+ Reply to Thread
Page 11 of 17 FirstFirst ... 7 8 9 10 11 12 13 14 15 ... LastLast
Results 151 to 165 of 246

Thread: TRION: Your account security is a JOKE!

  1. #151
    Rift Chaser lcl22's Avatar
    Join Date
    Mar 2011
    Posts
    389

    Default

    Quote Originally Posted by lcl22 View Post
    not to be an ***, and im sorry if you have tought of this, but is your isp asiggning you different external ip's everytime you reset your modem?

    if so , a change on theri side, meaning a change in your external ip , could have triggered a valid red flag on their end, and as such doenst mean you are hacked and actually means its working as intended..

    just check your ips and make sure its a static EXTERNAL one , cuz that is what trions game servers see
    cant edit:
    in any case, reread, and i realized you did get hacked, im sorry about that, good luck getting your account back secured

    on a side note, it got me thinking , most of us are using external sites for our builds and talent calculators, a perfect setting for a hacker to lay their keyloggers, a place where tons of people will go chek their builds on a new game, especially considering , there are so little rift sites out there still..

  2. #152
    Ascendant Masta Squidge's Avatar
    Join Date
    Feb 2011
    Posts
    1,481

    Default

    Quote Originally Posted by lcl22 View Post
    cant edit:
    in any case, reread, and i realized you did get hacked, im sorry about that, good luck getting your account back secured

    on a side note, it got me thinking , most of us are using external sites for our builds and talent calculators, a perfect setting for a hacker to lay their keyloggers, a place where tons of people will go chek their builds on a new game, especially considering , there are so little rift sites out there still..
    Zam has one already up and running. I would trust that over anything else short of the official site.


    Of course, even they have had malicious ads placed on their sites in the past, best bet is to simply run adblock/noscript.

  3. #153
    Telaran
    Join Date
    Feb 2011
    Posts
    79

    Default

    Quote Originally Posted by Stormbow View Post
    Anti-virus update attempted: No update available.
    Anti-malware update attempted: No update available.

    Anti-virus scan completed: No infections found.
    Anti-malware scan completed: No malware found.

    Not that I'm even remotely surprised.
    Me neither, seeing as how you've already said you're using the AV/AM tools built into Win7. Free Clue, Mister I Know Everything About Internet Security So It Can't Be My Fault - if your antivirus doesn't update its database several times a day at least, you'd be better off with nothing. At least then you'd know you had to install proper security, and maybe have the sense to stay off the net entirely until you did.

    Internet security is like sex. Always make sure you know your partners are safe, and always use one or more recognised forms of protection from a certified manufacturer. If, on the other hand, you choose to act like the OP and go in bareback on half a dozen Bangkok ladyboys, don't come running to me for sympathy when you test *** positive.

  4. #154
    Soulwalker Mnemnosyne's Avatar
    Join Date
    Feb 2011
    Posts
    14

    Default

    Trion IS at fault for some things, even if it is unlikely their account server got hacked.

    For instance, the username is an email address. This is stupid and insecure, since most people use their email address for more than one thing, often on fansites dedicated to the game - many of which are fronts run by gold selling companies that are used specifically for gathering usernames/passwords to try on the game accounts. By requiring email address to be my password, most users are being required to GIVE half of their login information to those attempting to steal their accounts.

    The forums use the same login as the game itself. Again, insecure. The forums shouldn't use the same login, and worse, as far as I can tell there is no lockout for number of login attempts. This means that, since they already have an email address to try as a username, they can attempt to brute force a password by tossing multiple login attempts.

    There are things we can do to protect ourselves further - for instance, I created a unique email account that is used only for the game, and if I ever see anything else come through on that account that isn't from Trion, I can change my login to another email. But most users aren't security-conscious enough to do something like this.
    -Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
    Ailanreanter, Arcanaloth

  5. #155
    General of Telara Siegmund's Avatar
    Join Date
    Jan 2011
    Posts
    863

    Default

    Quote Originally Posted by Stormbow View Post
    I was just playing and got kicked out with the message that I'd been logged in on another instance. Click OK to reconnect? HELL YEAH!

    /snip

    I know that I am not the first person here to have an account hacked, already, and I am absolutely certain I will not be the last.
    I can say with 100% certainty that the odds Trion got hacked vs you doing something stupid is about 10000000000000000000000000000000000000000000000000 00000/1

  6. #156
    Soulwalker Oroborous82's Avatar
    Join Date
    Mar 2011
    Posts
    13

    Default

    Looks like the kiitten hackers started messing with the Rift accounts too..I know they could get you through e-mails but what are other ways they can steal your account info?

  7. #157
    General of Telara Siegmund's Avatar
    Join Date
    Jan 2011
    Posts
    863

    Default

    Quote Originally Posted by Mnemnosyne View Post
    Trion IS at fault for some things, even if it is unlikely their account server got hacked.

    For instance, the username is an email address. This is stupid and insecure, since most people use their email address for more than one thing, often on fansites dedicated to the game - many of which are fronts run by gold selling companies that are used specifically for gathering usernames/passwords to try on the game accounts. By requiring email address to be my password, most users are being required to GIVE half of their login information to those attempting to steal their accounts.
    1. You can make a new e-mail account just for the game.
    2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
    3. What the hell are you talking about e-mail being your password?
    4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.


    The forums use the same login as the game itself. Again, insecure. The forums shouldn't use the same login, and worse, as far as I can tell there is no lockout for number of login attempts. This means that, since they already have an email address to try as a username, they can attempt to brute force a password by tossing multiple login attempts.
    This is beyond stupid. The forums are on the same authentication servers. I am sure the admins won't notice the 10000 sequential attempt on your password. The odds of getting brute forced are beyond minuscule unless you use doggod as a password.

    People get keylogged.

    There are things we can do to protect ourselves further - for instance, I created a unique email account that is used only for the game, and if I ever see anything else come through on that account that isn't from Trion, I can change my login to another email. But most users aren't security-conscious enough to do something like this.
    You solved the problem from your first point. That is the users responsibility, not Trions.

  8. #158
    General of Telara Siegmund's Avatar
    Join Date
    Jan 2011
    Posts
    863

    Default

    Quote Originally Posted by Oroborous82 View Post
    Looks like the kiitten hackers started messing with the Rift accounts too..I know they could get you through e-mails but what are other ways they can steal your account info?
    Any method that would allow them to put a keylogger on your computer.

  9. #159
    Plane Touched Taemien's Avatar
    Join Date
    Feb 2011
    Posts
    288

    Default

    OP, if they spoofed your password, they've also got your MAC Address and IP address that they can use alongside, so restricting it based on IP address is redundant. Its much harder to get a password then an IP addy.

    Depending on the forums used, you can get your IP addy known by anyone there.

    Passwords are usually stolen by Keyloggers. How does a Keylogger get on your computer?

    **** sites?
    Warez sites?
    Limewire?
    Viral-infected Emails?

    Sometimes one of the above is true.

    But actually you are getting them from Google.com, Microsoft.com, Cnn.com, MSNBC.com, or any other mainstream website. But not from the website themselves.

    These websites contract ad agencies to do their advertisements for them using flash banners usually. They let these agencies control what goes in that spot.

    These ad agencies aren't stealing your passwords either now. But they are less stringent on what goes on these ads. As in they fix the bad ones reactively instead of proactively. And usually only when there is a complaint. This is assuming people know the source of said keylogger.

    Lets say one of Google's advertisements gets a bad egg. Lets say it isn't caught for say... 6 hours. How many people do you think just got that bad piece of malware before it was caught? Usually Malware Bytes or Anti-virus catches it. But lets say 5% don't. Thats still a large number of people.

    Are we just SOL? No.. we're not. The advertisement agencies are. Send them a message by using Firefox with AdBlock and NoScript addons. You'll never see these banner ads, it will block them before they can be displayed and possibly put a keylogger on you.

    In addition you won't see those ads on free guild sites or the fansites with information about the game. The downside is if everyone does this, the agencies will go bankrupt and cause the sites they support to go down. But it should be up to them to Proactively scan their ads for malware. We shouldn't have to run our scans each time we visit their website and pray there isn't something that will slip through.

  10. #160
    Ascendant the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    Quote Originally Posted by Siegmund View Post
    1. You can make a new e-mail account just for the game.
    2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
    3. What the hell are you talking about e-mail being your password?
    4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.
    Er.

    User name/password are in principle a combination of which you need both to get anywhere. Account names are not supposed to get transmitted in plain text for secure authentication. Stored, yes, making them somewhat less secure than passwords, but they can still be a component of security.

    Separating user name from email address would, indeed, improve security.

  11. #161
    Plane Touched
    Join Date
    Jan 2011
    Posts
    201

    Default

    I just got an attempted infection from a link to imageshack off a stickied thread. If you get a popup from any of these sites, do not click a button or even on the X in the upper right corner. Go into task manager and end the task. Even clicking on the X can infect you. It was an amusing attempt, telling me AVG had found suspicious activity. I do not use AVG.

  12. #162
    Champion
    Join Date
    Feb 2011
    Posts
    550

    Default

    Stop and think for a moment. If the issue would be at Trion's side would not pretty much everyone have been a victim?

  13. #163
    General of Telara
    Join Date
    Jan 2011
    Posts
    925

    Default

    Sorry but i am not going to stop browsing **** for this game.

    Give us authenticators please.
    Quote Originally Posted by Lmaoboat View Post
    I drew a nice picture of some mountains today. It, too, looks good on paper.

  14. #164
    Soulwalker Eledemar's Avatar
    Join Date
    Feb 2011
    Posts
    14

    Default

    Quote Originally Posted by Siegmund View Post
    1. You can make a new e-mail account just for the game.
    2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
    3. What the hell are you talking about e-mail being your password?
    4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.




    This is beyond stupid. The forums are on the same authentication servers. I am sure the admins won't notice the 10000 sequential attempt on your password. The odds of getting brute forced are beyond minuscule unless you use doggod as a password.

    People get keylogged.



    You solved the problem from your first point. That is the users responsibility, not Trions.
    I'm not supporting the OP here, for clarification.

    2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
    4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.


    First, try logging in WITHOUT entering your username. If someone doesn't know your username they have to guess two things to bypass security. Second, username SHOULD ALSO be encrypted and a third numeric 4-digit PIN should also be associated with the account. Username & password security are years old; time to add one more step to limit common hackers.


    3. What the hell are you talking about e-mail being your password?


    I'll assume this person meant 'username' and this was a typo.

    The forums are on the same authentication servers

    All the more reason to have SEPARATE forum accounts with a relation to a main account. Also, all the more reason to have different logins for the Trion account management and the RIFT authenticator. I should only use my Trion login to access my account information, a Forum login to participate here, and a RIFT login to authenticate in the launcher. Would that be inconvenient for many? YES, and if it is inconvenient for many players it ups the chance that it would be inconvenient for common hackers. Anyone with 5.95 on a prepaid card (heck even free really) can set up a 'fan-site' and add loggers and viruses --not to mention shady advertisers.

    To play the other side, it IS our responsibility to be security-aware when we use the internet. And many times security is circumvented in the most basic way. If you all haven't seen this video in the past I suggest watching it in length now (http://video.google.com/videoplay?do...4376898701015#). It is kinda funny but you just may be shocked how STUPID all you people calling the OP stupid really are when it comes to your own security. It's not always about getting keylogged or letting your wife know your password...

  15. #165
    Telaran TripleX's Avatar
    Join Date
    Feb 2011
    Location
    Oklahoma
    Posts
    94

    Default

    Quote Originally Posted by Kanzel View Post
    You are considered personally responsible for all information used to access your account. Trion is not at fault for you being incapable of viewing proper security measures in maintaining that information.

    Perhaps in the future you should use more discretion while browsing redtube.

    Quoted for truth.
    ~~Triple~~

    Former Monarch in Asheron's Call (The Gathering on Solclaim) for 5 years.
    Former GM of Casual Raiding guild in WoW (6 years). http://www.wowno.com
    GM of Novus Orsa guild on Shatterbone. http://www.therifts.com

+ Reply to Thread
Page 11 of 17 FirstFirst ... 7 8 9 10 11 12 13 14 15 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts