| Pages: [1] :: one page |
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Ashterothi
Aideron Robotics
1
   |
Posted - 2011.10.07 00:30:00 -
[1] - Quote
Tokens, authenticators, whatever you want to call them, they are becoming a staple of big MMOs. Several times in the industry, it has been shown that as you defeat botting strategies, they increasingly look to hacking strategies. On top of that, with the meta game that EvE has security becomes a big deal.
It's not like this technology is not accessible. Another MMO recently shipped with authenticators available at launch! The tokens were given out at last Fanfest, can we please add them to the list of things that will ship with Winters expansion?
I could ramble on about why they are useful, and how CCP talks about "keeping up with the industry" while avoiding this topic, but really nothing more needs to be said. |
Mara Rinn
Cosmic Industrial Complex
Cosmic Consortium
127
|
Posted - 2011.10.07 00:42:00 -
[2] - Quote
There was some mention that work is in progress, from CCP Sreegs in a thread on the old forums (back during the Lulzsec DDoS).
I don't know if this will work, but let's try:
Paging CCP Sreegs - any chance of a comment about the progress of the two-factor-authentication project? It would also be nice to know if there's any more to hear about the possibility of a software authenticator for smartphones (such as Blizzard has for the iPhone).
|
non judgement
Without Fear
Flying Burning Ships Alliance
35
|
Posted - 2011.10.07 00:49:00 -
[3] - Quote
This is all just a guess, but:
Does it actually stop bots?
I assume a person botting still has to log on like normal each time he starts a bot. You just add one more thing for everyone to do when starting Eve.
Do you want to increase different ways people try to hack our accounts?
I have never played Wow and I get emails saying something has happened and I have to log in to my Wow account.
I don't really want more people trying to hack accounts. What if they get mine. Not that I have much anyway.
People who make money from bots (making them or using them). Will try to get around whatever you put in their way.
Desperate people do desperate things...
Not saying you shouldn't try stopping them. Just saying its good to be cautious. |
Ashterothi
Aideron Robotics
1
|
Posted - 2011.10.07 00:53:00 -
[4] - Quote
It does not stop bots, however it protects us when the people who are botting for RMT find that more financially difficult.
It boils down to this: why do people bot (professionally) because it is the easiest way to gather in game money very quickly. If botting becomes more difficult, hacking becomes relativity easier. Eventually it gets to the point where all the resources that were spent on new bots are instead used to fish accounts. It happened to WoW, that's what gave rise to the authenticator there.
I am not saying its perfect, but it is far superior to what we have now. |
Renan Ruivo
Hipernova
Vera Cruz Alliance
94
|
Posted - 2011.10.07 00:55:00 -
[5] - Quote
Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha.
Sometimes the only difference between a budding genius and a blooming idiot is where they chose to take a stand. |
Esperio Ferver
PhantomRebels
3
|
Posted - 2011.10.07 01:03:00 -
[6] - Quote
there are actually more aggressive server side programs that exist to combat botting without the use of captchas. most companies, CCP included are just too soft to use them.
I personally dont really care if 1 out of 2000 legit players get banned by accident, i would use it anyway. |
Cypermethren
Hardcore p0wnography
Cascade Probable
18
|
Posted - 2011.10.07 01:04:00 -
[7] - Quote
The irony of it all is,
the RMT industry (Where it actualy profitable for them, irl to fill rooms with pc's and people playing the games, or simply monitoring the bots that are playing for them) is most rampant, or has the most people working for it - in China.
When i got my RAS token in the mail, looked on the back when setting it up on an account..... made in china....
If CCP does the same there's no point to getting one.
|
Grey Stormshadow
Starwreck Industries
229
|
Posted - 2011.10.07 01:10:00 -
[8] - Quote
Mara Rinn wrote:There was some mention that work is in progress, from CCP Sreegs in a thread on the old forums (back during the Lulzsec DDoS). I don't know if this will work, but let's try: Paging CCP Sreegs - any chance of a comment about the progress of the two-factor-authentication project? It would also be nice to know if there's any more to hear about the possibility of a software authenticator for smartphones (such as Blizzard has for the iPhone).
If you really want to get to him, just mail this forum link to [email protected] and add side comment about boobs and free beer.
|
Equto
Rionnag Alba
Northern Coalition.
1
|
Posted - 2011.10.07 01:21:00 -
[9] - Quote
I understand that people want the tokens, and maybe its my security background talking, but I never used one on a game and don't think they really help. In a already secure industry such as banks I can understand because while there are millions of people trying to get logins, the chances of someone getting a login and a token without throwing a million red flags is rare. However in games such as WoW and Eve you don't have multiple red flag systems and a team of software engineers monitoring the network, and you don't have a whitelist of address that can use what logins. While certainly not every bank has this most do and the token is just another layer of security on top of that.
I am not saying that ccp is not working to insure it doesn't happen or that they are completely useless, However for the majority of players they will still get phised and their accounts stolen regardless of a token because while the token is useful, you either need to make it impossible to get a new one or the phisers can easily remove it from the account ( compared to banks). I realize this is not a bank however giving people the false sense that " Yes, this will stop you from getting your account stolen" is like the commercials saying that they stop all identity theft. They have a insurance for a reason, and it has a limit for a reason. |
Grimpak
Midnight Elites
Echelon Rising
67
|
Posted - 2011.10.07 01:24:00 -
[10] - Quote
Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha.
and any half-decent bot can circumvent captcha.
[img]http://eve-files.com/sig/grimpak[/img]
[quote]The more I know about humans, the more I love animals.[/quote]
ain't that right |
Renan Ruivo
Hipernova
Vera Cruz Alliance
94
|
Posted - 2011.10.07 01:38:00 -
[11] - Quote
Grimpak wrote:Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha. and any half-decent bot can circumvent captcha.
Not reCAPTCHA.
Sometimes the only difference between a budding genius and a blooming idiot is where they chose to take a stand. |
Taedrin
Kushan Industrial
81
|
Posted - 2011.10.07 01:38:00 -
[12] - Quote
Grimpak wrote:Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha. and any half-decent bot can circumvent captcha.
Extra credit for bots trying to pass the Turing Test:
Convince the person giving the Turing Test that THEY aren't human. |
Cypermethren
Hardcore p0wnography
Cascade Probable
18
|
Posted - 2011.10.07 01:49:00 -
[13] - Quote
Equto wrote:I understand that people want the tokens, and maybe its my security background talking, but I never used one on a game and don't think they really help. In a already secure industry such as banks I can understand because while there are millions of people trying to get logins, the chances of someone getting a login and a token without throwing a million red flags is rare. However in games such as WoW and Eve you don't have multiple red flag systems and a team of software engineers monitoring the network, and you don't have a whitelist of address that can use what logins. While certainly not every bank has this most do and the token is just another layer of security on top of that.
I am not saying that ccp is not working to insure it doesn't happen or that they are completely useless, However for the majority of players they will still get phised and their accounts stolen regardless of a token because while the token is useful, you either need to make it impossible to get a new one or the phisers can easily remove it from the account ( compared to banks). I realize this is not a bank however giving people the false sense that " Yes, this will stop you from getting your account stolen" is like the commercials saying that they stop all identity theft. They have a insurance for a reason, and it has a limit for a reason.
Here's how the RMT/Hackers operate.
They have their normal buisness of office buildings filed with PC's running bots.
they also have a few spam mail servers, and mimmic ALOT of official websites.
they use the spam mailers to send out emails that attempt to mimmic emails from the real company - tricking the user into putting their username/password into a website that will forward on deatils to the hacker - so they instantly have you're real username and password.
^^^^^^^^^^^^^^^^^^^^^^ Most common reason accounts get hacked. PEBKAK problem, but its become 100% obvious that this problem is allways going to be the biggest problem, in terms of time spent reparing the damage done - going thru logs, restoring, yadda yadda yadda.
a RAS key prevents the entire above process from happening. Even tho they have you're correct username and password, the key changes thus the hacker cant get in.
I believe World of Warcraft now FORCES you to get a Token if you're account gets "hacked" three times. Which further goes to show the entire reason they adopted the Tokens was to save themselves money - in terms of time/resources taken by staff to repair the damage done, and then trace and track where the gold/items went too, you'd be surprised how long they will actualy bounce the stolen cash around, pouring it into assets/items then back to cash again in attempts of stopping being tracked. And it seems it works in Eve, as CCP still havent been arsed to track and ban the big comapnies that operate within Eve.
but yes, pretty much the beauty of a RAS account is. If the token is in you're hand, you're account is safe. Its like implimenting a padlock on to you're eve account, You need the key to open it.
There is a stupidly high ammount of money to be made in hacking and stripping accounts by the way, dont be fooled lol.
I Re Iterate Again.
CCP if you impliment RAS tokens - DO NOT FOR THE LOVE OF GOD have them manufactured in China. |
Equto
Rionnag Alba
Northern Coalition.
1
|
Posted - 2011.10.07 04:30:00 -
[14] - Quote
Cypermethren wrote:
^^^^^^^^^^^^^^^^^^^^^^ Most common reason accounts get hacked. PEBKAK problem, but its become 100% obvious that this problem is allways going to be the biggest problem, in terms of time spent reparing the damage done - going thru logs, restoring, yadda yadda yadda.
I understand how RMT works, its not rocket science
Cypermethren wrote:
a RAS key prevents the entire above process from happening. Even tho they have you're correct username and password, the key changes thus the hacker cant get in.
For one its RSA, and yes even it can be circumvented and has been many times in the past. It is not an end all security option. If you think differently then the banks would use it only instead of their whitelist, personal information, and random password.
Cypermethren wrote:
but yes, pretty much the beauty of a RAS account is. If the token is in you're hand, you're account is safe. Its like implimenting a padlock on to you're eve account, You need the key to open it.
There is a stupidly high ammount of money to be made in hacking and stripping accounts by the way, dont be fooled lol.
I would love to tell you that a RSA token would prevent the pebkak error however it is not only at a user level. I had friends about 6 years ago that made money, lots of money, phising accounts and selling them to RMT people on wow, they could with 4 days get enough information to have blizzard remove the token or change it to their token. While you may say that ccp doesnt make that error how are you suppose to get a new token added if
1) your current one is lost
2) your current one's batteries died
3) its stolen
4) your tired of having it
the fact is that any one of those reasons could be used to remove it off your legitimate account, its not hard. While CCP can waste millions like blizzard did training their team to prevent it from happening it will still happen.
Cypermethren wrote:
CCP if you impliment RAS tokens - DO NOT FOR THE LOVE OF GOD have them manufactured in China.
Do you even know how the token works? |
supersexysucker
Uber Awesome Fantastico Awesomeness Group
7
|
Posted - 2011.10.07 04:47:00 -
[15] - Quote
Hell god damn no. Because you idiots are too stupid and get your account stolen is not a reason for us people who are not brain dead to need to use crap to log in. I already need a cap letter in my damn password... now you want to add ANOTHER log in step?
Grow brain cells... or get "hacked" |
Renan Ruivo
Hipernova
Vera Cruz Alliance
95
|
Posted - 2011.10.07 05:43:00 -
[16] - Quote
Also, don't forget about it.
Sometimes the only difference between a budding genius and a blooming idiot is where they chose to take a stand. |
Thorn Galen
The Scope
Gallente Federation
54
|
Posted - 2011.10.07 05:46:00 -
[17] - Quote
Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha.
^^ This, exactly.
Precisamente esto!
The door is not real. |
Renan Ruivo
Hipernova
Vera Cruz Alliance
95
|
Posted - 2011.10.07 05:59:00 -
[18] - Quote
Thorn Galen wrote:Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha. ^^ This, exactly. Precisamente esto!
Also, random captcha would not happen if you're either A: Docked or B: Cloaked.
We all know how those industrialists and AFK cloakers would hate having to actually be at their computers...
Sometimes the only difference between a budding genius and a blooming idiot is where they chose to take a stand. |
Grimpak
Midnight Elites
Echelon Rising
68
|
Posted - 2011.10.07 12:18:00 -
[19] - Quote
Renan Ruivo wrote:Grimpak wrote:Renan Ruivo wrote:Tokens protect you from hacking, and not the game from botters.
Only thing that can help with bots are random captcha. and any half-decent bot can circumvent captcha. Not reCAPTCHA.
wasn't that cracked some time ago?
also the issues about re/CAPTCHA is that it's too intrusive.
CCP did that on the forums once to stop the bot flooding. didn't worked that well.
[img]http://eve-files.com/sig/grimpak[/img]
[quote]The more I know about humans, the more I love animals.[/quote]
ain't that right |
| |
|
| Pages: [1] :: one page |
| First page | Previous page | Next page | Last page |