Pages: 1 [2] 3 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Evei Shard
179
|
Posted - 2013.06.03 15:47:00 -
[31] - Quote
A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?
I'm on the Eve Online forums right?
Did we lose the tin-foil rolls in the attack or something? Profit favors the prepared |
Andski
GoonWaffe Goonswarm Federation
8114
|
Posted - 2013.06.03 15:48:00 -
[32] - Quote
Mr Epeen wrote:I don't care who's responsible. What I care about is that my personal information wasn't stolen thanks to CCP being on the ball. That can't be said for the big boys, including Blizzard and Sony. Any accts I have with them are fake info on throw away email addys thanks to their pathetic past performance. At this point, CCP is the only one I trust to protect my privacy. Mr Epeen
Timecode vendors have more secure billing systems than them Twitter: @EVEAndski
TheMittani.com: The premier source for news, commentary and discussion of EVE Online and other games of interest.-á |
THC Trader
Caldari Provisions Caldari State
14
|
Posted - 2013.06.03 15:48:00 -
[33] - Quote
There seem to be a lot of misconceptions. Let me clear this up, considering I know how a DDoS works, and understand what CCP said in their post.
Someone found a vulnerability in CCP's servers. This doesn't mean they were able to gain access, or compromise the system. Vulnerabilities like that are pretty rare when you have a development team that knows what they're doing. Instead, what this most likely means, is they found a way to make CCP's servers do excessive amounts of work. They then either used a single computer, or multiple computers, to repeatedly send the data to CCP's servers that would make them do excessive amounts of work. This resulted in a Denial of Service.
Think of it in terms of a website, as it's a bit easier that way. Imagine you found a page on a website that took forever to load, and while loading slowed the entire website down. Now imagine if you had control of thousands of computers, and commanded all of those computers to request that page over and over again. The effect would be that the website would go offline under the load while trying to process all of those requests.
CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though. |
Random Majere
Epsilon Lyr Nulli Secunda
71
|
Posted - 2013.06.03 15:49:00 -
[34] - Quote
It was a group called "MAD WIVES OF EVE". My wife is part of that group and.... oh crap got to leave the computer..she just got back and I don't want to get DDed. |
Minty Aroma
The Metalocalypse is Coming
4
|
Posted - 2013.06.03 15:50:00 -
[35] - Quote
Nobody expects the Spanish Inquisition! |
silens vesica
Corsair Cartel
1849
|
Posted - 2013.06.03 15:50:00 -
[36] - Quote
James Amril-Kesh wrote:silens vesica wrote:FlamesOfHeaven wrote:Vincent Athena wrote:Maybe it was both. The DDOS attack was a smoke screen. While everyone was busy with that, the hack attempt would go unnoticed.
Except CCP was on the ball and noticed. This is what me and my peeps was talking about during the server downtime. Just wild guess from the limited info given to us from CCP. It was a good idea to pull the servers down and do a full analysis imo. Better safe than sorry. Attempted backend services exploit... can you image what a powerful zombie the CCP cluster would make? Is it possible the attack wasn't aimed at CCP, per se, but rather at gaining access to CCP's horsepower in aid of an attack on a third party? There's probably a considerable number of server clusters accessible to varying degrees on the internet with equivalent or greater computing power. Almost certainly true - But the attackers can't know for certain which is accessable until they try, can they?
Leads to certain surreal possiblities...
Lulzsec uses the Boy Scouts to control the International Monetary Fund which partners with Sony to attack CitiGroupGǪ Illuminati the Game comes to life.
Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.
Didn't vote? Then you voted for NulBloc |
Colonel Xaven
Decadence. RAZOR Alliance
275
|
Posted - 2013.06.03 15:52:00 -
[37] - Quote
Kult Altol wrote:It was a bunch of wow kids. They got mad that eve is growing.
Pretty much this
www.facebook.com/RazorAlliance |
Evei Shard
179
|
Posted - 2013.06.03 15:54:00 -
[38] - Quote
On a more serious note...
THC Trader wrote:There seem to be a lot of misconceptions. Let me clear this up, considering I know how a DDoS works, and understand what CCP said in their post.
Someone found a vulnerability in CCP's servers. This doesn't mean they were able to gain access, or compromise the system. Vulnerabilities like that are pretty rare when you have a development team that knows what they're doing. Instead, what this most likely means, is they found a way to make CCP's servers do excessive amounts of work. They then either used a single computer, or multiple computers, to repeatedly send the data to CCP's servers that would make them do excessive amounts of work. This resulted in a Denial of Service.
Think of it in terms of a website, as it's a bit easier that way. Imagine you found a page on a website that took forever to load, and while loading slowed the entire website down. Now imagine if you had control of thousands of computers, and commanded all of those computers to request that page over and over again. The effect would be that the website would go offline under the load while trying to process all of those requests.
CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though.
The question that came to mind for me when the word got out that it was a DDoS, was whether or not it had something to do with the new launcher. With all the problems CCP has been having with it, specifically related to connections and such, it seems there's a small chance it's more than coincidental. Not saying that some player or group of players hate the launcher so much that they decided to attack over it, but someone may have seen the problems and decided to probe for potential exploits. Profit favors the prepared |
silens vesica
Corsair Cartel
1849
|
Posted - 2013.06.03 15:54:00 -
[39] - Quote
Evei Shard wrote:A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?
I'm on the Eve Online forums right?
Did we lose the tin-foil rolls in the attack or something? The foil got nerfed.
Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.
Didn't vote? Then you voted for NulBloc |
Vincent Athena
V.I.C.E. Aegis Solaris
1932
|
Posted - 2013.06.03 15:55:00 -
[40] - Quote
Evei Shard wrote:A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?
I'm on the Eve Online forums right?
Did we lose the tin-foil rolls in the attack or something? If the new expansion included content that was massively hurting the Goons, I could see them trying something like this to extort CCP.
But there is nothing in the expansion like that. You may say "Tech!" except the goons have said many times that although they are exploiting the current Tech situation, that situation should not exist. http://vincentoneve.wordpress.com/ |
|
silens vesica
Corsair Cartel
1849
|
Posted - 2013.06.03 15:57:00 -
[41] - Quote
THC Trader wrote: CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though.
Pretty sure no one here is claiming unauthorized access was gained... Indeed, the lack of foaming panic in this thread is remarkable.
We're just speculating on who, and why. Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.
Didn't vote? Then you voted for NulBloc |
Evei Shard
179
|
Posted - 2013.06.03 15:58:00 -
[42] - Quote
Vincent Athena wrote:Evei Shard wrote:A thread titled "So.. Who's Responsible?" and after two pages no-one has blamed the Goons yet?
I'm on the Eve Online forums right?
Did we lose the tin-foil rolls in the attack or something? If the new expansion included content that was massively hurting the Goons, I could see them trying something like this to extort CCP. But there is nothing in the expansion like that. You may say "Tech!" except the goons have said many times that although they are exploiting the current Tech situation, that situation should not exist.
'twas tongue-in-cheek. Profit favors the prepared |
mama guru
Thundercats The Initiative.
127
|
Posted - 2013.06.03 16:22:00 -
[43] - Quote
Atleast we can't blame sirmolle this time.
______
EVE online is the fishermans friend of MMO's. If it's too hard you are too weak. |
Vincent Athena
V.I.C.E. Aegis Solaris
1933
|
Posted - 2013.06.03 16:31:00 -
[44] - Quote
There is the possibility it was just an attempt to get credit card numbers, or identity theft of some sort, or to get account details so assets could be drained for RMT. http://vincentoneve.wordpress.com/ |
Jenn aSide
STK Scientific Initiative Mercenaries
1970
|
Posted - 2013.06.03 16:35:00 -
[45] - Quote
Vincent Athena wrote:There is the possibility it was just an attempt to get credit card numbers, or identity theft of some sort, or to get account details so assets could be drained for RMT.
I hope so and I hope they get my credit info. My credit score is in negative numbers now, anyone who tries to identity theft me will just be hurting themselves.
It's like Richard Pryor once said: I'm so broke that if a dude tries to rob me, he'll just be practicing . |
silens vesica
Corsair Cartel
1849
|
Posted - 2013.06.03 16:38:00 -
[46] - Quote
Vincent Athena wrote:There is the possibility it was just an attempt to get credit card numbers, or identity theft of some sort, or to get account details so assets could be drained for RMT. Most plausible, I suppose. I still like the idea of someone trying to use CCP to attack some government, to control a multi-national, so he can get free t-shirts or maybe an autographed mouse pad, or something silly and contrived like that.
I want this to have been a proper super-villain attack! Tell someone you love them today, because life is short. But scream it at them in Esperanto, because life is also terrifying and confusing.
Didn't vote? Then you voted for NulBloc |
Klingon55
Viziam Amarr Empire
3
|
Posted - 2013.06.03 16:51:00 -
[47] - Quote
Brooks Puuntai wrote:Ronix Aideron wrote:http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/
It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services. It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access. Do you even know what DDoS is? |
Throktar
Deep Core Mining Inc.
20
|
Posted - 2013.06.03 16:59:00 -
[48] - Quote
THC Trader wrote:There seem to be a lot of misconceptions. Let me clear this up, considering I know how a DDoS works, and understand what CCP said in their post.
Someone found a vulnerability in CCP's servers. This doesn't mean they were able to gain access, or compromise the system. Vulnerabilities like that are pretty rare when you have a development team that knows what they're doing. Instead, what this most likely means, is they found a way to make CCP's servers do excessive amounts of work. They then either used a single computer, or multiple computers, to repeatedly send the data to CCP's servers that would make them do excessive amounts of work. This resulted in a Denial of Service.
Think of it in terms of a website, as it's a bit easier that way. Imagine you found a page on a website that took forever to load, and while loading slowed the entire website down. Now imagine if you had control of thousands of computers, and commanded all of those computers to request that page over and over again. The effect would be that the website would go offline under the load while trying to process all of those requests.
CCP took the servers offline to ensure no further vulnerabilities had been found/exploited. This is precautionary, and a smart move on their part. It doesn't mean the attacker actually gained any access though.
Thank you for explaining what a DDoS was to a non IT person. |
Brooks Puuntai
Solar Nexus.
1547
|
Posted - 2013.06.03 17:17:00 -
[49] - Quote
Klingon55 wrote:Brooks Puuntai wrote:Ronix Aideron wrote:http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/
It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services. It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access. Do you even know what DDoS is?
Yes I do. As stated the whole idea behind a DDOS is to flood a server with "white noise" exploiting a vulnerability in a servers ability to process incoming traffic. Which then is almost always followed with a attempt to access information within a server. This is why anytime time a DDOS attack occurs the servers are taken down, to prevent access as well as do a sweep of the system to see if anything has been compromised.
DOS attacks are rarely used nowadays just to deny service, pretty much anytime a DOS attack occurs you can assume they are doing so to try and gain access.
They are distinct, but almost always used in conjunction with one another.
CCP's Motto: If it isn't broken, break it. If it is broken, ignore it. Improving NPE-á/ Dynamic New Eden |
Korah Arnelle
University of Caille Gallente Federation
4
|
Posted - 2013.06.03 17:40:00 -
[50] - Quote
Brooks Puuntai wrote:Klingon55 wrote:Brooks Puuntai wrote:Ronix Aideron wrote:http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/
It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services. It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access. Do you even know what DDoS is? Yes I do. As stated the whole idea behind a DDOS is to flood a server with "white noise" exploiting a vulnerability in a servers ability to process incoming traffic. Which then is almost always followed with a attempt to access information within a server. This is why anytime time a DDOS attack occurs the servers are taken down, to prevent access as well as do a sweep of the system to see if anything has been compromised. DOS attacks are rarely used nowadays just to deny service, pretty much anytime a DOS attack occurs you can assume they are doing so to try and gain access. They are distinct, but almost always used in conjunction with one another.
Well I would say yes and no. It really depends. If they're trying to spam the API key system, maybe... But that's a stretch since you can't push data to it. But stuff like the DBMS itself, sure that's likely. They were probably hoping they could sneak in a SQL query like select * from users where user=1 or some silly ass injection attack. But anything else is pretty iffy stuff because most socket programming is pretty simple these days (Has to be since the core use of a socket is to offer IO only, any business logic or whatever is handled by another layer like transport or application layers).
Frankly, my bet is on some ******* Rusky trying to find a backdoor to use CCP's services as a spambot network. Don't believe me, look at the latest spats about Spamhaus and cyberbunker. Seriously, this spam crap is getting out of hand. I'm just waiting for a botnet to Skynet'd the whole Internet. |
|
Wodensun
ZeroSec
110
|
Posted - 2013.06.03 18:12:00 -
[51] - Quote
Ronix Aideron wrote:http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/
It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services.
Reading is hard no?
CCP wrote: At 02:05 UTC June 2nd, CCP became aware of a significant and sustained distributed denial-of-service attack (DDoS) against the Tranquility cluster (which houses EVE Online and DUST 514) and web servers.
Our policy in such cases is to mobilize a taskforce of internal and external experts to evaluate the situation. At 03:07 UTC, that group concluded that our best course of action was to go completely offline while we put in place mitigation plans.
Do not give me likes them 101 likes arent a accident... |
Wodensun
ZeroSec
110
|
Posted - 2013.06.03 18:14:00 -
[52] - Quote
Brooks Puuntai wrote:Klingon55 wrote:Brooks Puuntai wrote:Ronix Aideron wrote:http://community.eveonline.com/news/news-channels/eve-online-news/tranquility-downtime-on-sunday-june-2-and-monday-june-3/
It was not a DDoS attack but someone or a group that was able to exploit a vulnerability to some back-end services. It states in the first sentence it was a DDoS. The whole point of DDoS is to exploit a vulnerability to gain access. Do you even know what DDoS is? Yes I do. As stated the whole idea behind a DDOS is to flood a server with "white noise" exploiting a vulnerability in a servers ability to process incoming traffic. Which then is almost always followed with a attempt to access information within a server. This is why anytime time a DDOS attack occurs the servers are taken down, to prevent access as well as do a sweep of the system to see if anything has been compromised. DOS attacks are rarely used nowadays just to deny service, pretty much anytime a DOS attack occurs you can assume they are doing so to try and gain access. They are distinct, but almost always used in conjunction with one another.
This is utter BS Do not give me likes them 101 likes arent a accident... |
Korah Arnelle
University of Caille Gallente Federation
4
|
Posted - 2013.06.03 18:25:00 -
[53] - Quote
Certain network protocols operate based on packet number sequence, so it's not entirely BS. So, you can throw some routers for a loop by literally switching packets out of sequence. Fun times to be had. :) |
Aldebaran Aubaris
Free-lances
0
|
Posted - 2013.06.03 19:13:00 -
[54] - Quote
Let's explore "who profits".
WoT did splashingly well during the DT.
Conclusion: Its the Russkies! |
ElQuirko
Jester Syndicate S0UTHERN C0MF0RT
1395
|
Posted - 2013.06.03 19:23:00 -
[55] - Quote
I blame the Dutch. Save the Domi model! Spacewhales should be preserved. |
Giuseppe R Raimondo
Lowsey Pirates Inc. Capital Alliance
0
|
Posted - 2013.06.03 20:00:00 -
[56] - Quote
The jove empire nplugged every capsulear so they can move in a army and hide it |
ian papabear
North Eastern Swat Pandemic Legion
117
|
Posted - 2013.06.03 20:04:00 -
[57] - Quote
ElQuirko wrote:Anonymous: "We r leejunz. We haf haqd ur spaecships. Resstnc is futiel k? Xpect uz."
i would laugh really hard if someone put in a request to them to eff with your computer. http://www.youtube.com/watch?v=nNReV76PtqM |
ian papabear
North Eastern Swat Pandemic Legion
117
|
Posted - 2013.06.03 20:04:00 -
[58] - Quote
It was test alliance , they hired some DDOS guys to mess with the server so that they prolong delve being taken from them. http://www.youtube.com/watch?v=nNReV76PtqM |
Patrakele
Sebiestor Tribe Minmatar Republic
109
|
Posted - 2013.06.03 20:29:00 -
[59] - Quote
Throw everyone in jail, that way we will be sure the guilty have been punished. |
ian papabear
North Eastern Swat Pandemic Legion
117
|
Posted - 2013.06.03 20:33:00 -
[60] - Quote
Patrakele wrote:Throw everyone in jail, that way we will be sure the guilty have been punished.
this is totally unrelevant but you have about the ugliest avatar i have ever seen
cheers http://www.youtube.com/watch?v=nNReV76PtqM |
|
|
|
|
Pages: 1 [2] 3 :: one page |
First page | Previous page | Next page | Last page |