Pages: 1 2 [3] 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 3 post(s) |
Kolatha
|
Posted - 2010.03.02 02:33:00 -
[61]
Originally by: Melor Rend
A mate of mine (who works in IT and knows what he's doing when it comes to security) got his WOW account hacked a few months ago. He followed all the security advice, has an updated anti-virus software running, windows is up to date, uses Firefox with paranoid security settings, uses complex and impossible-to-guess passwords, doesn't download cracks or warez and never uses his password for anything except that WOW-account. I'd also discount any form of phishing since he's not a noob and wouldn't fall for the usual attempts.
Up to this day he can not explain how his account could get hacked except by brute-force (but with a long and secure password this is pretty unlikely).
My bet is that he makes extensive use of one of the free email services, most likely GMail based on your limited description.
The operative word there is free.
Pretty much every free email service out there has suffered from wholesale compromise at one point or another and on a smaller scale it happens regularly on an account by account basis. Even GMail suffers this constantly enough that they now have a little notification tool that tells you when and where the last login came from. Don't use free email services for anything critical. Get together with a few friends you can trust (your facebook friends list is the last place you should be looking in this case) and buy a secure server.
Then you also get people who use these free email services and access them from public terminals. 'Nuff said about that.
Using wireless networks, particularly home WiFi, is also a big security compromise as it is possible for someone with patience enough to sniff out the password and get sufficient access to sniff out the packets. Basically, don't use a wireless router if you live in a largish city, there are enough script kiddies out there that will take any scrap of personal information and use it for epeen points on their favourite hacking site. Fork out a few extra dollars for a physical cable.
|
Major Kaboomski
|
Posted - 2010.03.02 03:21:00 -
[62]
Edited by: Major Kaboomski on 02/03/2010 03:21:49 to answer a few questions here:
yes these Cisco tests are very easy for me, but they are meant for people with less knowledge, i just know everything we are doing ATM at school :)
yeah ive got loads of stuff on my account worth stealing, possibly those billions in the wallets, and also the tens of billions worth of assets.
and i am quite sure my system is not compromised, using logical thinking i conclude that. otherwise that money and those assets would be gone (yeah give me one reason why the isk sellers should wait with taking my money). also, i run Linux, and so far not one Linux system has been hacked i believe(no evidence that hasn't happened yet tho)
Quote: Your experience is limited and proves nothing.
it is rather rude to state such a thing :( and also you cannot state such a thing since you just don't know me :)
CCP. give these people some sort of auth devices, since they are incapable of avoiding drive-by infections and mass exploiting. (of course no one is safe from a targeted attack)
goddammit i say it once again as i said before, the people stupid enough to use IE, clicking on the YOU ARE THE 9999999TH VISITOR ads and using weak passwords deserve to be hacked
and the last answer here about the WiFi, yes i use WiFi for the laptops but trust me, its not hackable for a script-kiddie, and even hard for advanced security penetration testers.
if further flaming about WiFi occurs i will give you a auth packet and you can try for yourself :p how about that?
and now, im gone to bed. had enough of flaming and epeening today.
stay safe and dont buy isk.
|
Super Whopper
I can Has Cheeseburger
|
Posted - 2010.03.02 06:03:00 -
[63]
Originally by: Viktor Fyretracker
OMG why doesnt IE6 just die? MS should just kill support for it this summer IMO. tell the corporate world it is time to enter the modern area and that 9 years has been enough time to keep up.
Because they're stupid, lazy and greedy. Moving on from IE 6 will cost them money, money they'd rather spend on their lavish, undeserved, bonusses. MS are finally killing support for IE 6, Google already have, and have told corporations to move on to IE 7 or 8. These imbecils have held the internet back long enough, blaming MS for their ******ation.
|
Zartrader
|
Posted - 2010.03.02 07:40:00 -
[64]
An Authenticator is the way to go. I assume CCP have looked into this and can't guarantee the number of sales needed to keep the price low enough. I can't imagine they have not asked any producers though, it would take a 5 minute phone call to sort it out.
|
Vaerah Vahrokha
Minmatar Vahrokh Consulting
|
Posted - 2010.03.02 09:10:00 -
[65]
Basically all of the thread could be condensed in: "don't be an idiot".
But then, the world is choking full of them, therefore it won't work.
Also, those who will be affected by this, won't read this. Those who will read this, will think they are to smart to fall for it. - Auditing and consulting
Before asking for investors, please read http://tinyurl.com/n5ys4h and http://tinyurl.com/lrg4oz
|
N Ano
Caldari Zerg Corp
|
Posted - 2010.03.02 09:46:00 -
[66]
Originally by: Mr Kidd CCP's lack of action to limit hacking beyond the typical "best practices" shpeel is disturbing. The typical best practices shpeel is about 15 years out-dated these days. Sure, it's still relevant, yet it doesn't exactly address some of the more sophisticated methods to compromise one's accounts such as malicious content through focused ads and puts the responsibility for user account security squarely on us, the customer; the least able to deal with these types of attacks.
Teenager boy: so you thoughtlessly surf the web, go to hack/crack sites, prolly run exe's downloaded from p2p sites without ever scrutinizing them first......maybe, I don't know. But, you need to ask yourself: Do I have anything worth having my account hacked? Am I capable to determining if my system is compromised?
I would guess the answer is no on both questions. The second question is beyond the skill of most people. And for those with the skills, the hassle to determine with certainty if one's system is compromised is so time consuming as to render it impractical to conduct a system audit on a regular and frequent basis. Proving a negative result is near impossible considering the breadth and plethora of methods with which one can be hacked. Regardless of your answers, a user can still be compromised through NO FAULT of their own. Merely being connected to the internet is enough. So please, stop blaming the victim for being hacked. Your experience is limited and proves nothing.
You really shouldn't make assumptions about people. Just because he is a teenager, doesn't mean he has no experience.
18:19:51 Combat Corpus Prophet misses you completely. |
Athalwolf
More-Cowbell Cult of War
|
Posted - 2010.03.02 10:35:00 -
[67]
My vote is also on an Authenticator like the one in WoW
------ www.manlovepvp.com |
weazlor
|
Posted - 2010.03.02 12:03:00 -
[68]
Two thoughts on optional add-ons for account security.
Firstly, regarding safer logins.
Fingerprint scanners are pretty cheap nowadays, some keyboards have them fitted as standard. Why not have a system whereby you scan in all 10 fingers, and have the game ask for a random finger for each login. A failure to use the correct finger would result in a 10 minute wait time (as you'd have to be pretty stupid to not know which finger is which) which increments by a factor of 2 each time, and sends an email to your auth account warning you after a 2nd failed attempt in a row, and giving you the option to increase security for a short time, or just to log in yourself to prevent someone else getting in.
Secondly, on general security.
Other option is using an external prog like evemon, with an api-like key fitted to let ccp know what machine you're located at, and preventing other computers from logging in while it's running by idling you. less resource hungry than eve itself, but still locking down your account to where you are. It could be on phones too for when your computers switched off.
|
Alphrya
Inter-Region Trade And Logistics
|
Posted - 2010.03.02 12:15:00 -
[69]
Edited by: Alphrya on 02/03/2010 12:21:25 Edited by: oh hai a post on 02/03/2010 12:21:02 Edited by: STOP EDITING MY POSTS on 02/03/2010 12:15:19
Originally by: weazlor Two thoughts on optional add-ons for account security.
Firstly, regarding safer logins.
Fingerprint scanners are pretty cheap nowadays, some keyboards have them fitted as standard. Why not have a system whereby you scan in all 10 fingers, and have the game ask for a random finger for each login. A failure to use the correct finger would result in a 10 minute wait time (as you'd have to be pretty stupid to not know which finger is which) which increments by a factor of 2 each time, and sends an email to your auth account warning you after a 2nd failed attempt in a row, and giving you the option to increase security for a short time, or just to log in yourself to prevent someone else getting in.
Secondly, on general security.
Other option is using an external prog like evemon, with an api-like key fitted to let ccp know what machine you're located at, and preventing other computers from logging in while it's running by idling you. less resource hungry than eve itself, but still locking down your account to where you are. It could be on phones too for when your computers switched off.
*** Buying your Junk!
EVEmail me or post in my thread! *** |
kurg
|
Posted - 2010.03.02 12:42:00 -
[70]
Originally by: Professor Tarantula
Originally by: CCP Adida These are just a few of many suggestions you can take account security into your own hands.
I don't mean to disregard those basic security measures you suggested, but just allowing players to limit account use to a particular IP would do a world of good. It's something i was sure a MMO company would have picked up by now, and i'm not buying any talk about it being difficult to implement. Your basic forum tracks and bans users based on their IPs, search engines track IPs, Email accounts track IPs so you can see if anyone else is logging in to them, but so far the MMO world is pretending such a thing is unreasonable and/or impossible.
CCP don't want people sharing accounts, and CCP don't want customers quitting because their accounts got hacked, so they should get cracking on this. They can only blame the customers to a certain point. If they've got a blanket solution within reach why aren't they using it?
Post like this make me laugh, the truth of the matter is IT IS people fault and there is such a thing as NATURAL SELECTION! First, your logic makes no sense and has no regard to folks that work or travel, what is i want to play from work? what if i want to play from the airport? what if i want to play from a hotel? what if i travel to a different country and i want to log in to roll a skill? ... If CCP TRUELY wanted to provide a fail safe mechanism then implement secure token ID's and for the folks that dont understand what i just said "The Thingy That World of Warcraft uses to authenticate".
|
|
Brema Gangrel
Caldari b.b.k Fidelas Constans
|
Posted - 2010.03.02 12:54:00 -
[71]
Originally by: kurg
If CCP TRUELY wanted to provide a fail safe mechanism then implement secure token ID's and for the folks that dont understand what i just said "The Thingy That World of Warcraft uses to authenticate".
Although they are secure, they are *not* 100% secure, and still open to be broken with malware
Look what we have here
|
Denny Haze
Amarr Ministry of War
|
Posted - 2010.03.02 15:15:00 -
[72]
Edited by: Denny Haze on 02/03/2010 15:16:53
Originally by: Brema Gangrel
Originally by: kurg
If CCP TRUELY wanted to provide a fail safe mechanism then implement secure token ID's and for the folks that dont understand what i just said "The Thingy That World of Warcraft uses to authenticate".
Although they are secure, they are *not* 100% secure, and still open to be broken with malware
Look what we have here
Except that EvE doesn't have gaming add-ons. Unless they figure out how to insert the bad stuff into the EvE client's automatic update, or the direct downloads from the site. It'll take some time for those kids to be able to do this to EvE, and until then I'd like to have this extra secutiry. Nothing will ever be 100% secure, but 90% is damn sure enough!
60D GTC |
Kiri Serrensun
|
Posted - 2010.03.02 15:45:00 -
[73]
Originally by: Malevian I prefer to simply commit passwords to memory instead of writing them down or sticking them on something like the above that could be lost or stolen. Use, mixed case, numbers, punctation etc always - but keep it memorable for yourself.
...how do you manage this? I have over a hundred passwords built up over time. If you can remember even a couple dozen "alphabet soup" passwords unaided, then you are, no sarcasm, a genius. In any case, I keep my USB by the computer when in use. If someone can steal that, they're more likely to just steal the machine.
Something else that would be handy would be the ability to "lock" characters for selling purposes, which take up to 30 days to "unlock". Buys time to save a character if an account is hacked, and I don't think deciding to sell a character on the spur of the moment happens that often. :)
|
|
CCP Adida
|
Posted - 2010.03.02 17:16:00 -
[74]
Updated several threads that referenced other games. Please do not mention any other game other than EVE.
Adida Community Rep CCP Hf, EVE Online
|
|
Muad' Dib
Gallente Beyond Divinity Inc
|
Posted - 2010.03.02 17:44:00 -
[75]
Originally by: CCP Adida Updated several threads that referenced other games. Please do not mention any other game other than EVE.
Yes, your new fascist policy in regards to the existence of other MMO's has certainly increased the faith i had in the competence of CCP, just like T20.
Also, it's stupid while untill now the Authenticator hasn't been offered, but considering the track record of CCP i already expect for when it is offered to fry the mobo, after erasing the HDD. --- I smack just for myself. Allow faction cap boosters to be traded via normal market ! |
N Ano
Caldari Zerg Corp
|
Posted - 2010.03.02 18:23:00 -
[76]
Edited by: N Ano on 02/03/2010 18:23:39
Originally by: Muad' Dib
Originally by: CCP Adida Updated several threads that referenced other games. Please do not mention any other game other than EVE.
Yes, your new fascist policy in regards to the existence of other MMO's has certainly increased the faith i had in the competence of CCP, just like T20.
Also, it's stupid while untill now the Authenticator hasn't been offered, but considering the track record of CCP i already expect for when it is offered to fry the mobo, after erasing the HDD.
I dont understand people like you. Whine, whine, whine and all you talk about is how "this company" does things better than CCP. Please go into the corner and stfu. 18:19:51 Combat Corpus Prophet misses you completely. |
KaarBaak
Minmatar Situation Grey
|
Posted - 2010.03.02 20:17:00 -
[77]
Originally by: Brema Gangrel
Originally by: kurg
If CCP TRUELY wanted to provide a fail safe mechanism then implement secure token ID's and for the folks that dont understand what i just said "The Thingy That World of Warcraft uses to authenticate".
Although they are secure, they are *not* 100% secure, and still open to be broken with malware
Look what we have here
Well, no sense letting "Perfect" get in the way of "better." Security would be better with the keys. Leaving things 'as is' until 'perfect' security is realized is just tilting at windmills.
KB KB
My blogs: Tastes Like Chicken EvE Meta-Gaming |
Darknes Falls
|
Posted - 2010.03.03 03:39:00 -
[78]
Edited by: Darknes Falls on 03/03/2010 03:44:56
Originally by: N Ano Edited by: N Ano on 02/03/2010 18:23:39
Originally by: Muad' Dib
Also, it's stupid while untill now the Authenticator hasn't been offered, but considering the track record of CCP i already expect for when it is offered to fry the mobo, after erasing the HDD.
Removed Off Topic information - Adida
I dont understand people like you. Whine, whine, whine and all you talk about is how "this company" does things better than CCP. Please go into the corner and stfu.
I'll answer for Muad, since he got banned - this is not his reply.
No other MMO on the market censors the name of other MMO's on their forums, no other company has covered up as much as CCP, and like someone posted on the 2nd page, the GM's in Blizzard's game will do a 100% refund on what you have lost, not to mention offering the Authenticator. What gives me the right to whine is the 60$ i give to CCP every month. If you want ppl to stop whining, refund them their money, and they will stop it.
I'm all for a persistent universe, emphasis on PVP and full loot game, but you should not have to spend your time online wondering wether CCP or hackers will screw you over in a way that you cannot fight.
PS: Wondering if Adida will also give me 14 days vacation for 'daring to speak against God'.
|
Mr Kidd
|
Posted - 2010.03.03 04:01:00 -
[79]
Edited by: Mr Kidd on 03/03/2010 04:01:04
Quote: Updated several threads that referenced other problems. Please do not mention any problems in EVE.
Fixed!
|
Epicbeardman
|
Posted - 2010.03.03 04:19:00 -
[80]
Originally by: Darknes Falls but you should not have to spend your time online wondering wether CCP or hackers will screw you over in a way that you cannot fight..
People like this are the problem ladies and gentlemen.
Proud, thick headed people that refuse to admit they clicked a keylogger, and keep insisting that some world-class hacker that would likely never spend his valuable time on a pitiful EVE Online account are working hours, no days to gain access to their accounts in a way that "you cannot fight".
You make me sick. Stand up and take responsibility for what you did.
There is no "Account security" problem. There is a stupidity problem, and the sooner we all stop listening to idiots like this, the sooner we can move on.
|
|
Darknes Falls
|
Posted - 2010.03.03 04:31:00 -
[81]
Edited by: Darknes Falls on 03/03/2010 04:33:32
Originally by: Epicbeardman
Originally by: Darknes Falls but you should not have to spend your time online wondering wether CCP or hackers will screw you over in a way that you cannot fight..
People like this are the problem ladies and gentlemen.
Proud, thick headed people that refuse to admit they clicked a keylogger, and keep insisting that some world-class hacker that would likely never spend his valuable time on a pitiful EVE Online account are working hours, no days to gain access to their accounts in a way that "you cannot fight".
You make me sick. Stand up and take responsibility for what you did.
There is no "Account security" problem. There is a stupidity problem, and the sooner we all stop listening to idiots like this, the sooner we can move on.
I'm sorry my post made mr epic-beard-man sick. I'm also sorry to burst your bubble, but i have not been hacked; i do have a friend who has been hacked, and i find it hard to believe he would buy ISK considering he's sitting on 100b+ isk.
There is an account security problem, though i guess you can never tell how much is the user's fault and how much of it is not dependent on the user. Either way, i would like more security, and the fact that a 13d old alt finds my opinions sickening will not stop me from voicing them.
PS: For lols factor, look up Nafri's thread on SHC.
|
Epicbeardman
|
Posted - 2010.03.03 05:01:00 -
[82]
One by one
Originally by: Darknes Falls
I'm also sorry to burst your bubble, but i have not been hacked
I got that. I can read. Unlike you:
Quote: i find it hard to believe he would buy ISK considering he's sitting on 100b+ isk
I never mentioned buying ISK, why did you bring it up?
Quote: There is an account security problem
Is that so? I've been playing MMOs, including that other one we can't mention, for over 12 years, I've not been... "hacked" once. I don't have a problem. Why do less intelligent people?
Quote: though i guess you can never tell how much is the user's fault and how much of it is not dependent on the user
Yes you can. Just like you can tell that someone who got hit by a truck because he didn't look both ways before crossing the street is at fault. Is there a cross the street safety problem? No there isn't.
Quote: Either way, i would like more security
Out comes the sense of self-entitlement, always hand in hand with stupidity and pride.
Quote: and the fact that a 13d old alt finds my opinions sickening will not stop me from voicing them.
Again with the inability to read. I didn't find your opinion sickening, I found your friend sickening as a human being for refusing to take responsibility.
Also, the young character argument? Really now?
Please stop posting.
|
Darknes Falls
Caldari Beyond Divinity Inc
|
Posted - 2010.03.03 05:20:00 -
[83]
Edited by: Darknes Falls on 03/03/2010 05:22:48 I mentioned char age because while you do have some opinions backed up by simple words with no meaning :
Originally by: Epicbeardman
Is that so? I've been playing MMOs, including that other one we can't mention, for over 12 years, I've not been... "hacked" once. I don't have a problem. Why do less intelligent people?
in EVE the char who you post with can identify who you are in the game. The opinions i posted above are my opinions, i stand by them and i'm not afraid to post them with one of my 'significant' characters.
I would like to take the time to reply to your attempt of taking my words out of context to suit your own purposes, but quite frankly, i'm too lazy to do this. I'll just say that your entire argument/arguments, all of your supositions rest on hinting at some conspiracy in this thread where ppl who have a diverging opinion are in league against you, where everyone is tied in a secret bond of idiocy, because you have never been hacked and therefore, can't get hacked, and therefore, everyone else must be incredibly stupid.
As for your request to stop posting, give me 60$ / month and i will.
|
Epicbeardman
|
Posted - 2010.03.03 05:41:00 -
[84]
Originally by: Darknes Falls
I would like to take the time to reply to your attempt of taking my words out of context to suit your own purposes
I quoted your entire post piece by piece. How is this taking your words out of context?
Quote: As for your request to stop posting, give me 60$ / month and i will.
You should stop posting for your sake. Not mine.
|
Darknes Falls
Caldari Beyond Divinity Inc
|
Posted - 2010.03.03 05:54:00 -
[85]
Edited by: Darknes Falls on 03/03/2010 05:56:24
Originally by: Epicbeardman
Originally by: Darknes Falls
I would like to take the time to reply to your attempt of taking my words out of context to suit your own purposes
I quoted your entire post piece by piece. How is this taking your words out of context?
Quote: As for your request to stop posting, give me 60$ / month and i will.
You should stop posting for your sake. Not mine.
Let it not be said, i do not think of my fellow man/troll/whatever.
Just like you did with #76.
|
hakkiew365
Muffin Munchers Muffy Inc.
|
Posted - 2010.03.03 09:07:00 -
[86]
I have to agree by saying that some/most/even all of the people that got hacked lack the 'smartness' to see a obvious scam/attack when they face it. People that are good with computers and know how phishing/hacking works, will most likely not have their accounts compromised.
However the more stupid people get their accounts compromised and go whine on the forums. This is bad. It makes CCP look bad too.
Here is at least something for them to read, and learn. http://www.squidoo.com/internetsafe
http://www.gamerzneeds.net/forums/hero-online/52278-guide-staying-safe-avoid-being-hacked.html (not sure if i can link this since its another game forum?)
http://www.gaiaonline.com/forum/gaia-guides-and-resources/avoid-getting-hacked-long-guide-is-looooong/t.26302801/ (not sure if i can link this either)
http://www.microsoft.com/protect/
|
Tippia
Reikoku IT Alliance
|
Posted - 2010.03.03 09:13:00 -
[87]
Originally by: hakkiew365 http://www.microsoft.com/protect/
Pff. Obvious malware link is obvious. ——— “If you're not willing to fight for what you have in ≡v≡… you don't deserve it, and you will lose it.” — Karath Piki |
hakkiew365
Muffin Munchers Muffy Inc.
|
Posted - 2010.03.03 09:35:00 -
[88]
Originally by: Tippia
Originally by: hakkiew365 http://www.microsoft.com/protect/
Pff. Obvious malware link is obvious.
|
N Ano
Caldari Onyx Heavy Industries
|
Posted - 2010.03.03 09:36:00 -
[89]
Originally by: hakkiew365
Originally by: Tippia
Originally by: hakkiew365 http://www.microsoft.com/protect/
Pff. Obvious malware link is obvious.
18:19:51 Combat Corpus Prophet misses you completely. |
Scott Ryder
Amarr Sisters of Korhal Terran Commonwealth
|
Posted - 2010.03.03 09:45:00 -
[90]
Originally by: CCP Adida Updated several threads that referenced other games. Please do not mention any other game other than EVE.
So am I the only one that believes perputtum or however its spelled is the source to all theese hackings?
|
|
|
|
|
Pages: 1 2 [3] 4 :: one page |
First page | Previous page | Next page | Last page |