Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > The Inner Circle > The Riverside Inn

Notices

Reply
 
Thread Tools Display Modes
Old Feb 15, 2007, 07:32 AM // 07:32   #21
Wilds Pathfinder
 
B Ephekt's Avatar
 
Join Date: Feb 2006
Guild: Team Crystalline [TC]
Profession: Mo/
Advertisement

Disable Ads
Default

Quote:
Originally Posted by Solar Light
the sarcasam ehre sickens me, have fun with the day that you get hacked, because, despite however hard we try not to, the odds remain that it can happen.
You can prevent being "hacked" (or more accurately the target of a key logging malware, since it's unlikely someone manually hacked this information) by educating yourself about basic computer security. It does sound like Anet dropped the ball with their password reset option, but had the user taken proper security measures it wouldn't never been an issue.

Point being, maybe the person could try and learn a thing or two from this experience instead of just complaining.
B Ephekt is offline   Reply With Quote
Old Feb 15, 2007, 07:44 AM // 07:44   #22
ArenaNet
 
Gaile Gray's Avatar
 
Join Date: Feb 2005
Default

The OP saw fit to post this in multiple fan forums. I must say, that's not a good or courteous choice, since server costs have an impact upon the kind folks who house these forums, and it appears a tad like "dev bashing" to take a negative, accusatory post to multiple sites. Regardless, let me repeat what I said elsewhere:

I have passed this along. I share your concerns, but I must, once again, make suggestions rather than simply shaking my fists at the heavens. For the vast, vast majority of account thefts are connected to simple human error and poor choices in selecting a user name, or in keeping a password private. Here are some tips:
  • Select a unique user name, and not "(name)GuildWars."
  • Use a secure password. No birthdates, no pet names. Toss in symbols, capitalization, numbers, and more.
  • Do not use that same password for PlayNC or any other purpose!
  • Do not use an email account that is publicly known. Since Guild Wars requires an email address for user name, can you see fit to set up a separate account for games? Can you not give out that name to people you meet in the game? Have an email for games, and an email for, you know, email. But keep them both current so you don't find yourself unable to confirm ownership of the account, or receive alerts should someone try to access the account.
  • If you set up your account through PlayNC, it seems to me you have an extra layer of security: PlayNC name, game user name, password. I could be mistaken, but that seems better, not worse. However, being able to change that information would be a really good thing, and I've written tonight to ask if there is any chance that we can foresee such an option in the near future. I'm hopeful that players will, someday, be allowed to change some or all of the various parameters of their account security. But at the same time, the very ability to make those changes could open security breaches, and in fact requires greater diligence on the part of both player and company.
I hope to have more information for you soon, and thank you for your patience on this matter.
__________________
Gaile Gray
Support Liaison
ArenaNet
Gaile Gray is offline   Reply With Quote
Old Feb 15, 2007, 09:00 AM // 09:00   #23
Banned
 
Hockster's Avatar
 
Join Date: Jul 2005
Default

Quote:
Originally Posted by bart
it sucks to get hacked. a friend got hacked 3 times and he's done everything from changing password to using spybot/antivirus. I suspect that its the add-ons that he downloaded for the game that is siphoning information to the hacker.
Your friend is a total idiot. Of course the "addons" are giving away everything. They have keyloggers built in. This has been mentioned so many times, on so many forums, that anyone falling for this completely deserves what they get, or lose in their case.
Hockster is offline   Reply With Quote
Old Feb 15, 2007, 04:38 PM // 16:38   #24
Krytan Explorer
 
Alex Weekes's Avatar
 
Join Date: Mar 2005
Location: Brighton, UK
Default

(Edits in italics)

Can you please detail exactly what your concerns are with regards a "security hole" in PlayNC accounts? I ask, because security has been significantly improved on PlayNC master accounts over the last few months:

1. It is no longer possible to 'brute force' the resetting of passwords on an account, because the system will lock out for a period of time after a handful of incorrect attempts.

2. Resetting your master account password now involves an email being sent to the address registered within PlayNC. You cannot simply change someones password by knowing their birthdate and guessing their security question answer.

Now, with regards changing your details within PlayNC:

1. You CAN change a linked Guild Wars account password through a PlayNC master account. Simply login to the account, find your GW account in the Games List and then click the "Account Details" button associated with that account. Then choose the "Reset Password" button.

2. You CAN change your contact email address. This email address will be used for notifying you of any password changes and for resetting a forgotten Master Account password. To change the email address, login to your Master Account and scroll down to the bottom of the page. At the bottom are your contact details. Click the "Edit Contact Info" link, and change your designated contact email address.

Important Note: A PlayNC Master Account is *not* the same as a Support account used for communicating with the PlayNC support teams. Logging in to a PlayNC Master Account should be done through the "Account" link button on the left side Nav of the PlayNC site.

Last edited by Alex Weekes; Feb 16, 2007 at 09:37 AM // 09:37..
Alex Weekes is offline   Reply With Quote
Old Feb 15, 2007, 04:54 PM // 16:54   #25
ArenaNet
 
Gaile Gray's Avatar
 
Join Date: Feb 2005
Default

Alex,

The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer.

So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
__________________
Gaile Gray
Support Liaison
ArenaNet
Gaile Gray is offline   Reply With Quote
Old Feb 15, 2007, 05:16 PM // 17:16   #26
Desert Nomad
 
Phaern Majes's Avatar
 
Join Date: Sep 2005
Location: Anywhere but up
Guild: The Panserbjorne [ROAR]
Profession: R/Mo
Default

Just curious, if some logged in to your NCSoft account couldn't they just change your email THEN change your password? I mean if they change your email then the having to confirm your password change wouldn't really be an issue for them. I realize that for them to even be able to get on your NCSoft account would be a security hole on the user's end. I'm just saying once they did I don't see how you could get your NCSoft account back if all they had to do was change your email first then your password.
Phaern Majes is offline   Reply With Quote
Old Feb 15, 2007, 06:04 PM // 18:04   #27
Banned
 
Hockster's Avatar
 
Join Date: Jul 2005
Default

Quote:
Originally Posted by Alex Weekes
1. It is no longer possible to 'brute force' the password on an account, because the system will lock out for a period of time after a handful of incorrect password attempts.
Last time I checked on my own Master account, I incorrectly entered a password 15 times and never triggered a lock out. That was about two months ago. Fifteen attempts is way too high. It should be no more than five.

There have been a couple recent threads here where the users stated getting a huge number of the auto response email about someone attempting to access an account. If the lockout mechanism in in place it appears that it is nonfunctional.
Hockster is offline   Reply With Quote
Old Feb 15, 2007, 06:22 PM // 18:22   #28
Desert Nomad
 
NeHoMaR's Avatar
 
Join Date: Feb 2006
Default

Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.
NeHoMaR is offline   Reply With Quote
Old Feb 15, 2007, 06:33 PM // 18:33   #29
Wilds Pathfinder
 
Shadow Kurd's Avatar
 
Join Date: May 2006
Location: Netherlands
Guild: Scouts of Tyria
Profession: P/
Default

Quote:
Originally Posted by Gaile Gray
Alex,

The concern that I've seen expressed is handling changes to your Guild Wars user name once linked to PlayNC. I believe that is not possible with the current situation. Now that may lie in the fact that one has lost access to an older email address, through a change in ISP, though a expiration, for whatever reason. Some processes require verification via email, and once one cannot access a former email account, verification becomes impossible. One wants to change to a new Guild Wars user name, but changing the user name requires receiving email at that user name (email address), yet one cannot access that address any longer.

So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
Thats exactly what happend to me, i have two accounts, but because i coudnt link them both to one email address i made another one at hotmail. But stupid hotmail closes your email if you dont log in once every month, so if i forget to log in im running the risk of my email address being taken becuase i cant change my email adress to an other one,(Gmail for example)
Shadow Kurd is offline   Reply With Quote
Old Feb 16, 2007, 12:19 AM // 00:19   #30
Frost Gate Guardian
 
Solar Light's Avatar
 
Join Date: May 2006
Guild: Teutonic Warriors {TW}
Profession: Mo/
Default

Quote:
The OP saw fit to post this in multiple fan forums. I must say, that's not a good or courteous choice, since server costs have an impact upon the kind folks who house these forums, and it appears a tad like "dev bashing" to take a negative, accusatory post to multiple sites. Regardless, let me repeat what I said elsewhere:
I wanted to post on GWo and here in order to let more people see the security issues i want to adress, i still see tons of people bashing and calling people stupid for getting hacked, but, how or why someone gets hacked is not my topic, it is the fact that the lockup of GW login name, and password sometimes, has costed my freind a second hacking when she was getting on her feet again.

as far as bashing goes, i recall either you or alex posting on improvements to the NCsoft secuirty, and yet the login lockup still persists in being around.

I can dig up quotes from here if needed =p

but, i can admit i was fustrated at what happened to my friend, and i was probably a bit harsher then needed.

Galie and Alex, please assit however you can to Ncsofts Lockup changed so we can easly and freely change our logins and passwords without headaches.
Solar Light is offline   Reply With Quote
Old Feb 16, 2007, 12:39 AM // 00:39   #31
Desert Nomad
 
Shanaeri Rynale's Avatar
 
Join Date: Aug 2005
Guild: DVDF(Forums)
Profession: Me/N
Default

Quote:
Originally Posted by NeHoMaR
Solar Light, I am so sorry to say the security hole is in YOUR computer. If you use a good correctly configured anti-virus and firewall you will NEVER be hacked again EVER.
Thats not all the precautions you need to take..

Many people have been hacked because they used the email address they use for GW as a login, or incuded in forum logins. These forums, esp some free hosted ones are easily hacked and they can get the details from there.

Never use your GW user email for anything else, Gaile posted a while ago some very good hints on account security. Follow those and you'll be ok.

I'm sure the non changing of email addresses will be fixed very soon, but one does'nt want them to open up a new vulnerability while trying to fix this one.

While we are on the subject of improvements I believe two areas could be improved.
1. User Authentication. A Password strength indicator, being able to change user name etc.
2. Access Control. Prevention of deletion of a character should 1 be compromised. Enabling the setting of a flag on a character indicating it cannot be deleted unless 24 hours have passed and a confirmation mail sent. Also have an item/armor maker, like the hat guy where a customised replacement of the armor/weapon can be made should the main ones be lost(would also serve as additional storage

The mechanics are all there in some shape or form and I believe their implemention would save a lot of support calls and worried gamers.

Last edited by Shanaeri Rynale; Feb 16, 2007 at 12:52 AM // 00:52..
Shanaeri Rynale is offline   Reply With Quote
Old Feb 16, 2007, 01:04 AM // 01:04   #32
Desert Nomad
 
Burst Cancel's Avatar
 
Join Date: Dec 2006
Location: Domain of Broken Game Mechanics
Default

Some of you need to actually read the OP instead of posting patently retarded knee-jerk responses the moment you see the word 'hacked'.

Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked.
Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked.

However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue.

So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.
Burst Cancel is offline   Reply With Quote
Old Feb 16, 2007, 01:05 AM // 01:05   #33
Wilds Pathfinder
 
explodemyheart's Avatar
 
Join Date: Sep 2005
Location: Indiana
Guild: Gui1d War스 P01ic트 [Pr으]
Profession: Mo/
Default

Quote:
Originally Posted by Gaile Gray
So yes, there are processes for changing passwords and the PlayNC user names, but I believe that the issue is changing the Guild Wars user name once linked to PlayNC. Obviously those experiencing the problems, and expressing their personal concerns, can tell you better than I.
I want to change my account email, but I can't because I can't find an option anywhere to do so. Before I linked to PlayNC, I was able to and did so a couple of times. I can't do it through 'edit account', it just sends me to the PlayNC website. Once logged into my PlayNC account, I can't find anywhere to change my account email. I can change my contact info email, but for my account info and details, I can only change my password.

I think that may be part of the problem that the OP is trying to express, but I could be wrong.
explodemyheart is offline   Reply With Quote
Old Feb 16, 2007, 01:11 AM // 01:11   #34
Ascalonian Squire
 
Join Date: Feb 2007
Default

Quote:
Originally Posted by Burst Cancel
Some of you need to actually read the OP instead of posting patently retarded knee-jerk responses the moment you see the word 'hacked'.

Yes, we understand that you're a tough, no-nonsense person that has no sympathy for people getting hacked.
Yes, we understand that you believe getting hacked is entirely the fault of the person leaving themselves open to being hacked.

However, in your self-righteous tirades, you morons have conveniently missed the fact that the OP is talking about an entirely different issue.

So please, take your tough-guy "you deserved to be hacked" bull**** somewhere else.
qft. Unfortunate most Guru readers don't actually read whole posts.
ikpt is offline   Reply With Quote
Old Feb 16, 2007, 01:12 AM // 01:12   #35
ArenaNet
 
Gaile Gray's Avatar
 
Join Date: Feb 2005
Default

I wanted to mention that one of the ArenaNet Co-founders today sent an email to team members who work on this aspect of our service, to ask about the status of certain improvements to the system that will address such concerns. We're very sorry for the time that it has taken to make the changes, and as far as I know, there are still changes and improvements yet to be made.
__________________
Gaile Gray
Support Liaison
ArenaNet
Gaile Gray is offline   Reply With Quote
Old Feb 16, 2007, 01:23 AM // 01:23   #36
Forge Runner
 
lightblade's Avatar
 
Join Date: May 2005
Guild: The Etereal Guard
Profession: Me/Mo
Default

Quote:
Originally Posted by Vermilion Okeanos
Yes, and you defintely know what go on between them. Of course, you would know where they live and how they live, AND defintely you would even know what kind of underwear they are wearing.

Give me a break.
It's very possible for your closest friend to steal your girl/boyfriend. It's even easier with GW account.
lightblade is offline   Reply With Quote
Old Feb 16, 2007, 02:18 AM // 02:18   #37
Wilds Pathfinder
 
Shmanka's Avatar
 
Join Date: Oct 2006
Location: In Your Head
Guild: The Brave Will Fall [Nion]
Profession: Me/
Default

Quote:
Originally Posted by Solar Light
if it was that simple, i wouldnt be here.
Thus you are here, and it is that simple, therefore you contradict yourself.
Shmanka is offline   Reply With Quote
Old Feb 16, 2007, 02:20 AM // 02:20   #38
Wilds Pathfinder
 
explodemyheart's Avatar
 
Join Date: Sep 2005
Location: Indiana
Guild: Gui1d War스 P01ic트 [Pr으]
Profession: Mo/
Default

Quote:
Originally Posted by Shmanka
Thus you are here, and it is that simple, therefore you contradict yourself.
If you had actually read the thread and paid attention to what his actual complaint is, you'd know you're wrong.
explodemyheart is offline   Reply With Quote
Old Feb 16, 2007, 02:44 AM // 02:44   #39
Frost Gate Guardian
 
Solar Light's Avatar
 
Join Date: May 2006
Guild: Teutonic Warriors {TW}
Profession: Mo/
Default

I am starting to belive that flaming, mockery, and such is a hobby for 75% of the forum population, and they seem to have selective hearing/reading.


For those that i refer to, please tone it down, read, interpet, and figure out what i am saying, THEN try to derail me, discussions get boring when others dont even know what the full topic is.

oh, and lets not forget civalty please, i dont mind discussion and debate, but keep within the rules please
Solar Light is offline   Reply With Quote
Old Feb 16, 2007, 04:30 AM // 04:30   #40
Wilds Pathfinder
 
Pwny Ride's Avatar
 
Join Date: Oct 2006
Location: Aussieland
Guild: Prime Players Of [OSHA] ~ [dth] alliance. <3
Profession: Me/E
Default

Quote:
Originally Posted by Solar Light
one of my good friends in my guild as of this hour, has gotten hacked her second time, likely by the same person.

The first hacking has been Reported how many times now, and now becasue NFsoft wont let anyone change their passwords or emails on their site, she is likley dead now for GW if the hackers erase her chars this time.



I reemmber Galie saying that something was going to be done about this months ago, within a weekish span time, that seems to have ended up as a LIE.

i tell noone my information, im paranoid about security, but the NCsoft holes is worrying me, for my security and that of my freinds.

to be simple, and sorry for shouting, BUT SOMETHING NEEDS TO BE DONE NOW, NOT A YEAR FROM NOW.

and why isnt anet shutting down the hackers, it should be easy to trace logs and find out what **** was involved in ripping her off.
Yea but the sad thing is how many times has Gaile said something and it turned out to be a lie? From my experience ive learned not to trust anything she says if shes not 110% sure on the matter, shes as bad as the next person.
Pwny Ride is offline   Reply With Quote
Reply

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:09 PM // 23:09.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("