| Pages: 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 .. 15 :: one page |
| Author |
Thread Statistics | Show CCP posts - 16 post(s) |
dralid maximus
M. PIRE
   |
Posted - 2007.10.20 06:41:00 -
[211]
 Originally by: Kayna Eelai
Originally by: ISD Rauth Kivaro
As a security wonk in my real life:
In a security breach situation, it's pretty much standard practice to shut down and say absolutely nothing until you're totally certain you have the situation in hand. Any leak of information can potentially magnify the problem.
It may seem draconian but when you have as much at stake as there is here, it's logical.
1) if you're such a security wonk, how comes your system was not secure enough?
2) I doubt that it's a "much standard practice" to shut down. it depends much on situation, what company you are and what customers you have.
as we've seen in this post, there is many people they don't really give a flying crap about customer service or how many hours they were left without the service they pay for and/or without communication... but other companies might think different and prefer to stay online to give service and have a expert security team hotfixing the problem.
one of my companies customer is one of spains biggest insurance firm. if they have a security breach i am pretty sure they would not dare take the system offline and have all their offices and customers without "system" or without "info". they will take the risk, keep running, their expert team "counter-hacking" and hotfixing, and afterwards they'll take all responsabilities that have to apply. be it leaked information, lost data (which due hot-backup is easy to recover anyways) and fire whoever they have to fire.
so... i don't think it's a "general strategy" to turn off.
On 9/11, didn't the US government stopped ALL airtraffic so they could find out what was happening and to stop it from happening again?
|
Torshin
Prophets Of a Damned Universe
|
Posted - 2007.10.20 06:46:00 -
[212]
Originally by: dralid maximus
Originally by: Kayna Eelai
Originally by: ISD Rauth Kivaro
As a security wonk in my real life:
In a security breach situation, it's pretty much standard practice to shut down and say absolutely nothing until you're totally certain you have the situation in hand. Any leak of information can potentially magnify the problem.
It may seem draconian but when you have as much at stake as there is here, it's logical.
1) if you're such a security wonk, how comes your system was not secure enough?
2) I doubt that it's a "much standard practice" to shut down. it depends much on situation, what company you are and what customers you have.
as we've seen in this post, there is many people they don't really give a flying crap about customer service or how many hours they were left without the service they pay for and/or without communication... but other companies might think different and prefer to stay online to give service and have a expert security team hotfixing the problem.
one of my companies customer is one of spains biggest insurance firm. if they have a security breach i am pretty sure they would not dare take the system offline and have all their offices and customers without "system" or without "info". they will take the risk, keep running, their expert team "counter-hacking" and hotfixing, and afterwards they'll take all responsabilities that have to apply. be it leaked information, lost data (which due hot-backup is easy to recover anyways) and fire whoever they have to fire.
so... i don't think it's a "general strategy" to turn off.
On 9/11, didn't the US government stopped ALL airtraffic so they could find out what was happening and to stop it from happening again?
ya for like 3 days
-------------------------------------------
Backdoor Bandit - Unofficial leader of the new 'Post with your main or STFU' campaign.
I'm Shinra and I'm the champion of Eve. |
Moron2007
|
Posted - 2007.10.20 07:00:00 -
[213]
Great work CCP! Shutting down was all you could do. I agree.
Back to business....
|
Vaarmoth Malinigvious
Destructive Influence
Band of Brothers
|
Posted - 2007.10.20 07:00:00 -
[214]
Originally by: Unbeliever Kresmoreen
Originally by: KalEl Trask
I'm a hugely egocentric douchebag with a superiority complex.
Fair enough.
agree'd!
The one thing that is certain is that with every DT like this some little IT student will come to pretend to be a network god.
As far as this poster quoted above (and thankfully edited) is concerned EVE has the importance of financial and military networks. I think someone takes this GAME far too seriously.
|
bellator militaris
|
Posted - 2007.10.20 07:00:00 -
[215]
These persons should be hunted down and broght to justice. The players of Eve demand no less. So many people have spent so much time in this universe. Their are very talented people out there who can hunt these criminals down. We hope you use them to find these hackers. Bellator Militaris.
|
bellator militaris
|
Posted - 2007.10.20 07:02:00 -
[216]
Originally by: Rhaven
section 12 of the EULA says it all.....
12. NO WARRANTIES
The Software, System, Game and all Game Content, and all other services and material provided in connection therewith, are provided "AS IS," with all faults, and without warranty of any kind. You assume all risk of use and all risk associated with accessing the System and playing the Game.
CCP disclaims all warranties, whether express or implied, including without limitation the warranties of merchantability, fitness for particular purpose and non-infringement. There is no warranty against interference with your enjoyment of the Game. CCP does not warrant that the operation of the System or your access to the System, or that your use of the Software, will be uninterrupted or error-free, nor that the System or Software will be compatible with your hardware and software.
While CCP attempts to have the System available at most times, CCP does not guarantee that the System will always be available, or that the System will not become unavailable during Game play. The System may become unavailable for a number of reasons, including without limitation during the performance of maintenance to the System, for the implementation of new software, for emergency situations and due to equipment or telecommunications failures.
Excellent Post. Bellator Militaris SPQR.
|
RoCkEt X
Caldari
The Order of Chivalry
Nex Eternus
|
Posted - 2007.10.20 07:05:00 -
[217]
I must admit, aside from being half way through a mission, losing mission bonus (thats sarcasm btw.) i lost about 8 hours skill training, further more:
*server is closing message*
*server will be back up in 10mins after reeboot*
RoCkEt X > Oh NUTZ!!!
*me docks up*
*server goes down*
*me waits 10 mins*
RoCkEt X (on vent this time)> hey guys is server still down by you?
FriendAonvent > Yeah... shouldnt be too long tho.
FriendBonvent > heh, and you reckon.
*1 hour later after eating cheese + ham sandwhich*
RoCkEt X (vent still)> Anyone here?
*everyone is afk*
*10 hours later - server still down, everyone logged off vent*
*Downstairs for lager*
Mum > hey why aint u on eve?
Me > its down. CCP having house party in server room. they'll fix it soon i hope, they're normally good at this sort of thing.
*2 hours later*
/me goes to bed.
*next morning*
/me wakes up and logs in.
*WOHOO!!! EVE IS RUNNING! \o/*
. . . lag and all =D.
Good job on fixing it. altho i still think, the forums, ur only means of communication with the large proportion of eve, should be kept on a separate server, so we can find out what is going on and if the server is likely to be up before we fall asleep.
Also skill training list is a good idea, please implement into game!
-cheers.
RoCkEt X.
|
Jollygood69
|
Posted - 2007.10.20 07:08:00 -
[218]
It's never easy to predict security issues and hackers always seem to be one step ahead.
There are ofcourse many ways to atleast minimize the risk beside the obvious ones.
But one thing that atleast hits me is why CCP have (or so it seems atleast) their eve-online site/database on the same server and/or network?
Now THAT is a security risk (if that's the case).
The webserver should be placed on a completely different site with it's own network with firewall...etc...etc.
Beside the already meantioned security risk this have several other positive effects:
- Information! You can accualy give out information and current status of the situation
- Rumors! You stop rumors that way
- Service! Yeah, I know the subject have already been focused on several times and I have read the disclamers but in any case we are paying for this game every month and any service oriented company should strive to atleast inform their customers asap whats going on
Oh, and I necessaraly don't mean completely other location by site. It can stil be in the same building but it should be isolated in seperate servers,rooms and network connections.
I stil think that CCP did what should and could be done in a situation like this.
|
Zebny
|
Posted - 2007.10.20 07:13:00 -
[219]
do we get a free day for missing the entire day, i should think so ?
we payed for friday server was offline all day..?? common sence would say we should get a free day, but ccp and common sence dont go hand in hand, everything on one server :p hope some lessons have been learned nah its ccp doubt it.
|
bellator militaris
|
Posted - 2007.10.20 07:30:00 -
[220]
Edited by: bellator militaris on 20/10/2007 07:32:18
Originally by: KalEl Trask
I'm sorry,
This kind of downtime is unexcusable.
I work in an IT support department with over 2000 servers online.
We have to account for any type of downtime over SLA (Service Level Agreement.)
I have 3 characters ($45/month) that I pay for on this service.
The idea that the forum/customer support servers are on the same cluster as the game/databse servers is absolutely/totally absurd!!
This is a complete F@@@up on the companies support line.
There is no reason that the account/credit information is not kept on a completely independant system!!
There should be one way flow with the database/character information.
Is this account active? (Yes/No)
Simple firewall rules should make this happen.
In the environment I support, our client's expect our uptime to be 100% except for the monthly MS sucurity patch reboots!!.
I support the second largest network next to the Department of Defense in the US.)
We are expected to account and compensate for any additional downtime.
This is one of the few MMORGP games that actually schedules consistent downtime/maintenance. Which from an IT standpoint I thins is completely acceptable and applauded.
Unfortunately it seems the downtime/emergency maintenance on this network is an ongoing/recurring issue.
Take for example (3 characters * 9 hours downtime = 18 hours)
When am I going to start getting reimbursed for this additional time?
Time to either start compensating the players for all of the unscheduled downtime or start implementing some real network redundancy!!
I guess you told them! 
|
Sable 111
|
Posted - 2007.10.20 07:41:00 -
[221]
Originally by: Fifinella
Originally by: CCP Wrangler
#eve-chaos, #eve and #eve-radio. We also set up a special channel called #eve-announce where people could be sure that what was said was the official news and no rumors.
Now then, are we ready for the 64,000 dollar question? Here goes: Which ircnet are those channels on?
The channels are located on the irc://irc.coldfront.net network. as well as news that apples to eve at http://eve.coldfront.net, this while being an older form of communication is still very use full as there where almost 900 people connected at that time, The only break down of communication was the lack of people that know about the IRC network, in witch it is posted on the forms and has been for at very least the last 2 years, (while I have been a member) So now you know where to go should this happen again.
Also Great job CCP Glad to see the server back up and running.
|
Whoa Bundy
hirr
Morsus Mihi
|
Posted - 2007.10.20 07:54:00 -
[222]
Originally by: KalEl Trask
Take for example (3 characters * 9 hours downtime = 18 hours)
When am I going to start getting reimbursed for this additional time?
Are you serious? You realize at 14.99 per 30 days, 18 hours is about 38 cents right? 
....................
Speed tank works very well... That's because your target can't hit you as your sorry butt tucks your tail between your legs while you wail out into the distance, sissy boy |
Vinchester
|
Posted - 2007.10.20 07:56:00 -
[223]
and u all actually believed this 
|
Spongargh
|
Posted - 2007.10.20 08:04:00 -
[224]
shoot, as much as the server goes down 38cents can add up
|
M'Hurl Torps
|
Posted - 2007.10.20 08:12:00 -
[225]
CCP should really kept the server down until DT today. Euro timezone players always get to draw the shortest straw somehow. Take the Bob towers in FAT that were saved for example.
Otherwise the right action was taken by CCP in case of a security breach. |
Jinnana
|
Posted - 2007.10.20 08:12:00 -
[226]
I would like to say thank you to ccp for making me lost 18 hours of skill training. Thx again ccp
|
Azzprun
|
Posted - 2007.10.20 08:40:00 -
[227]
.
As has been said many times before, how about a skill que. 
The day i start doing the many short training skills that has been building up, this happens  and two of my characters lose many hours due to some cheat. I have a great sence of timing. 
Make the cheat pay with blood if you can CCP. 
.
|
Cutie Chaser
Gallente
|
Posted - 2007.10.20 08:40:00 -
[228]
Originally by: Kazuma Saruwatari
Now whoever perpetuated the unauthorized hack into the DB, hit him with a supoena for damages caused
Yeah, with all those refunds for downtime issued to customers this could end up costing them a pretty penny...
Oh wait, CCP makes the same cash income whether or not the server is running smoothly or **** up :P
Thanks to the might EULA the server could be down an entire month and we'd still be shucking out 14.95 in our respective local currencies.
***
Thats a Templar, the amarr fighter. Its a combat drone used by carriers. |
Umit Davala
Corpus PCG
The State
|
Posted - 2007.10.20 08:45:00 -
[229]
Oh good, the trolls have woken up
|
Bistot Kid
The First Thing You'll Ever See
|
Posted - 2007.10.20 08:51:00 -
[230]
Originally by: Ray Shroff
I always see posters like you and laugh on their posts, looks like you are having lots of fun in RL enjoy it, seriously if any one wants to raise the issue about skill training time lost due to incidence like this people like you come and say bla bla you don't have RL , you are whining and stuff but that doesn't mean some one is having less RL enjoyment, or is whining. Someone who lost their skill training time like this and want some thinking from CCP towards this problem and it is not first time this sort of thing happened and nor will be last.
Some people say train for longer skill training time while patch is deployed or some scheduled work is going on, it is perfectly fine and people should set longer skill training time.
But in case of "long" unexpected shutdowns like this CCP should think about it after all it's not our fault for problems like this and if it is discussed there might be some ways to counter it. Honestly i think many CCP guys are wise and they know this is a problem but none is coming forward to answer any post or at least say why it is not possible to even discuss about it.
Now start flaming my guys, but it has to be said.
You misunderstand me. I'm not inferring that people don't have interesting and fulfilling real lives at all.
I'm saying that if someone thinks that losing training time is anything more than the slightest of minor annoyances, then they need to step back away from the game and consider if their life is revolving around Eve too much.
It wasn't down for long at all really, what was it ... 6 ... 9 hours? So the most anyone could have lost was 9 hours, even if their skill ended the second the servers went down.
As the old advertisement went, don't make a drama out of a crisis!
---------------------------------
Dyslexics of the World Untie!
--------------------------------- |
La Dudette
|
Posted - 2007.10.20 08:51:00 -
[231]
I hope you give the information you find to the police.
If my business had your subscriber base, I would.
|
Savage Creampuff
Caldari
Lockheed Technologies Inc
Hydra Alliance
|
Posted - 2007.10.20 08:55:00 -
[232]
Originally by: Jenny Spitfire
I think you guys should be thankful CCP turned off their whole infrastructure. The last thing you want is someone else download your billing details.
The downtime wasn't that long.
Signed.
Why can't everyone post constructive intelligent posts like Jenny does?
Thank You CCP for your commitment and integrity.
Quote:
I've sent in plenty of petitions but it seems that CCP just doesn't care about me. Without knowledge of market dynamics theres no way I can compete with these griefers
|
Xooja
The Illucian Syndicate
Sylph Alliance
|
Posted - 2007.10.20 08:58:00 -
[233]
Edited by: Xooja on 20/10/2007 09:02:21
Originally by: Madelchai
CCP chose to pend their time fixing the problem, rather than trying to update people every 15 minutes. And good for them, they handled it the right way.
In the event of a major incident a team is typically formed to co-ordinate activities, and the people fixing the problem are not the ones also tasked with keeping customers informed.
Communicating with customers would have had no time impact on fixing this problem (internally there would be status updates going up from the people fixing the problem to management already).
In the event of a major outage you have to have some way to communicate with your customers (in this case 'server is down, we are working on it'). As it is at present, if EVE has a total shutdown, so does the only method of official communication as they are all on the same system and there is no backup communication method.
|
Jack Rowanburn
Ascent of Ages
Dark Matter Coalition
|
Posted - 2007.10.20 09:01:00 -
[234]
Originally by: Umit Davala
Oh good, the trolls have woken up
Indeed.
I for one am glad they bought the servres down to fix the problem, yes I lost a couple of hours skill training but lets be honest, that pales in comparison to what could have been lost due to a rollback or if the issue affected player items.
Another thing to bear in mind is that noone outside of CCP knows where exactly this breach occured. They'd be singing a different tune if there were personal information available. You don't need bank details to screw someone over irl, just a name and address will do. And before someone says that "you cant see this that or the other from here or there" There has to be some kind of link, however infinitismal, between your game account and personal details.
In short, get the hell over it. The EULA says they can stop eve instantly without prior notice and never bring the servers up again. YOU agreed to it when you signed up.
-------------
Freedom is the right of all sentient species - Optimus Prime |
Bradley Eltoch
|
Posted - 2007.10.20 09:02:00 -
[235]
While I appreciate the need for customer service (I myself deal with both sides frequently in internet business) I applaud CCP for their guts to go midnight.
I myself host my own website, on my own servers, using only facilities and backbone connection from another company. I expect that company to provide me with reliable access to that backbone, but if they discover a security breach in their systems, I pray they will (and have actually once before) take down the entire facility. This is called containment.
Let's review so far:
Containment: The act of preventing further damage, done by going midnight, and, in many cases, only admit to the systems being down, absolutely nothing else.
CCP: Shutdown. Admitted to the system being down by it not being up... Said absolutely nothing else. CCP contained the damage.
When my server has a problem, and my customers, who expect it to be up for access to my services through my website, can't get access, they  cope! My customers have a little faith in what they have purchased from me, and know that they are not being given the shaft, but are actually going to know, eventually, what is going on. The previous time that the facility went midnight, I was notified by email and phone. I in turn was aware of the problem, and knowing what it meant, I did NOT tell my customers.
Let's review again.
Custmer service VS Containment: Containment wins with the end all, take all security card. When you store important PERSONAL data, you do NOT play with containment.
CCP: Chose containment over customer service, and WHEN POSSIBLE, provided the most complete explanation reasonable. Not ONCE did they even hint that they didn't WANT to tell us. They simply could not, and I am glad they didn't, because I don't want my cc number getting out.
Many people have spoken of an alternate "index.html" page that would have "solved" this. The fact is that even an index.html page wouldn't solve it. It would tell you what's going on, but the fact that that one page was up would instantly tell the hacker that ccp had found their entry and that hacker would have possibly made CCP's life much more miserable.
Final review
Midnight: A total blackout, often seen in hacker movies/games referring to the outage of the entire internet, but more commonly refers to an entire domain or facility taken into blackout.
index.html: Suddenly domain not midnight, mostly blacked out, but questions arise, DOOR STILL OPEN!
Containment: A necessary step in such situations, and well executed by CCP. Some servers such as government or major corporation servers cannot have downtime, and THEY and ONLY THEY will employ counter hacking and hot-fixing to provide containment. The most effective containment remains, and will always be, midnight.
Customer Service: Best served by security first. It is greater customer service to FIRST protect your data and THEN say, "We're really sorry, but this thing happened." And thus, Containment is necessary.
|
O'Doyle
|
Posted - 2007.10.20 09:22:00 -
[236]
I understand that things like this happen. I personally believe that ccp did the right thing shutting the servers down. But refusing to reply to anything about a skill queue really bothers me. I think a lot of people would be relieved to just hear a dev say it's still in the works. I know it's in the drawing board section, but it's been there for as long as i can remember.
There have always been "taboo" topics that the ccp employees stay clear of in the forums, it seems that talk of a skill queue can be added to the list.
|
Kayna Eelai
Gallente
GNATHIC
|
Posted - 2007.10.20 09:39:00 -
[237]
Originally by: Cadela Fria
* "expert team" doing "counter-hacking" and "hot fixing", saying things like this is one way proof that you have absolutely NO clue whatsoever about what you're saying.
you have a pretty big mouth for some1 who does not know crap.
i have "fought" against hackers myself with our hosting team, when our webhosting server got hacked due a mysql injection exploit. on that webserver are over 200 websites of customers, websites which are too important to take down.
we hotfixed mysql, we fixed a few things in the software firewall, we restored over 600 affected html pages and we also upgraded the php version to a newer one. all that without taking the server down a single second except for a reboot after the php upgrade.
and the most important: the customers had a hotline where to call to know what's going on AT ANY MOMENT.
and this is only one of the minor security breaches i've seen.
so, when you don't know about what or who you're talkin, STFU, ok?
fixed to 23.15 kB (23710 bytes) |
Kayna Eelai
Gallente
GNATHIC
|
Posted - 2007.10.20 09:49:00 -
[238]
Originally by: dralid maximus
On 9/11, didn't the US government stopped ALL airtraffic so they could find out what was happening and to stop it from happening again?
and didn't they also use ALL LTHEIR TV NETWORK to keep people up-to-date (even if most of the info they gave where bull****)?
THAT is exactly my point, not the fact the servers were down.
fixed to 23.15 kB (23710 bytes) |
Kayna Eelai
Gallente
GNATHIC
|
Posted - 2007.10.20 09:50:00 -
[239]
Originally by: Zebny
do we get a free day for missing the entire day, i should think so ?
we payed for friday server was offline all day..?? common sence would say we should get a free day, but ccp and common sence dont go hand in hand, everything on one server :p hope some lessons have been learned nah its ccp doubt it.
this is what blizzard would do. i doubt ccp will do it.
fixed to 23.15 kB (23710 bytes) |
Freaken Stain
R.u.S.H.
Red Alliance
|
Posted - 2007.10.20 09:51:00 -
[240]
We belive you CCP. Keep it going...
imo |
| |
|
| Pages: 1 2 3 4 5 6 7 [8] 9 10 11 12 13 14 15 .. 15 :: one page |
| First page | Previous page | Next page | Last page |