Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Closed Thread
 
Thread Tools Display Modes
Old Jan 01, 2010, 07:45 PM // 19:45   #121
Forge Runner
 
Join Date: Jan 2007
Advertisement

Disable Ads
Default

Well I think it's about time. We now have the cold hard evidence, now the question...is...what do we all do about it? Can we all make NC soft aware of our concerns...can we boycott something? What can WE do now? Because something needs to be done. And NC isn't going to fix it until their players start doing something that makes them lose money, money talks.
Bob Slydell is offline  
Old Jan 01, 2010, 07:48 PM // 19:48   #122
Older Than God (1)
 
Martin Alvito's Avatar
 
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
Default

Beg, borrow or steal an unlinked account and put your valuables on it.

That is the only option available to you.
Martin Alvito is offline  
Old Jan 01, 2010, 07:49 PM // 19:49   #123
Lion's Arch Merchant
 
Juhanah's Avatar
 
Join Date: Apr 2005
Location: in my house
Default

Quote:
Originally Posted by Tiramos Caesar View Post
And will having a different email accounts on gw and plaync be beneficial?
No because your accounts are listed on the menu on the right.
Anyone that get to your account in NCSoft can see all your entered personal and account information and can change every password by just entering a new one and clicking submit.

So if you have any personal stuff written there, I suggest you remove it.
And for the GW account.. We can't do anything else than wish NCSoft will get it's head out of it's behind and start being the "biggest gaming company" they pretend to be.
Juhanah is offline  
Old Jan 01, 2010, 07:49 PM // 19:49   #124
Lion's Arch Merchant
 
Join Date: Jul 2009
Default

Wow just wow, i cant believe they know about this and haven't done a thing to prevent it, i guess the adding a char name on login was just a way to make people think they where on top of it.

I dont think ill bother going to get GW2 on release as if this is how they are dealing with a very serious security breach ( cause by them ) then i dont hold out any hope for GW2, and i refuse to pay for a game that can be stolen from me on day 1 because they wont get there act together.
rb.widow is offline  
Old Jan 01, 2010, 07:50 PM // 19:50   #125
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by Martin Alvito View Post
Beg, borrow or steal an unlinked account and put your valuables on it.

That is the only option available to you.
I don't have valuable items... it's my main character that's valuable :-/
Riot Narita is offline  
Old Jan 01, 2010, 07:51 PM // 19:51   #126
Forge Runner
 
Join Date: Jan 2007
Default

Quote:
Originally Posted by rb.widow View Post
Wow just wow, i cant believe they know about this and haven't done a thing to prevent it, i guess the adding a char name on login was just a way to make people think they where on top of it.

I dont think ill bother going to get GW2 on release as if this is how they are dealing with a very serious security breach ( cause by them ) then i dont hold out any hope for GW2, and i refuse to pay for a game that can be stolen from me on day 1 because they wont get there act together.
It's quite easy. Get GW2...don't link it to anything...never let anyone outside of GW2 know your character names and practice the good habit of strong passwords mixed with never using that email or password anywhere else but GW2...unfortunately us GW 1 players only WISH we hadn't made that mistake. We get a fresh start on GW2.
Bob Slydell is offline  
Old Jan 01, 2010, 07:51 PM // 19:51   #127
Lion's Arch Merchant
 
Join Date: May 2005
Location: Florida
Profession: E/
Default

I seriously can't support a company that has such faulty security. I'll just go to another MMO and not deal with this. Sorry Anet, as long as your under NCSOFT, I won't be buying GW2 when it's released. HAHAHAHAHA
DoomFrost is offline  
Old Jan 01, 2010, 07:52 PM // 19:52   #128
Forge Runner
 
Kerwyn Nasilan's Avatar
 
Join Date: Aug 2007
Location: WHERE DO YOU THINK
Profession: W/
Default

Anyone have a legitimate way of telling the mass of the GW populace besides TRYing to talk through the mass that is All Chat
Kerwyn Nasilan is offline  
Old Jan 01, 2010, 07:54 PM // 19:54   #129
Forge Runner
 
Join Date: Jan 2007
Default

Quote:
Originally Posted by Kerwyn Nasilan View Post
Anyone have a legitimate way of telling the mass of the GW populace besides TRYing to talk through the mass that is All Chat
Just keep pushing this URL to anyone you meet in groups in GW, and for all chat tell them to go look in the top forum posts when in ALL chat. I like the idea of tryin to get the word out into GW.
Bob Slydell is offline  
Old Jan 01, 2010, 07:56 PM // 19:56   #130
Jungle Guide
 
Pandora's box's Avatar
 
Join Date: Apr 2005
Location: Netherlands
Profession: Mo/W
Default

They should implement a feature that shows us if -and than how many times- someone tried to access our account (since the last time we logged on) either using a wrong password or a wrong chr. name. Something like Battlenet did. That woulld give an indication of how serious this problem is. Now everyone is just guessing.
Pandora's box is offline  
Old Jan 01, 2010, 07:57 PM // 19:57   #131
Frost Gate Guardian
 
Join Date: Aug 2006
Profession: Me/
Default

Quote:
Originally Posted by Kerwyn Nasilan View Post
Anyone have a legitimate way of telling the mass of the GW populace besides TRYing to talk through the mass that is All Chat
Floated (stickied) threads on every GW fansite.

Bring it to the media. Kotaku may be interested in this type of thing.
Diana Belevere is offline  
Old Jan 01, 2010, 07:59 PM // 19:59   #132
Ascalonian Squire
 
Join Date: Nov 2007
Default

Quote:
Originally Posted by Juhanah View Post
No because your accounts are listed on the menu on the right.
Anyone that get to your account in NCSoft can see all your entered personal and account information and can change every password by just entering a new one and clicking submit.

So if you have any personal stuff written there, I suggest you remove it.
And for the GW account.. We can't do anything else than wish NCSoft will get it's head out of it's behind and start being the "biggest gaming company" they pretend to be.
I just looked again and I have nothing on the right side. I went through all the links and cannot find anything other than my personal information I have listed which is bogus anyhow. Does it sound like I'm in the clear?
Tiramos Caesar is offline  
Old Jan 01, 2010, 08:03 PM // 20:03   #133
Ascalonian Squire
 
Join Date: Nov 2007
Default

Very interesting read. I had my account hacked not to long ago and got cleared out and it really made me question my own security, and the fact that gw is dying not that many people play it anymore and the amount of accounts getting hacked is astonishing to me. I have heard many stories, seen many threads of way to many accounts getting hacked for it to be everyones fault and not anet/ncsoft somewhere along the line.

Being an IT security major I really didn't find it to be practical for someone to have keylogged me to steal only my guild wars account, because why not steal my paypal account or credit card information especially if they are from over seas just proxy from some 3rd world country and your safe from justice pretty much. Also what are the chances of one of these RMT successfully distributing a keylogger that is hidden in something that is appealing to gw players and not anyone's anti virus detects it or firewall. I can assure you that I havent download anything that could of resulted in my account being compromised this way.

The only other option would be that same email passwords on some other site that had a security flaw(by anets standards since they know gw is 100% secure..... what ever happen to that custom gw LP where someone reverse engineered the game?)
Seems reasonable vbulletin and other things are known to have many exploits so perhaps maybe some gw fansite or something completely unrelated to gw.

My gw account no one knows or would be able to guess what it is because it was a very old email address, and no my gw password was not the same as all my other passwords.

Quote:
Originally Posted by Chthon View Post
Here's one possibility: Improper pointer to a memory address that is not properly allocated and preserved for the duration of the pointer. When the number indexing that account in the database is calculated, it gets stored at that address. Then the memory gets released. Then the pointer comes by and references it. If the system doesn't happen to reuse that memory address for anything in the meantime, the correct value is still there, and the pointer returns the correct value exactly as planned. If the system has reused it, the value is essentially random, and the pointer returns a random value. Hard bug to catch and fix, since sometimes -- even usually -- it works just fine, and the condition that triggers incorrect behavior is wholly external to the program or its inputs.

I'm sure there's thousands of other programming errors that could produce a similar result. That's just the one that came to my mind.
Very nicely stated you sound just like my teacher.

This exploit with being able to access anyone's account seems very practical. Being a novice programmer I have seen first hand problems in my own code where things worked once and then another time somehow had stale data because of some logical error of some sort.

I also had heard of a problem my friend had with an iphone game he was making for a class where after he closed the game and reopened it it somehow saved his previous score one time.
shump is offline  
Old Jan 01, 2010, 08:04 PM // 20:04   #134
Forge Runner
 
byteme!'s Avatar
 
Join Date: Jan 2006
Location: On Earth
Profession: W/P
Default

Maybe Anet should remove the stupid price tag, suck it up and let us all change our in game names for free for a limited time or something. It's a short term fix but I'm sure it'll give some people a piece of mind such as myself. I know it's not Anet's fault but something must be done asap.

Last edited by byteme!; Jan 01, 2010 at 08:07 PM // 20:07..
byteme! is offline  
Old Jan 01, 2010, 08:07 PM // 20:07   #135
Frost Gate Guardian
 
Join Date: Oct 2006
Default

Quote:
Originally Posted by Chthon View Post
4. Again, I want to call for EITHER
Let us sever our GW accounts from the NCSoft account
OR
Remove the NCSoft account's ability to reset the GW password (from the GW side).
This would seem to make a lot of sense. Whether the security measures of the NC Soft Master Account might be reasonably be regarded as adequate or not, there is certainly a perceived issue. ANet/NC Soft through different promotions have incentivized players to link their GW accounts with a NC Soft Master Account. If not for those promotions, most GW players probably would not have ever established a NC Soft Master Account, and this create this potential backdoor to their GW Account. Regardless of how realistic ANet/NC Soft consider the concern to be, I personally want to unlink my GW account from the NCSoft Master Account.

It does seem problematic that ANet/NC Soft does not seem to really acknowledge the issue. See below from Gaile Gray's Account Security Support FAQs. I imagine much of the community doesn't agree and doesn't regard the NC Soft Master Account as adding another level of security to GW's security, given the relative ease in changing the password to the GW account, in that unlikely or even hypothetical situation where the NC Soft Master Account is compromised. The ease of changing the GW account password from the NC Soft Master Account seems to me to be more a security hole than another level of security.

http://wiki.guildwars.com/wiki/User:...count_Security

Quote:
Keep your email secure.

If someone gains access to your email account, immediately change your Guild Wars user name and password. (If you can't get access for some reason, get in touch with support right away. If your game account is bound to an NCsoft Master Account, you are not able to change your Guild Wars user name but you can protect your account by changing your GW game password from within the NCsoft Master Account hub. And you can change the email address associated with your NCsoft Master Account (and your games) at any time. Many players feel that having an NCsoft Master Account adds another level of security to the game's security.
greenthumb is offline  
Old Jan 01, 2010, 08:13 PM // 20:13   #136
Lion's Arch Merchant
 
Coverticus's Avatar
 
Join Date: Jan 2006
Guild: The Zodiac Elites [TZE]
Profession: Mo/
Default

Disable the ability to change the gw password on the site would be the quickest fix for now.

But, in all fairness, until such a time as to this being fixed/proven/disproven etc, the whole functionality for management of accounts, imo, should be taken down from the NCSoft site so that the community (both GW and Aion) can be a little more reassured.
Coverticus is offline  
Old Jan 01, 2010, 08:13 PM // 20:13   #137
Desert Nomad
 
Join Date: Sep 2007
Profession: N/
Default

I would just like to throw the idea out there that telling every single person possible how to potentially hack GW accounts does not seem like the smartest plan ever...
jiggles is offline  
Old Jan 01, 2010, 08:15 PM // 20:15   #138
Frost Gate Guardian
 
Join Date: Mar 2007
Guild: Pandas of a Thousand Gentlemens or Something [LOD]
Default

First off all: BLEEP YOU ANET AND NCSOFT
Secondly: Is there a way to just delete my NCSOFT account? I only opened it to get my free storage pane, and it is linked to a GWAMM character.
Thirdly: I don't want that free storage pane. WTT FREE STORAGE PANE FOR A DELETED NCSOFT ACCOUNT.

My best friend in guildwars had his account hacked in the first batch of hackings, prior to Guru removing the ign feature. The 2 of us did everything together, we vanqed every area in the game. He was so frustrated by losing all of his stuff that he no longer plays anymore, and that makes me sad.
Emperor Bush is offline  
Old Jan 01, 2010, 08:16 PM // 20:16   #139
Ascalonian Squire
 
Join Date: Jul 2009
Location: Somewhere in Ascalon
Profession: Me/E
Default

Quote:
Originally Posted by jiggles View Post
I would just like to throw the idea out there that telling every single person possible how to potentially hack GW accounts does not seem like the smartest plan ever...
I think it's fairly obvious that sending emails, talking to support, posting on forums, posting on the wiki, talking to people in game, posting on other websites, talking amongst ourselves, telling the devs and so forth has been completely ineffective. Wouldn't you?
Miscreant_Moon is offline  
Old Jan 01, 2010, 08:17 PM // 20:17   #140
Lion's Arch Merchant
 
Coverticus's Avatar
 
Join Date: Jan 2006
Guild: The Zodiac Elites [TZE]
Profession: Mo/
Default

Quote:
I think it's fairly obvious that sending emails, talking to support, posting on forums, posting on the wiki, talking to people in game, posting on other websites, talking amongst ourselves, telling the devs and so forth has been completely ineffective. Wouldn't you?
He's talking about telling everyone HOW to do this is not the smartest thing.
Coverticus is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:15 AM // 10:15.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("