| Pages: 1 [2] :: one page |
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Gonada
   |
Posted - 2006.03.10 13:32:00 -
[31]
Edited by: Gonada on 10/03/2006 13:35:14
good lord
shows the intellegance of poeple nowdays.
fyi any smart person changes their PW once a month.
second, its not CCP's fault if your computer gets compromised nowdays, ccp did their end, you gotta stop with the haxor/ **** sites/ get a good AV prob and keep your computer secure.
P.S. Jade you should learn about computers, the internet before you shoot your mouth off.
-I don't necessarily agree with everything I say.-
|
Winterblink
|
Posted - 2006.03.10 13:34:00 -
[32]
 Originally by: Gonada
second, its not CCP's fault if your computer gets compromised nowdays, ccp did their end, you gotta stop with the haxor/ **** sites/ get a good AV prob and keep your computer secure.
I have a friend who pirates all the games he owns (downloads em from newsgroups, etc), and when he gets the latest and greatest virus or trojan from some no-cd patch or fancy game launcher he bashes Microsoft for making an insecure operating system.
As with most kinds of security, the weakest link is usually the human one.
Warp Drive Active | Nature Vraie |
Buxaroo
|
Posted - 2006.03.10 14:52:00 -
[33]
Yes, changing your password every month should be mandatory. But as much as I hate to see this happen to anyone, atleast it happened to a pirate  |
Naevius
|
Posted - 2006.03.10 15:26:00 -
[34]
Keylogger...hmmm. Since whoever got the password knew enough to get into eve and use it, it seems unlikely that a random, spyware-type keylogger was involved. (What are the odds that some random hacker is EVE-savvy?) So, likely it was either a targeted attack by someone who knows you as an EVE player, or it happened somewhere else - on the server side or between your PC and the server.
A brute-force attack using the EVE client seems likely...
--------------------------------------------------
Life's a journey. Shame about the destination... |
Eyari
|
Posted - 2006.03.10 16:44:00 -
[35]
To all the nay-sayers, most of the probable explanations have already been pointed out. In 90% of the c racks, it's the human factor. Humans -are- the weak link in any security scenario. Envisioning some l33t hacker breaking into Eve accounts is straight out of Hollywood and is just as much fantasy.
Implicit QFT's for the various posters above...
- You used an Eve-oriented program or file. You downloaded an innocent looking ZIP or EXE self-extractor which actually has more than what is advertized. Grats on keylogger + trojan install. This happened SO much when Everquest went to an XML-based user interface, and custom UI's were going around. Then EQ accounts were compromised left and right.
- You have a username and password identical (or easy to guess) from your Teamspeak / Ventrilo / non-CCP Forum account. The site administrator (especially in the case of Forums) can 99% of the time get your IP address and if anyone is after this, can view the password depending on how the server stores it. In otherwords, when you type in a password at your corp's (or some other Eve related), ask yourself this: Is that password encrypted on the back-database? How would you know? What would anyone with that username/password combination be able to login as you?
- You shared your account. That person may have been someone you trust. But that person shared your account with someone they trusted...and then that person...stop the chain wherever you want. A secret is only guaranteed to stay secret if you never tell anyone...same thing with passwords.
- Roommates / friends / whatever visiting who play Eve or know someone. "Whoa, a password -written- down." Or..."Whoa, I can install anything I want to on this PC".
- One of your email contacts outside of game (real email, not Eve-mail) targets you with a virus email, embedded in a Flash animation or other type of joke program.
- This last one is arguably not totally the user's fault. You ran a Sony BMG audio CD (or others) that had the XCP (or other) copy-protection rootkit. Your system now can't see any file that starts with $sys$. So when you run a self-extracting executable that has $sys$evepasswordkeylogger.exe embedded in it, your anti-virus NEVER sees it.
You can check out www.sysinternals.com and read up on the Sony root-kit as well as RootKitRevealer...but honestly, the surest way to make sure your system is clean is format it and install clean. Root-kits don't even guarantee that a successful virus sweep got it all. Of course, basic security requires you be paranoid about a link I or anyone else provides.
What I am fairly certain did NOT happen is that some l33t hacker compromised a backbone router serving your ISP and sniffed all the traffic going through it, picked your PC's traffic, c racked whatever encryption CCP surely uses in password transmission (I'm guessing they do...if they don't, for shame) and then broke into your account.
The only other possibility is that it was an inside job, which is unlikely as CCP surely stores passwords either as hashes or irreversibly encrypted on their server. Again, if they don't, for shame...but you'd never know if they did. And if it were server side, a lot more people would still be having problems.
Sorry to pull the technical soapbox out, and I'm sure I missed or mixed something up...but the above is much more plausible than some Wargames-Matthew Broderick movie script.
|
Eyari
|
Posted - 2006.03.10 16:55:00 -
[36]
Edited by: Eyari on 10/03/2006 16:56:24
Wanted to add...someone just mentioned brute-forcing through the Eve client. It's possible, though I'm guessing CCP can see how many failed login attempts an account has. Wasn't this part of the way they detected the break-ins before?
Long passwords with special characters and numbers, a minimum (meaning usually longer than) 8 characters, random or semi-random order is the way to go. Dictionary words are -bad-.
Side note...there was a password security study that was done about a year ago...they found that a random string like &42k1-*zH isn't much (if any) more secure than using something like p4$$w0r|), at least for brute-forcing. The best way to make a strong password AND have it easy to remember is to take a phrase like:
All carebears fit way too many stabs. (I neither endorse nor oppose this statement)
Then take the first letters and make:
acfwtms
Then make it numerical / special character:
4(fw+m$
And if it's too short, add to it 4tw or something.
4(fw+m$4tw
Semi easy to remember, very hard to guess or *****, and a brute-force won't touch it until quantum computers are a reality. That or password@home becomes a distributed computing project.
Course, a keylogger pwns that password.
Edit: Oh, a pop-up after a successful login saying "There have been X failed login attempts" would be Heaven-sent. They do that in EQ, and it lets you know that someone may have been trying to break in.
|
Slaveabuser
|
Posted - 2006.03.10 16:58:00 -
[37]
Originally by: Dragy ThyRuler
Edited by: Dragy ThyRuler on 10/03/2006 01:18:43
This was prob the weirdest hack prob on earth. I loged on, Found that i had nomore raven, i was in a station, Found that i was podded, lost all my implants. Then there was a lot of isk missing from my wallet, and Corp wallet to. He then deleated my buddys, added new ones. Added a new Alt to my account, deleated my eve mails. After i found this out, 4 of the 7 new buddys Convoed me and asked if i was dregy, which is the alts name. So i relized i was hacked. Why is this still happening?
why is this happening.... like its somehow CCP's fault? 
You got hacked because some **** decided to hack you, thats why it happened.
Killing the Minmatars since 22480 AD |
V2GBR
|
Posted - 2006.03.10 17:06:00 -
[38]
Hope you get this sorted KD :(
----------
Gods Unwanted Website
|
Nee'kita Frist
|
Posted - 2006.03.10 17:12:00 -
[39]
I ran a test a week after the last big incident of this in december or was it november? can't rememeber anyway.
The idea was simple, I would register with an account on a 3rd Party fan site and give everyone that was the impression was my account use some surpirous password on my forum login for that site.
Needless to say, from my old alliance site I had one email asking (using my "username" from the alliance site as my account username and the password for that site as well (PHP forum access ftl) and from one of the fan sites another one using that "username" as well and my password from that fan site.
So basic rule, do not use same logins as your alliance/corp/fansites. Its a very bad idea.
|
Alita Tiphares
|
Posted - 2006.03.10 18:06:00 -
[40]
wtfpwned 
|
Killer Dragon
|
Posted - 2006.03.10 20:04:00 -
[41]
Well, thx to the people that have Helped in someway. And yes, patittion was the first thing that i did. yes they did send the money so i have the name of the person that they sent the money to. I hope CCP can help me because i really have worked hard the past month in EVE. Hope none of u have to go through what i did.
|
Andros vonBek
|
Posted - 2006.03.10 20:30:00 -
[42]
Doesn't help matters any that passwords on the eve client/forum aren't case sensitive... Certainly aren't on the forums, and weren't last I checked on the client about a month back, so XXxxXXX = xxXXxxx = xxxxxxx = XXXXXXX
Try it and see...
This was petitioned to the response of "hmm yeah thanks" about 3 months ago and nothing seems to have been done yet. This fact was posted on the forums here too. Will have to check again when I get home, but I'm pretty sure it's still the case.
|
CaptainEthereal
|
Posted - 2006.03.11 23:42:00 -
[43]
Didn't Eve admit their servers were hacked 2-3 months ago?
If so, account info was put in jeopardy and possibly the person or persons who hacked into the Eve servers still has account info of more than just the 57 accounts that were hacked then. Just a thought.
|
Cpt Placeholder
|
Posted - 2006.03.12 00:37:00 -
[44]
Originally by: Eyari
Humans -are- the weak link in any security scenario. Envisioning some l33t hacker breaking into Eve accounts is straight out of Hollywood and is just as much fantasy.
humans are also the ones who write the software
hacking isnt hollywood magic, its being smarter than another programmer
|
Tiger Viruzzz
|
Posted - 2006.03.12 00:43:00 -
[45]
Originally by: Arcturus Lynx
Edited by: Arcturus Lynx on 10/03/2006 05:50:06
Your account wasnt hacked, it was *****ed.
Google "hacking"
Hackers create, *****ers destroy.
edit>
why the hell does it filter out c.rack, anyhow, **** bits replace with c.r.a.c.k.e.r
it edits it because it is the name of an illegal drug.
|
Maya Rkell
|
Posted - 2006.03.12 00:53:00 -
[46]
Edited by: Maya Rkell on 12/03/2006 00:55:54
Edited by: Maya Rkell on 12/03/2006 00:55:18
Originally by: Arcadia1701
i find it HIGHLY unlikely that these hackings are server side at all. Why would a hacker that had gotten into the EVE DB bother with chars? when eh could spawn and create anything he wanted??. Some people need to learn how to protect their own PCs.
People have had inactive accounts hacked.
Someone who I KNOW is a security freak had his account hacked. I checked it afterwards. There was NO breach of his security.
As for how it's done? You need to read up on python injection exploits. There is nothing you can do about the hacks.
Tiger Viruzzz, so why isn't weed *'d then?
Digital Communist> The Jin-Mei are probably more profficient in training for Tofu and Noodles than Spaceship Command |
Clan MacGregor
|
Posted - 2006.03.12 04:15:00 -
[47]
Everytime I hear about this sort of thing, I change my password and scan for spyware... My password is based on a 2048 bit encrypted value of two product primes used as a modulus for an expotenenial value of Pi..
Or my dogs name, which ever is written on the white board...
Something has gone terribly wrong |
| |
|
| Pages: 1 [2] :: one page |
| First page | Previous page | Next page | Last page |