| Pages: 1 2 [3] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Zartanic
Red Federation
   |
Posted - 2009.11.30 18:22:00 -
[61]
Edited by: Zartanic on 30/11/2009 18:32:56
 Originally by: Ukucia
Originally by: Zartanic
Could you please give one example where its not the fault of the person hacked. It's not easy, I can't think of one, maybe you could help me on that.
WoW accounts were 'hacked' with a keylogger that used a 0-day exploit in Flash to install itself. The movie was submitted as an ad to Google, where it promptly appeared on many 'trusted' web sites (Such as EvE-Central or EvE-Search in our game universe).
Thus, player who is just going to a normal web site to look up some random bit of information is 'hacked' without clicking on any 'ok to install' buttons.
Yes I remember that. Thanks for pointing it out. A few years ago these sorts of hacks were common and I don't think a secure system will be possible for years to come.
But the feature of that was the numerous player who got hacked. Similar to my old guild where our forums were hacked and about 20 players accounts were compromised. This happened to many forums as the code at the time had a massive security hole. They had used the same account details for the forums as their login though so they were culpable by negligence.
The fact the Ops post is not accompanied by reports of a new hack on these forums or elsewhere leads me to believe it was not one of those attacks and is more likely to have been avoidable.
Having said that its not possible to know for sure. For all we know tomorrow there may be a millions posts from others about a new security hole. But I do know that saying 'he can't possibly be at fault' is wrong and that's what I'm disagreeing with.
I also think that subject to these rare exploits players are responsible to take reasonable precautions against attack and not moan when it happens or try and blame someone else (such as CCP) with no evidence.
Finally saying someone is at fault for allowing themselves to be hacked does not affect in the slightest the guilt of those who do the attacks who I think should be made criminally responsible with sterner penalties than a stupid caution.
|
Ukucia
Gallente
The Scope
|
Posted - 2009.11.30 18:31:00 -
[62]
Originally by: Zartanic
Originally by: Ukucia
Originally by: Zartanic
Could you please give one example where its not the fault of the person hacked. It's not easy, I can't think of one, maybe you could help me on that.
WoW accounts were 'hacked' with a keylogger that used a 0-day exploit in Flash to install itself. The movie was submitted as an ad to Google, where it promptly appeared on many 'trusted' web sites (Such as EvE-Central or EvE-Search in our game universe).
Thus, player who is just going to a normal web site to look up some random bit of information is 'hacked' without clicking on any 'ok to install' buttons.
Yes I remember that. Thanks for pointing it out. A few years ago these sorts of hacks were common and I don't think a secure system will be possible for years to come.
But the feature of that was the numerous player who got hacked. Similar to my old guild where our forums were hacked and about 20 players accounts were compromised. They had used the same account details for the forums as their login though.
The fact the Ops post is not accompanied by reports of a new hack on these forums or elsewhere leads me to believe it was not one of those attacks and is more likely to have been avoidable.
Yet it still satisfies your request for an example where it is not the fault of the person hacked. Plus a clever use of cookies could probably target your malware-laden flash ad at a small subset of players.
Of course, I have no idea what the OP/OP's friend did, and 9 times out of 10 you find out that their PC that 'only was used to play EvE' was used 'only once' to surf for **** or host torrents or it had no AV & no Firewall and was plugged directly into their cable modem, etc.
Point being just 'surfing smart' is not sufficient protection. It just removes you from the pool of very low-hanging fruit.
|
Armoured C
Gallente
Noir.
Noir. Mercenary Group
|
Posted - 2009.11.30 18:32:00 -
[63]
i find it hilarious that your hanging off this guys word because you only known him for 2 years.
|
Zartanic
Red Federation
|
Posted - 2009.11.30 18:41:00 -
[64]
Edited by: Zartanic on 30/11/2009 18:43:15
Originally by: Ukucia
Originally by: Zartanic
Originally by: Ukucia
Originally by: Zartanic
Could you please give one example where its not the fault of the person hacked. It's not easy, I can't think of one, maybe you could help me on that.
WoW accounts were 'hacked' with a keylogger that used a 0-day exploit in Flash to install itself. The movie was submitted as an ad to Google, where it promptly appeared on many 'trusted' web sites (Such as EvE-Central or EvE-Search in our game universe).
Thus, player who is just going to a normal web site to look up some random bit of information is 'hacked' without clicking on any 'ok to install' buttons.
Yes I remember that. Thanks for pointing it out. A few years ago these sorts of hacks were common and I don't think a secure system will be possible for years to come.
But the feature of that was the numerous player who got hacked. Similar to my old guild where our forums were hacked and about 20 players accounts were compromised. They had used the same account details for the forums as their login though.
The fact the Ops post is not accompanied by reports of a new hack on these forums or elsewhere leads me to believe it was not one of those attacks and is more likely to have been avoidable.
Yet it still satisfies your request for an example where it is not the fault of the person hacked. Plus a clever use of cookies could probably target your malware-laden flash ad at a small subset of players.
Of course, I have no idea what the OP/OP's friend did, and 9 times out of 10 you find out that their PC that 'only was used to play EvE' was used 'only once' to surf for **** or host torrents or it had no AV & no Firewall and was plugged directly into their cable modem, etc.
Point being just 'surfing smart' is not sufficient protection. It just removes you from the pool of very low-hanging fruit.
Yes but to sum up what I said in reply (I edited maybe as you posted):
1. Those that were hacked (In the case I was mentioned) still made a dumb mistake in using the same passwords. I was was not hacked.
2. These sorts of attacks are rare and when they happen widely advertised as they affect many. There is no evidence this relates to the Op. And its the Op we are addressing.
3. Saying someone has culpability for what happened in no way reduces the guilt of the person that did it. The two are unrelated. So comparing it to rapists' victims (as someone did earlier) is ignorant and an offensive attempt to win an argument.
4. I agree its impossible to be 100% safe. That cut both ways, its always wrong to say as the Op does 'I'm certain he did nothing stupid to get the hack' as until he finds out what happened, which he may never do, he cannot be sure. To then accuse CCP or whatever for the attack is simply wrong.
|
NyteTyger
Gallente
NiteSun Enterprises
|
Posted - 2009.11.30 19:09:00 -
[65]
Edited by: NyteTyger on 30/11/2009 19:11:55
Originally by: NyteTyger
Just out of curiosity, that one account wouldn't happen to be a miner or missioner, would it? I'm curious about the bot situation I mentioned.
No web surfing, no isk buying, but a program designed to capture keystrokes that may need the account info to log in automatically would certainly answer a lot of questions.
Still curious.
And to the kiddie **** example -
Don't ever do that again. Seriously. It's a damn game, and I don't care how much freaking time you put into it, or what you lost, or if your whole damn computer burnt down, you don't compare it to kiddie ****.
Has absolutely no reason to even be in this discussion, 'example' or not.
It's a game, don't even mention that **** in passing, no matter the reason. Ought to be ashamed of even bringing it up in relation to a game in any shape form or fashion.
__________________________________________
It's a do or die universe, so you better damn well choose between one or the other. |
Trisa Li
|
Posted - 2009.11.30 19:12:00 -
[66]
Edited by: Trisa Li on 30/11/2009 19:15:48
There are two probable situations where being 'hacked' would not be the fault of the user.
1. Database compromise. This kind of thing DOES happen, although rarely, but if it did, you can be sure it would be noticed and taken care of swiftly.
2. Brute force attempts. Not sure what kind of flagging CCP has in place to prevent this sort of thing, but brute force can only be truly effective with an account name, a lot of time and effort, and a relatively simple password. Two parts of this equation (the account name, and difficulty of password) are within the user's control, meaning that taking the most simple precautions will protect you from all but the most devoted, vengeful 'hackers'.
What does this mean?
Simply, it's a lot easier to exploit one of the weaker links in this chain, user error.
For the time and effort put into brute forcing a SINGLE eve account, one could potentially rake in hundreds/thousands from a well-developed trojan scam.
Look back to diablo 2: LoD. A programmer named Netter released his new version of a bot, and used the trust he had developed in the community to sneak in a password/username logging function. By the time this was discovered, thousands of compromised accounts had been released to the public.
Small amount of effort, large amount of user error, huge results.
The worst thing is, there will ALWAYS be people who are easily deceived in this way. We all want to believe that it will never happen to us, but that cannot be true unless you are vigilant.
|
Armoured C
Gallente
Noir.
Noir. Mercenary Group
|
Posted - 2009.11.30 20:03:00 -
[67]
i have bets that it is still purchasing isk and the key logger was received from the site
|
Ukucia
Gallente
The Scope
|
Posted - 2009.11.30 22:55:00 -
[68]
Originally by: Trisa Li
Edited by: Trisa Li on 30/11/2009 19:15:48
There are two probable situations where being 'hacked' would not be the fault of the user.
1. Database compromise. This kind of thing DOES happen, although rarely, but if it did, you can be sure it would be noticed and taken care of swiftly.
2. Brute force attempts. Not sure what kind of flagging CCP has in place to prevent this sort of thing, but brute force can only be truly effective with an account name, a lot of time and effort, and a relatively simple password. Two parts of this equation (the account name, and difficulty of password) are within the user's control, meaning that taking the most simple precautions will protect you from all but the most devoted, vengeful 'hackers'.
What does this mean?
3. Use a 0-day exploit, as mentioned above.
|
Ukucia
Gallente
The Scope
|
Posted - 2009.11.30 22:57:00 -
[69]
Edited by: Ukucia on 30/11/2009 22:57:03
Originally by: Armoured C
i have bets that it is still purchasing isk and the key logger was received from the site
ISK sellers don't steal from their customers. That's not good business. They want to keep them coming back for more ISK.
ISK sellers steal from those who are not their customers, because they don't give a damn about anyone who doesn't pay them.
|
Anewb N'eve
|
Posted - 2009.11.30 22:58:00 -
[70]
Hmmm...
Been on the internet I don't remember how long, Windows 3.11?, Slackware Linux was like 14 floppy img download.
Used to download music, movies, warez.
Have always surfed **** sites.
I have only ever gotten 1 virus and 1 keylogger...from floppies (2 different times).
Unless its a government or big corperate computer it almost always a user problem.
Now the CCP internal problem is possible but unlikely.
Go see whats on your buddies computer if he hasn't wiped it already.
|
|
|
Ukucia
Gallente
The Scope
|
Posted - 2009.11.30 23:03:00 -
[71]
Edited by: Ukucia on 30/11/2009 23:03:09
Originally by: NyteTyger
And to the kiddie **** example -
Don't ever do that again. Seriously. It's a damn game, and I don't care how much freaking time you put into it, or what you lost, or if your whole damn computer burnt down, you don't compare it to kiddie ****.
I'm not the OP, nor the OP's friend. In fact I'm waiting for my subscription to wind down and haven't logged in to the game in a while. I'm only here because I'm really THAT bored at work.
Quote:
Has absolutely no reason to even be in this discussion, 'example' or not.
Sure it does. These threads often devolve into so-called experts asserting that there's no possible way to get keylogged unless you "Do something stupid". This is false. And people are spending time in jail because these so-called experts are absolutely sure that you are 100% responsible for everything that happens with your computer.
Fact is any networked system is vulnerable. You are not 'safe', you are just 'not hacked yet'. I'm sorry your revulsion at the subject matter has clouded your ability to read.
|
NyteTyger
Gallente
NiteSun Enterprises
|
Posted - 2009.11.30 23:24:00 -
[72]
Originally by: Ukucia
Edited by: Ukucia on 30/11/2009 23:03:09
Originally by: NyteTyger
And to the kiddie **** example -
Don't ever do that again. Seriously. It's a damn game, and I don't care how much freaking time you put into it, or what you lost, or if your whole damn computer burnt down, you don't compare it to kiddie ****.
I'm not the OP, nor the OP's friend. In fact I'm waiting for my subscription to wind down and haven't logged in to the game in a while. I'm only here because I'm really THAT bored at work.
Quote:
Has absolutely no reason to even be in this discussion, 'example' or not.
Sure it does. These threads often devolve into so-called experts asserting that there's no possible way to get keylogged unless you "Do something stupid". This is false. And people are spending time in jail because these so-called experts are absolutely sure that you are 100% responsible for everything that happens with your computer.
Fact is any networked system is vulnerable. You are not 'safe', you are just 'not hacked yet'. I'm sorry your revulsion at the subject matter has clouded your ability to read.
Ah, you misunderstood. It didn't cloud my ability to read. It just made me think of you as a complete jackass. Who would even bring it up in any kind of relation to a game in any shape form or fashion? Has no place in the discussion, as they are no where near each other in importance.
Get your ****in' head straight.
__________________________________________
It's a do or die universe, so you better damn well choose between one or the other. |
Armoured C
Gallente
Noir.
Noir. Mercenary Group
|
Posted - 2009.12.01 00:15:00 -
[73]
Originally by: Ukucia
Edited by: Ukucia on 30/11/2009 22:57:03
Originally by: Armoured C
i have bets that it is still purchasing isk and the key logger was received from the site
ISK sellers don't steal from their customers. That's not good business. They want to keep them coming back for more ISK.
ISK sellers steal from those who are not their customers, because they don't give a damn about anyone who doesn't pay them.
what you mean getting them to purchase isk then taking it back from them and keeping there money isn't good business practice which in turn they have lost out on making more isk through missions and so buy more.
Your working on the assumption that they only have 2 customers, if you purchase isk and they take it back from you not only do they get your money , they get your isk and sell it to some other sod which them completes the cycle, rinse and repeat.
|
Shakon
|
Posted - 2009.12.01 12:45:00 -
[74]
SO when are all these fan boys going to jump on the large allainces that use Bot ming and isk buying to maintain their stuff? OOPS most of them are in those allainces i fergot.
|
Tiny Tove
|
Posted - 2009.12.01 13:42:00 -
[75]
It's clear some people think they are invulnerable and have no clue what it's like to be a victim.
You're only as safe as the exploits you know about. Pray nobody uses one you don't know about, as then you can really get some crying done, but maybe you'll shut up about the victims being to blame. Clearly that's the only way it will occur.
I'd love to see it... "blub blub... CCP said I could only get hacked if I bought isk blub blub... and I believed them... blub blub..."
Twenty years ago, you'd already be looking at incorrect login screens, maybe some enterprising young hacker is out looking for lulz though. |
cyclobs
|
Posted - 2009.12.01 14:02:00 -
[76]
Originally by: Komi Toran
Originally by: Cridu Chat
Guessing games...
Have fun guessing my 20+ characters password.
Maybe don't use 1234 on ur Account ?
That's amazing! I've got the same combination on my luggage!
bahahaha
"and you, change my luggage combination" "sir, it appears we have been jammed"
good movie
|
coolzero
Gallente
Dutch Federation Player Corp
|
Posted - 2009.12.01 14:07:00 -
[77]
Originally by: Zartanic
Originally by: coolzero
time for ccp to add a authenticator option like WoW has :P
I saw a cheaper one which is common in asia apparently. You get an email sent with a chart of numbers with code letters against each, unique to each user. You have to type in these code numbers to log. Its a bit like when banks used to ask for letters 2,5 and 7 of your password. It's not completely foolproof of course but it better than nothing and costs nothing to the user.
the wow authenticator come as a ipod app as well and that has zero cost...and the authenticator itself is just what 6 euro...i rather pay that small of a fee for some better security that doesnt req me to remember a long password(that can be hacked anyway with keyloggers whatever) the authenticarot nummer changes every login so much saver imo
Jack of all trades, master of none...
|
Smash N'Grab
School of Applied Knowledge
|
Posted - 2009.12.01 14:36:00 -
[78]
"The door was wide open your honour, why shouldn't I help myself to their stuff"
In this particular case:
Yes the thief is responsible for the crime. However...
Insurance will not cover the losses incurred as a result of the theft, as the home owner did not provide due care in securing their home and property.
Just sayin'
|
Rothrin
|
Posted - 2009.12.01 15:38:00 -
[79]
Edited by: Rothrin on 01/12/2009 15:40:08
Edited by: Rothrin on 01/12/2009 15:39:20
A bbc report from yesterday on a similer subject
bbc
|
Mr Epeen
|
Posted - 2009.12.01 16:04:00 -
[80]
Am I the only one bookmarking this thread so that I can have the pure joy of linking it when one of these moronic " don't get haxed if you are not buying/sellingisk/DL****/etc" idiots comes back here in a month whining because they lost their acct.
They pure pleasure of throwing peoples own quotes back at them makes reading these stupid posts by stupid people worth while.
Mr Epeen 
|
|
|
Sky Marshal
IMpAct Corp
Tau Ceti Federation
|
Posted - 2009.12.01 16:13:00 -
[81]
Edited by: Sky Marshal on 01/12/2009 16:15:06
Quote:
People are getting hacked because they're getting keyloggers on their computers. The hackers aren't "guessing".
People are getting hacked because they're getting keyloggers, and because > CCP < had REMOVED the "Save Password" feature years ago, who would permit to NOT have to retype the password each time so who would REDUCE the risk to be theft by a keylogger.
And it was removed for "security reasons" because some morons used to play EVE at work or used their login/pass in some friend's computer, so some bad guys came after them...
CCP is partially responsible of this situation, by removing this feature who also reduce standard security as players are motivated to use easy to remember & small passwords.
_______
With the NGE, I'm sorry about the mistake we made. We screwed up and didn't listen to the fans when we should have.
- John Smedley, CEO of Sony Online Entertainment |
Tiny Tove
|
Posted - 2009.12.01 16:16:00 -
[82]
Originally by: Mr Epeen
Am I the only one bookmarking this thread so that I can have the pure joy of linking it when one of these moronic " don't get haxed if you are not buying/sellingisk/DL****/etc" idiots comes back here in a month whining because they lost their acct.
They pure pleasure of throwing peoples own quotes back at them makes reading these stupid posts by stupid people worth while.
Mr Epeen
No. The odds are against it though. I tend to keep my puss shut when I shaft myself publicly. |
Tiny Tove
|
Posted - 2009.12.01 16:29:00 -
[83]
Originally by: Sky Marshal
People are getting hacked because they're getting keyloggers, and because > CCP
Security is entirely relative. Having read the patch notes, despite the amount of time they had prior to Dominion, CCP have singularly failed to reasonably address what is one of the biggest issues to plague the last installement of Eve. I'm not expecting anybody from the CSM to show up and take credit for this lack of action either.
CCP's response to recent account security has been, at worst, negligent to the point of almost assisting the thieves.
The hilarious thing is that the hackers weren't even performing very sophisticated attacks, because generally you don't need to, ignorance is unbelievably commonplace, you don't generally need to be sophisticated with a scattergun attack to score random hits.
The only thing that keeps the account safe of people like Armoured C and the other jokers who are spouting their hateful nonsense, the only thing, is that these attackers don't need Armoured C's account, any account will do just fine. CCP have done very little to stop the next generation of attacks we'll face, they had an opportunity to do so, but chose not to.
So while these hateful people sit their telling people it's their fault they lost out, they don't realise they should be thankful, because the moment the computer illiterate people get proper protection and help from CCP, the attacks will get more sophisticated, and the cycle continues, gradually working it's way up the computer literacy scale, and eventually somebody with one of these unflappable egos will get hit, and very suddenly their tune will change.
We won't hear it change, they'll just be sat in their bedroom worrying, realising, that the Eve account was actually the least of their worries. |
SeerinDarkness
Minmatar
An Tir
|
Posted - 2009.12.01 16:34:00 -
[84]
Actually its is horridly easy to brute force,flat out guess the password.
1 eve forums and eve client use same acount name
2 if you ever have attempted to buy or bought a char from anyone and had it transferd, you give up your account name to the seller making it rediculasly easy to harvest account names
3 login for forums is not secure aspx? page and can be back clicked to however many times is needed
but overall when i made this thread in paticular it was to be nothing more than a reminder and suggestion to change all passwords on your accounts and change api keys just in case, nothing more.
to all those who have flooded this post with flames about who is responcable for whator automaticly blame the person who got hacked etc or say that they have garnerd nothng but enjoymennt from someone elses problem/loss...may you oneday SOON experience the like yourselves the the Nth degree.
Seer
|
ChronoLynx
Caldari
Federation of Freedom Fighters
|
Posted - 2009.12.01 16:37:00 -
[85]
My 2c to this topic is this.
I signed up for a MMORPG account and a few other gaming sites using an account not linked to eve-online. I expessed interest to eve using these accounts. Then came in the attempts to gain access to my accounts. Over the last 3 months I have received about a dozen mails claiming to be from CCP and offering to giving away 15 day reactivation codes for expired accounts so that one might come back to eve.
The mail at which it has been coming from is spoofed; it is [email protected].
The mail looks legit, and takes you to a site that is mirroring the eve-online site. The thieves url to their site recently changed in the last set of spam mails that have come in. This leads me to believe that either there is another band of people doing this or that the original site got shut down.
And onto the second 1c.
One of my corp mates had his account compromised because of these mails. He and I received them at about same time on the same day to our hotmail accounts. He, being himself, clicked on the link and put in his info... I being me went... "CCP isn't this nice." I loaded up my Ubuntu OS from cd. I then proceeded to open the mail using the Unbuntu browser, which cannot be keylogged or run executables and doesn't recognize that I have hard drives, and checked out said site.
This is how I learned what the site looked like. It is a mirror of the CCP Eve-Online site and looks almost 100% correct. There were a few breaks in the lines where there should not have been as I was comparing them side by side. Over all I will say that after the experience I was happy not to have been tired when I receive the email.
The only reason this attempt worked on my corpmate is because he had an offline account which went off a few days before he received the mail.
Anyways, that was my full 2c. Moral of this long portion of text is to never click on a link from your email to a link on the eve-online site page. Always navigate from the mail page on the site.
Sometimes I wish I could remember;
Sometimes I wish I could forget.
|
Catari Taga
Centre Of Attention
Rough Necks
|
Posted - 2009.12.01 17:03:00 -
[86]
Edited by: Catari Taga on 01/12/2009 17:03:44
Originally by: Sky Marshal
Edited by: Sky Marshal on 01/12/2009 16:15:06
Quote:
People are getting hacked because they're getting keyloggers on their computers. The hackers aren't "guessing".
People are getting hacked because they're getting keyloggers, and because > CCP < had REMOVED the "Save Password" feature years ago, who would permit to NOT have to retype the password each time so who would REDUCE the risk to be theft by a keylogger.
Not sure why I even clicked on this thread but it is so full of fail it makes me laugh. If you were even remotely serious with the comment I quoted that is the perfect illustration why people like you are getting hacked. Priceless.
|
|
|
| |
|
| Pages: 1 2 [3] :: one page |
| First page | Previous page | Next page | Last page |