Dec 03, 2009, 07:36 PM // 19:36
|
#41
|
Forge Runner
Join Date: Apr 2008
Location: Texas
Guild: Reign of Judgment [RoJ]
Profession: Me/
|
Quote:
Originally Posted by masharra
but it seems through what im reading here you people seem to discount human stupidity?
|
Nope, not at all. I think people here are passionately speaking against Anet on this issue because Anet has refused to admit any fault (except, Gaile a.l.m.o.s.t did once, but then turned around a refuted it.)
I'm sure most of the hacks were because people are idiots and use terrible passwords; HOWEVER, there has to be a problem when so many hacks happen at once. Probability alone would suggest that.
|
|
|
Dec 03, 2009, 07:40 PM // 19:40
|
#42
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by masharra
but it seems through what im reading here you people seem to discount human stupidity?
sure all problems may not have been caused by negligent users but you make it seem as if thats impossible through your statements, and though i wont say arenanet is at fault or not at fault.
|
OK, so:
- A sudden increase in reports of account theft occurs.
- A new mechanism is commonly reported by those affected - password resets.
- People observe fundamental security issues on the NCSoft website permitting brute forcing.
- Passwords must be reset through that website.
I don't need to see air to know it's there, and I can infer a fire when I see smoke. You are arguing that no change in how accounts are stolen occurred. The evidence is not consistent with that argument. If that argument is true, you are relying on random chance as your explanation for apparently systematic behavior. While that can happen, it appears to be quite unlikely in this case. We have an explanation that fits the facts, and as a consequence we should discard the thesis that chance caused the results.
I have not been hacked on any of my accounts. Just so you know where I'm coming from. I'm simply appalled at ANet's "response" to this matter, and feel the need to call them on it.
Last edited by Martin Alvito; Dec 03, 2009 at 07:48 PM // 19:48..
|
|
|
Dec 03, 2009, 07:41 PM // 19:41
|
#43
|
Lion's Arch Merchant
Join Date: Jun 2009
Guild: Protectors of Fate [GoF]
Profession: N/Me
|
Quote:
Originally Posted by sickle of carnage
Usually first monday of the month..
|
Second thursday actually.
|
|
|
Dec 03, 2009, 07:59 PM // 19:59
|
#44
|
Pre-Searing Cadet
Join Date: Jan 2008
Location: Oklahoma
Guild: Passionate Kiss of Life
Profession: E/Mo
|
Quote:
Originally Posted by Martin Alvito
OK, so:
- A sudden increase in reports of account theft occurs.
- A new mechanism is commonly reported by those affected - password resets.
- People observe fundamental security issues on the NCSoft website permitting brute forcing.
- Passwords must be reset through that website.
I don't need to see air to know it's there, and I can infer a fire when I see smoke. You are arguing that no change in how accounts are stolen occurred. The evidence is not consistent with that argument. If that argument is true, you are relying on random chance as your explanation for apparently systematic behavior. While that can happen, it appears to be quite unlikely in this case. We have an explanation that fits the facts, and as a consequence we should discard the thesis that chance caused the results.
I have not been hacked on any of my accounts. Just so you know where I'm coming from. I'm simply appalled at ANet's "response" to this matter, and feel the need to call them on it.
|
firstly i havent been following any of this so forgive my ignorance
i sincerely doubt anyone who has observed these fundamental security issues is a network security specialist and as thus imo their findings are null and void.
a sudden increase in account theft reports
who says a new undetectable key logger hasnt been released?
go play soldier front on ijji
when a shitload of hacks appear 1st thing i say is a new hack is released. i have no idea what i was tryng to say there
i mean what if just MAYBE they are not at fault
is it really that bad to say hey
"hey dont look at me its you guys"
that being said
i have to say i dont know who is to blame if anyone id blame the hackers/keyloggers/gold buyers/etcetc
when there is not enough evidence to say it is your fault as fact
im going to keep my mouth shut.
eitherway i hope the guys who lost their account well get lucky at dhumms chest.
|
|
|
Dec 03, 2009, 08:07 PM // 20:07
|
#45
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by masharra
who says a new undetectable key logger hasnt been released?
|
There are much more profitable uses for such things than hacking Guild Wars accounts. If I had both an undetectable keylogger and the inclination to use it for malicious purposes, I wouldn't be stealing digital merchandise that I have to fence in order to realize a profit.
Can we agree that anyone smart enough to write an undetectable keylogger is also smart enough to use it efficiently?
Quote:
Originally Posted by masharra
i sincerely doubt anyone who has observed these fundamental security issues is a network security specialist and as thus imo their findings are null and void.
|
Blind faith in credentials? You wouldn't be the first to make that mistake, but it's an error to assume that people without credentials are always wrong. Often =/= always.
|
|
|
Dec 03, 2009, 08:20 PM // 20:20
|
#46
|
Pre-Searing Cadet
Join Date: Jan 2008
Location: Oklahoma
Guild: Passionate Kiss of Life
Profession: E/Mo
|
i wouldnt say im blindly putting faith in credentials though i would rather a guy who is a MD to set my leg than the guy who said he saw it on discover channel.
are you placing blind faith in those without credentials?
personally id rather the person with.
and they say its susceptible to brute forcing which means some of these people attempted brute forcing the anet website?
i mean how can you say its susceptible without trying it?
well i suppose you are right about using it efficently
but i think there is a major difference between stealing cc's and gw accounts
gw might not make you as much money but you will be much safer if not totally immune to any retribution.
i mean your arguement about the use of undetectable software for more malicious uses is sort of moot becuase how many hackers hack games daily with dll injection when they could just as easily steal all of your info and they dont?
im grouping you in the smarter catagories of the internet and well just becuase you can make an undetectable keylogger doesnt mean you can/want to steal cc's. personally id want your email address and pw just so i can delete them all to ruin your day
*not you personally*
and well until they gold sellers start posting thier profits we dont know how much they make. id assume a good amount though.
Last edited by masharra; Dec 03, 2009 at 08:21 PM // 20:21..
Reason: god my spelling fails
|
|
|
Dec 03, 2009, 08:25 PM // 20:25
|
#47
|
Jungle Guide
Join Date: Aug 2006
Location: In my own little world, looking at yours
Guild: Only Us[NotU]
Profession: E/
|
I am curious. Are the only accounts that are being 'hacked' just the accounts worth major coin? Things that are stolen or go missing are high end items, FOW armor, ectos, rare minis, very rare weapons, etc. If accounts of lesser are not being 'hacked', why not? What is it that the 'rich' accounts have in common, other than being 'rich'? Do they talk about their wealth and where do they talk about it? Is the 'hacker' searching forums or do they sit in 'elite' areas and stalk their victims?
Questions;
How many low end accounts vs high end accounts get hacked?
How many accounts that are 'hacked' do not use forums?
People use their computers for more than just Guild Wars. as an example; How many also use Facebook? Many accounts there get hijacked regularly. My antivirus programs have warned me several times of Trojans detected. Many people shut down background programs to make their computer run faster. This invites infection.
I have and do 'violate' some of the 'rules' of computer protection. Even with that, I still have several layers of protection, always updated. Am I still vulnerable? Probably. After all, a lock just keeps the honest man honest.
|
|
|
Dec 03, 2009, 08:34 PM // 20:34
|
#48
|
Pre-Searing Cadet
Join Date: Jan 2008
Location: Oklahoma
Guild: Passionate Kiss of Life
Profession: E/Mo
|
what is this facebook you speak of? I also do that i turn off my firewall when something isnt connecting, pfft right now i uninstalled my virus protection cuz well fux it im so poor all they can take is the last 20bucks in my account.
that and it kept ctding. theres this lovely little virus that downloads itself to your comp through a picture.
how to solve problem
switch to linux change password reg. and dont sign up on any fansites
if your account still gets stolen
then say wtf arenanet?
|
|
|
Dec 03, 2009, 08:53 PM // 20:53
|
#49
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by masharra
i wouldnt say im blindly putting faith in credentials
|
Of course you wouldn't.
I agree that experience is generally preferable. My point was that rejecting findings out of hand because the individual presenting the findings doesn't have the "appropriate" credentials is a mistake. You did take that position.
Quote:
Originally Posted by masharra
and they say its susceptible to brute forcing which means some of these people attempted brute forcing the anet website?
|
I can't find the threads with search for some reason, but if memory serves there were two separate issues. One was that you could simply brute force passwords because the system wasn't locking people out properly for failed logon attempts. The other had something to do with the website's code and was a more attractive/efficient option, but since I don't work with this stuff I cannot remember the details.
The threads I did find had posts from people with IT experience indicating that they had passwords stolen using computers that were clean beyond any reasonable doubt. Those experts identified the NCSoft website as the only logical culprit, because it was how their passwords were changed.
Quote:
Originally Posted by masharra
gw might not make you as much money but you will be much safer if not totally immune to any retribution.
|
While you have a point, ANet has repeatedly stated that the preponderance of the gold sellers are based in China. That more or less makes them immune to prosecution anyway if they don't get too greedy, regardless of activities.
If someone had absolutely unfettered access, extortion would probably beat out even credit cards for profit. Just saying.
I'm not saying that hacking the accounts isn't profitable, merely that it isn't sufficiently profitable given that kind of access to someone's computer. Hacking game accounts when your activities are detectable and you're located someplace where you could be prosecuted starts to make sense.
|
|
|
Dec 03, 2009, 08:59 PM // 20:59
|
#50
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by Perkunas
I am curious. Are the only accounts that are being 'hacked' just the accounts worth major coin? Things that are stolen or go missing are high end items, FOW armor, ectos, rare minis, very rare weapons, etc. If accounts of lesser are not being 'hacked', why not? What is it that the 'rich' accounts have in common, other than being 'rich'? Do they talk about their wealth and where do they talk about it? Is the 'hacker' searching forums or do they sit in 'elite' areas and stalk their victims?
|
The people with a lot of stuff invested time in acquiring it and are much more likely to post about it than players with little in-game wealth.
Also, players that are still highly active are overwhelmingly likely to have some of these things due to XTH and easy ecto farming. Players that post on fansite forums tend to have been highly active at some point in time.
Finally, it's fairly obvious that someone has programmed a bot to steal stuff, and that it's bad at identifying items of value. It goes after the items you mention but misses other valuable goodies such as Sup Vigors on heroes.
|
|
|
Dec 03, 2009, 09:03 PM // 21:03
|
#51
|
Lion's Arch Merchant
Join Date: Oct 2006
Location: USA
Guild: Servants of Fortuna
Profession: W/
|
Quote:
Originally Posted by lejimmtohy
Hey no offense to all of these bug updates but really, when are the skill updates rolling in?
|
Quote:
Originally Posted by Short
Second thursday actually.
|
Yes, usually the 2nd OR 3rd Thursday of the month... depending on work load... which this month I see has the worst load for ANET to date...
~ Winters Day
~ Skill Update was pushed to this month (which likely includes SF)
~ New Test Krewe integration
~ GW2
So don't be surprised if the Update happens the 3rd Thursday of this month which is Dec 17th. (based on past instances of ANET)
OH and for those that want to QQ about no content/skill updates and stuff... see above list, plus Dhuum and the fact that you are not paying ANET for anything until 2011. So enjoy any free content that comes from ANET in a 4.5 year old game...
Last edited by ]HM[ Sabre Wolf; Dec 03, 2009 at 09:10 PM // 21:10..
Reason: and 1 more thing...
|
|
|
Dec 03, 2009, 09:13 PM // 21:13
|
#52
|
Pre-Searing Cadet
Join Date: Jan 2008
Location: Oklahoma
Guild: Passionate Kiss of Life
Profession: E/Mo
|
perhaps perhaps i tire of this discussion i have a paper to write.
i personally tend to not take most things i read on the internet worth a dime because well i had my stupid days
i have extensive computer experience but ofc i deal with hardware so my knowledge of software is quite limited.
and well at the end of the day all i can say is I dont know.
i am not an expert. Ive yet to be hacked. I do know its not A-nets fault they were hacked. Its the hackers fault. If there is a vulnerability with a-net website im surprised because i seem to remember seeing how many people were locked out when they gave the wrong password during the xunlia pane event. * i was one of em*
though i would like to add just because your password was changed on arena-net doesn't mean the vulnerability is theirs automatically.
your password could have been stolen and the offender merely logged onto your arena-net and changed password.
again until the people who did the tests start showing their ccnp id number or give a repeatable test that everyone can try and get the same results it isnt 100percent arena-nets fault. imo
|
|
|
Dec 03, 2009, 09:14 PM // 21:14
|
#53
|
Krytan Explorer
Join Date: Oct 2007
Guild: Jay To Much [SrE]
Profession: Me/N
|
your password can be mike and nobody will steal your account..simplicity in passwords have nothing to do with it. Think of the probability out of all the simple words that someone picks yours before quitting. Its like telling a friend to think of a word and trying to predict it. Either these individuals got keylogged or they told someone, keylogging is probably the answer.
|
|
|
Dec 03, 2009, 09:18 PM // 21:18
|
#54
|
Forge Runner
Join Date: Apr 2008
Location: Texas
Guild: Reign of Judgment [RoJ]
Profession: Me/
|
Quote:
Originally Posted by ]HM[ Sabre Wolf
~ GW2
|
For the last mother fcking time, the Guild Wars Live Teams DOES NOT work on GW2. The CR team does, but at the moment they have very little to do.
Quit using this as an excuse, even Linsey has called bullshit on this.
Quote:
Originally Posted by ]HM[ Sabre Wolf
OH and for those that want to QQ about no content/skill updates and stuff... see above list, plus Dhuum and the fact that you are not paying ANET for anything until 2011. So enjoy any free content that comes from ANET in a 4.5 year old game...
|
So when you QQ at the QQ'ers it doesn't count as QQ'ing? Oh, ok. My bad. Circular logic is pro.
|
|
|
Dec 03, 2009, 09:23 PM // 21:23
|
#55
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by masharra
i am not an expert. Ive yet to be hacked. I do know its not A-nets fault they were hacked. Its the hackers fault. If there is a vulnerability with a-net website im surprised because i seem to remember seeing how many people were locked out when they gave the wrong password during the xunlia pane event. * i was one of em*
|
This apparently changed and I was just as surprised to hear it as you are.
Quote:
Originally Posted by masharra
though i would like to add just because your password was changed on arena-net doesn't mean the vulnerability is theirs automatically.
|
If there is unauthorized access, either your system was compromised or the accessed system was compromised. If we can rule one out, the other must be true.
Quote:
Originally Posted by masharra
again until the people who did the tests start showing their ccnp id number or give a repeatable test that everyone can try and get the same results it isnt 100percent arena-nets fault. imo
|
Which gets back to my points about air and smoke -> fire. I'm not willing to use such a restrictive proof standard. The community suspected duping before the method was proven, but discounted the possibility because ANet assured us backwards and forwards that duping was impossible.
|
|
|
Dec 03, 2009, 09:27 PM // 21:27
|
#56
|
Lion's Arch Merchant
Join Date: Oct 2006
Location: USA
Guild: Servants of Fortuna
Profession: W/
|
Quote:
Originally Posted by Karate Jesus
For the last mother fcking time, the Guild Wars Live Teams DOES NOT work on GW2. The CR team does, but at the moment they have very little to do.
Quit using this as an excuse, even Linsey has called bullshit on this.
|
Granted yes, but it still has to pass the same people of inspection before it gets implemented... so they are still doing some work on both.
Quote:
Originally Posted by Karate Jesus
So when you QQ at the QQ'ers it doesn't count as QQ'ing? Oh, ok. My bad. Circular logic is pro.
|
No... stating facts is not QQing... QQing is when you say "blarg blarg blarg (insert cuss) blarg blarg"... its called cramming the facts down their throat so they get it... but deaf ears/blind eyes... so in the end, it was a waste of 30 minutes...
|
|
|
Dec 03, 2009, 09:37 PM // 21:37
|
#57
|
Older Than God (1)
Join Date: Aug 2006
Guild: Clan Dethryche [dth]
|
Quote:
Originally Posted by ]HM[ Sabre Wolf
OH and for those that want to QQ about no content/skill updates and stuff... see above list, plus Dhuum and the fact that you are not paying ANET for anything until 2011. So enjoy any free content that comes from ANET in a 4.5 year old game...
|
That "free content" is a marketing expense for GW2 and it is simply good business. Software publishing is a business where you lose money now to make money later. We disagree about whether or not that expense will justify its returns, not about whether or not we have a "right" to such free content.
I think you can make a strong argument that NCSoft is being penny wise and pound foolish in their approach to maintaining GW. A lot of things have happened in the last couple of years that have upset a lot of players, and it seems that ANet is taking the future business of those upset players for granted with the skeleton support staff approach.
|
|
|
Dec 03, 2009, 09:47 PM // 21:47
|
#58
|
Forge Runner
Join Date: Apr 2008
Location: Texas
Guild: Reign of Judgment [RoJ]
Profession: Me/
|
Quote:
Originally Posted by ]HM[ Sabre Wolf
Granted yes, but it still has to pass the same people of inspection before it gets implemented... so they are still doing some work on both.
|
Source?
Quote:
Originally Posted by ]HM[ Sabre Wolf
No... stating facts is not QQing... QQing is when you say "blarg blarg blarg (insert cuss) blarg blarg"... its called cramming the facts down their throat so they get it... but deaf ears/blind eyes... so in the end, it was a waste of 30 minutes...
|
The facts, huh? Well, if your facts are wrong....then....you're just ramming bullshit down people's throats.
|
|
|
Dec 03, 2009, 09:51 PM // 21:51
|
#59
|
Guest
|
Quote:
Originally Posted by Karate Jesus
Source?
The facts, huh? Well, if your facts are wrong....then....you're just ramming bullshit down people's throats.
|
So, you'll be the one from the test krewe to slip on the ice and spill the beans then? sweet.
|
|
|
Dec 03, 2009, 09:54 PM // 21:54
|
#60
|
Forge Runner
Join Date: Apr 2008
Location: Texas
Guild: Reign of Judgment [RoJ]
Profession: Me/
|
Quote:
Originally Posted by flubber
So, you'll be the one from the test krewe to slip on the ice and spill the beans then? sweet.
|
I'm on the Test Krewe?
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 10:54 AM // 10:54.
|