| Pages: [1] 2 3 4 :: one page |
| Author |
Thread Statistics | Show CCP posts - 2 post(s) |
|
Chribba
Otherworld Enterprises
Otherworld Empire
   |
Posted - 2006.09.27 06:59:00 -
[1]
Reading what seem to be the latest technique of farming virtual money from MMOs I feel it is time for CCP to address account security as well.
Other MMOs (like WOW) have recently been targetted by account hackings via various methods, such as trojans and keyloggers. After which the hackers empty the accounts and characters on money, items and other valuables.
This has been discussed before but I wanted to bring it up again.
Please introduce the ability to lock down an account based on IP, and before you start flaming - what about those with dynamic IP's?! - Though luck, after all you can lock down based on your class B or C range from your ISP. Maybe not 100% but still adds a little bit of security.
And for us that have static IP's this would be a great way of securing our accounts. This shouldn't really be too hard to implement imo as you today can ban IP's.
Personally, I am getting more and more paranoid over 3rd party programs by each day. Sure I don't HAVE to use them, but programs like EVEmon and QuickFit are amazing and help soo much, but you never know if an author turns evil and adds a logger of some kind (yes I could compile the open-source ones myself but that's not the point here) - so adding an IP restriction would at least make my accounts safe if I happen to be infected with some EVE malware.
Please CCP, pimp my account security!
/c
EVE-Files | EVE-Search | Monitor this Thread |
|
Joshua Foiritain
Gallente
Coreli Corporation
|
Posted - 2006.09.27 07:12:00 -
[2]
Edited by: Joshua Foiritain on 27/09/2006 07:14:57
 Originally by: Marguerite Antiki
Why does CCP have to cover the stupidity of those who donload a trojan / keylogged ?
If you protect your PC and password, then your safe from having it happen. ust cause WoW does it does not mean the rest of the world has to stop, the best prevention starts with YOU the client, not with the developer, as after all, they develop the game, not the security on your PC.
Ive never had any trojans or key loggers on my computer, yet id still like to see this implemented simply because you can never have too much security. Plus its not like this is all that much work to code.
It also would be nice if one could select multiple IP's, so that i can set both my home and work IP number 
-----
[Coreli Corporation Mainframe] |
Marguerite Antiki
|
Posted - 2006.09.27 07:12:00 -
[3]
Edited by: Marguerite Antiki on 27/09/2006 07:15:02
Why does CCP have to cover the stupidity of those who donload a trojan / keylogged ?
If you protect your PC and password, then your safe from having it happen. Just cause WoW does it does not mean the rest of the world has to stop, the best prevention starts with YOU the client, not with the developer, as after all, they develop the game, not the security on your PC.
Ehh forgot to add, blocking an IP is not that great, I use many IPs fom home, work and a friends place, that would upset me, along with others who have changing IPs or access to the game via multiple means. Just silly I tell ya 
Cheers
|
|
Chribba
Otherworld Enterprises
Otherworld Empire
|
Posted - 2006.09.27 07:28:00 -
[4]
Originally by: Marguerite Antiki
Edited by: Marguerite Antiki on 27/09/2006 07:15:02
Why does CCP have to cover the stupidity of those who donload a trojan / keylogged ?
If you protect your PC and password, then your safe from having it happen. Just cause WoW does it does not mean the rest of the world has to stop, the best prevention starts with YOU the client, not with the developer, as after all, they develop the game, not the security on your PC.
Ehh forgot to add, blocking an IP is not that great, I use many IPs fom home, work and a friends place, that would upset me, along with others who have changing IPs or access to the game via multiple means. Just silly I tell ya
Cheers
I didn't say it is up to CCP to protect us, I said it would be a nice feature, there are other factors that could come to play when it comes to account security as well that put your account at risk.
As for the IP restrictions this of course is OPTIONAL, not a forced way, so you wouldn't have to get ****ed about it since you can use it if you like. And of course you should be able to add multiple IP's and IP-ranges, not just one, so you can cover all your gaming places.
As Joshua said, there can never be too much security for your account, what you decide is enough is up to you. But I for one would like to see it implemented, and I have never had any trojan or keylogger either.
EVE-Files | EVE-Search | Monitor this Thread |
|
Matthew
Caldari
BloodStar Technologies
|
Posted - 2006.09.27 07:54:00 -
[5]
The main problem I can see with this is how you then go about configuring the IP's in a secure way.
You can't just have it under account options on the website. Because then anyone who manages to get your password just logs in there and changes them to their own IPs.
If you counter this with applying the IP restrictions to the account management site too, you'd then end up with people running into problems when they switch ISP or otherwise change IP addresses, if they don't change the options before they lose the old one (and people WILL forget to do this). Of course, you could petition the GM's for an IP reset. But once that becomes a possibility, you'll also get the hackers sending in fake petitions to try and get the GM's to reset the accounts with false information.
While it sounds good in theory, I'm not sure how much actual, practical security it would provide.
-------
There is no magic Wand of Fixing, and it is not powered by forum whines. |
Joshua Foiritain
Gallente
Coreli Corporation
|
Posted - 2006.09.27 08:04:00 -
[6]
Originally by: Matthew
You can't just have it under account options on the website. Because then anyone who manages to get your password just logs in there and changes them to their own IPs.
Credit Card Number or a 2nd password used just for this would be a way of verifing whether or not the person logged in is the real deal.
-----
[Coreli Corporation Mainframe] |
|
Chribba
Otherworld Enterprises
Otherworld Empire
|
Posted - 2006.09.27 08:26:00 -
[7]
Originally by: Joshua Foiritain
Originally by: Matthew
You can't just have it under account options on the website. Because then anyone who manages to get your password just logs in there and changes them to their own IPs.
Credit Card Number or a 2nd password used just for this would be a way of verifing whether or not the person logged in is the real deal.
Reset by Email & some own chosen pw or like ^^ CC number or basicly anything else that is random.
I'd like to see it apply to MyEVE and Secure* as well. Or the option to use it global. And tbh it shouldn't be that much of a problem, an ISP rarely switch their entire subnet, so adding a mask of like 123.123.123.* or 123.123.* should be sufficient for most even if their IP changes.
But yeah just a second id string and your email should be an ok way of resetting your IP information in such cases.
And if that happen to fail sure a GM could take a petition and having the user prove it is his/her account, by that time the real user (in case of hacking) would have gotten the email notice about IP-reset already and can stop it.
EVE-Files | EVE-Search | Monitor this Thread |
|
Hllaxiu
Shiva
Morsus Mihi
|
Posted - 2006.09.27 15:45:00 -
[8]
Which MMOs do this? Only game that I've played that did this was gunbound...
---
Our greatest glory is not in never failing, but in rising up every time we fail. - Emerson |
Mak'shar Karrde
Minmatar
UK Corp
Lotka Volterra
|
Posted - 2006.09.27 16:02:00 -
[9]
Edited by: Mak''shar Karrde on 27/09/2006 16:04:57
Just for the record, both EVEMon and Quickfit allow you to import an already downloaded XML file, so there is no need to ever type in your account details.
|
Dark Shikari
Caldari
Imperium Technologies
Firmus Ixion
|
Posted - 2006.09.27 16:08:00 -
[10]
I know many games that allow IP locking.
Its never required, but its a very useful option, and it would be great if EVE had it.
--[23] Member--
Originally by: DB Preacher
The only time BoB's backs are to the wall is when Backdoor Bandit is in local.
|
Parifactor
Minmatar
|
Posted - 2006.09.27 16:11:00 -
[11]
How about fingerprinting a la SSH instead of selecting IPs?
Ofc you still have the same probs with fingerprint changes but it would be a better way to auth a system. When your FP doesn't match the expected one, you are presented with a passwd field or somesuch to update the DB. This should be straight forward enough so that users aren't confused by it. Of course, you would need to be able to have several active FPs at once as people may play with more than just one computer.
*shrugs*
|
|
Sharkbait
|
Posted - 2006.09.27 16:32:00 -
[12]
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
Spank You later |
|
Hippo117
Caldari
9th Fleet Academy
|
Posted - 2006.09.27 16:33:00 -
[13]
I'd like to see an email confirmation about your email/pass being changed. My alts email was changed for like a week when it got hacked before i knew it and i couldnt change it back when the password was changed too cause there was no notification to the former or even registered as email. Even just a link 'CLICK HERE IF YOU DID NOT DO THIS" would go a long way.
--------------
Booby > Rokh
|
Scorpyn
Caldari
Infinitus Odium
|
Posted - 2006.09.27 16:33:00 -
[14]
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
That would be the solution I use. An ip filter would still be useful for ppl with static ip though.
|
Kaiu
Hinkledolph and K Associates
The SUdden Death Squad
|
Posted - 2006.09.27 16:38:00 -
[15]
Not to ruin the thread, it sounds very interesting...
But, if i went to the 'trouble' to get your IP i would also most likely proxy a similar one close to/in your range as to keep any alarm bells to a minimum
The simple truth is, if ppl want to do this, the way Windows stands they can and will.
I DO like this idea though, it removes the very newb script kiddies and keyloggers out of the equation quite nicely.
____________________
MOGarmy
|
Dark Shikari
Caldari
Imperium Technologies
Firmus Ixion
|
Posted - 2006.09.27 16:38:00 -
[16]
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
Don't use Windows XP, Mozilla Firefox, and Kaspersky Antivirus?
Those are all third party programs.
--[23] Member--
Originally by: DB Preacher
The only time BoB's backs are to the wall is when Backdoor Bandit is in local.
|
Cosy Ceaon
Gallente
Porandor
|
Posted - 2006.09.27 16:51:00 -
[17]
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
make eve for linux
|
SonOTassadar
The Dead Parrot Shoppe Inc.
|
Posted - 2006.09.27 16:53:00 -
[18]
Edited by: SonOTassadar on 27/09/2006 16:54:15
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
That was a pretty retarded comment from you. You know what's funny? All the other MMOs have a working website and tutorials to help new players. On the topic of security: Blizzard implemented a program that watches your programs in the background to check for use of illegal 3rd party software such as bots and macros, and you know what else? It works really, really well. I heard of one discrepancy where it logged someone who had limited mobility with their limbs as having used a 3rd party program. 1 in 6,000,000 subscriptions -- not bad.
What has CCP done to help with security, sharkbait?
-----
Griffin -- 100,000 ISK
ECM - Multispectral Jammer Is -- 20,000 ISK
Standar Missile Launcher Is -- 10,000 ISK
War target sobbing over losing a fight in his T2 fitted Battleship -- priceless |
Locke DieDrake
Port Royal Independent Kontractors
Imperial Republic Of the North
|
Posted - 2006.09.27 16:53:00 -
[19]
Originally by: Dark Shikari
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
Don't use Windows XP, Mozilla Firefox, and Kaspersky Antivirus?
Those are all third party programs.
Please don't be a foolish troll. Supposedly, you are better than that.
You know exactly what he ment.
And anyway, you can sue MS or Mozilla if their software starts keylogging you. I'm not so sure about KAspersky.
But you are going to have a tough time tracking down and trying to take legal action against the creator of Quickfit or evemon, or the redistributor that added a keylogger.
Also, I believe that security, beyond basic secure password systems is ENTIRELY an end user problem. Be smart, be safe and be fine. Or choose to take a chance and roll the dice. Either way, it's your call, and your problem.
Also, I log into eve from both Work, home and on multiple computers at either location, so your IP idea is worthless for someone like me. (and don't be too suprised to find out that many people here use many different computers) And because I'm on GATEway cable (comcast multi-line business) service, I have direct IP's for each of my computers at home (4) and I play eve from at least 3 of them regularly.
___________________________________________
The deeper you stick it in your vein, the deeper the thoughts there's no more pain.
___________________________________________
|
Hllaxiu
Shiva
Morsus Mihi
|
Posted - 2006.09.27 16:54:00 -
[20]
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
k.
/me goes to uninstall directx
---
Our greatest glory is not in never failing, but in rising up every time we fail. - Emerson |
Hllaxiu
Shiva
Morsus Mihi
|
Posted - 2006.09.27 16:57:00 -
[21]
Originally by: Locke DieDrake
Please don't be a foolish troll. Supposedly, you are better than that.
You know exactly what he ment.
Then what did he mean exactly? Everything on your computer is third party. An exploit in any one of these pieces of software could be used to get a trojan or something in as your user which can then use a trivial method to get SYSTEM privledges and harvest all login info for any MMOGs you have installed.
---
Our greatest glory is not in never failing, but in rising up every time we fail. - Emerson |
DukDodgerz
|
Posted - 2006.09.27 17:02:00 -
[22]
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
best advice ever!!!
why the heck do MORONS want to be safe AND use 3rd party apps from UNKNOWN creaters??
Antivirus apps WILL NOT stop a custom made keylogger that was put in place with a trojan and a root kit, YOU installed.
The solution is as the nice CCP person said, DO NOT USE 3rd PARTY APPS. <--see that period????
FRODO HAS FAILED;
BUSH HAS THE RING!!!
 |
DukDodgerz
|
Posted - 2006.09.27 17:05:00 -
[23]
Originally by: Dark Shikari
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
Don't use Windows XP, Mozilla Firefox, and Kaspersky Antivirus?
Those are all third party programs.
You just lost all repsect with that FUD.
If the meaning "3rd party" is unclear to YOU, then YOU should not comment with FUD. (jeeez, even the lamest twits on slashdot have gotten that point)
FRODO HAS FAILED;
BUSH HAS THE RING!!!
|
Locke DieDrake
Port Royal Independent Kontractors
Imperial Republic Of the North
|
Posted - 2006.09.27 17:07:00 -
[24]
Originally by: Hllaxiu
Originally by: Locke DieDrake
Please don't be a foolish troll. Supposedly, you are better than that.
You know exactly what he ment.
Then what did he mean exactly? Everything on your computer is third party. An exploit in any one of these pieces of software could be used to get a trojan or something in as your user which can then use a trivial method to get SYSTEM privledges and harvest all login info for any MMOGs you have installed.
First off, where did you get your computer? Dell? Gateway? Another OEM? If so, windows, and a huge HOST of other programs are FIRST PARTY. But I suppose thats just symantics.
Anyway, I realize you people read about all these things that could comprimize your computer, and let bad people steal your stuff, virtual or otherwise.
Let me give you a few pointers to avoid this.
1) Don't surf **** on a unprotected system.
2) Don't surf Warez on an unprotected system
3) Don't surf any non-trustable sites period.
4) Don't surf on a computer without proper sa***uards installed. (IE: use a VM enviroment, have good AV software, and a soft and hardware firewall, run a network and process monitor regularly)
5) DONT ******* RUN WINDOWS AS AN ADMIN.
6) SERIOUSLY DONT ******* DO IT.
7) Don't install or run any program exe you download from the net until you check it out.
8) Take these basic steps to protect yourself and you will be too much trouble for the hackers to bother going after. (incorrect use of the word hacker, but thats a differnt thread)
Oh, and once again. If you go to a car dealership, and buy a car. They don't show you how to use it. Neither does DELL or Gateway. Nor MS. Its YOUR PROBLEM, not anyone elses, first, third or other party.
Lastly, to directly respond to your question. Sharkbait more than likely ment that if you worry about third party EVE apps then you shouldn't use them. Evemon, Shiftwindow, Quickfit, etc etc etc. Any program that you give your eve password too is a HUGE THREAT to your security. Do so carefully.
And just for the record, any and all of these third party programs are technically against the EULA. CCP allows them because they are usefull and not detrimental. You guys keep crying about security problems and they are just going to get nasty about these apps.
___________________________________________
The deeper you stick it in your vein, the deeper the thoughts there's no more pain.
___________________________________________
|
Hippo117
Caldari
9th Fleet Academy
|
Posted - 2006.09.27 17:09:00 -
[25]
Edited by: Hippo117 on 27/09/2006 17:10:20
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
Eve is a third party program.
Come to think of it, any program that you do not build and compile on your local machine personally is a 3rd party program. But oh wait, the compiler and linker are 3rd party. Guess I can't use my computer now to play eve.
You cant be that vague sharkbait, someone will take it literally.
--------------
Booby > Rokh
|
Mak'shar Karrde
Minmatar
UK Corp
Lotka Volterra
|
Posted - 2006.09.27 17:11:00 -
[26]
This is getting a little painful to read now. I think I will move my computer to the middle of the room, away from any walls.
|
DukDodgerz
|
Posted - 2006.09.27 17:13:00 -
[27]
Originally by: Cosy Ceaon
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
make eve for linux
as if Linux kernal did not have a backdoor built in for years, going unseen by all...until it was wide spread and well known way to HACK into ANY linux box with that kernal or older, all the way back from when it was introduced to the source...that was reviewed by many...sure was safe huh...
Can't say the same with XP now can you? Show me where I can get access to the XP source code and add a backdoor... It takes a user failing to use safe practices, to cause a breach that this thread is discussing.
So please keep your linux FUD on the slashdot forums.
FRODO HAS FAILED;
BUSH HAS THE RING!!!
|
ArcticShadow
Gallente
Rome
SMASH Alliance
|
Posted - 2006.09.27 17:24:00 -
[28]
I still dont have my characters back, Kieron never replied to me, even though he said he would almost two months ago, and I have sent several follow up e-mails.
---
ArcticWolf, member of Eve since February, 2003.
My Story |
DukDodgerz
|
Posted - 2006.09.27 17:27:00 -
[29]
Originally by: SonOTassadar
Edited by: SonOTassadar on 27/09/2006 16:54:15
Originally by: Sharkbait
Originally by: Chribba
Personally, I am getting more and more paranoid over 3rd party programs by each day.
then don't use them. simple
That was a pretty retarded comment from you. You know what's funny? All the other MMOs have a working website and tutorials to help new players. On the topic of security: Blizzard implemented a program that watches your programs in the background to check for use of illegal 3rd party software such as bots and macros, and you know what else? It works really, really well. I heard of one discrepancy where it logged someone who had limited mobility with their limbs as having used a 3rd party program. 1 in 6,000,000 subscriptions -- not bad.
What has CCP done to help with security, sharkbait?
Oh geeeeeee, is CCP now your security adviser for YOUR PC??
If YOU install 3rd party apps, then YOU assumed the risk, and YOU will most likely suffer due to stupidity.
Sharky has the correct answer, DON'T Freaking use third party apps, you have no clue as to where they origniate.
FRODO HAS FAILED;
BUSH HAS THE RING!!!
|
Mak'shar Karrde
Minmatar
UK Corp
Lotka Volterra
|
Posted - 2006.09.27 17:31:00 -
[30]
I understand the wish for CPP to make things as secure as possible, it's a noble cause in my opinion but some people are not helping by refusing to take steps to secure their own computers (not aimed at the OP).
|
| |
|
| Pages: [1] 2 3 4 :: one page |
| First page | Previous page | Next page | Last page |