+ Reply to Thread
Page 1 of 14 1 2 3 4 5 11 ... LastLast
Results 1 to 15 of 209

Thread: Weekend Security Update

  1. #1
    CEO Hartsman's Avatar
    Join Date
    Apr 2010
    Posts
    87

    Default Weekend Security Update

    Hi, everyone -- I wanted to get an update out for the weekend after the last day of excitement around here.


    On last night's fix -- I'm very happy to confirm that we did fix a login vulnerability, with significant assistance from an extremely clever user.

    The root cause was a very subtle bug in error checking of our login validations deep in the server code. No personal information or any such was leaked out, and no outside attacker penetrated our servers, networks, or databases.

    We'd definitely like to thank Mr. ManWitDaPlan for the well-timed assist. Sir, we salute you and offer our most heartfelt thanks.


    The rest of what I'd like to add isn't to detract from the above well-deserved compliment, but it's important to include in the comprehensive picture.

    The sobering fact is that account security remains a multifaceted issue, as attacks from other sources continue.

    It's important to remember is that while a hole was identified and fixed as rapidly as we possibly could, there are still hackers and botnets trying account/password combinations from compromised web sites and past MMOs.

    They are doing this right now. Those attacks have been coming constantly since we launched the game. The only thing that changes are how many hundreds of computers are trying to get into your account at any given moment, where they're coming from, and how many are succeeding.

    We do block them as they are detected, but the fact that they are using distributed botnets (compromised computers from across the globe) means that this will remain something that we will continue keeping an eye on, forever.

    For users getting hacked this way, Coin Lock is currently doing its job protecting people's belongings, provided that your RIFT password and EMail password are both complex and entirely different.


    Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours.

    Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend.


    Then, with two-factor authentication coming very soon, we expect security to be improved even further.

    All totalled up, under 1% of accounts with characters have had characters impacted. However, 1% of a surprisingly large number is still very noticeable.

    Our staff has been, and will continue to be, working around the clock to get those impacted back in shape. We'll continue hiring on even more people to help people with issues of all kinds, as quickly as we can. (Another round of hires begin on Monday, and there will be even more to follow.)

    As always, thanks very much for your time, your attention, your assistance, and your patience!


    - Scott Hartsman
    Exec Producer, RIFT

  2. #2
    RIFT Community Ambassador the_real_seebs's Avatar
    Join Date
    Jan 2011
    Posts
    16,859

    Default

    I knew it. I shoulda bet people money that Trion would come out and say what happened and not cover it up.

    Every time people tell me that Trion will not be awesome, I should bet against them. I would be rich by now.

  3. #3
    RIFT Fan Site Operator Micajah's Avatar
    Join Date
    Apr 2010
    Posts
    304

    Default

    Quote Originally Posted by the_real_seebs View Post
    I knew it. I shoulda bet people money that Trion would come out and say what happened and not cover it up.

    Every time people tell me that Trion will not be awesome, I should bet against them. I would be rich by now.
    That's because Hartsman is the man. And if anyone doubts his validity as "the man" check out his PAX East picture. Bandanna and drink? Yes please.

    I'll get you another bottle next time I see ya.
    Last edited by Micajah; 03-19-2011 at 12:08 PM.
    Cody "Micajah" Bye
    Director of Content - ZAM
    ZAM RIFT Database
    ZAM's Rift Soul Calculator

  4. #4
    Soulwalker Hexa's Avatar
    Join Date
    Feb 2011
    Posts
    15

    Default

    Kudos to Trion for this.

  5. #5
    Champion Rallon's Avatar
    Join Date
    Dec 2010
    Location
    Reno, Nevada (PST)
    Posts
    503

    Default

    Good to know that no one got inside your servers and no personnel info was comprised.
    Please be nice to the trolls, it confuses them.

  6. #6
    Rift Disciple Nov8tr's Avatar
    Join Date
    Jan 2011
    Location
    Indianapolis, IN USA
    Posts
    146

    Default

    Thank you for admitting it was on your end. My opinion of your company has went up a great deal. Most companies would never have admitted it. I appreciate the hole being rapidly fixed. I am sad at so many people who had to be abused by loud mouthed, finger pointing morons. LOL, of course they will never admit they were wrong. They will just disappear. Again thank you for a great game and now back to playing.
    .................................................. .................................................. .................................................. .................................................. .........
    ..........Insert pic................This line for specs of my computer that no one cares about.
    ..........of some
    ..........effeminate..............This line for insightful quote from some dead guy here.
    ..........Korean
    ..........avatar.....................Now some comment from me that I think is witty.
    ..........here
    AND LAST OF ALL, SOME LINE IN BOLD CAPS TELLING HOW BAD I THINK I AM AND HOW YOU'RE NOT

  7. #7
    Plane Touched Anji's Avatar
    Join Date
    Feb 2011
    Posts
    299

    Default

    Thanks for the update Hartsman!!
    Quote Originally Posted by graill440 View Post
    Keep your mouth shut and your chubby fungers off the keyboard.

  8. #8
    Soulwalker
    Join Date
    Mar 2011
    Posts
    9

    Default

    Big Kudos for coming out and admitting you were at fault. Glad that Trion are shaping up to be a company that are honest with their fanbase.

  9. #9
    Shadowlander Mishni's Avatar
    Join Date
    Feb 2011
    Posts
    25

    Thumbs up

    Thank you for posting this! I really did not expect to see a post confirming the login vulnerability. My hats off to Trion for not covering this up

  10. #10
    Telaran
    Join Date
    Dec 2010
    Posts
    95

    Default

    Thanks for the straightforward no hidden aspect you have displayed. I am amazed at your forthcoming and glad that the security hole was found and fixed as quickly as it was. Luckily I didn't get hacked myself but I definately feel for those that did and now that this is fixed everything should be at least a little better. You will still have your phishing, keyloggers and brute force but everyone has to deal with those and not much can be done to eliminate those.

    So again Kudos to everyone.

  11. #11
    Shadowlander
    Join Date
    Dec 2010
    Posts
    35

    Default

    Trion, I tip my hat to you Good sir. This is why I play Rift, they are honest and they keep us up to date on any ongoing situations!

  12. #12
    Champion Korereactor's Avatar
    Join Date
    Sep 2010
    Location
    Texas, USA
    Posts
    324

    Thumbs up

    Thanks for rapidly taking care of this issue and for communicating well with the customer. As always, Trion, you guys ROCK.
    OS: Windows 7 Enterprise 64-bit, Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, Memory: 8.00 GB RAM
    DirectX Version: DirectX 11, Display Card: NVIDIA GeForce GTX 460, Display Memory: 768 MB

    MMO Experience: EQII, WoW, LotRO, Lineage II, GW, Aion, Vindictus, PWI, Shaiya, Aika, HoTK, ME, SUN, CO

  13. #13
    Champion of Telara Angelstar's Avatar
    Join Date
    Feb 2011
    Location
    Netherlands
    Posts
    1,204

    Default

    I can't believe it's all over now. Wait and see.
    Officially owned by Alsbeth the Discordant.

    http://forums.riftgame.com/image.php?type=sigpic&userid=815027&dateline=13020  88690

    Elitists and game programmers think alike; The first thinks the game is too easy, the other nerfs the crap out of them.

  14. #14
    Plane Touched
    Join Date
    Aug 2010
    Posts
    168

    Default

    Nice announcment.
    And VERY nice job by the player that discovered the issue and notified Trion immediately.

    I think someone deserves a lifetime subscription completements of Trion! lol

  15. #15
    Rift Disciple ManWitDaPlan's Avatar
    Join Date
    Feb 2011
    Posts
    114

    Default

    Like the Big Boss said, there are still issues. Chuckleheads are still using usernames and passwords that were broken a decade ago. Slimeballs are trying to bruteforce weak passwords. Other slimeballs are probably DDoSing the game just because some people are d*cks. And of course at least one person per minute is accidentally/unknowingly installing Win32.Trojan.StealMyCrap along with their fancy UI add-on.

    Security starts with you and me, the end users. If we screw it up we have nobody to blame but ourselves.

+ Reply to Thread
Page 1 of 14 1 2 3 4 5 11 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts