Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 4 post(s) |
|
CCP Navigator
C C P C C P Alliance
3
|
Posted - 2011.04.09 17:41:00 -
[1] - Quote
At approximately 21:00 UTC on Friday, April 8 we were made aware of some security issues with the new EVE forums which needed to be addressed. These issues were as follows:
GÇóWe discovered that it was possible to access some forums which certain users should not have been able to access GÇóUsers could make and edit posts as another user's character GÇóIt was possible to inject some HTML code into signatures
As a result, we disabled the new forums temporarily while we investigated and addressed the situation. We can assure players that none of their personal details, login credentials or billing information were compromised as that information is maintained on a separate encrypted server.
At 03:30 UTC on April 9, we took the forums down again for a second time to apply a hotfix that would restore several moderator features. Unfortunately, this hotfix did not resolve the issues with moderator functionality, and as a result, we are keeping the forums down until the full team is available Saturday morning to resolve the issue.
At 18:30 UTC on Saturday, April 9, the EVE forums returned to service once more. We have identified the outstanding issues and applied hotfixes to ensure forum stability and security. At this time we would like to advise players that signatures have been disabled for the time being and will be enabled when we are confident that they cannot be abused
We know how important it is for you to communicate with other EVE Online players, and sincerely apologize for the upheavals of April 8 and 9. We extend an invitation to those of you who would like to talk to others of like minds by joining the #tweetfleet and following @eveonline on Twitter.
We would also ask that you use this thread for all discussion and comments regarding the forum downtime.
Thank you for your patience and understanding during this time.
Fly safely! |
|
Aurora Fire
6
|
Posted - 2011.04.09 18:39:00 -
[2] - Quote
What did You do to SHC ?! |
Tyrrax Thorrk
Guiding Hand Social Club Dystopia Alliance
6
|
Posted - 2011.04.09 18:48:00 -
[3] - Quote
RABBLE RABBLE |
Miilla
Hulkageddon Orphanage
28
|
Posted - 2011.04.09 18:48:00 -
[4] - Quote
As of 09/04/2011, SHC has been shut down due to ongoing hosting costs. SHC has been in operation for almost five years, and in its time went from being a tiny little community ship discussion site, to the premiere site for real Eve related news as well as a favoured forum for devs to get community feedback. Its been a great ride and I wish you all the best. Please email [email protected] if you want to get in touch! |
John Aubrey
Death And Honour Shadow Directive
0
|
Posted - 2011.04.09 18:48:00 -
[5] - Quote
If your temp. solution was to remove signatures completely, wouldn't it have been possible to restore the forums several hours ago? |
Lynn Deniera
The Foreign Legion Wildly Inappropriate.
0
|
Posted - 2011.04.09 18:50:00 -
[6] - Quote
Hey you made Kugu the only active eve forum for a little. IRONY |
Sellador
Rising Ashes Inc. Important Internet Spaceship League
31
|
Posted - 2011.04.09 18:50:00 -
[7] - Quote
You should've made a hacking contest while forums were at beta testing stage, winners get PLEX for each exploit! |
Usagi Tsukino
Stimulus Rote Kapelle
2
|
Posted - 2011.04.09 18:51:00 -
[8] - Quote
While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious. |
Miilla
Hulkageddon Orphanage
28
|
Posted - 2011.04.09 18:52:00 -
[9] - Quote
Usagi Tsukino wrote:While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious.
Well they where stupid to use their own account and own IP, smart people would not brag about it and just use a VPN and a plex paid account. |
Akita T
Caldari Navy Volunteer Task Force
241
|
Posted - 2011.04.09 18:53:00 -
[10] - Quote
PUT THIS JUNK BACK IN TEST//BETA AND REOPEN THE OLD FORUMS. This forum is MONTHS before "ready".
|
|
ChronoSphere
Sturmgrenadier Inc Sturmgrenadier Syndicate
2
|
Posted - 2011.04.09 18:53:00 -
[11] - Quote
i almost registered an account on **********.... almost.
EDIT: that name is still banned? LoL. CCP really, the T20 fiasco happened how many years ago and you're still butthurt over it? |
Elyssa MacLeod
GloboTech Industries
0
|
Posted - 2011.04.09 18:53:00 -
[12] - Quote
Guess this is where we have to talk about this as Navigator is locking all other threads about it |
Froosh
Consolidated Capsuleers Protectorate Armada Assail
1
|
Posted - 2011.04.09 18:54:00 -
[13] - Quote
I spot some fail. |
Akita T
Caldari Navy Volunteer Task Force
241
|
Posted - 2011.04.09 18:54:00 -
[14] - Quote
ChronoSphere wrote:i almost registered an account on **********.... almost. Same here. |
Herschel Yamamoto
Agent-Orange Nabaal Syndicate
0
|
Posted - 2011.04.09 18:54:00 -
[15] - Quote
Aurora Fire wrote:What did You do to SHC ?!
They couldn`t figure out how to introduce gaping security flaws into phpBB, so they decided their only alternative was to shut it down entirely.
Lynn Deniera wrote:Hey you made Kugu the only active eve forum for a little. IRONY
Apparently they`re not worried about competition from www.**********.com, given that you can`t even link Kugutsumen`s name on Eve-O. |
Elyssa MacLeod
GloboTech Industries
0
|
Posted - 2011.04.09 18:55:00 -
[16] - Quote
Usagi Tsukino wrote:While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious.
But they have a long history of banning whistle blowers IE Kug (T20 incident) - he who cannot be named. I wish knew the guy who got banned's name so I could see if that name is censored on the forums now like Kug's was
|
|
CCP Sreegs
C C P C C P Alliance
90
|
Posted - 2011.04.09 18:55:00 -
[17] - Quote
John Aubrey wrote:If your temp. solution was to remove signatures completely, wouldn't it have been possible to restore the forums several hours ago?
That was not the only issue that was discovered in testing. I'll be writing a full blog on it when I'm finished with some other research, to be released either tomorrow or Monday. |
|
Miilla
Hulkageddon Orphanage
28
|
Posted - 2011.04.09 18:55:00 -
[18] - Quote
GûäGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûäGûÉGûêGûäGûäGûäGûäGûê GûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûîGûÇGûÇGûêGûêGûÇGûÇ GûêGûêGûêGûêGûäGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûäGûäGûê GûäGûäGûäGûäGûäGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûêGûÇ
Can i has this as my signiture please? Can CCP manually add sigs? |
Miilla
Hulkageddon Orphanage
28
|
Posted - 2011.04.09 18:57:00 -
[19] - Quote
perhps this was all a ploy so CCP can charge for signitures using PLEX? |
Elyssa MacLeod
GloboTech Industries
0
|
Posted - 2011.04.09 18:57:00 -
[20] - Quote
Herschel Yamamoto wrote:
Apparently they`re not worried about competition from www.**********.com, given that you can`t even link Kugutsumen`s name on Eve-O.
You used to not even be able to SAY it on EVE-O oh no! theres another breach!!! BANHAMMER INCOMING!! |
|
ChronoSphere
Sturmgrenadier Inc Sturmgrenadier Syndicate
2
|
Posted - 2011.04.09 18:59:00 -
[21] - Quote
Elyssa MacLeod wrote:Usagi Tsukino wrote:While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious. But they have a long history of banning whistle blowers IE Kug (T20 incident) - he who cannot be named. I wish knew the guy who got banned's name so I could see if that name is censored on the forums now like Kug's was
Catari Taga was the name of the dude who told CCP in a humorous way the issues with their forums. |
Akita T
Caldari Navy Volunteer Task Force
241
|
Posted - 2011.04.09 18:59:00 -
[22] - Quote
CCP Sreegs wrote:That was not the only issue that was discovered in testing. I'll be writing a full blog on it when I'm finished with some other research, to be released either tomorrow or Monday. I'm guessing admitting these forums are not even close to ready for actual deployment would be too much to ask, eh ?
|
|
CCP Sreegs
C C P C C P Alliance
90
|
Posted - 2011.04.09 19:00:00 -
[23] - Quote
Elyssa MacLeod wrote:Usagi Tsukino wrote:While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious. But they have a long history of banning whistle blowers IE Kug (T20 incident) - he who cannot be named. I wish knew the guy who got banned's name so I could see if that name is censored on the forums now like Kug's was
Anyone wishing to report a security issue correctly, with detail and without breaking any laws or causing any harm is welcome to send an email to [email protected] or file a petition. The best way to do so is an email to that address. Provided the above requirements are met nobody ever has to worry about their accounts. |
|
Elyssa MacLeod
GloboTech Industries
0
|
Posted - 2011.04.09 19:00:00 -
[24] - Quote
ChronoSphere wrote:Elyssa MacLeod wrote:Usagi Tsukino wrote:While I can understand why you might find it necessary in the short term, in the long term I hope CCP will reconsider any 'disciplinary' action taken against those who - while exploiting; for lulz of course - also brought the problem to your attention. I might have been handled better on their end, but all things considered, intent was not malicious. But they have a long history of banning whistle blowers IE Kug (T20 incident) - he who cannot be named. I wish knew the guy who got banned's name so I could see if that name is censored on the forums now like Kug's was Catari Taga was the name of the dude who told CCP in a humorous way the issues with their forums.
Huh guess mentioning his name isnt hitting the filter yet lol
Is it me or can you type faster than the letters appear on the screen? |
Mibad
DOUBLE IDENTITY
40
|
Posted - 2011.04.09 19:01:00 -
[25] - Quote
Sucks for the dude that got banned... Hope it's not permanent.
I read that he petitioned the flaws in the system before playing with it for giggles. And that he found people were already abusing these flaws. Did those people also get banned? |
Elyssa MacLeod
GloboTech Industries
0
|
Posted - 2011.04.09 19:03:00 -
[26] - Quote
Mibad wrote:Sucks for the dude that got banned... Hope it's not permanent.
I read that he petitioned the flaws in the system before playing with it for giggles. And that he found people were already abusing these flaws.
Yeah I heard that too. Like every other game developer ever, the put up a beta than igore their beta testers.
Great example of this is a game called Star Trek Online lol |
Siiee
Recycled Heroes
3
|
Posted - 2011.04.09 19:05:00 -
[27] - Quote
CCP Sreegs wrote: That was not the only issue that was discovered in testing. I'll be writing a full blog on it when I'm finished with some other research, to be released either tomorrow or Monday.
Good luck Sreegs, looks like you're gonna have your hands full |
Miilla
Hulkageddon Orphanage
28
|
Posted - 2011.04.09 19:06:00 -
[28] - Quote
Its offical, Eve is dying? |
Ban Doga
Plain Vanilla
21
|
Posted - 2011.04.09 19:08:00 -
[29] - Quote
CCP Sreegs wrote:John Aubrey wrote:If your temp. solution was to remove signatures completely, wouldn't it have been possible to restore the forums several hours ago? That was not the only issue that was discovered in testing. I'll be writing a full blog on it when I'm finished with some other research, to be released either tomorrow or Monday.
Mandatory "Test before deployment - not after" post. Better luck next time, you definitely need it!
*EDIT* I hope you realize what kind of damage this little stunt has done to your credibility in handling security issues. |
Akita T
Caldari Navy Volunteer Task Force
241
|
Posted - 2011.04.09 19:08:00 -
[30] - Quote
CCP Sreegs wrote:Anyone wishing to report a security issue correctly, with detail and without breaking any laws or causing any harm is welcome to send an email to [email protected] or file a petition. The best way to do so is an email to that address. Provided the above requirements are met nobody every has to worry about their accounts. So, the first one to report it feels his job is done, and keeps his mouth shut. Meanwhile, several others that are far less scrupulous, far less honest and far more subtle keep wreaking havoc. The first one is still sitting quietly is twiddling his thumbs waiting for CCP action that is just not coming and gets angrier and angrier. Seriously, history has proven again and again that WARNINGS about critical failure points are simply not heeded by CCP because "it's not a priority", and SOMEBODY needs to SHOW that IT REALLY IS a priority for something to start happening any time soon. Like, say, the guy who actually reported it and is at the end of its patience because of CCP's inaction. And of course, those people end up banned... while the others MIGHT get away with it. Sarcasm mode on : yeah, that's the spirit !
|
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |