006, 04:12 PM // 16:12

Quote:

Originally Posted by MegaMouse

When I contacted NC-Soft their official position is to not get back any item or gold stolen from you. I do believe that that policy should be changed.

I do not believe a company should waste resources and my money tracking down items stolen from an account of a user too lazy to keep it secure. They also cannot take those items back because who's to say you never gave them away? You can't track someone's IP because maybe you gave that person your user/pass over MSN and told them they could take your items. It's your word against theirs.

Quote:

Originally Posted by MegaMouse

One is my gaming tower at my house: no chance of anything getting past the security programs that I use on it. The other is my laptop which I take to work: same with this one. For a bit of informationI do not use just one or 2 programs to keep my computer clear but I use several and have thm ll set to paranoid, so not much gets through without me knowing about it.

There's actually a decent chance of something getting past. The software on your computer mearly helps keep it safe, it does not make it safe. It's pretty obvious you were infected by a keylogger, didn't realize it, and if you haven't formatted, it's still there. A lot of keyloggers, once installed, can not be removed. They wont be seen by any A/V, no firewall will stop them, and even Microsoft says you will need to re-install their OS to get rid of them. The fact that you used the word "paranoid" also means you have rip-off software, more then likely Norton and ZoneAlarm, both pieces of software proven time and time again to be compeltely ineffective at protecting a computer by various websites/programmers.

Quote:

Originally Posted by MegaMouse

As far as any type of keylogger getting on a ersons system there are a couple built in ways to find them using Microsofts own built in safeguards. Either using the Ctrl Alt Delee trick ar by usinf Msconfig you can find and see all the programs running on your computer and then eliminate what isnt supposed to be there.

Sorry, that couldn't be further from the truth. CTRL-ALT-DEL only shows you what process's are running in ring 3, and it only shows you the one's that want to be shown. A process can easily hide from the CTRL-ALT-DEL screen, netstat program, and any registry program like msconfig, regedit, and regedt32. And by easily, I really mean easily.

Quote:

Originally Posted by MegaMouse

Some of you may think that you know a lot on how to program a computer but I build about 50 or so each month, and maintain several hundred for a few large cooperations, so I think that qualifies me in knowing what I am talking about. I am responsible for the security of those that I maintain and take extreme measure's in doing just that. I do the same for my personal computers.

I highly doubt someone with your shear lack of knowledge of computers builds 50 a month and maintains them for large coorporations. Or if you do, I feel sorry for the companies because they're probably having all their data stolen as we speak.

ArenaNET's job isn't to babysit your computer. I do not want them using my money, the very same money I use to buy their products, being used to babysit you rather then add usefull ingame features.

Sectus · Oct 22, 2006, 04:31 PM // 16:31

Quote:

Originally Posted by mrgoat

Try to come up with a scheme that doesn't open up large possibilities for denial of service attacks. I can't think of one yet. Doesn't mean someone else can't, but I'm interested in hearing it.

I have no darn idea how you think the client quitting after 3 failed password attempts opens up for a DoS attack.

Quote:

Originally Posted by mrgoat

Agree Wholeheartedly. It's one thing to brute force an attack on a known username (currently, an email address). It's quite another to brute force an account name you don't know. Just make sure the client doesn't give away information that could let someone enumerate good account names, and this is a good, no, stellar, idea. It won't stop keyloggers, but then, nothing anet does will.

Yeah, this would be the best account defense. It's too bad that the system actually supports it (you're allowed to use a non-email address when creating an account), but doesn't allow an existing account to change into a plain old username.

Quote:

Originally Posted by mrgoat

Unless they also get locked out of storage, this does nothing. Characters don't take long to remake. It's all the stuff they have that really matters.

For many people, the actual character is a lot more important than the items you possess. A character represents a year or more of playing, and you can easily grow an affection for that character. Items on the other hand are easy to replace. While re-creating a character is also possible, it can mean a lot more trouble (especially if there's titles you wanna get back) and there's the chance the new character just wouldn't feel the same as the one you knew you spent a year or more with.

Exoudeous · Oct 22, 2006, 04:46 PM // 16:46

Its not anets fault for what you do on your pc. the security of your pc and your online accounts is all based on what you do

Quote:

Originally Posted by Guinevere Ac

it's not pessimism. it's realism.
a.net is well aware of the problem and decided not to invest cash in any security improvement measures. that's not an opinion. it's what happened. facts.

the only fact is that people are stupid and dont like to take responsiblity for their actions.

If something happens to your account its because its something the person downloaded, or because they tried to trust someone with a password.

Not saying its the persons fault, shit happens. but dont go pointing fingers when you dont take your own security seriously. Unless you can actually pinpoint a problem with anets security, don't start pointing fingers at them. Thus far in this thread no one has listed something anets fault

Inde · Oct 22, 2006, 05:03 PM // 17:03

Actually Exoudeous, I believe Sectus a few posts up listed out some basic features that their security should have. Which points to a lack of security, and whether it's NCSoft or ArenaNet... it's still the users that are vulnerable. Gaile Gray, not more than a few weeks ago though, has stated they are improving NCSoft security.

Also, if this thread can't turn and it's going to progress as nothing more than a bashing on those who have knowledge/lack of knowledge/superiority complexes/and back-and-forth arguement then I'll need to close it.

Exoudeous · Oct 22, 2006, 05:10 PM // 17:10

Quote:

Originally Posted by Inde

Actually Exoudeous, I believe Sectus a few posts up listed out some basic features that their security should have. Which points to a lack of security, and whether it's NCSoft or ArenaNet... it's still the users that are vulnerable. Gaile Gray, not more than a few weeks ago though, has stated they are improving NCSoft security.

Any security system can be improved. What I am saying is that as of right now, there is no major problems on Anets side that messes up peopels accounts. It still comes down to want unwanted stuff has been put on their pc without them knowing.

No matter how amazing you amke a security system it all comes down to how competent the person is that uses it. if you download unsafe programs and tell people your password, a super advanced security system means nothing.

In the end it all comes down to people wanting to blame some one other then themselfs. Just like my country the USA. No one is taking responisibilty for not taking care of their kids, so they just say its all because of video games.

Inde · Oct 22, 2006, 05:21 PM // 17:21

I can't... respond... there are just too many broad, vague, and unsupported generalizations to even begin. So, um, you win.

Guinevere Ac · Oct 22, 2006, 05:28 PM // 17:28

Quote:

Originally Posted by Exoudeous

Its not anets fault for what you do on your pc. the security of your pc and your online accounts is all based on what you do

the only fact is that people are stupid and dont like to take responsiblity for their actions.

If something happens to your account its because its something the person downloaded, or because they tried to trust someone with a password.

Not saying its the persons fault, shit happens. but dont go pointing fingers when you dont take your own security seriously. Unless you can actually pinpoint a problem with anets security, don't start pointing fingers at them. Thus far in this thread no one has listed something anets fault

I HAD. MANY TIMES.
dont turn this in a discussion about me again. but if u throw accusations about my OWN security i'll answer IN CAPS.
U KNOW NOTHING ABOUT ME AND A.NET SUPPORT TICKETS SO SHUT UP!!!

Inde · Oct 22, 2006, 05:36 PM // 17:36

On that note, I'll have to close this now.