EVE Search - New EVE Online forums temporarily disabled

All Channels

EVE General Discussion

New EVE Online forums temporarily disabled

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 .. 27 :: one page
Author	Thread Statistics \| Show CCP posts - 36 post(s)
Helicity Boson Amarr The Python Cartel. The Defenders of Pen Island	Posted - 2011.04.10 16:57:00 - [391] Originally by: CCP Sreegs I'm saying exactly what I said. you're damned if you do, damned if you don't mate. I don't believe for one second your "review" will ever yield any result other than "no we were safe". Especially since via-via-via-IM I was showing you how the night before and you didn't get it. You'd never own up to the site being vulnerable anyways, and it's that fact that makes me shudder with revulsion. Terrible coding practices combined with a willingness to lie make for a grim picture indeed.
Grimpak Gallente The Whitehound Corporation Frontline Assembly Point	Posted - 2011.04.10 16:58:00 - [392] Originally by: CCP Sreegs Originally by: Grimpak dude, go to sleep, lol I slept last night like a good 7 hours. I came back in today to continue, so I'm pretty well rested actually. oh, ok. --- Quote: The more I know about humans, the more I love animals. ain't that right.
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 16:59:00 - [393] Originally by: CCP Sreegs Originally by: Bomberlocks ...... We don't discuss administrative actions. At all. Ever. No matter how many times you ask, demand or otherwise say the same thing over and over and over again. Our policy is simply that we don't, and to be fair you only have access to enough information to speculate. I'm not claiming. I'm stating outright that customer data was never at risk. We've also said there will be a blog which will detail what occurred and what was wrong. Your policy of not discussing administrative actions is one thing (and IMO is currently being used to shield CCP from public humiliation), but if you read the post on Helicity's blog, you'll see that what you are saying with respect to the vulnerability is demonstrably false. If you do not honestly address the issues in at least the same detail Helicity did, then I think it's time to take this to the media, because, as it currently stands, there is no good reason to believe anything you are saying, but there are a lot of good reasons to not believe anything you say. In short: Customer data was in danger through code injected into the signature. CCP did ignore the warnings of numerous people. You are trying to avoid admitting to your errors. Prove me wrong and I'll happily apologise, but simply claiming I'm wrong without proof is simply not good enough.
Myra2007 Millstone Industries	Posted - 2011.04.10 16:59:00 - [394] Originally by: Gnulpie At least that CCP Sreegs guy seems to do good work right now. Props for that. I can imagine way better things to do than talking with angry EVE people on the forums QFT The people who are probably directly responsible (be it coders or management or whatever) still have to show their faces. I doubt it's going to happen though. The next time we hear anything from say CCP Alice, CCP Paradox or CCP Elais will probably be when they launch this "feature rich" forum a 2nd (3rd?4th?) time with security holes fixed (again...) and no other fixes at all. And this are only the "public" faces to the new forum. I simply refuse to believe that they are completely inept and like to believe they got extreme pressure from management or something. Time for a Hilmar devblog or something imho... -- Originally by: CCP Elais It was a great Frankenstein moment [...] to see the forum [...] come alive.
Sullen Skoung	Posted - 2011.04.10 17:00:00 - [395] Originally by: CCP Sreegs Originally by: Sullen Skoung Originally by: CCP Sreegs I'm sure a lot of people work for a lot of good companies. What I was stating was that if anyone has an actual evidence of the malfeasance that was suggested they're welcome to email it to me. love the defense by way of "prove we got the emails" when theres no way you actually can do that short of working at CCP. I said if you have evidence send it to me. I never said prove we got them. If you're going to try to reword a post you should probably not do so with the complete text of the statement quoted. Still a crap defense man, we CANT get the emails from your site so theres no way TO prove that we sent them. Its a stupid defense when all you have to do is get whoever browses ccp@security email FOR those emails, assuming that isnt you. Unless of course you cant send them an email or talk to them or something. Which would be a ****ty way to run a company tbh
Dark Striped	Posted - 2011.04.10 17:01:00 - [396] ive changed my passwords just incase. aside from that DONT MAKE ME USE THEM NEW ****TY ASS FORUMS AGAIN
Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 17:03:00 - [397] Edited by: Bomberlocks on 10/04/2011 17:04:51 Originally by: CCP Sreegs .... Nobody who has ever come forward with a legitimate security concern, with full details of what the exploit was, that they were not actively exploiting themselves, has ever been actioned against by us. There is a right way and a wrong way to report things, as I've said. If that is the case, why did CCP ignore Virtuozzo's and Helicity's attempts to warn you? Quote: It's against policy to discuss the any detail whatsoever about an ban so I'm not allowed to do so. I can say that you don't have access to determine how any ban in our system was instituted. In fact we do. We can just ask Cat. I'm more inclined to believe him than you tbqFh.
Helicity Boson Amarr The Python Cartel. The Defenders of Pen Island	Posted - 2011.04.10 17:04:00 - [398] Originally by: Bomberlocks ]If that is the case, why did CCP ignore Virtuozzo's and Helicity's attempts to warn you? To be fair they didn't do that.
Elyssa MacLeod	Posted - 2011.04.10 17:05:00 - [399] Originally by: CCP Sreegs I don't blog about forums so lets see where the investigation takes us and we'll figure out if you have a reason to be mad at me after I've actually finished the work :) you realize yer talking in circles right? You earlier stated it was a security issue that brought down the forums and now youre saying you dont blog about forums. That blog is gonna be pretty thin then if its not about this fiasco. ---------------------------- fail leads to anger anger leads to hate hate leads to the dark side of MMOs

CCP Sreegs	Posted - 2011.04.10 17:06:00 - [400] Originally by: Helicity Boson Originally by: CCP Sreegs I'm saying exactly what I said. you're damned if you do, damned if you don't mate. I don't believe for one second your "review" will ever yield any result other than "no we were safe". Especially since via-via-via-IM I was showing you how the night before and you didn't get it. You'd never own up to the site being vulnerable anyways, and it's that fact that makes me shudder with revulsion. Terrible coding practices combined with a willingness to lie make for a grim picture indeed. I can assure you that I never came close to an IM from you. I did see some information that lead directly to patching the problem, but I never personally got any IM from anyone from you. If I was somehow "not owning up to the site being vulnerable" I wouldn't have said it was vulnerable and I wouldn't have had it taken down. I don't know what you're seeing from your perspective but it sounds to me like you're being taken for a ride by someone else or there's a really really hilarious miscommunication chain here.

Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 17:07:00 - [401] Originally by: CCP Sreegs Edited by: CCP Sreegs on 10/04/2011 16:34:23 Originally by: Helicity Boson Originally by: CCP Sreegs There are 3 problems with your post. A) It's premature, pending investigation but from what I recall though the signatures would allow HTML you could not execute script, which kills a lot of your assertions. Horsedung. And you know it. Javascript and CSS were confirmed to work. I appreciate your need to save face, but your guys made an unforgivable screwup, own up to it and instill me with the feeling you guys are deserving of our trust. If I knew it I'd say so. I'm not here to save face and I'd ask that you not continue to mischaracterize me. IF when we continue our investigation I find out I am wrong and you WERE actually able to inject script then I'll say so in my blog. The word from the people who checked it earlier today was that FROM MEMORY they didn't believe script could be injected. Everything's not some shadowy conspiracy. I appreciate that you feel wronged somehow and I can't change that. I have no need whatsoever to save anyone's face, my job is to determine and respond to the problem. Honestly. :Edit: to respond to the rest, I can say that we have internal procedure which include peer review and pen testing. Part of the investigation will be to determine if that was done and if not why, etc... That's probably mostly going to be internal, but it's not something I'm not thinking about. You'd trust the people who made the mistake in the first place more than the people who tried to warn you about it?

CCP Sreegs	Posted - 2011.04.10 17:08:00 - [402] Originally by: Bomberlocks Originally by: CCP Sreegs Originally by: Bomberlocks ...... We don't discuss administrative actions. At all. Ever. No matter how many times you ask, demand or otherwise say the same thing over and over and over again. Our policy is simply that we don't, and to be fair you only have access to enough information to speculate. I'm not claiming. I'm stating outright that customer data was never at risk. We've also said there will be a blog which will detail what occurred and what was wrong. Your policy of not discussing administrative actions is one thing (and IMO is currently being used to shield CCP from public humiliation), but if you read the post on Helicity's blog, you'll see that what you are saying with respect to the vulnerability is demonstrably false. If you do not honestly address the issues in at least the same detail Helicity did, then I think it's time to take this to the media, because, as it currently stands, there is no good reason to believe anything you are saying, but there are a lot of good reasons to not believe anything you say. In short: Customer data was in danger through code injected into the signature. CCP did ignore the warnings of numerous people. You are trying to avoid admitting to your errors. Prove me wrong and I'll happily apologise, but simply claiming I'm wrong without proof is simply not good enough. I'm not trying to avoid anything. It seems a bit silly to say YOUR WRONG PROVE ME YOUR RIGHT, then make the opposite assertion with less burden. At this point in time the only thing we can do is point fingers at each other and that's not very productive. Nevermind the fact that you're just rehashing a conversation I responded to not 30 minutes ago.


CCP Sreegs	Posted - 2011.04.10 17:09:00 - [403] Originally by: Sullen Skoung Originally by: CCP Sreegs Originally by: Sullen Skoung Originally by: CCP Sreegs I'm sure a lot of people work for a lot of good companies. What I was stating was that if anyone has an actual evidence of the malfeasance that was suggested they're welcome to email it to me. love the defense by way of "prove we got the emails" when theres no way you actually can do that short of working at CCP. I said if you have evidence send it to me. I never said prove we got them. If you're going to try to reword a post you should probably not do so with the complete text of the statement quoted. Still a crap defense man, we CANT get the emails from your site so theres no way TO prove that we sent them. Its a stupid defense when all you have to do is get whoever browses ccp@security email FOR those emails, assuming that isnt you. Unless of course you cant send them an email or talk to them or something. Which would be a ****ty way to run a company tbh What? I have no idea what you're trying to say.

Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 17:09:00 - [404] Originally by: CCP Sreegs Originally by: Helicity Boson Originally by: CCP Sreegs I'm saying exactly what I said. you're damned if you do, damned if you don't mate. I don't believe for one second your "review" will ever yield any result other than "no we were safe". Especially since via-via-via-IM I was showing you how the night before and you didn't get it. You'd never own up to the site being vulnerable anyways, and it's that fact that makes me shudder with revulsion. Terrible coding practices combined with a willingness to lie make for a grim picture indeed. I can assure you that I never came close to an IM from you. I did see some information that lead directly to patching the problem, but I never personally got any IM from anyone from you. If I was somehow "not owning up to the site being vulnerable" I wouldn't have said it was vulnerable and I wouldn't have had it taken down. I don't know what you're seeing from your perspective but it sounds to me like you're being taken for a ride by someone else or there's a really really hilarious miscommunication chain here. And if he posts his chat logs?
Helicity Boson Amarr The Python Cartel. The Defenders of Pen Island	Posted - 2011.04.10 17:12:00 - [405] Originally by: CCP Sreegs or there's a really really hilarious miscommunication chain here. It's that. But in the scheme of thing this is moot.
Copine Callmeknau Kangaroos With Frickin Lazerbeams The KWFL Republic	Posted - 2011.04.10 17:12:00 - [406] Originally by: Copine Callmeknau Originally by: Miilla Originally by: Copine Callmeknau Miilla your sig is ****ing awful, also it's oversized and gonna get nerfed when a mod sees it Yours is too violent and should be also nerfed due to the blood and gore. I've had mine 5yrs, you've had yours 10min. We'll see who's gets nerfed first k? LULZ I WIN Stunning EVE Online Theme for PS3

CCP Sreegs	Posted - 2011.04.10 17:12:00 - [407] Originally by: Elyssa MacLeod you realize yer talking in circles right? You earlier stated it was a security issue that brought down the forums and now youre saying you dont blog about forums. That blog is gonna be pretty thin then if its not about this fiasco. Hey helicity, how you know his name? Sreegs: An whats all this about you not having ppl on yer IM anymore? lol these ppl are all closer than we think they are... I was a player for a long time. When I joined the company I removed a bunch of people from IM and had to leave the game as per policy. No huge mystery there.

Sullen Skoung	Posted - 2011.04.10 17:12:00 - [408] Originally by: CCP Sreegs Quote: Still a crap defense man, we CANT get the emails from your site so theres no way TO prove that we sent them. Its a stupid defense when all you have to do is get whoever browses ccp@security email FOR those emails, assuming that isnt you. Unless of course you cant send them an email or talk to them or something. Which would be a ****ty way to run a company tbh What? I have no idea what you're trying to say. you are saying WE need to provide proof of sending emails to ccp@security IM saying we cant provide this proof being that we cant get into ccp@security to get copies of those emails sent. YOU who work at CCP, supposedly AS security, should either be able to access that email account or email the guy that can and can see if those emails do in fact exist.

CCP Sreegs	Posted - 2011.04.10 17:14:00 - [409] Originally by: Bomberlocks You'd trust the people who made the mistake in the first place more than the people who tried to warn you about it? Who said it was them that I asked?

Elyssa MacLeod	Posted - 2011.04.10 17:15:00 - [410] Originally by: Bomberlocks And if he posts his chat logs? gets banned for posting GM communications? Im guessing he cant say anything like he gets IMs from players cause that player/GM interaction wall breach was part of the issue in T20 ---------------------------- fail leads to anger anger leads to hate hate leads to the dark side of MMOs
Dark Striped	Posted - 2011.04.10 17:15:00 - [411] Originally by: CCP Sreegs Originally by: Bomberlocks You'd trust the people who made the mistake in the first place more than the people who tried to warn you about it? Who said it was them that I asked? not fused about all this smack. can you close these new pile of crap forums down forever? i hope you have that power cos they suck

CCP Sreegs	Posted - 2011.04.10 17:15:00 - [412] Originally by: Sullen Skoung Originally by: CCP Sreegs Quote: Still a crap defense man, we CANT get the emails from your site so theres no way TO prove that we sent them. Its a stupid defense when all you have to do is get whoever browses ccp@security email FOR those emails, assuming that isnt you. Unless of course you cant send them an email or talk to them or something. Which would be a ****ty way to run a company tbh What? I have no idea what you're trying to say. you are saying WE need to provide proof of sending emails to ccp@security IM saying we cant provide this proof being that we cant get into ccp@security to get copies of those emails sent. YOU who work at CCP, supposedly AS security, should either be able to access that email account or email the guy that can and can see if those emails do in fact exist. I never said I didn't have those mails.... I said that if you have any evidence that someone within the company is doing something wrong as was intimated by the original post, then that was the address to send it to... that was the entirety of what I was trying to state. I don't know how that got twisted into this.

Bomberlocks Minmatar CTRL-Q	Posted - 2011.04.10 17:16:00 - [413] Originally by: CCP Sreegs Originally by: Bomberlocks Originally by: CCP Sreegs Originally by: Bomberlocks ...... We don't discuss administrative actions. At all. Ever. No matter how many times you ask, demand or otherwise say the same thing over and over and over again. Our policy is simply that we don't, and to be fair you only have access to enough information to speculate. I'm not claiming. I'm stating outright that customer data was never at risk. We've also said there will be a blog which will detail what occurred and what was wrong. Your policy of not discussing administrative actions is one thing (and IMO is currently being used to shield CCP from public humiliation), but if you read the post on Helicity's blog, you'll see that what you are saying with respect to the vulnerability is demonstrably false. If you do not honestly address the issues in at least the same detail Helicity did, then I think it's time to take this to the media, because, as it currently stands, there is no good reason to believe anything you are saying, but there are a lot of good reasons to not believe anything you say. In short: Customer data was in danger through code injected into the signature. CCP did ignore the warnings of numerous people. You are trying to avoid admitting to your errors. Prove me wrong and I'll happily apologise, but simply claiming I'm wrong without proof is simply not good enough. I'm not trying to avoid anything. It seems a bit silly to say YOUR WRONG PROVE ME YOUR RIGHT, then make the opposite assertion with less burden. At this point in time the only thing we can do is point fingers at each other and that's not very productive. Nevermind the fact that you're just rehashing a conversation I responded to not 30 minutes ago. Bolded the part you seem to have missed. But whatever, Screegs. I don't want to jump on your case. I've cancelled my credit card and I doubt that I'll be renewing that data with CCP unless CCP post a very honest and open discussion on how they will not in future endanger my computer, or the data I entrust them with. A broken game is one thing, but bad security has repercussions in the real world.
Jon Taggart State War Academy	Posted - 2011.04.10 17:17:00 - [414] People want to get as much rage out there as possible before these forums go kaput and everything here gets locked and archived. I'm not an alt
Sullen Skoung	Posted - 2011.04.10 17:17:00 - [415] Originally by: CCP Sreegs I never said I didn't have those mails.... I said that if you have any evidence that someone within the company is doing something wrong as was intimated by the original post, then that was the address to send it to... that was the entirety of what I was trying to state. I don't know how that got twisted into this. cause we work for CCP Internal affairs and can provide this proof? Again, using the defence of "prove it to me" when we dont have access to internal CCP documents isnt a defense

CCP Sreegs	Posted - 2011.04.10 17:17:00 - [416] Originally by: Elyssa MacLeod Originally by: Bomberlocks And if he posts his chat logs? gets banned for posting GM communications? Im guessing he cant say anything like he gets IMs from players cause that player/GM interaction wall breach was part of the issue in T20 If someone had found a way to get me an IM from him I'd have no problem saying so. I don't think that was the case here. I did have some information forwarded to me, that was used. But I had no IM convo tmk.

Hel O'Ween Men On A Mission	Posted - 2011.04.10 17:18:00 - [417] Originally by: Neo Gabriel [...] but some dude reporting MASSIVE security flaws in your failure of a forum, then being ignored and pulling a small prank gets him insta-banned. This is the real problem. I mean, we're not talking about some ingame bug that makes you a billionaire instantly - which would be bad enough but hurts no one outside the game. We're talking about a glaring security hole that puts every forum user in the risk of having his computer hacked/infected. Cat (and potentially others) shouldn't have been punished and banned for this. They should have been rewarded with a free life time subscription instead. And I remind you that Cat reported the issue first and then - when his warning got ignored - demonstrated it for all to see. This was the time CCP finally got the message and pulled the plug. -- EVEWalletAware - an offline wallet manager
Gnulpie Minmatar Miner Tech	Posted - 2011.04.10 17:18:00 - [418] Man, jeez, give them folks at CCP some time to investigate what exactly happend, where the vulnerabilities are, what communication channels failed (if they failed) etc. This takes time and such things can't be properly done in few hours! You guys want thorough investigation and at the same time you want results, blogs and whatnot already yesterday. That's not working! If there is still no public reply in a few days, THEN is the time to make a huge uproar, but for now let them do their work. Ranting, venting anger and frustration is good and fine, but after that, let it go and calm down.
Sullen Skoung	Posted - 2011.04.10 17:19:00 - [419] Edited by: Sullen Skoung on 10/04/2011 17:21:43 Originally by: Hel O'Ween And I remind you that Cat reported the issue first and then - when his warning got ignored - demonstrated it for all to see. This was the time CCP finally got the message and pulled the plug. I think this is the part that Sreegs is trying to get us to prove Originally by: Gnulpie Man, jeez, give them folks at CCP some time to investigate what exactly happend, where the vulnerabilities are, what communication channels failed (if they failed) etc. This takes time and such things can't be properly done in few hours! You guys want thorough investigation and at the same time you want results, blogs and whatnot already yesterday. That's not working! If there is still no public reply in a few days, THEN is the time to make a huge uproar, but for now let them do their work. Ranting, venting anger and frustration is good and fine, but after that, let it go and calm down. no offense, but look at the player base youre talking to... the phrase "falling on deaf ears" comes to mind
Helicity Boson Amarr The Python Cartel. The Defenders of Pen Island	Posted - 2011.04.10 17:20:00 - [420] Originally by: CCP Sreegs I did have some information forwarded to me, that was used. But I had no IM convo tmk. yeah, that's the info I was giving via an extremely convoluted route, but this is irrelevant to the discussion, I just wanted to make sure you knew where it was coming from and why I'm skeptical of how sincere (and accurate) your blog post will be. We'll be scrutinizing said blog post very closely, I hope you can find it in yourself to be honest and forthright in it.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 .. 27 :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.