Guild Wars Forums - GW Guru
 
Forums Guild Wiki PvX Wiki
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn
Reload this Page 2 million NCSoft accounts stolen
Register FAQ Calendar Mark Forums Read

Notices

Reply
Page 5 of 5 « First < 34 5
 
Thread Tools Display Modes
Old Jun 01, 2010, 08:06 PM // 20:06   #81
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Advertisement

Disable Ads
Default
Quote:
Originally Posted by tha walkin dude View Post
Just to be sure, does this mean you emailed a list of 50k sets of login info that you thought might work to a NCSoft employee. And then, he e-mailed you back and told you 10k were valid?
Yes. The information was always very secure in handling, and has long been secure erased. To this point in time, no one has ever publicly investigated the true statistic of how many people use the same password on a public forum as a private account (bank, game, email, etc). I used a fairly large sample size, and came to those statistics on it, so it likely carries over to any scenario.

Quote:
Originally Posted by Martin Alvito View Post
Brett,

The dispute has always been over volume. I believe what you're saying. However, I believe that your hypothesized vector of attack has always been assumed to be present among the more sophisticated.

1)Claiming that your method is causal basically requires believing that the attackers were dumb before (July? October?) but suddenly got smart. By contrast, believing in NCSoft vulnerabilities requires believing that the hackers were smart to begin with but got smarter after reviewing the condition of the site, and altered the vector of attack as a result.

2)The math associated with brute forcing birthday password resets using botnets is just too attractive to a professional hacker. Especially given that we now know that botnets are being used.

In short, I accept the contention that what you describe is part of the explanation, but reject ANet's contention that it constitutes the full explanation. Too many educated people aware of good security practices got hacked for me to believe that this was a simple case of BBS hacking and social engineering. The explanation just doesn't fit the data.
1) These companies must wait for the next big vBulletin, phpBB, Word Press, Apache, mySQL exploit to come along to grab a new snapshot of fansite databases. This explains peaks and valleys in the amount of hackings that take place. Do you see the same fansites getting hacked all the time? No! That French site was hacked once, many accounts were taken, and a month later there was a very large spike in Guild Wars account hackings!

2) While this is a good theory, it is/was easily checked by examining the logs. Multiple computers/IP's trying to reset the passwords (guess the birthdays) on accounts would create a very unique finger print in a log.
Brett Kuntz is offline   Reply With Quote
Old Jun 01, 2010, 08:18 PM // 20:18   #82
Krytan Explorer
 
Ka Tet's Avatar
 
Join Date: Nov 2006
Guild: Pita Bread And Scud Missiles Ai[iiii]
Default
Quote:
Originally Posted by Brett Kuntz View Post
Yes. The information was always very secure in handling, and has long been secure erased.
I don't know you, so I can't say that you would take advantage of that information, for all I know you're the worlds only pure altruist. I don't know the nature of your relationship with the employee, for all I know he's your brother and has no reason not to trust you personally.
That said, you gave him the list. He has no way of knowing if you deleted the original. Then, he confirmed that if you used the list every fifth attempt would work. To me, that sounds like a huge security risk.
Ka Tet is offline   Reply With Quote
Old Jun 01, 2010, 08:27 PM // 20:27   #83
Core Guru
 
Brett Kuntz's Avatar
 
Join Date: Feb 2005
Default
Quote:
Originally Posted by tha walkin dude View Post
I don't know you, so I can't say that you would take advantage of that information, for all I know you're the worlds only pure altruist. I don't know the nature of your relationship with the employee, for all I know he's your brother and has no reason not to trust you personally.
That said, you gave him the list. He has no way of knowing if you deleted the original. Then, he confirmed that if you used the list every fifth attempt would work. To me, that sounds like a huge security risk.
We are appending some additional information to my original post, please read it on the previous page. I'll also post it here as well:

Quote:
Originally Posted by Brett Kuntz
Some of you might wonder why NCSoft would cooperate with me (Brett) on the accounts. I have proven to be a pretty trustworthy guy in the community, and I am also under legal obligation, so the data was always safe! This experiment was all done in the name of science! Now we have a pretty solid statistic on how many dummies out there use the same weak passwords on public sites as well as their important private accounts!
Brett Kuntz is offline   Reply With Quote
Old Jun 01, 2010, 08:44 PM // 20:44   #84
Krytan Explorer
 
Ka Tet's Avatar
 
Join Date: Nov 2006
Guild: Pita Bread And Scud Missiles Ai[iiii]
Default
Quote:
Originally Posted by Brett Kuntz View Post
Some of you might wonder why NCSoft would cooperate with me (Brett) on the accounts. I have proven to be a pretty trustworthy guy in the community, and I am also under legal obligation, so the data was always safe! This experiment was all done in the name of science! Now we have a pretty solid statistic on how many dummies out there use the same weak passwords on public sites as well as their important private accounts!
Thanks, that's important information to have.
Ka Tet is offline   Reply With Quote
Old Jun 01, 2010, 09:11 PM // 21:11   #85
Frost Gate Guardian
 
Mercesa's Avatar
 
Join Date: Aug 2009
Location: Netherlands
Profession: N/
Default
Even though, If you look just at Bretts posts you can see he's already some kind off tech guy. And I already thought he could know more because he's just more into that kind off stuff.
Mercesa is offline   Reply With Quote
Old Jun 01, 2010, 09:30 PM // 21:30   #86
Krytan Explorer
 
Ka Tet's Avatar
 
Join Date: Nov 2006
Guild: Pita Bread And Scud Missiles Ai[iiii]
Default
Quote:
Originally Posted by Mercesa View Post
Even though, If you look just at Bretts posts you can see he's already some kind off tech guy. And I already thought he could know more because he's just more into that kind off stuff.
The question wasn't about his knowledge. It was about the feedback from NC.
Ka Tet is offline   Reply With Quote
Old Jun 02, 2010, 01:25 AM // 01:25   #87
Older Than God (1)
 
Martin Alvito's Avatar
 
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
Default
Quote:
Originally Posted by Brett Kuntz View Post
2) While this is a good theory, it is/was easily checked by examining the logs. Multiple computers/IP's trying to reset the passwords (guess the birthdays) on accounts would create a very unique finger print in a log.
I just don't trust the source. They have a strong, vested interest in evading responsibility. Further, if the vector of attack was easily defended, why expend the cost to fix the problems? Finally, the story is inconsistent with data we do have.

I can't evaluate evidence I haven't seen (and I don't expect you/them to share it). But based on what I know, I just don't believe that the fansite attacks were the entire problem. Part of it? Absolutely. All of it? Don't buy it.
Martin Alvito is offline   Reply With Quote
Reply
Page 5 of 5 « First < 34 5

Share This Forum!  
 
 
           

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:33 AM // 05:33.

Contact Us - Guild Wars Guru - Archive - Privacy Statement - Top

Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("