EVE Search - Regarding recent security concerns.

All Channels

EVE General Discussion

Regarding recent security concerns.

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Author

Thread Statistics | Show CCP posts - 7 post(s)

Beef Hardslab
The 5 Amigo's LLC.

Posted - 2007.01.19 15:36:00 - [1]

Originally by: Vito Parabellum
Three more things; You cannot change account name if it becomes "compromised". There are probably a lot of players with the same account name as character name. And with so many users you can guess account names just by chosing some random words, like arnold, sunflare, apache etc (sorry goes out to those users for revealing their secret accountnames!).

LOL I truly do feel sorry for the security illiterate who would use their account name for one of their character names.

Originally by: Vito Parabellum
One being that if your accountname, in your poor users case their domain followed by their email (oh, so secret!), gets "leaked" out, the user cannot do anything to change it himself without going to daddy-o. And what are you gonna do? Move him to another domain? Change his email? Also account names are stored everywhere, in cookies, in the registry, inifiles. It's also shown in clear text when you type it into the box. If you are so daft to believe that the account name should have any inherent security, you might want to go back to school.

If people are looking at your registry, cookies, or your login screen, your security is already fatally flawed, and no super-encrypted, 47 digit password is going to pull your bacon out of the fire.

Originally by: Vito Parabellum
The second point is that many eve-chars will have the same char name as account name. What Im getting at here is that if the dude is called John in game, the chances of his accountname also being John is higher than it being Betty and you can thus connect account to char in some cases, without even asking him.

If your account name is the same as your character name, well, what can I say? You are ignorant.

Originally by: Vito Parabellum
Third point is that if you are going to brute force any account, you can just choose a random name and almost be assured that there is an account with that name, just because theres no security rested on account names (except on your domains ofc) and so they aren't usually randomized.

Sure, there's a chance you may end up with an actual account name. Assuming that, there's also a chance you may actually get an active account. Assuming even further, there's a chance you might get an account name of an active account with anything worth a damn on it. Or you could just remove all these steps and variables and just hand out your account name, assuring the would-be thief that not only is it an active account, but he will also have a general idea of whether the account is worth the effort to get into (SP total, isk in wallet).

Originally by: Vito Parabellum
Now please tell me why this is really one argument and a weak one, and do it with a strong one instead of trolling.
Speaking about arguments, I've read your post twice and come to the conclusion that you are trying to make weak points with no arguments at all. So please rephrase if you are able.

There are no weak arguments when it comes to keeping security high.
Why there should be a breathalyzer to login to Eve:

Originally by: Alliaanna Dalaii
Podding my own alt in a gatecamp while drunk, he was carrying a hauler full of tech II goods, Oops.

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.