Pages: [1] 2 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 19 post(s) |
|
CCP Fallout
|
Posted - 2011.01.20 22:53:00 -
[1]
CCP Sreegs is back, talking to us about account security. His new target: phishing attacks.
Fallout Associate Community Manager CCP Hf, EVE Online Contact us |
|
|
Chribba
Otherworld Enterprises Otherworld Empire
|
Posted - 2011.01.20 23:00:00 -
[2]
Secure 3rd party service | my in-game channel 'Holy Veldspar' |
|
Salyan
|
Posted - 2011.01.20 23:05:00 -
[3]
CCP reverse-engineers bots?!? That's awesome and much more than I ever expected you guys to do.
P.S. Chribba, sorry but your picture scares me now.
|
SXYGeeK
Gallente do you -Mostly Harmless-
|
Posted - 2011.01.20 23:10:00 -
[4]
well done Sreegs,
As always I'm particularly interested in multi-factor authentication. I love how paypal sends me a text on my phone as a second factor. It's cheap, effective, and could reach a large portion of your player base.
Keep us in the loop like you've done in this Blob and thing will only get better :) -We So SeXy |
Halvus
Minmatar Sons Of 0din C0NVICTED
|
Posted - 2011.01.20 23:19:00 -
[5]
Excellent blog. Keep up the good work :)
|
Wollari
Phoenix Industries Black Star Alliance
|
Posted - 2011.01.20 23:25:00 -
[6]
I also got already some kind of eve newsletter where all URLs have been masked using tinyurl.com
|
Doctor Mabuse
|
Posted - 2011.01.20 23:32:00 -
[7]
Have you considered GrIDsure as a form of two factor authentication?
Simple and no messing around with tokens...
------------------------------------
Who's trip-trapping on my bridge? |
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2011.01.20 23:33:00 -
[8]
Originally by: Wollari I also got already some kind of eve newsletter where all URLs have been masked using tinyurl.com
Forward it to [email protected] if you can. Those have been getting nuked pretty quickly. |
|
Jmarr Hyrgund
The Bastards
|
Posted - 2011.01.20 23:36:00 -
[9]
Onions. He knows his. Read well and note his advice.
Awesome blog.
Pirate - Blogger - Rifter Pilot |
Grady Eltoren
Minmatar UNITED STATES ARMY
|
Posted - 2011.01.20 23:42:00 -
[10]
Originally by: Salyan CCP reverse-engineers bots?!? That's awesome and much more than I ever expected you guys to do.
P.S. Chribba, sorry but your picture scares me now.
LOL - my thoughts too. JK! : ) My guy has hair now too so I can't talk much. :) Apparently Incarna and Hairclub for Men go hand in hand.
On a serious note - how do phisher's even make emails look like they came from CCP? E.G. the email addresses?
Aviation Professionals for EVE (APEVE)
|
|
Steve Thomas
Minmatar
|
Posted - 2011.01.20 23:47:00 -
[11]
Originally by: Salyan CCP reverse-engineers bots?!? That's awesome and much more than I ever expected you guys to do.
P.S. Chribba, sorry but your picture scares me now.
not only do they do that but they actualy created even better bots if you will to detect thoes bots in the first place.
Seriously how big of a moron do you have to be to not think that one of the things they do is search for sights that have "bots" for EvE online.
or that they have people who have voluntered to host bots here in North American AND Europe AND Brazil for example, secificaly so they can monitor exactly what said bot does and when said bots get updated into account zombies?
|
Filodar
|
Posted - 2011.01.21 00:08:00 -
[12]
Originally by: Doctor Mabuse Have you considered GrIDsure as a form of two factor authentication?
Simple and no messing around with tokens...
Looks like a bad system, its overly complicated and would lead to a huge increase in support costs. And the attackers could still do it as a password reply, or phishing users by having a distinct number per square.
|
Steve Thomas
Minmatar
|
Posted - 2011.01.21 00:09:00 -
[13]
Originally by: Grady Eltoren
Originally by: Salyan CCP reverse-engineers bots?!? That's awesome and much more than I ever expected you guys to do.
P.S. Chribba, sorry but your picture scares me now.
LOL - my thoughts too. JK! : ) My guy has hair now too so I can't talk much. :) Apparently Incarna and Hairclub for Men go hand in hand.
On a serious note - how do phisher's even make emails look like they came from CCP? E.G. the email addresses?
Its not realy hard to do, there still open email services out there where you bascialy send email out to the web with forged "from" information. heck check your spam filter, odds are you have or got mail stuck in it from days if not years in the future due to that kind of forgeing.
here is one header that showes where the mail actualy came from
suposedly it was from "Webaccountsecurity" at Twitter.com but it actualy was from someone at "xt07.verada.ru", and thats assuming that "xt07.verada.ru" was legit to start with!
Quote: From Twitter Mon Dec 20 18:02:00 2010 X-Apparently-To: [email protected] via 98.136.183.31; Mon, 20 Dec 2010 10:02:01 -0800 Return-Path: <[email protected]> Received-SPF: pass (mta1004.mail.ac4.yahoo.com: xt07.verada.ru designates 18.381.165.058 as permitted sender) X-YMailISG: (Deleted massive wall of id number) X-Originating-IP: [18.381.165.058] Authentication-Results: mta1904.mail.ac4.yahoo.com from=nstr30j.verada.ru; domainkeys=pass (ok); from=verada.ru; dkim=pass (ok) Received: from 127.0.0.1 (EHLO xt07.verada.ru) (128.121.146.143) by mta1004.mail.ac4.yahoo.com with SMTP; Mon, 20 Dec 2010 10:02:01 -0800 Received: from verada.ru (localhost [127.0.0.1]) by xt07verada.ru (Postfix) with ESMTP id 53F8F74E4C5 for <[email protected]>; Mon, 20 Dec 2010 18:02:00 +0000 (UTC) X-DKIM: Sendmail DKIM Filter v2.8.2 xt07.verada.ru 53F8F74E4C5 DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=twitter.com; s=dkim; t=1292868120; [email protected]; bh=C28GCdbF451aVoXKHvtW1vhtn3w=; h=Date:From:Reply-To:To:Message-Id:Subject:Mime-Version: Content-Type; b=Q9iYzf4szHlPqCaLLFbDDCMm7wYMQI52Pm6kcNWqsgVNTTd3C38zf9UD0WuF8xDXr JUGZqvBd3HJjBdOHHzEnvkee3QpaasrG1V47RQDZeNzUfkOHmMgPJwJqk+l/Nx8JX6 sKobWRA8ovn5PGiNXhjDmvyMwoEl/u+UHcLhHczU= X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 xt07.verada.ru 53F8F74E4C5 DomainKey-Signature: a=rsa-sha1; s=default; d=verada.ru; c=simple; q=dns; b=T3sVw6BWLbarybK55vzYegZua7dDKofchvgcC6Ois+9GSvplRc3NFWe1DLp2npcy5 FetkBiooKtB434G2P0fwA== Date: Mon, 20 Dec 2010 18:02:00 +0000 From: This sender is DomainKeys verified verada.ru <[email protected]> Add sender to Contacts Reply-To: [email protected] To: [email protected] Message-Id: <[email protected]> Subject: Suspention of account, StevenWThomas! Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=mimepart_4d0f9a185322b_1b6b5e34aa460852 X-Campaignid: welcome20100914phx Errors-To: va <[email protected]> Bounces-To: va <[email protected]>
.
|
Ravcharas
GREY COUNCIL Nulli Secunda
|
Posted - 2011.01.21 00:16:00 -
[14]
Quote: The reason these things exist RMT, Phishing, Forum Hacking for account harvesting, Bots, etc... is to squeeze money out of you and into the hands of a third party.
And remember kids, squeezing money out of you is CCP's job!
No no. I jest. Good read.
One aspect of botting and RMT is that it's kind of interesting that some people would rather not have to deal with ratting in Eve. They would, in fact, rather give their credit card number to some guy in Latvia than have to deal with it. I'm not trying to be mean here, my point is that one aspect of it is a game design thing. Wormholes and incursions are actually a step in the right direction here. Moving away from a repetitive and boring activity that is easily outsourced to a bot application into something else not only hurts botters, it also makes Eve more enjoyable for people with, you know, a pulse. In fact, implementing something like the wormhole ai for old school rats or simply having them scram you more often seems like a very cost effective way of dealing with botting. Anyway, I digress.
Looking forward to the next installments.
|
Sarinat Talen
Celestial Arms Manufacturing and Operations
|
Posted - 2011.01.21 00:22:00 -
[15]
Edited by: Sarinat Talen on 21/01/2011 00:22:34 Good work CCP, and thanks for you efforts. As someone who has gotten one of these phishing emails I really appreciate the upcoming countermeasures.
|
Caiman Graystock
Caldari Massively Mob
|
Posted - 2011.01.21 00:27:00 -
[16]
You guys are doing a really great job and it is much appreciated.
|
Xituqtra
|
Posted - 2011.01.21 00:42:00 -
[17]
nice blog and great information in there and you even made me check my browser settings
And for that I will give you much love <3 <3 <3
|
Daedalus II
|
Posted - 2011.01.21 00:49:00 -
[18]
I got a great idea!
You CCP guys should know your game pretty well, right? So you could build a kick-ass bot that is better than any other bot right? So you do this, and distribute it through some fishy channels. It works just as it's supposed to and outperforms all other bots, except that when the user isn't looking it's sending a mail to a specific CCP character identifying itself. After a moderate time you ban the sender on grounds of botting. If the timing is right they don't suspect the program, and use it again if they continue, and that way you can ban them again and again
Essentially it's a honey-pot I guess.
|
Estel Arador
|
Posted - 2011.01.21 00:50:00 -
[19]
Edited by: Estel Arador on 21/01/2011 00:50:41 Can we get authenticators and the option to whitelist IP addresses?
|
Vilgan Mazran
Aperture Harmonics K162
|
Posted - 2011.01.21 01:03:00 -
[20]
SPF records have been pretty mandatory for ages. How has CCP not been getting emails rejected essentially saying "your SPF records are nonexistant or not specific enough, contact your postmaster". Like wtf :P
|
|
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2011.01.21 01:07:00 -
[21]
Edited by: CCP Sreegs on 21/01/2011 01:09:30
Originally by: Vilgan Mazran SPF records have been pretty mandatory for ages. How has CCP not been getting emails rejected essentially saying "your SPF records are nonexistant or not specific enough, contact your postmaster". Like wtf :P
The SPF records exist they just need to be tweaked a bit. If there weren't SPF records set a giant pile of you wouldn't be receiving our emails.
:edit: Which is pretty much what you just said it would seem, heh |
|
PC l0adletter
|
Posted - 2011.01.21 01:15:00 -
[22]
Authenticators, please.
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.
I'm gonna go ahead and hope that this devblog is evidence that you're reconsidered. Reckless, I know.
|
Ravcharas
GREY COUNCIL Nulli Secunda
|
Posted - 2011.01.21 01:25:00 -
[23]
Originally by: PC l0adletter Authenticators, please.
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.
I'm gonna go ahead and hope that this devblog is evidence that you're reconsidered. Reckless, I know.
I was wondering how long it would take for someone to quote that.
Anyway, the subject of the devblog isn't quite what I'd call specific in nature. So leave Sreegney alone.
|
|
CCP Sreegs
C C P C C P Alliance
|
Posted - 2011.01.21 01:26:00 -
[24]
Originally by: PC l0adletter Authenticators, please.
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.
I'm gonna go ahead and hope that this devblog is evidence that you're reconsidered. Reckless, I know.
This blog was presented to the CSM prior to that post being made and they were told at the time that it would be given to the playerbase in the form of a dev blog. I tried after that post to make it clear that the question was academic in nature, as I can make changes to my messaging based on what you (players) tell me you'd like to know. I guess you could call it an apparently clumsy attempt to get around specific detail requests and get to the nature of the question.
To expand a bit, a lot of security-related questions tend to focus on specific solutions or cookie cutter types of individual requests and to really solve a lot of problems you need to look at bigger pictures. As you can see in this blog at least I don't consider any one thing to be a magic solution. There's a lot of different moving pieces of vulnerability that each need to be addressed individually. My hope was that by framing the question a particular way I could get some thought flowing and get some interesting responses, which did happen.
Sorry if that left the impression that I was on some super secret need to know CIA spy kick or something as I really tend towards the opposite philosophically and I don't believe in any way that people are best served by being left in the dark, though there are and will be cases where full disclosure just doesn't benefit anyone. |
|
PC l0adletter
|
Posted - 2011.01.21 02:21:00 -
[25]
Originally by: CCP Sreegs
Originally by: PC l0adletter Authenticators, please.
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.
I'm gonna go ahead and hope that this devblog is evidence that you're reconsidered. Reckless, I know.
This blog was presented to the CSM prior to that post being made and they were told at the time that it would be given to the playerbase in the form of a dev blog. I tried after that post to make it clear that the question was academic in nature, as I can make changes to my messaging based on what you (players) tell me you'd like to know. I guess you could call it an apparently clumsy attempt to get around specific detail requests and get to the nature of the question.
To expand a bit, a lot of security-related questions tend to focus on specific solutions or cookie cutter types of individual requests and to really solve a lot of problems you need to look at bigger pictures. As you can see in this blog at least I don't consider any one thing to be a magic solution. There's a lot of different moving pieces of vulnerability that each need to be addressed individually. My hope was that by framing the question a particular way I could get some thought flowing and get some interesting responses, which did happen.
Sorry if that left the impression that I was on some super secret need to know CIA spy kick or something as I really tend towards the opposite philosophically and I don't believe in any way that people are best served by being left in the dark, though there are and will be cases where full disclosure just doesn't benefit anyone.
Well, at least I only got my hopes up for a minute....
There are a lot of botters out there. Have you looked at the thread in general discussion where they ask for questions about incarna? 20% of the questions are about botting. Players take the fairness and integrity of the gameplay environment seriously, and we see a lot of really blatant botting going on. Personally, I don't care if you blurgh about it or not, so long as it stops.
|
Nye Jaran
|
Posted - 2011.01.21 03:15:00 -
[26]
Say it with me... auth-en-tic-a-tor.
|
Frug
Omega Wing Snatch Victory
|
Posted - 2011.01.21 03:30:00 -
[27]
While I can understand the reasoning for your fighting phishing attacks, I am in need of many different forms of male enhancement due to a condition I have which requires me to take a multi-pronged approach to enlargement options. If you continue to combat the providers of my enhancement services which offer both cheap pills and payment options that are incredibly easy to use and bill me automatically without all the effort of most sites, I may have to cancel my subscription. - - - - - - - - - Do not use dotted lines - - - - - - If you think I'm awesome say BOOO BOOO!! - Ductoris Neat look what I found - Kreul Whisper/PrismX 4 emperor |
Noun Verber
Gallente
|
Posted - 2011.01.21 03:38:00 -
[28]
Originally by: Nye Jaran Say it with me... auth-en-tic-a-tor.
still hack-a-ble
|
Mielono
Caldari SWARTA
|
Posted - 2011.01.21 04:30:00 -
[29]
Originally by: Noun Verber
Originally by: Nye Jaran Say it with me... auth-en-tic-a-tor.
still hack-a-ble
and bullet proof vest dont always work, but for some reason people still wear them
Originally by: Culmen
A cat is like that carebear who sticks around only while there's food, and at best kills a few rats.A dog F*cking enforces NBSI, and deep down is slightly disappointed you aren't tak |
Bhattran
|
Posted - 2011.01.21 04:45:00 -
[30]
Edited by: Bhattran on 21/01/2011 04:46:35 This is promising, both in what is done and talked about, I eagerly await moar information.
I still wonder what the fate of locking a character or account so the character(s) cannot be transfered ever, or only after a set time period has passed ie a month, 3 months, a year is. The 'worst' situation for a player besides having their account hacked/compromised and/or having stuff sold off, isk transferred is losing the irreplaceable, the characters.
Certainly curtailing situations where people put themselves in jeopardy is great, protecting our communications etc but how about letting us stop someone from abusing the system CCP created for character sales? *I* don't ever want to sell my character but because CCP allows it, presumably to stop ebay sales of accounts as well as to make some money from people wanting and willing to do it, I am 'vulnerable' to losing my character should my account get compromised, we all are.
--WIS/Incarna/Ambulation where microtransactions come to play, and uh bars.-- |
|
|
|
|
Pages: [1] 2 3 :: one page |
First page | Previous page | Next page | Last page |