May 14, 2009, 01:14 AM // 01:14
|
#21
|
Forge Runner
Join Date: Mar 2006
Location: Mableton, Georgia
Guild: Guild Ancestors Reunited [ギルド]
|
Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.
~LeNa~
|
|
|
May 14, 2009, 02:20 AM // 02:20
|
#22
|
Desert Nomad
Join Date: Aug 2005
Location: GW
Profession: Me/
|
Quote:
Originally Posted by JonnieBoi05
Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.
~LeNa~
|
That's funny, i have 11 too and have also played for 3 years. I got most of my accounts by hacking but have never been hacked myself.
\0/ reap the benefits, free z keys and travellers gifts.
|
|
|
May 14, 2009, 03:48 AM // 03:48
|
#23
|
Furnace Stoker
|
He probably downloaded a trojan.
|
|
|
May 14, 2009, 05:23 AM // 05:23
|
#25
|
Krytan Explorer
Join Date: May 2006
Location: Croatia
Guild: Precko Boys [PREX]
Profession: W/
|
Quote:
Originally Posted by JonnieBoi05
Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.
~LeNa~
|
Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.
Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)
There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day
|
|
|
May 14, 2009, 06:29 AM // 06:29
|
#26
|
Jungle Guide
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
|
Quote:
Originally Posted by shogun avatar
Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.
Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)
There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day
|
From what you have said above, you almost certainly got keylogged, rather than someone trying out random combinations and randomly stumbling across your account name and password. It can happen even if you think you've been completely safe, and have never downloaded or run anything suspicious. Frequently there are security vulnerabilities in regular software you already have, and Adobe Flash is the prime candidate for these sorts of attacks.
Brute forcing passwords in games pretty much doesn't happen unless the hacker obtained the game's password file (that consists of the password hashes) to run dictionary attacks on, which doesn't happen. Keylogging is the most probable cause.
Also, disabling an account after 3 incorrect attempts is not a good solution, because then you could grief someone's account by failing to enter the correct password.
There are tons of Flash vulnerabilities, there's about one critical vulnerability a month; I know, because last year my WoW account got keylogged from a Flash vulnerability that was only 2 days old. For example (this is just one), here's a critical Flash vulnerability from Feb 24 of this year that lets any Flash app take control of your computer.
http://www.adobe.com/support/securit...apsb09-01.html
You can find others here:
http://www.adobe.com/support/security/
Now maybe in your case it was something other Flash, but either way, a keylogger installed by exploiting buggy software you already have installed is the most likely cause, not a script sitting there spamming arenanet's login servers with every possible account name and password.
Last edited by Gigashadow; May 14, 2009 at 06:41 AM // 06:41..
|
|
|
May 14, 2009, 07:07 AM // 07:07
|
#27
|
Forge Runner
Join Date: Mar 2006
Location: Mableton, Georgia
Guild: Guild Ancestors Reunited [ギルド]
|
Quote:
Originally Posted by shogun avatar
Quote:
Originally Posted by JonnieBoi05
Hmm... I've played GW for over 3 years and I owned 11 accounts and never have I been "hacked". As everyone else has said to you: there is a LOT more to the story than what you just told us.
~LeNa~
|
Don't assume right away that if someone says he got hacked is not telling you full story. A few weeks ago, someone logged onto my account (had same password for 3 years, never EVER downloaded any kind of 3rd party program for gw, or any other game. Hell i didn't even download p0rn on this pc) and swooped it clean. Everything worth selling was taken and who inventories of my chars destroyed. Ofcourse chars were found in asian district in GToB.
Guess somebody just picked you out on random and force tryed your pass until he got that right (ther are programs for that)
There should be something like: if you don't get your pass right 3 times, you can't log on for the remainder of the day
|
Please... I doubt it... With a password like his? And "never telling anyone his email?" Almost ALL account thefts are from actions/programs on behalf the owners end.
Quote:
Originally Posted by Gigashadow
From what you have said above, you almost certainly got keylogged, rather than someone trying out random combinations and randomly stumbling across your account name and password. It can happen even if you think you've been completely safe, and have never downloaded or run anything suspicious. Frequently there are security vulnerabilities in regular software you already have, and Adobe Flash is the prime candidate for these sorts of attacks.
Brute forcing passwords in games pretty much doesn't happen unless the hacker obtained the game's password file (that consists of the password hashes) to run dictionary attacks on, which doesn't happen. Keylogging is the most probable cause.
Also, disabling an account after 3 incorrect attempts is not a good solution, because then you could grief someone's account by failing to enter the correct password.
There are tons of Flash vulnerabilities, there's about one critical vulnerability a month; I know, because last year my WoW account got keylogged from a Flash vulnerability that was only 2 days old. For example (this is just one), here's a critical Flash vulnerability from Feb 24 of this year that lets any Flash app take control of your computer.
http://www.adobe.com/support/securit...apsb09-01.html
You can find others here:
http://www.adobe.com/support/security/
Now maybe in your case it was something other Flash, but either way, a keylogger installed by exploiting buggy software you already have installed is the most likely cause, not a script sitting there spamming arenanet's login servers with every possible account name and password.
|
Thank you. PC-knowledged ftw.
~LeNa~
Last edited by jonnieboi05; May 14, 2009 at 07:11 AM // 07:11..
|
|
|
May 14, 2009, 07:35 AM // 07:35
|
#28
|
Lion's Arch Merchant
Join Date: Jul 2008
Profession: Mo/
|
i once got scared when i thought i had a keylogger on my computer.
i was online and suddenly i log off out of nowhere. checked my internet connection and it was fine. so it wasn't a DC. so i figured.. hmm some bitch is trying to steal my account, no f**king way..
so i changed my password everytime i logged on
since i don't know much of computers, like how to remove it with anti-virus or how to format your computer
now my friend has formatted my computer (for other reasons too) and well still have everything
|
|
|
May 14, 2009, 10:56 AM // 10:56
|
#29
|
Desert Nomad
Join Date: Jul 2006
Location: New Zealand
Guild: None
|
Quote:
Originally Posted by kunt0r
Guild Wars Account Security is fine. Your account was stolen because you failed to protect it. This is 100% your fault.
|
True story.
Of all the online games i have played/own, and accounts i use, never once has one been hacked.
Iv'e never had problems with NCsoft support either, of the 3 times i have contacted them, i have always had a reply within 24 hours.
|
|
|
May 14, 2009, 03:55 PM // 15:55
|
#30
|
Krytan Explorer
Join Date: Dec 2008
Location: Above you.
Profession: Mo/W
|
I have a little tip for account security...
Go here: http://rumkin.com/tools/password/pass_gen.php
Set it to +Num +alpha +ALPHA and 15 characters
Generate a string. Examples:
Code:
UW7zYy8mOBYotoH
GodxLZ0FaTl683I
nLctogzeulOaduA
O43ozroiKWXKtxb
1QpFMq5n50QYbrA
zWNCWZNMXw5Lh4O
zBCTYhGe971CHLX
DrjWv2Pu4FLlE1r
fODxiJVbwzn1OqC
Bw3xCyuu7ZZzmQD
Now, take that string, and replace some random characters with a couple alt codes, without typing the rest of it, ever.
Now, download this: http://passwordsafe.sourceforge.net/
Put your password in there, and never ever type it.
Account secure, even if you do get a keylogger.
Last edited by Empress Amarox; May 14, 2009 at 04:27 PM // 16:27..
|
|
|
May 14, 2009, 06:29 PM // 18:29
|
#31
|
Jungle Guide
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
|
The other thing you can do, which is what I do, is just use the -password switch to the gw.exe command line to specify your password for your Guild Wars shortcut, so that you don't ever type it, so no keylogger will catch it. Just double click the icon on your desktop and you're in game without having to type anything, it's very convenient. Obviously if your machine is not physically secure from other people, don't do this.
|
|
|
May 14, 2009, 07:31 PM // 19:31
|
#32
|
Lion's Arch Merchant
Join Date: Oct 2006
Guild: Clan Roxor
Profession: W/E
|
Its not their fault someone had your password, its yours
|
|
|
May 17, 2009, 05:47 PM // 17:47
|
#33
|
Krytan Explorer
Join Date: Dec 2008
Location: Above you.
Profession: Mo/W
|
Quote:
Originally Posted by Gigashadow
The other thing you can do, which is what I do, is just use the -password switch to the gw.exe command line to specify your password for your Guild Wars shortcut, so that you don't ever type it, so no keylogger will catch it. Just double click the icon on your desktop and you're in game without having to type anything, it's very convenient. Obviously if your machine is not physically secure from other people, don't do this.
|
I don't entirely think that may be safe... If you have a trojan, you're storing that password unencrypted in a shortcut, so they could just view the shortcut and easily get your password.
But, that may just be me being paranoid... That's why I made a post about encrypted shortcuts... http://www.guildwarsguru.com/forum/s...31#post4635631
|
|
|
May 17, 2009, 07:54 PM // 19:54
|
#34
|
Jungle Guide
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
|
Quote:
Originally Posted by Empress Amarox
I don't entirely think that may be safe... If you have a trojan, you're storing that password unencrypted in a shortcut, so they could just view the shortcut and easily get your password.[/url]
|
If you have a trojan, your machine is already totally compromised by having hostile code executing on it, so at that point you just have to play the odds and hope that whatever other defense you took is obscure and specific enough.
Even passwordsafe isn't completely safe, as at some point the unencrypted password has to be entered into a field somewhere, even if by cut and paste from the clipboard.
If you use a special executable with an encrypted password that launches GW.EXE, it could just watch and see what gw.exe (rather than the launcher) actually gets launched with, since gw.exe takes the plaintext password as a parameter.
Luckily though, trojans are just opportunistic keyloggers that try to catch passwords for ANY game, bank account, or really anything you enter into a password field in any application or web page. They aren't specific to Guild Wars, and certainly not enough to look around your machine hoping you are one the 0.01% of the GW population that puts a -password switch on the gw.exe shortcut. Or so I hope anyway At some point you just have to balance convenience vs paranoia.
I'd say though that installing a virus scanner is definitely worthwhile for anyone who doesn't have one. I used to never use one, because I was always paranoid about installing anything, and always kept up to date on security updates. I also know how badly most of them slow down machines. I would check my system once a year and then immediately uninstall the scanner, and I always came up clean. However, for the first time, last year, I got keylogged through no fault of my own; shitty adobe products like Flash are filled with security holes that can be exploited to allow arbitrary code to run on your system, and need to be kept up to date every month. I then realized the days of doing without a permanent virus scanner were over.
Luckily Kaspersky is very low overhead and doesn't bog down my system. I wasn't at all surprised that the only vulnerabilities it ever finds on my machine are in adobe software.
Last edited by Gigashadow; May 17, 2009 at 07:57 PM // 19:57..
|
|
|
May 17, 2009, 09:25 PM // 21:25
|
#35
|
Forge Runner
Join Date: Aug 2006
Location: Scotland
Guild: Type like an idiot, I'll treat you like an idiot
Profession: E/Me
|
Quote:
Originally Posted by shogun avatar
had same password for 3 years
|
Am I the only one who sees the problem here?
|
|
|
May 17, 2009, 10:03 PM // 22:03
|
#36
|
Desert Nomad
|
Stop visiting porn sites and downloading game torrents and you will 99.9% stop getting hacked. Continue to visit them then quit coming to forums complaining you got hacked. The percentage of people who visit porn sites and download game torrents have a 75%+ chance of getting a key logger trojan or a virus. The other is thinking no one around you could know your password. There are people out there with photographic memories that can just watch you type on your keyboard from a distance and tell you what you typed. Who's been sitting beside you watching you play?
|
|
|
May 17, 2009, 10:03 PM // 22:03
|
#37
|
Wilds Pathfinder
Join Date: Aug 2005
Location: Netherlands
|
Quote:
Am I the only one who sees the problem here?
|
I never understood this. If you don't tell anyone your password, how is changing a password regularly safer than keeping the same for a long period of time?
Gigashadow, you don't like Flash very much I take it?
|
|
|
May 19, 2009, 01:37 AM // 01:37
|
#38
|
Jungle Guide
Join Date: Dec 2005
Guild: Mystical Chaos
Profession: E/
|
Wow. How many people does it take to gripe at the guy's security, and ignore his actual complaint. It wasn't so much about being hacked, as it was being unable to reset his own password without going through NCSoft support.
It should take more than just an old->new password. They should, at the very least, require the account name and email verification to change the password. And, if the password needs to be reset without inputting the old password as well, there should be a block placed on the account until it goes through support. At least that way there's a chance that some of your stuff and characters will still be there when it's done.
|
|
|
May 19, 2009, 02:23 AM // 02:23
|
#39
|
Academy Page
|
Quote:
Originally Posted by sykoone
Wow. How many people does it take to gripe at the guy's security, and ignore his actual complaint. It wasn't so much about being hacked, as it was being unable to reset his own password without going through NCSoft support.
|
His original complaint is stupid. It's essentially "Baww, someone got my super duper awesome password because I suck at the internet and a gaming company who has no financial motive to give a shit doesn't give a shit. They should change their system because I'm a retard."
Yeah, no. Quit being bad and no one will get your password. If you got it stolen it's because you have dickish friends or went to a dubious GW fansite and downloaded an exe or didn't have noscript on. Period.
|
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
Account Security
|
You just got tomahawked |
Off-Topic & the Absurd |
13 |
Aug 28, 2008 02:48 PM // 14:48 |
About Account Security
|
Gaile Gray |
The Riverside Inn |
86 |
May 05, 2008 05:20 PM // 17:20 |
Age |
Technician's Corner |
6 |
Aug 18, 2007 09:14 AM // 09:14 |
Gaile Gray |
The Riverside Inn |
10 |
Jul 11, 2005 07:26 AM // 07:26 |
All times are GMT. The time now is 09:19 PM // 21:19.
|