Curse

Shanaeri Rynale · Dec 09, 2009, 04:01 PM // 16:01

The unfortunate case of Nadeen being hacked got me thinking (dangerous i know)

It seems that gold sellers etc, rob account to salvage the FoW armor, get mini pets etc and so use the money to then sell on.

The easiest fix to do would be to make FoW armor unable to be salvaged or deleted. If you cant sell the ecto you get from it, it then becomes worthless to a gold seller.

You could also put a special 'flag' on an item that would render it unable to be traded outside of your account, destroyed,dropped or sold. Lets call it the 'customised flag'

When an item is customised it's then fixed to your account and can no longer be used to gain any money from it's sale or trashed.

I mean how hard can it be? The flag is in the database so no extra storage is needed, the only changes needed would be to the salvage, drop item and sell item code to include somethin like
if item.customised=-true then msg "Sorry you cant destroy a customised item"

With no way of getting money from robbing players it would solve a lot of issues and heartache.

I dont want a new hat for xmas, I want something to protect the time and effort I put into this game. That would be the best xmas Anet gift of all.

Andemius · Dec 09, 2009, 04:13 PM // 16:13

lol easiest way is don't dlnd anything even slightly dodgy and have a stong password.

I don't think much of your ideas either, what if (hypothetically) I wanted rid of my fow armor because it's not to my liking any more?

I'd prefer that hat to be honest.

Shanaeri Rynale · Dec 09, 2009, 04:17 PM // 16:17

if you read the hacked threads it's clear that strong passwords etc are'nt enough.
If you did'nt want your FoW armor then move it to another char on your account. If you have'nt got the room buy another slot, Anet could use the money

Axeman002 · Dec 09, 2009, 04:24 PM // 16:24

or dont make ecto's tradable = end of hacking

DetreS · Dec 09, 2009, 04:40 PM // 16:40

1.- Don't Buy Nothing to the Gold Sellers.
2.- Hide your e-mail account linked at game, don't use it for nothing (reg in forums, chats, paypal [if you are buying gold...], MSN, etc)
3.- Use a strong password with letters & numbers.
4.- Antivirus - Adaware - Anti Keyloggers - A Normal Security programs on your computer.

The best way is, don't use the email of loggin for nothing, if no one know's it, is impossible to hack your account.

Cya!

Zinger314 · Dec 09, 2009, 05:05 PM // 17:05

Er, that won't do anything. Hackers will still hack even if they can get nothing out of it.

Because they are jerks like that.

Saph · Dec 09, 2009, 05:11 PM // 17:11

Quote:

Originally Posted by DetreS

The best way is, don't use the email of loggin for nothing, if no one know's it, is impossible to hack your account.

For those who have used their email log in for other things, you can't change it once your account is linked to NCsoft. So even if someone wants to change their email log in to a new, more secure one, they can't.

Siirius Black · Dec 09, 2009, 05:59 PM // 17:59

I for one, Don t use the same email in my GW account. As a matter of fact deleted the account. That way, my login is private and not linked to any email. That way I dont risk my account being hacked because I used the same email than the one I used to register for example in this forum...

Just be careful what you download and install. And never, ever give your account information to anyone

Shanaeri Rynale · Dec 09, 2009, 06:08 PM // 18:08

People have done all these measures and still get hacked. Read the threads and threads about it on this forum, Wiki and 'the other one'

The point of this thread was to suggest ways in which the damage can be limited once they do get in.

craigrs84 · Dec 09, 2009, 06:36 PM // 18:36

Obviously those people that got their accounts hacked have made mistakes... Whether they realize it or not.

I say don't change game play / mechanics for this reason. It won't stop the hacking and another thread will pop up when someone gets something else valuable stolen.

I don't know what sort of security Guild Wars implements but I would hope that they lock your account after 5 or so failed login attempts (to stop brute force hacking). This is really the only security measure you would need.

Other than that, if you get your account hacked it is 99% likely it's YOUR OWN FAULT.

Broseiden · Dec 09, 2009, 06:43 PM // 18:43

Quote:

Originally Posted by craigrs84

Obviously those people that got their accounts hacked have made mistakes... Whether they realize it or not.

I say don't change game play / mechanics for this reason. It won't stop the hacking and another thread will pop up when someone gets something else valuable stolen.

I don't know what sort of security Guild Wars implements but I would hope that they lock your account after 5 or so failed login attempts (to stop brute force hacking). This is really the only security measure you would need.

Other than that, if you get your account hacked it is 99% likely it's YOUR OWN FAULT.

How rude and condescending. I'm sure if you were hacked by a chinese gold farmer, you would start making a topic and wondering how could it have happened. Surely all the accounts hacked from Aion and Guild Wars cannot be a coincidence, since they're all through PlayNC. There are even reports of the farmers getting thorugh Paypal accounts on computers that were scanned for malware.

I'm actually pretty upset with how unsecure my account feels in the hands of NCSoft right now. Got nothin' against Anet though.

isildorbiafra · Dec 09, 2009, 07:01 PM // 19:01

My worst nightmare is not getting robbed by hackers; but having my main character deleted out of spite. That would be really bad. Sometimes I wakeup screaming.......

Haxor · Dec 09, 2009, 07:06 PM // 19:06

Quote:

Originally Posted by Shanaeri Rynale

The easiest fix to do would be to make FoW armor unable to be salvaged or deleted. If you cant sell the ecto you get from it, it then becomes worthless to a gold seller.

I can easily see someone deleting their own set of FoW, considering some (most) of them are ugly as sin. I personally only have my Warrior one for the HoM. I can definitely see myself deleting it if storage ever becomes an issue.

Quote:

You could also put a special 'flag' on an item that would render it unable to be traded outside of your account, destroyed,dropped or sold. Lets call it the 'customised flag'

So no-one would be able to get rid of old armor or customized old weapons? That sounds like a pretty bad idea. Storage space would rapidly become an issue. Similarly, it would forbid trading customized items to a storage account. Something I'd also vote against.

Quote:

When an item is customised it's then fixed to your account and can no longer be used to gain any money from it's sale or trashed.

Viable suggestion. Most of the items would only be worth a few k at best when merched, anyway. Still against applying that to materials, though.

Quote:

I mean how hard can it be? The flag is in the database so no extra storage is needed, the only changes needed would be to the salvage, drop item and sell item code to include somethin like
if item.customised=-true then msg "Sorry you cant destroy a customised item"

With no way of getting money from robbing players it would solve a lot of issues and heartache.

I dont want a new hat for xmas, I want something to protect the time and effort I put into this game. That would be the best xmas Anet gift of all.

Even if people wouldn't gain money from the hacking, some would still do it simply for being pricks. A lot of problems with security and computers in general are located between the seat and the keyboard. Some are actually traceable to the company in question. I'm not sure which it is in this case, nor do I overly care to be honest. I'd suggest NCSoft work on their security just in case, and users think before they do. Anet can go on and make a new spiffy hat.

Enko · Dec 09, 2009, 07:08 PM // 19:08

Quote:

Originally Posted by Broseiden

How rude and condescending. I'm sure if you were hacked by a chinese gold farmer, you would start making a topic and wondering how could it have happened. Surely all the accounts hacked from Aion and Guild Wars cannot be a coincidence, since they're all through PlayNC. There are even reports of the farmers getting thorugh Paypal accounts on computers that were scanned for malware.

I'm actually pretty upset with how unsecure my account feels in the hands of NCSoft right now. Got nothin' against Anet though.

I see nothing in his post that could be construed as rude and/or condescending.

The majority of the people who have had their accounts broken into was most likely due to actions on their own part whether it be their web browsing habits, weak passwords, sharing accounts, etc. There probably are a few that were hacked due to security problems on ncsoft or anet's part but those are in the minority.

The most recent person I saw who claimed they were hacked in game said they clicked a link in an email and ran the program that came up because someone told them to do it even though they had no idea what the program did. A lot of the people that are saying they were hacked are probably not giving all the details either intentionally because they don't want to make themselves seem stupid to everybody else or because they just don't know what they did.

We don't know all the details with how the account was hacked so we can't make a good call on what would prevent it.

If someone is good enough to actually hack into ncsoft's or anet's database, then they'd probably steal credit card information, not just in game items.

craigrs84 · Dec 09, 2009, 07:09 PM // 19:09

sorry... but it's just the facts.

these hackers aren't magicians... they got your password because you made a mistake.

so why ask for anet to change their code because of something you did wrong?

i'd rather they spend their time on more productive things like game updates. of course they haven't done much of that at all lately either.

Martin Alvito · Dec 09, 2009, 07:17 PM // 19:17

Quote:

Originally Posted by craigrs84

Obviously those people that got their accounts hacked have made mistakes... Whether they realize it or not.

Prove it.

You can't. I cannot disprove it in any specific case, but you cannot prove your contention in any specific case either.

The underlying logic behind your statement runs as follows: in the past, all accounts have been hacked through malware. Therefore, it continues to be the case that all accounts are hacked through malware. Further, all accounts will be hacked in the future through malware.

When you put it on the table like that, it starts to look pretty silly, doesn't it?

It can be shown that NCSoft accounts have glaring security vulnerabilities. There are no protections for users in the event of unauthorized access. No computer system is fully secure. There are no protections against password brute forcing. The protections against brute forcing the "change account" provisions are inadequate.

This suggests that some proportion of accounts greater than zero could be hacked by means other than malware. Given the reports of accounts being hacked by means that cannot reasonably be explained by malware, I'd conclude that your argument is false.

You could argue that victims of NCSoft password change hacks got keylogged during the XTH promotion and are only now being targeted, but if you want to make that argument you need to explain why the hacker(s) sat on that information for so long. On the face of it, your theory simply does not appear to fit the facts.

@ OP: The problems are more fundamental. Your suggestions might be constructive, but also create problems - especially with the resale of dedicated miniatures. Further, they do not remove the incentive to hack accounts to loot accounts of liquid valuables such as ectos, armbraces and gold that players want to use to buy things at a later date. Your "flag" has to be irrevocable to work, but players possess valuables that they do not intend to possess forever. Better solutions to the NCSoft account problem exist:

- Let me delink my GW account (best)
- Force me to provide something additional to change my game passwords (existing PW, code from an e-mail sent to the login e-mail address, etc.)
- Do not EVER display the linked e-mail address that is my username
- Make the "change password" protections for NCSoft accounts themselves more secure
- Make it impossible to generate a valid list of actual NCSoft accounts via brute force
- Make it more difficult to brute force passwords (NO protections exist at present).

craigrs84 · Dec 09, 2009, 07:27 PM // 19:27

Listen...

The only way they could get your password without it being your fault is if they hacked directly into A-Net's database... Which I very highly doubt.

Even if they did manage to get past the firewall and into the database, the passwords are still going to be hashed using either a MD5 or SSHA salted algorithm. Even with a set of Rainbow tables these are going to be very difficult to crack if you use a reliably strong password. In short it would take a lot of time and energy to crack one password, probably much more time than it was worth.

Now... the other much more likely possibility is that you messed up.

I'm thinking of a number between 1 and 100? Can you guess it? No.

Guess what. That's basically the same concept as a password. Just use a little logic and there's your proof.

TheEyesKing · Dec 09, 2009, 08:06 PM // 20:06

great idea.

silv3rr · Dec 09, 2009, 08:14 PM // 20:14

Quote:

Originally Posted by Enko

The majority of the people who have had their accounts broken into was most likely due to actions on their own part whether it be their web browsing habits, weak passwords, sharing accounts, etc. There probably are a few that were hacked due to security problems on ncsoft or anet's part but those are in the minority.

The most recent person I saw who claimed they were hacked in game said they clicked a link in an email and ran the program that came up because someone told them to do it even though they had no idea what the program did. A lot of the people that are saying they were hacked are probably not giving all the details either intentionally because they don't want to make themselves seem stupid to everybody else or because they just don't know what they did.

What Enko and Craigrs84 are saying is the most accurate.

The possibility of this is far greater than it being an issue lying with the security with a huge video game development/publishing company's security.

For the record, I was hacked recently too and to be honest as much as I have a strong account and am generally very careful with what I download and such... I have no doubt that it was something on my part.

Having something malicious invade your computer is not just due to running a random .exe attachment in the "enlarge your penis" junk-mail.

I'm not claiming to be tech savvy with computers so it's easier for me to accept that possibility... but neither can most of you as well. Just because you're taking computer-science courses in high school doesn't mean you don't make mistakes.

Even if your password's on the weaker end, it's still really hard to crack via brute force... unless it's something stupid like it being identical to your e-mail address. The only way for anyone to really narrow it down to anything is if they know you to a certain degree. Anything else is just pure random guessing. It's like the lottery.

If those gold farmers are that good at brute force hacking, then why don't they take a crack at winning the lottery? Seeing as how they're obviously so damned talented and lucky at guessing random variables. They won't be working for gold farming sites if that was the case.

Bob Slydell · Dec 09, 2009, 09:12 PM // 21:12

Quote:

Originally Posted by Shanaeri Rynale

if you read the hacked threads it's clear that strong passwords etc are'nt enough.
If you did'nt want your FoW armor then move it to another char on your account. If you have'nt got the room buy another slot, Anet could use the money

They arent?! How come I have never been hacked in almost 4 years?

It's an argument that even I toss back and forth blaming password strength and then NC. But unless we got a real statement from NC or Anet about this were still gonna be out here posting and playing the guessing game, blaming anything we possibly can just to post bullshit.

And at Silv3rr. Try suping up your hosts file like it did. Go to C:/Windows/System32/drivers/etc and open "hosts" in notepad. You all can benefit from this as well. And add any suspicious gold/gw site you come across into the hosts file like this:

0.0.0.0 www.example.com
0.0.0.0 example.com

What this does is cause these sites to time out because when they are supplied from another website, your computer ignores the closest DNS and loads them with an ip address of 0.0.0.0, as well as any ads they supply. So their scripts will never make it onto your browser or anything else they try to make it onto. Clever eh?

I've done it and I say..anything it takes to be a little more protected.

I Personally have an assload of sites in it already, about 16,000 from a site that worked on looking them up and probably 30 or more for malicious GW sites and gold ad's.

This is what firewall programmers don't want you to know about, the utilities of your very own computer that work just as good, without even using a firewall.

Works on ANY operating system in the world.

http://www.youtube.com/watch?v=VUQZGuJ8jLM - little more explanation.