EVE Search - Siggy Mapping Tool

Check My IP Information

All Channels

Wormholes

Siggy Mapping Tool

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: [1] :: one page

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Cosmic Scanner Aperture Harmonics No Holes Barred 91	Posted - 2014.10.28 17:57:36 - [1] - Quote Following the invasion of noho by QEX / BU / Hardknocks and Lazerhawks, I wanted to highlight something to the w-space community about the mapping tool we all know as siggy in case you are unaware. When siggy is used in an out of game browser, you don't need password authentication (if that's how you have it set up). What this means is that anyone with a very limited api for a character in your corp or alliance can register an account and access your siggy without the need for a password or the need to log into eve. Ok now that's out of the way, let me show you our suspicions as to why we have stopped using siggy. The moment we suspected capitals were being seeded into Polaris, we were obviously trying to keep eyes open as much as possible, and from what we saw, it almost felt like the hostiles seemed to already know our chain sometimes. But that was all speculation until we noticed a character called Azbogah monitoring our siggy from out of game: http://s12.postimg.org/oiwozao71/Screenshot.png To my knowledge, Azbogah is an alt of the creator of siggy. Notice that his account ID is 1... And the corp Interstellar Alcohol Conglomerate has some relation to one of the entities involved in invading us (farming corp?). This means that either through a leaked API or abuse of siggy admin, the owner of siggy was peeking into our chain, and considering the timing of it... its kind of obvious why don't you think? Some of this will likely be speculation to you, but I will leave you all to make your own minds up on your continued use of siggy, and whether you can trust the guy running it. Cheers o7 Cosmic Scanner / muu lufragga
StarConquer212 Tri-gun Reloaded Irresponsible Use of Capital. 214	Posted - 2014.10.28 18:55:51 - [2] - Quote His name is Messoroz, he is a terrible human. As some one that had to deal with that guy in VoC leadership for far too long. believe what you want, but that guy is a stone wall when it comes to the integrity of his siggy. When we thought we where getting invaded in Banana ( home system of aquila ) he refused to give us any details what so ever about anything. Our very abrasive Russian director despite his best efforts couldn't get him to budge. If you have concerns about Siggy, please mail him, he hates people mailing his main ( Messoroz ) or his alt in that corp listed in your screen shot =) All else fails keep up the good tin foil hating -Star
El Space Mariachi Love Squad Confederation of xXPIZZAXx 164	Posted - 2014.10.28 18:57:59 - [3] - Quote messoroz is my dad he would never do something so underhanded gay gamers for jesus
Allna Aim High SWAG Co 34	Posted - 2014.10.28 18:58:39 - [4] - Quote Interstellar Alcohol Conglomerate you say... hrm, IAC, Tyrrax Thorrk.... Guiding Hand Social Club... Know your history, it all makes sense. Glad we never used Siggy. :) Self-hosted mapper is the only safe mapper. :)
Franky Saken Hard Knocks Inc. Irresponsible Use of Capital. 48	Posted - 2014.10.28 19:20:18 - [5] - Quote mess is a **** but im p sure he wouldn't do this a counter thing to your post: it might be that his account has rights to all siggy maps/orgs and that the session list shows online users which can access your thing?
Peter Moonlight Aperture Harmonics No Holes Barred 60	Posted - 2014.10.28 19:31:16 - [6] - Quote Not sure if this should mean something but.. Few days before the invasion at our weak time, I noticed "Jack Tronic" on our siggy mapper, he seemed like a good guy when he was helping me with something before, but this was suspicious. (look at Jita system) http://grab.by/Bqn8
Sith1s Spectre Rolled Out Black Legion. 1254	Posted - 2014.10.28 21:41:14 - [7] - Quote Look internally before you start blaming external sources. Rolled Out 2.0 is back. -áBut not in the way you're probably thinking-á
AgentFiftySix Rolled Out Black Legion. 21	Posted - 2014.10.28 21:51:47 - [8] - Quote Sith1s Spectre wrote: Look internally before you start blaming external sources. Why would they need Messo to monitor your siggy chain when they likely have several spai alts in your alliance who all have access anyway by default.
MooMooDachshundCow Incertae Sedis 98	Posted - 2014.10.28 21:55:24 - [9] - Quote AgentFiftySix wrote: Sith1s Spectre wrote: Look internally before you start blaming external sources. Why would they need Messo to monitor your siggy chain when they likely have several spai alts in your alliance who all have access anyway by default. Inconceivable! Yeah, well, it's just like my-á*opinion*, man.
Jack Miton Isogen 5 3888	Posted - 2014.10.28 22:14:04 - [10] - Quote cmon aharm.... youre siggy paranoia was old 2 years ago and it's really just pathetic at this stage. please, just dont use it if you dont want to but stop posting this crap every few months. even if siggy publicly listed all maps on the forums, it would STILL be the best mapping tool option available. at the end of the day, I know you have your own mapping tool so please stop whining on the forums about siggy and just dont use it. Stuck In Here With Me:-á http://sihwm.blogspot.com.au/ Down the Pipe:-á http://downthepipe-wh.com/

Jack Tronic borkedLabs 218	Posted - 2014.10.28 22:34:13 - [11] - Quote Let me say this again. The way people get access to your maps is when people NEVER DELETE THEIR OLD API KEYS. You know how Hard Knocks gets your API keys? Various other eve sites have been breached over the years and theres literally API key dumps you can download. I have no way of policing API keys. CCP has to implement requester url/ip lockdowns on keys. It is the only way to fix the current disaster everyone is ignoring. As soon as CCP fixes their oAuth implementation((renewal tokens actually work), I will ditch the API system entirely because it's inherently insecure.
Jack Miton Isogen 5 3889	Posted - 2014.10.28 22:42:00 - [12] - Quote That's all well and good, but how do you answer the charges of being in Jita?!? HUH!?! NVM... sneaky edit.... Stuck In Here With Me:-á http://sihwm.blogspot.com.au/ Down the Pipe:-á http://downthepipe-wh.com/
Jack Hayson Atztech Inc. Ixtab. 18	Posted - 2014.10.28 22:48:41 - [13] - Quote People still use API keys for verification?
Jack Tronic borkedLabs 219	Posted - 2014.10.28 23:09:06 - [14] - Quote Jack Hayson wrote: People still use API keys for verification? As far as I'm aware CCP never made the TQ SSO public. It's only SISI based and that's cutting out users.
Ayeson Hard Knocks Inc. Irresponsible Use of Capital. 519	Posted - 2014.10.28 23:53:45 - [15] - Quote My server and the siggy server live in the same rack and I can't even access it. This argument is invalid. Siggy is uber secure. (Unless the rack manager is mad at HK and decides he wants to just power down the box to make our lives miserable, but that's more of a problem with us being assholes than a security flaw) I GÖÑ the orthrus
Jack Hayson Atztech Inc. Ixtab. 18	Posted - 2014.10.29 00:30:47 - [16] - Quote Jack Tronic wrote: Jack Hayson wrote: People still use API keys for verification? As far as I'm aware CCP never made the TQ SSO public. It's only SISI based and that's cutting out users. Sadly they have not. Our mapper uses a simple "Hey bro! I registered with character xyz, could you please activate my account?" on TS for verification. Pretty low tech, but works like a charm. API keys on their own are completely useless for identification. (Just because someone has the keys to your house, doesn't mean he is you.) If you want an automated identification system you could for example request the user to transfer 1 ISK with a reason code and then fetch that via API.
TheBlueFox Perpetua Umbra Interstellar Alcohol Conglomerate 0	Posted - 2014.10.29 01:40:09 - [17] - Quote Hi! So, IAC is actually an alliance. One with a long and prestigious history at that. We don't do any bearing whatsoever. At this point we have only a handful of people keeping the name alive as it's very much a shell of its former glory. Tyrrax isn't involved in its current operations. Currently the few that are active reside with HK. Your invasion however was not aided in any way by us through handing out siggy data. HK/BU/etc did all the hard work on their own (read: spies). There are only two people that have access to siggy's raw data and only one that has physical access to the server (that would be me). We have a vested interest in our product to keep our clients confidence. We think it will be unfortunate that we might lose you as a customer due to our relations with those who decided to invade you, but I can assure you that we provided them no assistance. They don't even bother asking us for data because they're aware of our position in all of this. It would be foolish to throw away years of work and money spent (servers aren't free) just for something like that. If you have any further questions regarding siggy or my alliance, I'll be more than glad to explain.
Ayeson Hard Knocks Inc. Irresponsible Use of Capital. 519	Posted - 2014.10.29 01:54:29 - [18] - Quote I'm more butthurt someone petitioned my title because of this whole fiasco. How does anyone know I'm not actually a hood nigganigga from the streets that made it to the tippy? Edit:ccp double posting bad words still works. How long have I been telling you this?? I GÖÑ the orthrus
Jess Tanner Hard Knocks Inc. Irresponsible Use of Capital. 144	Posted - 2014.10.29 02:19:11 - [19] - Quote Ayeson wrote: I'm more butthurt someone petitioned my title because of this whole fiasco. How does anyone know I'm not actually a hood nigganigga from the streets that made it to the tippy? Edit:ccp double posting bad words still works. How long have I been telling you this?? Since we blew up that mintchip lol works @ ccp thread, then after they ediited us for quoteing ccp, we quoted each other over and over again... Go with Bob, keep Him always in your heart. He is your Sword, Shield, and the Knife in your back.
Trinkets friend Sudden Buggery Prolapse. 1789	Posted - 2014.10.29 03:18:31 - [20] - Quote "Damn, these guys keep finding their way into our hole." "Damn, it's so hard to gain hole control." "Damn, they've reinforced 55 of 57 POSs" "LOL, wiped their arses with their ears, now they've got **** in their ears. Ahahaha. Commence forum trolling BU/QEX/LZHX" I don't see the problem. Some dude is spying on you, gets people into your chain, they waste metric buttloads of hour's burning your stront, and then you slaughter 60 T3's and half a dozen capitals. I'd be happy to have some guy spying on me if I could do that. J's before K's. Prolapse. Turning holes inside out with pew pew. http://www.localectomy.blogspot.com.au

Cosmic Scanner Aperture Harmonics No Holes Barred 101	Posted - 2014.10.29 18:27:07 - [21] - Quote Jack Miton wrote: cmon aharm.... youre siggy paranoia was old 2 years ago and it's really just pathetic at this stage. If you look at my corp history you will notice that i have only been in Aharm about 1 month. Previously to this i was in Temnava Legion for over 2 years, and i was until recently actually very pro-siggy in noho. You seem... very vocal about aharm I somewhat feel like i am not the one whining here lol. Don't get me wrong, Siggy is an awesome tool, of which the owner should be proud of coding, and i really really genuinely hope that mine and noho's suspicions are wrong. I also am not intending to personally attack the owner. I am not saying that what i presented is 100% conclusive proof, but then neither can Jack Tronic 100% proof to you or me that he did not do what noho suspected him of doing so. It is very open to interpretation, I just felt that i needed to make my experiences and concerns public. What you choose to do and think is down to you. And i think i can speak for both myself and noho to say that this will be the last forum topic you ever see us make about this. One thing i do not understand is why the password auth is present in game, but not present out of game? Perhaps it was a coincidence, but i had never until recently saw Azbogah on the active sessions out of game until the time just before the invasion. Put yourself in our position, you know people are seeding capitals into your system, during this time, you just so happen to see the siggy owner doing what appears to be looking at your chain at a very critical time. Wouldn't it make you a little paranoid? Just sayin. Anyway cheers for the reply's gents o7 Cosmic Scanner / muu lufragga
TheBlueFox Perpetua Umbra Interstellar Alcohol Conglomerate 4	Posted - 2014.10.29 23:03:14 - [22] - Quote We quite value our transparency and I think the fact that we do not hide our presence when performing administrative functions or resolving issues speaks volumes. You may wish to consider the fact that we also have unrestricted access to all the data for everyone as it is in the end stored on our servers. Should we choose, we can go through it all at our leisure without anyone but us being aware of the fact. This is not something that is exclusive to our service either and is just inherent to trusting a third party with some data. Yet as it's clear, we elect not to go down that path. Why would we wish to discredit ourselves in such a manner when we can prune the SQL data at ease for example? In the end, the only thing we hope to gain from you and your alliance is some ISK. After all, this is a paid service and we rely on that to keep things running and continue development. We maintain standards and do not go through client data unless we have been given access by them or are resolving issues as you just saw. When it comes to our product, we keep a completely neutral stance as such a role is key to maintaining the customer base that we have. Even HK, the entity with which we are most active, does not receive a discount on siggy and pays in full to maintain service. As for the password authentication thing, seeing as I'm not the developer (my responsibilities primarily lie in the hardware side of things), I unfortunately cannot answer that question for you.
Jack Tronic borkedLabs 221	Posted - 2014.10.30 03:56:04 - [23] - Quote Quote: you just so happen to see the siggy owner doing what appears to be looking at your chain at a very critical time. . You can ask Peter Moonlight why I was looking :P Or in this case testing. Quote: One thing i do not understand is why the password auth is present in game, but not present out of game? Because siggy's codebase after 3 years makes me cry. This has now been fixed, with awful code purged and deploying shortly.
Jack Miton Isogen 5 3895	Posted - 2014.10.30 06:02:08 - [24] - Quote Cosmic Scanner wrote: Jack Miton wrote: cmon aharm.... youre siggy paranoia was old 2 years ago and it's really just pathetic at this stage. If you look at my corp history you will notice that i have only been in Aharm about 1 month. Previously to this i was in Temnava Legion for over 2 years, and i was until recently actually very pro-siggy in noho. You seem... very vocal about aharm I somewhat feel like i am not the one whining here lol. no I didnt check your history but I realize you're new to aharm. might just be coincidence that the same complaint comes out of AHARM every few months, who knows. either way, aharm members complaining about siggy on the forums is a tried and true WH tradition. as for my personal relationship to aharm? im a big fan. they were fun to shoot 4 years ago, fun to get shot by 3 years ago, was a great corp to be part of when I was there and I'm sure it still is now. calling me anti-aharm is... loose to say the least mate. Stuck In Here With Me:-á http://sihwm.blogspot.com.au/ Down the Pipe:-á http://downthepipe-wh.com/
mechform 135	Posted - 2014.10.30 11:39:18 - [25] - Quote Eve has taught us that people can and will do anything for whatever reason they choose to at whatever time. Black Power - Brotha's in space unite!
Cosmic Scanner Aperture Harmonics No Holes Barred 102	Posted - 2014.10.30 17:00:22 - [26] - Quote The day / timing of when you accessed our chain pretty much matches up with when peter moonlight reported problems. I am happy to admit that it looks like i am / we were probably wrong. I didn't look close enough to see the timings were similar, my bad. I will update the original post accordingly, and feel free to bury this topic. Keep up the good work o7 Cosmic Scanner / muu lufragga


Pages: [1] :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.