 |
|
Feb 25, 2009, 06:08 PM // 18:08
|
#201 | |
|
Site Legend
Join Date: Oct 2005
|
Quote:
Text book c&p no doubt.
__________________
Old Skool '05
|
|
|
|
Feb 25, 2009, 06:31 PM // 18:31
|
#202 |
|
Desert Nomad
Join Date: Aug 2006
Location: Trust me you dont want to know my Chasms of Despair
Guild: Zaishen Brotherhood
Profession: N/Me
|
Thats what happens when you use bot programs in Jade Quarry and For Older Hero Fast Faction Farm they are finally getting you back
Aint Karma a Bitch? No in all seriousness srry to hear that happened..lets start a strike in Great Temple of Balthazar. ~Nemo |
|
|
|
Feb 25, 2009, 06:32 PM // 18:32
|
#203 |
|
Academy Page
Join Date: May 2006
Location: Netherlands
Guild: Lowland Lions
|
@Wubbies: you have offended me.
Maybe this clarrifies what i mean: http://en.wikipedia.org/wiki/Informa...chnology_audit Last edited by didis; Feb 25, 2009 at 06:37 PM // 18:37.. |
|
|
|
Feb 25, 2009, 06:35 PM // 18:35
|
#204 |
|
Furnace Stoker
Join Date: Jun 2005
Location: California
Guild: 15 over 50 [Rare]
Profession: W/Mo
|
this is me being sarcastic but....
A-Net should hire MC Hammer to do a commercial on public safety/awareness on account security!! lol Imagine the dance moves that could go with the commercial? |
|
|
|
Feb 25, 2009, 06:57 PM // 18:57
|
#205 | |
|
Forge Runner
Join Date: Jun 2006
Guild: Hard Mode Legion [HML]
Profession: N/
|
Quote:
When assuming brute forcing [a-Z][0-9] online at the rate of 1 second/ attempt, knowing it's either 6 or 7 you are talking over 1000 years for all options. (62^6 + 62^7 options). However, the actual number of trials might be a lot less. Let's assume we know the password is either 6 or 7 characters long. Now I'm going to do some guessing. The actual password has at least one numerical digit and at most two. The position of those digits is either at the start or at the end of the password. And the password itself is in a dictionary. That would limit the number of options enormously. We are talking about a 4-6 character word from the dictionary + one or two digits at start or end. Still this would require some massive work, months to years. But next we can compose a list of frequently used passwords and put those first. This would make an account with such a password crackable in minutes/hours/days. On the other hand there is a list of encrypted /hashed passwords that is obtained somehow. This is way faster to process, hashing can be done upfront when assuming it's plain MD5/SHA1 hashes. Brute forcing dictionary is a matter of days when a known or no 'salt' is used. But when the 'salt' changes on every password this effort will take ages when processing a list of accounts. Attempting to hack an account online by trial and error (except a list of common passwords) is futile. The strongest attempt can be done offline but requires access to the password database. And is only worth the effort if each password is encrypted/hashed with the same mechanism and key. An attempt with a 'known list' can be done when different keys are used. If that fails the passwords are useless. Not because they can't be cracked but because they take too much time to crack. It's not NSA passwords or passwords to bank accounts. It's passwords to online accounts with a possible value of let's say $0.01 to $1000. With most accounts around the $0.01 range. |
|
|
|
|
Feb 25, 2009, 07:04 PM // 19:04
|
#206 |
|
Wark!!!
Join Date: May 2005
Location: Florida
Profession: W/
|
Jos, modern brute force password breakers can do up to 8 million attempts per second.
|
|
|
|
Feb 25, 2009, 07:09 PM // 19:09
|
#207 |
|
Frost Gate Guardian
Join Date: Jul 2006
Location: Deldrimor Warcamp
Profession: Mo/W
|
Ok this topic made me paranoid
I don't know whether it's people stupidity or a very serious threat I hope there hasn't been a leak of any database (either Anet/wiki etc) Since stealing credit card numbers is fairly easy why GW accounts should be more difficult? An idea for the developers (in case any of them is reading). Not perfect but still... Why not implement an option which will narrow the range of IP addresses which are able to log onto the account? |
|
|
|
Feb 25, 2009, 07:21 PM // 19:21
|
#208 | |
|
Academy Page
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
|
Quote:
im sure i oofend alot of people but this thread is getting so ridiculous i cant help but check it out everday..it;s better than the comics in the newspaper section..no offense  p.s. no offense i dont clic on links.. u never know who is behind the link "hacking" away 
|
|
|
|
|
Feb 25, 2009, 07:48 PM // 19:48
|
#209 | |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Quote:
|
|
|
|
|
Feb 25, 2009, 08:03 PM // 20:03
|
#210 | |
|
Furnace Stoker
Join Date: Jun 2006
Location: Minnesota
Guild: Black Widows of Death
Profession: W/Mo
|
Quote:
|
|
|
|
|
Feb 25, 2009, 08:12 PM // 20:12
|
#211 | ||
|
Ascalonian Squire
Join Date: Jan 2009
Profession: W/A
|
Quote:
It depends on a few things: 1. The complexity and length of your password. 2. How many proxies/computing power said hacker has (or how big their botnet is). If we're talking 6-7 digits with nothing special, just a word and a number or something like yippie7 or something, then not really all that long to be honest... Check this and go here to check your password strength. If you're truly worried, what I suggest you do is go here. Set it to 15 characters in length, Num + alpha + ALPHA. Generate a password. Here's some examples: IKswAquMRmpx49Y gMojLOz7w0k73Cy szjTZ0VvbLHFloM 7Ro9MBnKr6EnBPH rXYyPKhZ3LpT1vx YtHW9TFaEOHt4ZL XtKcERyi4svmSRz (don't use those, generate yourself a fresh one) Don't use those either. Edit it a little bit, add some special characters in there like !@#$%^&*()-=_ and such. Or if you want an even harder one, alt codes are good, alt+0191 ¿, ¤ alt+0164, alt+0137 ‰, alt+0134 †, et cetera. Just hold alt on your keyboard and hit a 4-5 key combination on your numpad and see what it comes up with. I'll give you an example: 3Liòw.Wóï5OöiH~ Something like the above would be much more difficult to crack. Quote:
The Dutch police found a 1.5 million node botnet and the Norwegian ISP Telenor disbanded a 10,000-node botnet. Conflicker (aka DownUp, DownAndUp, DownAdUp, Kido) is assumed to have somewhere around a 15,000,000 botnet. And well, if you can do 62MB/sec with about average DSL connections with only 620 computers, just think about 15 million... That's what, 15GB/sec not accounting for faster connections? To be honest here though, I'm pretty sure someone that has that kind of power wouldn't give a damn about GW money. Bank accounts would be very much within reach and much more profitable (not to mention other things). Last edited by Xun Rama; Feb 25, 2009 at 08:14 PM // 20:14.. |
||
|
|
|
Feb 25, 2009, 08:13 PM // 20:13
|
#212 | |
|
Wark!!!
Join Date: May 2005
Location: Florida
Profession: W/
|
Quote:
Still, you could do a lot more than 1 per second. Plus I'm not entirely sure these hackers need your password and email yet. |
|
|
|
|
Feb 25, 2009, 08:15 PM // 20:15
|
#213 | |
|
Grotto Attendant
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
|
Quote:
Very noticeable both for players and anet. |
|
|
|
|
Feb 25, 2009, 08:20 PM // 20:20
|
#214 | |
|
Desert Nomad
Join Date: Sep 2005
Location: Wakefield, West Yorkshire, Uk, Nr Earth
Guild: Alternate Evil Gamers [aeg]
Profession: N/
|
Quote:
 i loaded up and noticed my character secection screen was on a different character than when i left (I've only been on my warrior for the last few days) and my ranger loaded up which was pretty strange.Then when i loaded a character i noticed my inventory had been slightly changed (i've had my inventory the same for 4 years) so i noticed it was different straight away. I checked the guild screen it said i was last online 5 hours ago!! which i hadn't as i had been out all day, needless to say i have changed my password a couple of times since and scanned my pc with just about everything i can think of. The odd thing is, i have not lost anything from my account, No gold/items/materials/weapons/characters or anything that i can see... |
|
|
|
|
Feb 25, 2009, 08:30 PM // 20:30
|
#215 | |
|
Academy Page
Join Date: Dec 2008
Location: Bananna Dipper
Guild: It Varies
Profession: W/
|
Quote:
|
|
|
|
|
Feb 25, 2009, 09:03 PM // 21:03
|
#216 | |
|
So Serious...
Join Date: Jan 2007
Location: London
Guild: Nerfs Are [WHAK]
Profession: E/
|
I've stopped reading posts at some point (mostly due to security mistakes in the posts), but thought I'd comment on the point of password cracking. These are reliable numbers:
http://www.lockdown.co.uk/?pg=combi The advised alphabet is 96chars, and if you can manage a ClassE cracking-comp (good luck) you're going to spend 2,5years. Event a 52chars alphabet with ClassE will give you 6days (which is not a lot). Now, if you want big numbers (of course, all these numbers are offline attacks, something that most people completely got wrong in this thread) look here: http://hak5.org/forums/index.php?showtopic=11551 BTW, very speedy treatment of this case by Gaile and the support team. Hope the guys will get nailed and leave without pants. To everyone: read this article, it's a good article on passwords: (although I'm not happy he doesn't mention obfuscation by transforming chars, e.g. e to 3, o to 0, a to 4, s to %, etc.) http://www.schneier.com/essay-246.html Quote:
|
|
|
|
|
Feb 26, 2009, 12:28 AM // 00:28
|
#217 | |
|
Lion's Arch Merchant
Join Date: May 2006
Profession: A/
|
Quote:
I just remembered a show on TV about hacking,and there where talking about those really powerful worms like Storm,Blaster and Conflicker,maybe it isn't affecting just GW but other MMO's too? Last edited by Kyosuki; Feb 26, 2009 at 12:37 AM // 00:37.. |
|
|
|
|
Feb 26, 2009, 01:16 AM // 01:16
|
#218 |
|
Jungle Guide
Join Date: Aug 2005
Location: Bellevue, WA
Profession: W/
|
http://www.adobe.com/support/securit...apsa09-01.html
WARNING, there is a critical buffer overflow bug in Adobe reader, dated Feb 19. There is currently NO FIX until March 11. Excerpt: "A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009." |
|
|
|
Feb 26, 2009, 01:31 AM // 01:31
|
#219 | |
|
Wilds Pathfinder
Join Date: Aug 2008
|
Quote:
Wonder what Fril has to say about this? <ducks> EDIT: Don't do your taxes until after 3/11, I guess - if you use the IRS PDF files... |
|
|
|
|
Feb 26, 2009, 03:21 AM // 03:21
|
#220 |
|
Jungle Guide
Join Date: Aug 2006
Location: In my own little world, looking at yours
Guild: Only Us[NotU]
Profession: E/
|
Most times when I read posts like this, I think "Your fault, what did you do?"
I just spoke with my guild mate. He logged on tonight, Monk was in ToA, not the GH. I had told him about this thread when it was started. He immediately checked storage. Gone is 100+ elite tomes, 100k, 2 undedicated minis, Forgotten sword, Totem Axe, & 2 stacks candy canes. His computer is less than a week old. It was bought purely for games. Not used for "surfing" the net. So, now I wonder whats going on. |
|
|
 |
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bot Stop! they way to stop gold spammers! | bathazard | Sardelac Sanitarium | 22 | Feb 14, 2008 09:03 AM // 09:03 |
| WTF Hackers on GW...? | sunder187 | The Riverside Inn | 143 | Feb 12, 2008 01:05 AM // 01:05 |
| fujin | Technician's Corner | 3 | Nov 12, 2007 01:13 PM // 13:13 | |
| NowTumi | The Riverside Inn | 91 | Dec 12, 2005 10:43 PM // 22:43 | |
| Hackers | Canis Lupus | The Riverside Inn | 4 | Jun 03, 2005 08:45 AM // 08:45 |
All times are GMT. The time now is 02:21 AM // 02:21.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("