Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Reply
 
Thread Tools Display Modes
Old Dec 23, 2009, 02:13 PM // 14:13   #121
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Advertisement

Disable Ads
Default

after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.

for instant
Key logger , does it not also key log what you type in the character's name field?

in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before?

edited.

Last edited by pumpkin pie; Dec 23, 2009 at 02:45 PM // 14:45..
pumpkin pie is offline   Reply With Quote
Old Dec 23, 2009, 04:00 PM // 16:00   #122
Krytan Explorer
 
Join Date: Jul 2006
Guild: Ice Dragon Berserker Lodge
Profession: W/
Default

Quote:
Originally Posted by Hyperventilate View Post
Yeah, no. I'm not joking. They told me it was a one-time leniency because of people having mule accounts that are not accessed often, and the update being so abrupt.

The hackers would still need to know my password and my e-mails for the accounts, plus the character names.

I don't feel strangely or oddly that they answered my request. The hackers would still need to know far more than just the e-mail or the character name.
At least they answered you. I am still waiting to hear from them. I can't log in, and I know my character's name.
Anduin is offline   Reply With Quote
Old Dec 23, 2009, 04:01 PM // 16:01   #123
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by pumpkin pie View Post
after thinking for sometime, I am thinking how is this security procedure any different or how would it make the account more secure.

for instant
Key logger , does it not also key log what you type in the character's name field?

in worse case scenario, if someone's computer were hacked, how is adding another thing to key in during login any different from what we have before?

edited.
It (pretty much) stops people who broke into your NCsoft master account, where they can see your GW login ID and can change your ingame password without knowing your old one. And NCsoft master account security is weak, as shown by Chthon and Martin and others. The NCsoft master account doesn't show them your ingame character names so they'd have to do a lot of work to figure it out, and may not be possible at all for most accounts.

No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening.

The NCsoft weakness was critical, because there was nothing we could do about it ourselves.

Last edited by Riot Narita; Dec 23, 2009 at 04:05 PM // 16:05..
Riot Narita is offline   Reply With Quote
Old Dec 23, 2009, 04:47 PM // 16:47   #124
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

Quote:
Originally Posted by Riot Narita View Post
It (pretty much) stops people who broke into your NCsoft master account, where they can see your GW login ID and can change your ingame password without knowing your old one. And NCsoft master account security is weak, as shown by Chthon and Martin and others. The NCsoft master account doesn't show them your ingame character names so they'd have to do a lot of work to figure it out, and may not be possible at all for most accounts.

No, it's not going to stop keyloggers, or people who are able to remotely access/control your computer. However, that kind of security breach DOES fall into the "you were dumb, it's your own fault" category IMO. They are things we have some control over, we can do things ourselves to prevent them happening.

The NCsoft weakness was critical, because there was nothing we could do about it ourselves.
so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?

i change my mind, not buying the costume pack
pumpkin pie is offline   Reply With Quote
Old Dec 23, 2009, 05:11 PM // 17:11   #125
Ascalonian Squire
 
Join Date: Jul 2009
Location: Somewhere in Ascalon
Profession: Me/E
Default

You know, I am quite amazed at how many people have bought into the ArenaNet PR. I see time and time again now mentions of how this security feature was implemented because of "fansite hackings". When it's been quite thoroughly blown out of the water that a simple fansite hacking couldn't have yielded these type of results for accounts who were hacked into them. Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.

I'm hoping this is a lesson for them and their future games that while yes, a lot of us can be dumb with our account security, the players aren't so stupid as to miss obvious and blatant security flaws with the game they play either. Or that we'll just blindly believe whatever copy and paste their lawyers and marketing people will throw out there. All while they bat their innocent eyes and hide under the cover of their company that they know the majority of players will just naively assume must have a shred of knowledge about what they're doing.

I'm hoping in the next few weeks we'll see a job posting at ArenaNet for someone who can manage and deal with security, rather then the anet team just stumbling around in the dark, googling for possible answers, and throwing together code for solutions they can patch on to their broken system.
Miscreant_Moon is offline   Reply With Quote
Old Dec 23, 2009, 06:11 PM // 18:11   #126
Jungle Guide
 
Tullzinski's Avatar
 
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
Default

Quote:
Originally Posted by pumpkin pie View Post
so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?

i change my mind, not buying the costume pack
This is what Gaile posted yesterday:

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)


They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars.

Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there.


Quote:
Originally Posted by Miscreant_Moon View Post
Even reading through the wiki I continue to see mention of this and I feel like standing up and giving the PR machine at ArenaNet a round of applause for so thoroughly deflecting, accusing, pointing fingers, and fumbling around in the dark as they have been while grasping at straws and just randomly accusing everyone and everything but the one single thing we ALL had in common. That we play this game.
I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)

Last edited by Tullzinski; Dec 23, 2009 at 06:25 PM // 18:25..
Tullzinski is offline   Reply With Quote
Old Dec 23, 2009, 06:31 PM // 18:31   #127
Ascalonian Squire
 
Join Date: Jul 2009
Location: Somewhere in Ascalon
Profession: Me/E
Default

Quote:
Originally Posted by Tullzinski View Post
I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)
Yes, I guess if you believe the final excuse they settled on than that would be the case. I mean, screw the previous 3 months and their attempts to blame first off the players, than a trading site, than all other websites in general and THAN the RMT's.
Miscreant_Moon is offline   Reply With Quote
Old Dec 23, 2009, 07:09 PM // 19:09   #128
Jungle Guide
 
Tullzinski's Avatar
 
Join Date: Mar 2006
Location: Trying to stay out of Ryuk's Death Note
Profession: N/R
Default

Quote:
Originally Posted by Miscreant_Moon View Post
Yes, I guess if you believe the final excuse they settled on than that would be the case. I mean, screw the previous 3 months and their attempts to blame first off the players, than a trading site, than all other websites in general and THAN the RMT's.
Everytime that there is a rash of hackings we always get blamed first.


V what he said below V

Last edited by Tullzinski; Dec 23, 2009 at 07:32 PM // 19:32..
Tullzinski is offline   Reply With Quote
Old Dec 23, 2009, 07:30 PM // 19:30   #129
Grotto Attendant
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by pumpkin pie View Post
so in another word, ArenaNet is admitting that linking account to NCSoft master account is the cause?
That depends what you mean by "admitting." If you're looking for a public statement acknowledging that security flaws in the NCSoft Master Account are responsible for the increase in account thefts, it will never happen. However, actions speak louder than words, and a-net did implement a security feature aimed directly at solving the problem posed by NCSoft's crummy security.

Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far.

As for their cover story,
Quote:
As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)
It's a beautiful equivocation. From a-net's point of view, the NCMA counts as an "external source"...
Chthon is offline   Reply With Quote
Old Dec 24, 2009, 04:36 AM // 04:36   #130
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

Quote:
Originally Posted by Tullzinski View Post
This is what Gaile posted yesterday:

As you will have noted if you were playing within the last hour, we have instituted a new security measure for your account. And personally, I'm pretty darn happy about this! When you log into the game, you will be ask to supply the name of one of the characters on your account. "Why?" you may ask. Well, because nearly all of the accounts that have been stolen in recent months have been stolen by RMT (Real-Money Traders) who are getting access through external sources. And those RMTs will be very unlikely to know the names of characters on your account! Simple, eh? You give a name -- and remember to spell it exactly correctly, and to use proper capitalization -- and you will get access. If you have trouble or forget the names, support will be happy to assist you, of course.

Please head to the FAQ for more info. And if you have feedback, you're welcome to share it here. -- Gaile 03:01, 22 December 2009 (UTC)


They are still stating that it is external sources being used to get access. Once the RMTs got into the NCsoft account they would have a party since they could change passwords to all games that were linked. Now with the additional character name requirement the RMTs are screwed unless they also have your character names. It does them no good to concentrate on the NCsoft site to access Guild Wars.

Aion may be a different story. I was going through those forums the other day and the main concern for them has been the RMTs stealing accounts and botting with them. There have been massive amounts of bans going on over there.

I think while you were "reading through the wiki" you missed the above comments from Gaile. The fact is that the RMTs were responsible. (and I thought I was over the top)
this new feature still pretty stupid you know, it encourages players to buy in-game-gold, now they have a failed safe system, as for those people who would fall prey to RMT would no doubt have easily given up their in game name if these Thief were to ask for login/password/character name in the future.

scenario: What I remember reading is that RMT thief said give me your login and passwords so they can transfer the in game gold, (assuming thats correct)
now the scenario : RMT thief: give me your login, password and character name so I can transfer the in game gold

see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic

I take half my thanks back for this security feature, remaining half thank is for trying, because it does not protect players that actually needed to be protected. instead you are trying to protect those players who violated the game rules of not engaging in RMT.

Quote:
Originally Posted by Chthon View Post
That depends what you mean by "admitting." If you're looking for a public statement acknowledging that security flaws in the NCSoft Master Account are responsible for the increase in account thefts, it will never happen. However, actions speak louder than words, and a-net did implement a security feature aimed directly at solving the problem posed by NCSoft's crummy security.

Why can't they publicly say what everyone who's been paying attention already knows? Because NCSoft owns a-net, and NCSoft, for whatever misguided reason, has decided that the answer to this problem is stonewalling its games' communities. I'm sure that a-net implementing a fix against account theft via the NCMA, even while maintaining the official cover story, got a lot of undies in a knot over at NCSoft. Publicly stating that their parent company is to blame would be going too far.

As for their cover story,

It's a beautiful equivocation. From a-net's point of view, the NCMA counts as an "external source"...
I am pretty sure they would not admit it cos then they have to give me back everything that was stolen.

Last edited by pumpkin pie; Dec 24, 2009 at 05:17 AM // 05:17..
pumpkin pie is offline   Reply With Quote
Old Dec 24, 2009, 12:00 PM // 12:00   #131
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by pumpkin pie View Post
this new feature still pretty stupid you know, it encourages players to buy in-game-gold
I don't understand how it encourages people to buy ingame gold? I certainly do not feel encouraged - it was a dumb idea before, and it still is?

Quote:
Originally Posted by pumpkin pie View Post
see its stupid if this feature is use to prevent RMT thief from stealing more accounts. they just use the same technic
The feature is NOT to prevent RMT thieves stealing more accounts. It's to prevent people who eg. broke into your NCsoft master account.

There's nothing A-Net can do about players who are dumb enough to hand over their account/pw/character details to a RMT.
Riot Narita is offline   Reply With Quote
Old Dec 24, 2009, 06:27 PM // 18:27   #132
Wilds Pathfinder
 
Axeman002's Avatar
 
Join Date: Sep 2008
Profession: A/Mo
Default

also if u browse through 'High End'...people willingly leave there ign to a seller..so this update has done 0 to help there prevention....so hopefully there guru email dosnt match there guildwars email or then they have one last hope...they dont figure out there password.
Axeman002 is offline   Reply With Quote
Old Dec 24, 2009, 06:51 PM // 18:51   #133
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by Axeman002 View Post
they have one last hope...they dont figure out there password.
If the thieves get in through the NCsoft master account, they don't need your password - they'll just reset it.

However it is extremely difficult for them to find out a character name for an account, even if someone posted it on the forums... there's no clue for them unless the same name was used for both the NCsoft account and the forum.

I suppose they could download the guru Members List and use that as their dictionary for a brute force attack.

So I guess:
1. Don't use any of your character names for your forum account
2. Don't use any of your character names, or your forum name, for your NCsoft master account.
Riot Narita is offline   Reply With Quote
Old Dec 25, 2009, 04:39 AM // 04:39   #134
Wilds Pathfinder
 
Warvic's Avatar
 
Join Date: May 2009
Location: The Netherlands
Profession: A/W
Default

wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.
Warvic is offline   Reply With Quote
Old Dec 25, 2009, 05:33 AM // 05:33   #135
Wilds Pathfinder
 
HuntMaster Avatar's Avatar
 
Join Date: Feb 2007
Location: Around
Guild: Pillar's of Earth [ROCK]
Profession: W/
Default

About time this was implemented. Thanks.
HuntMaster Avatar is offline   Reply With Quote
Old Dec 25, 2009, 06:37 AM // 06:37   #136
Krytan Explorer
 
Hyperventilate's Avatar
 
Join Date: Nov 2007
Location: Somewhere in California
Guild: I Gots A Crayon [Blue]
Profession: Me/Mo
Default

Quote:
Originally Posted by Warvic View Post
wow good work, i rly like this idea. so long you keep ur names secret (not posting screens and trying to be leet) u be very safe i think.
How are people supposed to request in-game services via guru?

"I want a CoF Run, but I can't tell you who I am. Sorry."


... what.
Hyperventilate is offline   Reply With Quote
Old Dec 25, 2009, 07:08 AM // 07:08   #137
Ascalonian Squire
 
Join Date: Mar 2009
Default

Not to mention guild recruitment too.
"To find out more or to join, you may contact one of our officers, but we can't tell you their names!"
enmyria is offline   Reply With Quote
Old Dec 25, 2009, 07:17 AM // 07:17   #138
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

that's because this is more for saving their (ncsoft) own asses they ours.

if NCSoft master accounts weren't being hack left and right you think they do anything at all.

if they had listen to me and admitted that NCSoft master accounts were being hacked, like half a year ago (timeline is a bit blurry, was right after claiming the storage pane), probably less people would have gotten their account name and password stolen. just my two cents.

Last edited by pumpkin pie; Dec 25, 2009 at 07:26 AM // 07:26..
pumpkin pie is offline   Reply With Quote
Old Dec 25, 2009, 07:43 AM // 07:43   #139
Wilds Pathfinder
 
Axeman002's Avatar
 
Join Date: Sep 2008
Profession: A/Mo
Default

Quote:
Originally Posted by Hyperventilate View Post
How are people supposed to request in-game services via guru?

"I want a CoF Run, but I can't tell you who I am. Sorry."


... what.

ever heard of a Private Message?...great thing thats implemented on a forum and guess what...its private too!
Axeman002 is offline   Reply With Quote
Old Dec 27, 2009, 02:38 PM // 14:38   #140
Furnace Stoker
 
pumpkin pie's Avatar
 
Join Date: Jul 2006
Location: behind you
Guild: bumble bee
Profession: E/
Default

This thread reminds me of something, that maybe should be looked into by ArenaNet.

NCSoft support Webpage. anyone ever send a support ticket to NCSoft Support and has key in their Character's Name will have they Character's nane and account tie together

Attached Images
File Type: jpg acname.jpg (85.6 KB, 174 views)
pumpkin pie is offline   Reply With Quote
Reply

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:24 AM // 10:24.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("