 |
|
Dec 04, 2009, 10:35 PM // 22:35
|
#101 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
|
|
|
|
|
Dec 04, 2009, 10:39 PM // 22:39
|
#102 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Ah, OK. I finally found an account with real security questions.
Are you sure that you didn't have to set that up manually? I can't reason out why the system would provide three possible responses (birthday, security questions, nothing) rather than two. You can verify whether or not your first answer was right. It tells you... Last edited by Martin Alvito; Dec 04, 2009 at 10:41 PM // 22:41.. |
|
|
|
|
Dec 04, 2009, 10:40 PM // 22:40
|
#103 |
|
Krytan Explorer
Join Date: May 2005
Location: NC, USA
Guild: Ohm Mahnee Pedmay [Hoom]
|
The site I'm talking about is
https://secure.ncsoft.com/cgi-bin/plaync_login.pl with the little "Forgot your password?" link leading to https://secure.ncsoft.com/cgi-bin/pl...pl?language=en Maybe it *is* the same one you're talking about after all, because when I enter a bogus username there it asks me for my birthday on the next page. I certainly hope that it doesn't stop there, but since I'm not messing around with my own account, I can't test it. If that's all there is, then I suppose everything comes down to (1) NCSOFT account name and (2) e-mail address registered on the NCSOFT account (assuming that the password is e-mailed). Obviously (1) is easily brute-forced, but isn't (2) still a major obstacle for a hacker if they're not in the business of breaking into e-mail accounts? |
|
|
|
|
Dec 04, 2009, 10:43 PM // 22:43
|
#104 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Depends. The security question system is quite vulnerable to a dictionary attack if you use legitimate answers, and the system helpfully tells you when you get the first answer right.
Oh snap. It tells you when EITHER is incorrect.................... Oh my God.... Pro tip: if one of your security questions is that your first car was "red"... Change it. Last edited by Martin Alvito; Dec 04, 2009 at 10:51 PM // 22:51.. |
|
|
|
|
Dec 04, 2009, 10:46 PM // 22:46
|
#105 | |
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Quote:
|
|
|
|
|
|
Dec 05, 2009, 04:11 AM // 04:11
|
#106 |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Turns out it's five attempts every twelve hours. So I was too generous by half. At one attempt per second, you could make 86,400 attempts in a day. So you could attempt to brute force 8,640 accounts twice per day.
If half of the customers are in the 16-25 demographic, use the birthday and and report their birthdays accurately, you're going to net just under an account a day this way with a single computer making an attempt every second and brute force. If you're using two security questions, the results probably depend on what you're using as security. The car question is just bad, people. A hacker's going to get that one in an awful hurry. Even if you say "fuchsia". And if it was fuchsia, shame on you. If you want a guess, the rash of hacks involving a password change is some combination of unsecured personal data and the fact that cracking the NCSoft system provides the keys to the kingdom. Unless our hacker is a lot more organized than I suspect, and can disguise a very large amount of traffic without NCSoft noticing/acknowledging. As with some of the other explanations, brute force probably cannot explain the observation alone. However, it is very likely part of the solution. Close those glaring security loopholes and at least some of the hacks will stop. |
|
|
|
|
Dec 06, 2009, 01:41 PM // 13:41
|
#107 | |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Uh-oh:
Quote:
Aparently, this still continues.  113.237.252.125, Liaoning province works sundays. Busy bees, then password-reseters.
|
|
|
|
|
|
Dec 06, 2009, 09:15 PM // 21:15
|
#108 |
|
Jungle Guide
Join Date: Aug 2006
Location: In my own little world, looking at yours
Guild: Only Us[NotU]
Profession: E/
|
Reading all these posts has me asking, "Why so much trouble for stealing a GAME account?" Sure seems like a lot of trouble just to steal some pixels.
|
|
|
|
|
Dec 06, 2009, 09:23 PM // 21:23
|
#109 | |
|
Furnace Stoker
Join Date: Oct 2005
Location: Planet Earth, Sol system, Milky Way galaxy
Guild: [ban]
Profession: W/
|
Quote:
Last edited by MisterB; Dec 06, 2009 at 09:27 PM // 21:27.. |
|
|
|
|
|
Dec 06, 2009, 10:18 PM // 22:18
|
#110 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
That's $400,000 in difficult-to-trace cash. Now consider that you can automate the entire process if you can brute-force accounts. Sounds pretty lucrative, doesn't it? No labor costs, only costs are computers, Internet service, and power. Why farm gold when you can steal it? If you locate properly, you're just as immune to legal retribution as a Chinese gold farming entrepreneur. |
|
|
|
|
|
Dec 07, 2009, 03:04 AM // 03:04
|
#111 |
|
Departed from Tyria
Join Date: May 2007
Guild: Clan Dethryche [dth]
Profession: R/
|
You know, reading this thread sure makes me feel sick.
I don't think I even want to try and go make sure my account is secure. I'm afraid I'll give myself away just by doing that much. |
|
|
|
|
Dec 08, 2009, 11:07 AM // 11:07
|
#112 | ||
|
Jungle Guide
Join Date: Apr 2008
Guild: [bomb]
|
Quote:
Quote:
I wonder if all those hacked people actually tried/logged to ncsoft account sometime before hacking attempt or did any transactions there. Last edited by Shasgaliel; Dec 08, 2009 at 11:19 AM // 11:19.. |
||
|
|
|
|
Dec 08, 2009, 12:27 PM // 12:27
|
#113 | |
|
Re:tired
Join Date: Nov 2005
Profession: W/
|
Quote:
|
|
|
|
|
|
Dec 08, 2009, 12:57 PM // 12:57
|
#114 |
|
Jungle Guide
Join Date: Apr 2008
Guild: [bomb]
|
I got additional character slot in NCsoft store which I paid via PayPal. After a standard confirmation which arrived about 50 seconds after transaction I got an email (exactly 3 seconds later after previous one) from PayPal telling me that my account (PayPal) was accessed by a third party after the transaction. Between those two emails I got standard confirmations from NCsoft. I also got the slot so everything was looking legit to me. However everything got blocked and I needed to reset and set up again all my paypal login data. My old password was automatically cleaned and I was not asked for it at all. When I logged in there with new credentials I saw information that PayPal has contacted NCsoft for clarification of the incident and that they are currently investigating whether there was a security breach on the seller (NCsoft side). So far I am still waiting for the confirmation since NCsoft does not reply to PayPal (2 unanswered inquiries I am aware of). Unfortunately I do not know the details of those inquiries but I asked for them already. From what I understood they (paypal) blocked my account immediately after the incident so there was no harm done. However someone managed to login to my Paypal account just after my logging out and it happened just after the transaction.
|
|
|
|
|
Dec 08, 2009, 02:16 PM // 14:16
|
#115 | |
|
Desert Nomad
Join Date: Apr 2007
|
Quote:
I assume you have eliminated the possibility of malware on your PC, that "saw" you use Paypal and triggered an immediate attack? If so, NCsoft would be my #1 suspect... distantly followed by Paypal, and even more distantly followed by some unknown third party that tapped into your internet communications (eg. at your ISP, hacker in your neighbourhood if you use wireless, etc). |
|
|
|
|
|
Dec 08, 2009, 04:32 PM // 16:32
|
#116 | ||
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Hissy's right that you need to rule out the possibility of malware. If you don't use PayPal on an extremely regular basis, that's the most likely culprit. But if your system is clean...wow. That escalates things a few notches. Can anyone else confirm this? I'm reluctant to call a single episode a pattern despite other suspicions about the website. However, I'm not about to suggest that someone risk sacrificing their game and PayPal accounts trying to confirm. Quote:
But I can't prove that. All that I can assert is that such shortsighted behavior fits a broader pattern that we've observed in NCSoft's actions. Nor can I prove that we're getting hacked via brute force. In fact, the math would suggest that brute force is only part of the problem. Brute force alone can only explain the issue if NCSoft's data security people are impressively terrible at their jobs. You think they'd notice a spike in traffic large enough to generate the sheer volume of new account hack reports via brute force alone. Regardless, the company line is unarguably wrong. If you got hacked, it's entirely plausible that it wasn't your fault. The PlayNC authentication system just isn't robust, and it doesn't have the proper safeguards set up to protect you in the event that a hacker defeats it. It really is that simple. |
||
|
|
|
|
Dec 08, 2009, 05:51 PM // 17:51
|
#117 | |
|
Jungle Guide
Join Date: Aug 2006
Location: In my own little world, looking at yours
Guild: Only Us[NotU]
Profession: E/
|
Quote:
|
|
|
|
|
|
Dec 08, 2009, 06:14 PM // 18:14
|
#118 | |
|
Wilds Pathfinder
Join Date: Oct 2007
Guild: [BAAA] guest me NOW
Profession: Mo/
|
Quote:
|
|
|
|
|
|
Dec 08, 2009, 06:28 PM // 18:28
|
#119 | |
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
That pretty much narrows it down to inside job or external hacker compromising the site entirely, and makes my concerns about brute force petty by comparison. Any thoughts about how we can discriminate between the inside job and external hacker hypotheses? |
|
|
|
|
|
Dec 08, 2009, 06:42 PM // 18:42
|
#120 | |||
|
Grotto Attendant
Join Date: Apr 2007
|
Quote:
Quote:
Some thoughts: Could be both of you have some spyware on your machines, despite your efforts to keep them clean. Strikes me as unlikely -- anyone intelligent enough to write something to specifically monitor paypal usage would be intelligent enough to send themselves your credentials then wait 12 hours until you were more likely asleep to use them. Could be paypal being oversensitive and setting off a false alarm at legitimate activity by NCSoft. Could be man-in-the-middle. It's well known that SSL is essentially swiss cheese if you've got the resources to invest in an attack. Perhaps someone with the resources decided that NCSoft is a worthwhile target. Could be NCSoft's server is compromised and now contains a malicious program. Could be an inside job at NCSoft. Probably does NOT explain the account thefts. People with long dormanacies in GW and even longer dormancies on the NCSoft site have been hacked. That indicates either a "save em for later" approach inconsistent with trying to use stolen paypal credentials within a minute of stealign them, OR it indicates that the vulnerability requires nothing from the user to be exploited -- ex: brute forcing the NCSoft account. That's worse, since it's now two major problems instead of one. Soooo, I think it's time to repeat myself: FOR THE LOVE OF GRENTH, PLEASE ALLOWS US TO SEVER OUR GW ACCOUNTS FROM THE NCSOFT ACCOUNT! It's clear enough that there's major problems there and that NCSoft just isn't going to fix them. Quote:
Last edited by Chthon; Dec 08, 2009 at 06:46 PM // 18:46.. |
|||
|
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 10:55 AM // 10:55.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("