| Pages: 1 2 :: [one page] |
|
|
| Author |
Thread Statistics | Show CCP posts - 4 post(s) |
|
CCP Eterne
C C P
C C P Alliance
3390
   |
Posted - 2014.04.09 16:07:00 -
[1] - Quote
Security is very important to CCP. Our Security Team does a lot of things, such as targeting evil RMTers and botters and making sure they don't negatively impact EVE Online. It's been a while since their last dev blog and the team has undergone many changes since. CCP Bugartist, the Director of Information Security, comes forward with this new dev blog to update everyone on what's going on on the security front!
EVE Online/DUST 514 Community Representative GÇ+ EVE Illuminati GÇ+ Fiction Adept
@CCP_Eterne GÇ+ @EVE_LiveEvents |
|
Gilbaron
Free-Space-Ranger
Nulli Secunda
1315
|
Posted - 2014.04.09 16:13:00 -
[2] - Quote
soooo, authenticators ? or sms login protection ? or anything ?
GRRR Goons |
ctx2007
Wychwood and Wells
Beer needs you
383
|
Posted - 2014.04.09 16:14:00 -
[3] - Quote
1st well done. Damn got beat!
You only-árealise you life has been a waste of time, when you wake up dead. |
Altrue
Exploration Frontier inc
Brave Collective
1091
|
Posted - 2014.04.09 16:27:00 -
[4] - Quote
Good job!
But I'm still concerned about RMT and botting.
You see, given the amounts of isk seized (counted in trillions!) it seems like either a) the amount of RMTers is already stunningly high, or b) they take an awful lot of time to be detected and banned.
Signature Tanking - Best Tanking.
Proposed change for ECM - Not chance based - not max target reduction based |
Vincent Athena
V.I.C.E.
2712
|
Posted - 2014.04.09 16:32:00 -
[5] - Quote
The amount of ISK seized is huge! That is actually a major ISK sink in the game, comparable to the amount of ISK created by mission rewards.
http://vincentoneve.wordpress.com/ |
Linkoman
Vengance Inc.
Dirt Nap Squad.
2
|
Posted - 2014.04.09 16:41:00 -
[6] - Quote
When will we see Two-Factor authentication(2FA)? Any plans on implementing existing 2FA tokens such as Google Authenticator or the Yubikey? Would you ever consider implemeting Steve Gibson's SQRL protocol in the future? (https://www.grc.com/sqrl/sqrl.htm)
Edit: I noticed that whenever security is discussed by CCP it's always about RMT or botting. Will we ever start seeing DevBlogs directly from Team InfoSec? (This is relevant to my interests.) |
Ralph King-Griffin
Var Foundation inc.
617
|
Posted - 2014.04.09 16:42:00 -
[7] - Quote
reserved till i read the devblog and come up with something whitty
Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼a«£¦¬¦P¦¬a«£Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼
-á-á-á-á-á-á-á-á-á-á-á-á-á-áIf In Doubt....Do....Excessively.
Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼a«£¦¬¦P¦¬a«£Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼Gû¼
|
|
Chribba
Otherworld Enterprises
Otherworld Empire
11616
|
Posted - 2014.04.09 16:49:00 -
[8] - Quote
Can we please have optional account lockdown to IP's anytime soon?
/c
|
|
Promiscuous Female
GBS Logistics and Fives Support
Goonswarm Federation
356
|
Posted - 2014.04.09 17:00:00 -
[9] - Quote
does team security have team security blankets |
Burseg Sardaukar
Sardaukar Merc Guild
General Tso's Alliance
354
|
Posted - 2014.04.09 17:00:00 -
[10] - Quote
Quote:CCP Random, His Divine ShadowGäó, Security Engineer
Holy ****... is that a Lexx reference? That show was terribly awesome.
Want Dust514 district ownership to matter? Want to nuke someone's PI from orbit? Read here:
http://3xxxd.blogspot.com/2013/09/dust514-and-future-of-planetary.html |
|
|
Javajunky
Eternity INC.
Goonswarm Federation
103
|
Posted - 2014.04.09 17:18:00 -
[11] - Quote
The annual - let's do something with security before fan fest post.
How about dumping those plexes into the market that security has been squatting from the big bot sweep??? |
Callic Veratar
596
|
Posted - 2014.04.09 17:39:00 -
[12] - Quote
Javajunky wrote:The annual - let's do something with security before fan fest post.
How about dumping those plexes into the market that security has been squatting from the big bot sweep???
Sounds like a great idea! Artificially deflate the price of PLEX by flooding the market making RMT isk worth more relative to PLEX isk. High PLEX prices are bad for players that use them but fantastic for those who sell them (and by extension CCP). |
Javajunky
Eternity INC.
Goonswarm Federation
103
|
Posted - 2014.04.09 18:18:00 -
[13] - Quote
Callic Veratar wrote:Javajunky wrote:The annual - let's do something with security before fan fest post.
How about dumping those plexes into the market that security has been squatting from the big bot sweep??? Sounds like a great idea! Artificially deflate the price of PLEX by flooding the market making RMT isk worth more relative to PLEX isk. High PLEX prices are bad for players that use them but fantastic for those who sell them (and by extension CCP).
CPP had no problems at all whatsoever with injecting some of these PLEX last year as it was noted during the economic presentation at fan fest and since they have blown past that number again. Eve Online as every other game is going to be judged on subscription / accounts active.
Remember, once those accounts stay shut off, they are harder to get people to turn back on as they learn to live without those alts.
Personally I'm a goon, no price is too high for dominance of the universe.
|
Angry Mustache
GoonWaffe
Goonswarm Federation
161
|
Posted - 2014.04.09 18:49:00 -
[14] - Quote
contrary to what others might think, i believe that "isk seized" chart is on the low side.
that looks like 19 trillion in 7 months, roughly 210 days.
That's on average 90 billion per day, which, considering the scale of the game's income (In march 2012, an estimated 1T enters the game per day, I would assume it's safe to say that number is much higher now, maybe 1.5).
90 billion out of 1500 billion per day doesn't sound nearly as impressive.
An official Member of the Goonswarm Federation Complaints Department.
vote Angry Mustache for CSM9-áhttps://forums.eveonline.com/default.aspx?g=posts&t=326509&find=unread |
Lors Dornick
Kallisti Industries
Solar Assault Fleet
1051
|
Posted - 2014.04.09 18:50:00 -
[15] - Quote
Hail CCP for sticking to the issue.
And hail CCP Peligro and GM/CCP Grimmi for staying at a boring job that bosses often fail to see as 'important' :/
Vote for Fuzzy Steve! https://forums.eveonline.com/default.aspx?g=posts&m=4236322
|
Jayem See
CTRL-Q
Iron Oxide.
2563
|
Posted - 2014.04.09 18:54:00 -
[16] - Quote
Javajunky wrote:The annual - let's do something with security before fan fest post.? 
That's a lotta iskies right there. Great work and thanks for your efforts.
Aaaaaaand relax. |
Zappity
Stay Frosty.
A Band Apart.
954
|
Posted - 2014.04.09 19:38:00 -
[17] - Quote
Angry Mustache wrote:contrary to what others might think, i believe that "isk seized" chart is on the low side.
that looks like 19 trillion in 7 months, roughly 210 days.
That's on average 90 billion per day, which, considering the scale of the game's income (In march 2012, an estimated 1T enters the game per day, I would assume it's safe to say that number is much higher now, maybe 1.5).
90 billion out of 1500 billion per day doesn't sound nearly as impressive.
Yes, I'm interested in the amount that does not appear on the chart. How high is the actual figure? Impossible to answer of course. Also, how many individuals are represented in the graph? Are they finding the source of the isk or just the suckers who bought it?
How is most of that isk generated in the first place? Mining bots + sale on market, ratting bots, no bots at all? Or perhaps the Dinsdale favourite of nullsec cartels!
A very unsatisfying devblog in its lack of detail.
I would like a more secure login method.
Zappity's Adventures for a taste of lowsec. |
Tesco Ergo Sum
Science and Trade Institute
Caldari State
76
|
Posted - 2014.04.09 20:14:00 -
[18] - Quote
Thanks for your work, so many don't understand security so your efforts are greatly appreciated. |
Terrorfrodo
Renegade Hobbits for Mordor
633
|
Posted - 2014.04.09 22:20:00 -
[19] - Quote
I wonder why employee retention is so low in the security team. In other departments, CCP seems to be quite good at making employees stay despite of reportedly mediocre salaries and a workplace at the (beautiful) end of the world. But security dudes don't stay long. Is it because their work has generally little do to with any game in particular (so no brand loyalty to EVE), or is the climate in that department bad, or are security people just especially restless in general?
. |
|
ISD Ezwal
ISD Community Communications Liaisons
1127
|
Posted - 2014.04.09 22:31:00 -
[20] - Quote
I have securely removed a rule breaking post.
The Rules:
31. Rumor mongering is prohibited.
Rumor threads and posts which are based off no actual solid information and are designed to either troll or annoy other users will be locked and removed. These kinds of threads and posts are detrimental to the well being and spirit of the EVE Online Community, and can create undue panic among forum users, as well as adding to the workload of our moderators.
ISD Ezwal
Captain
Community Communication Liaisons (CCLs)
Interstellar Services Department |
|
|
|
Sabriz Adoudel
Mission BLITZ
2514
|
Posted - 2014.04.09 23:28:00 -
[21] - Quote
Now, let's see the chat bots in trade hubs crushed, so that EULA compliant scammers do not have to face illegitimate competition.
If it posts the exact same message and the shortest time between posts is more than half the longest time between posts, it's almost certainly a bot, especially if it takes no other actions and doesn't react at all when someone accuses it of being a bot.
https://forums.eveonline.com/default.aspx?g=posts&t=326497 --áPsychotic Monk for CSM!
https://forums.eveonline.com/default.aspx?g=posts&t=238931 - an idea for a new form of hybrid PVE/PVP content.
If you want to mine in highsec, read www.minerbumping.com. |
stoicfaux
4443
|
Posted - 2014.04.09 23:52:00 -
[22] - Quote
So if I sell my watch isk for WoW gold to buy my wife a brush mount in WoW and my wife sells her gold gold to buy my character a watch chain monocle, Team Security could leave us both disappointed?
WASABI: Warp Acceleration System Ancillary Boost Injected(Gäó)
|
Era Gray
Republic Military School
Minmatar Republic
0
|
Posted - 2014.04.10 00:12:00 -
[23] - Quote
CCP Eterne wrote:Security is very important to CCP. Our Security Team does a lot of things, such as targeting evil RMTers and botters and making sure they don't negatively impact EVE Online. It's been a while since their last dev blog and the team has undergone many changes since. CCP Bugartist, the Director of Information Security, comes forward with this new dev blog to update everyone on what's going on on the security front!
Great, so I guess you guys found time to write this dev blog while fixing that OpenSSL heartbleed bug, right? |
Antihrist Pripravnik
T-AFK and counting
208
|
Posted - 2014.04.10 06:41:00 -
[24] - Quote
Era Gray wrote:CCP Eterne wrote:Security is very important to CCP. Our Security Team does a lot of things, such as targeting evil RMTers and botters and making sure they don't negatively impact EVE Online. It's been a while since their last dev blog and the team has undergone many changes since. CCP Bugartist, the Director of Information Security, comes forward with this new dev blog to update everyone on what's going on on the security front! Great, so I guess you guys found time to write this dev blog while fixing that OpenSSL heartbleed bug, right?
They don't need to as Eve is not using OpenSSL.
Anyway, thanks for the dev blog. It's nice to hear from the security team(s) when there is actually no big threat 
I just have one question... does bot hunting ever look something like this?
It's time: Disconnect PLEX to AUR conversion.You can read more details at the "Features & Ideas" forum thread here: https://forums.eveonline.com/default.aspx?g=posts&m=4439504#post4439504Please support if you like the idea or post the downsides if you don't. |
Efraya
Dissident Aggressors
Mordus Angels
266
|
Posted - 2014.04.10 08:06:00 -
[25] - Quote
Security team of my heart.
WSpace; Dead space. |
Prince Kobol
1644
|
Posted - 2014.04.10 10:04:00 -
[26] - Quote
Angry Mustache wrote:contrary to what others might think, i believe that "isk seized" chart is on the low side.
that looks like 19 trillion in 7 months, roughly 210 days.
That's on average 90 billion per day, which, considering the scale of the game's income (In march 2012, an estimated 1T enters the game per day, I would assume it's safe to say that number is much higher now, maybe 1.5).
90 billion out of 1500 billion per day doesn't sound nearly as impressive.
The stop doing so much RMT then !!!!
(just joking ) |
Kubiq
Future Corps
Sleeper Social Club
20
|
Posted - 2014.04.10 10:33:00 -
[27] - Quote
+1 for Two factor authentication |
Freelancer117
So you want to be a Hero
163
|
Posted - 2014.04.10 12:13:00 -
[28] - Quote
With so much isk being seized/impounded, how large an influence does this have on the inflation of isk in the game ?
Eve rule no.1: The players will make a better version of the game, then CCP initially plans.
http://eve-radio.com//images/photos/3419/223/34afa0d7998f0a9a86f737d6.jpg
|
Meytal
School of Applied Knowledge
Caldari State
361
|
Posted - 2014.04.10 12:26:00 -
[29] - Quote
Freelancer117 wrote:With so much isk being seized/impounded, how large an influence does this have on the inflation of isk in the game ?
This is where a graph showing ISK created vs ISK destroyed over time would be VERY interesting. It would also be interesting to see the same kind of numbers for PLEXes. |
Gizznitt Malikite
Agony Unleashed
Agony Empire
3833
|
Posted - 2014.04.10 13:48:00 -
[30] - Quote
Thank you very much for your hard work, maintaining balance in our game, and generally preventing its degradation by cheaters.
|
|
|
Dinsdale Pirannha
Pirannha Corp
2622
|
Posted - 2014.04.10 15:16:00 -
[31] - Quote
And once again, CCP refuses to outline who and where the ISK was impounded from, because protecting the privacy of a fictional character is critical.
Also, how much was impounded from buyers, and how much from sellers?
What was the breakdown on where the ISK was generated? High sec, null sec, low sec, wormholes?
Surely if CCP is sophisticated enough to track this stuff, they can track the activity history of the people they impounded the ISK from.
But instead, CCP has to protect even that information, because heaven forbid the subscription base get a clear picture of the situation.
Most people viewed Orwell's writings as a warning.
The harper regime and the goons treat them as a guidebook. |
Weaselior
GoonWaffe
Goonswarm Federation
6863
|
Posted - 2014.04.10 15:18:00 -
[32] - Quote
Dinsdale Pirannha wrote:And once again, CCP refuses to outline who and where the ISK was impounded from, because protecting the privacy of a fictional character is critical.
Also, how much was impounded from buyers, and how much from sellers?
What was the breakdown on where the ISK was generated? High sec, null sec, low sec, wormholes?
Surely if CCP is sophisticated enough to track this stuff, they can track the activity history of the people they impounded the ISK from.
But instead, CCP has to protect even that information, because heaven forbid the subscription base get a clear picture of the situation.
past team security presentations have shown there's more bots in the forge than all of nullsec
best of luck with your insane delusions
Head of the Goonswarm Economic Warfare Cabal Disadvantaged Persons Outreach Division:
"We hire one-half of the working class to kill the other half." |
|
CCP Bugartist
C C P
C C P Alliance
0
|
Posted - 2014.04.10 15:44:00 -
[33] - Quote
Dear Capsuleers,
we really appreciate your interest in the topic and we know that a lot of you are hungry for details.
Quote:No security related dev blog without a graph
In order to follow this age-old tradition, hereGÇÖs a brief teaser of whatGÇÖs coming at Fanfest below...
We are going to provide much more detail about this graph/data and many more at Fanfest. Even if you cannot make it in person you are welcome to join the stream. Also, we plan to provide a written summary of our Fanfest talk afterwards including the outcome of the security round-table.
As we still have a bit of time left until Fanfest I kindly ask you to post your information requests to this thread. We are monitoring this thread and I promise that at Fanfest we will address as many topics mentioned in here as possible.
All of our team members (InfoSec and Team Security) will be around at Fanfest. If you have any special topic you want to discuss with us and you feel it requires a scheduled time slot, just drop us an email at [email protected] and we will get back to you with a suggested FF day and time. Please understand that these special sessions are limited.
Thanks for your support,
CCP Bugartist |
|
voetius
BITB Support Services
212
|
Posted - 2014.04.10 16:19:00 -
[34] - Quote
Dinsdale Pirannha wrote:And once again, CCP refuses to outline who and where the ISK was impounded from, because protecting the privacy of a fictional character is critical.
Also, how much was impounded from buyers, and how much from sellers?
What was the breakdown on where the ISK was generated? High sec, null sec, low sec, wormholes?
Surely if CCP is sophisticated enough to track this stuff, they can track the activity history of the people they impounded the ISK from.
But instead, CCP has to protect even that information, because heaven forbid the subscription base get a clear picture of the situation.
I would like to see some information along the lines that Dinsdale has asked for as well. There is a large amount of speculation and anecdotal evidence on the forums and virtually nothing in the way of facts from CCP. As I don't have a horse in the race I would be interested in knowing some breakdowns based on security status and on activities (ratting, mining, missioning, etc.).
Thanks for all your efforts Bugartist and Team Security, it's appreciated. |
Bethan Le Troix
Krusual Investigation Agency
110
|
Posted - 2014.04.10 16:30:00 -
[35] - Quote
Is there any chance that use of ISBoxer or similar 'botting' software within EVE Online can be made illegal under the EULA  |
Zappity
Stay Frosty.
A Band Apart.
973
|
Posted - 2014.04.10 20:40:00 -
[36] - Quote
How about some tools for a player to actually challenge a potential bot? We would like to help. I have no idea what this would look like. In terms of information:
Maybe one of CCP Quant's graphs for botting? I'd very much like to see actual numbers of bots and ISK sellers caught.
Zappity's Adventures for a taste of lowsec. |
Audrey Koshka
Agony Unleashed
Agony Empire
13
|
Posted - 2014.04.10 20:53:00 -
[37] - Quote
Another person interested in two factor authentication checking in. |
Aalysia Valkeiper
Imperial Shipment
Amarr Empire
11
|
Posted - 2014.04.11 21:21:00 -
[38] - Quote
As somebody who is presently studying network security under scholarship, I have some inkling how difficult your jobs are.
Security is a dynamic enterprise because those who want to 'get in/alter data' are never resting on their laurels and are always adapting to their success (getting in) or your success (stopping them).
If you stopped one attempt, they're adjusting to how you stopped them and trying something else. If you didn't stop them, you have to discover they are there, stop them, and close the hole they found to get in.
Since EvE online is played internationally, your efforts are hampered by the fact some countries don't have laws against cybercrime and some countries even SUPPORT cybercrime (as crazy as that seems).
The very type of operation Eve online is (a 'open-ended' game) also hampers security concerns since you have to be extremely careful what you are observing is not some new tactic cooked up by a legitimate player, but an actual bot or a RMT.
I, for one, appreciate what you're doing and wish you the best of fortune. |
Aalysia Valkeiper
Imperial Shipment
Amarr Empire
11
|
Posted - 2014.04.11 21:39:00 -
[39] - Quote
Zappity wrote:How about some tools for a player to actually challenge a potential bot? We would like to help. I have no idea what this would look like. In terms of information:
Maybe one of CCP Quant's graphs for botting? I'd very much like to see actual numbers of bots and ISK sellers caught.
Edit: bot-hunting! Make it a new profession supported by challenge tools prior to lodging a bot ticket with rewards for each bot caught!
To give the players such a tool would also give the bot-makers the same tool. The tool's effectiveness may last a week (at most).
If such a tool were made available, it would be a help while it was effective, but it would then open other security measures to being tampered with.
If real life money can be made from it, there will be some cyber genius doing it and waiting for such a break. |
Prince Kobol
1646
|
Posted - 2014.04.11 21:55:00 -
[40] - Quote
Weaselior wrote:Dinsdale Pirannha wrote:And once again, CCP refuses to outline who and where the ISK was impounded from, because protecting the privacy of a fictional character is critical.
Also, how much was impounded from buyers, and how much from sellers?
What was the breakdown on where the ISK was generated? High sec, null sec, low sec, wormholes?
Surely if CCP is sophisticated enough to track this stuff, they can track the activity history of the people they impounded the ISK from.
But instead, CCP has to protect even that information, because heaven forbid the subscription base get a clear picture of the situation. past team security presentations have shown there's more bots in the forge than all of nullsec best of luck with your insane delusions
As much as we laugh at dinsdale with his crazy ass theories that there is some massive conspiracy going involved most of null sec and CCP, for once he has actually made a good point.
Would be great if CCP produced what he has asked for.
Now fair enough if CCP did produce such a break down and it showed that the vast majority of botting / RMT came from HS based players he would scream "lairs" and that its part of a conspiracy |
|
|
Rosewalker
Khumaak Flying Circus
55
|
Posted - 2014.04.11 23:02:00 -
[41] - Quote
Welcome CCP Bugartist! Could you answer a couple of burning questions?
1. Could you please post an updated guide on how to detect bots?
2. Is it a EULA/ToS violation if someone continuously kills/pods a bot if the bot is stupid enough to keep coming back to the same spot? I once heard that it was.
3. Is it true that CCP Blofeld is so bad at PvP that you won't let him have an avatar?
Thanks!
The Nosy Gamer - Free Wollari!-á Buy your EVE time codes through Dotlan maps! |
Aalysia Valkeiper
Imperial Shipment
Amarr Empire
11
|
Posted - 2014.04.14 23:42:00 -
[42] - Quote
Rosewalker wrote:Welcome CCP Bugartist! Could you answer a couple of burning questions?
1. Could you please post an updated guide on how to detect bots?
2. Is it a EULA/ToS violation if someone continuously kills/pods a bot if the bot is stupid enough to keep coming back to the same spot? I once heard that it was.
Thanks!
#1 would come in very handy for many of us. (myself included)
#2 is a very interesting question with serious implications either way it's answered. |
Kusum Fawn
State War Academy
Caldari State
449
|
Posted - 2014.04.26 23:25:00 -
[43] - Quote
1 any guide for how to detect a bot can and will be used by bot makers to build a netter bot
2 yes, even if its a bot running the account, its operated by someone, repeated ganking for no gain can count as griefing.
Its not possible to please all the people all the time, but it sure as hell is possible to Displease all the people, most of the time.
|
|
CCP Bugartist
C C P
C C P Alliance
6
|
Posted - 2014.04.30 12:32:00 -
[44] - Quote
Hey everybody,
just a brief update. First of, thanks a lot for your questions and comments.
We are going to answer them in our presentation at 11:00 am UTC on Friday in (room) Singularity - it's also planned to be on the stream. And, what ever we will not be able to provide you with a suitable answer for in the presentation, we will have our round table for Security Q&A at 12:00 on Friday in (room) Dodixie.
You can find the Schedule for Fanfest here: http://fanfest.eveonline.com/en/news
Thanks,
CCP Bugartist |
|
|
|
| |
|
| Pages: 1 2 :: [one page] |