Closed Thread
Page 11 of 82 FirstFirst ... 7 8 9 10 11 12 13 14 15 21 61 ... LastLast
Results 151 to 165 of 1219
Like Tree3Likes

Thread: Account Security Discussion

  1. #151
    Soulwalker
    Join Date
    Mar 2011
    Posts
    4

    Default

    OH, nice. I just got an e-mail from Trion saying that they are looking into my account and not to log into it, NICE! that is 52+ hours since I was told the Issue was RESOLVED. So totally on the ball here, wonder what my result will be after this so called investigation.

    Trion, Please define "RESOLVED" for me, this is my definition:

    transitive and intransitive verb make decision: to come to a firm decision about something, or cause somebody to do this

    Did you guys come to a firm decision about this on MONDAY or just now TODAY?

    Excuse me while I laugh! Whatever!

  2. #152
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by the_real_seebs View Post
    Five days for a rollback after stuff was lost? I've had friends who never got anything, and others who got it only after a week or two.



    Okay, let's imagine that we roll the clock back to when WoW just came out, only we have twice as many subscribers when we were expecting half as many, and then suddenly the hacking thing starts when the game is still in initial debugging. And then see how long it takes them.

    A big part of the problem is that they need more people. YOU CANNOT INSTANTLY HIRE A LARGE NUMBER OF COMPETENT AND HONEST GMs. No amount of recognizing that you need more GMs makes it possible to get the right people instantaneously. Hiring good people takes time. Days. Weeks. They've had about three weeks during which time the user base has turned out to be substantially larger than expected and they got visibly blindsided by the scale of the security problems.

    So. They made a mistake; they underestimated the number of GMs they'd need. So they should fix that... By hiring GMs. They're doing that. There is nothing else it is conceviably possible for them to do to improve this further. If you or I were trying to solve it, we could not do better. The GMs are already working long hours and doing things as fast as they can. The devs are already working long hours to get things updated. Did you notice that Abigale's post about the Coin Lock thing showed up Sunday evening?

    I agree that the service could be better if people had made different decisions several weeks ago. I do not see anything they could do now that would improve things compared to what they are already doing.



    It's hard to come up with a good, detailed, response. Harder if you need to avoid letting the black hats know too much.
    i still do not know what I am getting back. just that after 5 days still waiting.

    And if they uderestimated the amount of people and resources they needed that is kewl People are leaving. You see if you make a mistake that affects your customers they will vote with their check book.

    I will recap what you said.

    Maybe you will get something back maybe not.

    Trion goofed in there expectations and are instead of stopping new accounts instead they sold 2 times as much as the could handle. We are a victim of the success.

    Oh and instead of getting solid answers and a good solution we will have a quick meeting on Sunday and come up with a hail mary we do not know if it will work or not but "At least we are giving them something."

    Oh and so the black hats do not know we will leave our frustrated customers to stew in ignorance.

    Nice good business model.

    I think from the rest of there product they are capable of a better job then this.

    Messages that actually answer questions would be a big step . a form mail sent after several days say do not play your character and wait and nothing else or generic answers in a forum that randomly deletes posts and closes them so they do not look to big does not raise the faith of frustrated players.

    Sorry I am tired of feeling like I am being ignored by the devs.

    Perhaps some answers. a timeframe etc.

  3. #153
    Shadowlander Anev's Avatar
    Join Date
    Feb 2011
    Location
    Seattle, Washington USA
    Posts
    24

    Default

    The biggest thing you can do to protect yourself is to work with others to convince Trion to not use email addresses as part of your login. Half your security is compromised simply by using a public token that just about anyone now days can figure out.

    Seriously, any security person will tell you - a username is not a public vanity plate, it is part of secure key that should never be used but for the single purpose you created it for - in this case - securing your gaming account. WHY use something insecure like an email address.
    Council Member - Veni Vidi Dormivi
    Anev & Amerious
    Shadefallen Server - Guardian

  4. #154
    Soulwalker
    Join Date
    Mar 2011
    Posts
    11

    Default

    Quote Originally Posted by Elrar View Post
    Hi everyone,

    If you have been reading the forums it’s hard to miss the many discussions on compromised or “hacked” accounts. We have been investigating the causes and individuals behind these attacks and, as mentioned previously, are taking steps to protect you against them..
    so god damn fix my account ... I am waiting for more than 130 hours now --- I paid for the game and I want some customer support. Not even a small reply to my in-game ticket, never seen such a poor customer service!

  5. #155
    Rift Disciple ManWitDaPlan's Avatar
    Join Date
    Feb 2011
    Posts
    114

    Default

    These attacks are client side and can be indicative of invasive programs being installed without your knowledge. Never click a link that advertises selling (or free) RIFT Platinum or other game currencies and furthermore never click a link that you do not trust. Should you receive an email from Trion or RIFT, the address should only go to riftgame.com, trionworlds.com, or trionworlds.custhelp.com (our support center). To be safe we recommend copying and pasting the link from the email to your browser. Another indicator of a fraudulent email is poor grammar and misspellings. We do our best to write properly.
    I'll chime in and say "no, these attacks are not client-side in all cases."

    I went over the only two systems that I used to play Rift with what may have been a finer tooth comb than even Trion has - our in-house hypervisor-level file access monitor and the logs and stored traffic from my company router. No malware. If someone got my password it wasn't at the local-machine level - I can only surmise that they did it by sniffing traffic upstream from me or hacked Trion directly.

    And from the looks of things, the password isn't even coming from clients. I see that the launcher is connecting to an auth server to perform a simple go/no-go U/P check, creating an XML file (that also contains no password, but does contain some account details like a numeric account ID, last login time, whether you're banned, etc.), applying a signature hash (which looks to be SHA384 - if I find out I can collide, or worse, replicate, the hash it'll be proof that someone at Trion needs to be fired) to detect tampering, and sending that to the game's character selection servers, whose IP addresses you're passing to rift.exe through the command line. You've gotta be kidding me.

    Just to satiate my nosiness, I'm going to analyze the packet traffic between my launcher and Trion's servers to see how the game authenticates. I'll be very, very disappointed if I find credentials are being sent via plaintext or that the auth server is responding to a successful auth with something laughable like a plaintext 'OK' over port 80/443.

  6. #156
    Shadowlander Unhinged's Avatar
    Join Date
    Jan 2011
    Location
    Oklahoma City
    Posts
    43

    Default Barn door now closed where are the cows?

    Thanks for closing the barn door now that all the cows are out. I speak as one of what must be an huge number of players hacked, based on wait time. Two days just to respond and say don't log on to the effected characters until the account is secured, and you are in the wait line.

    I like this game. I hope you guys catch up soon while there are still people willing to pay you. I am not bailing but other will and that weakens the game.

  7. #157
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by ManWitDaPlan View Post
    I'll chime in and say "no, these attacks are not client-side in all cases."

    I went over the only two systems that I used to play Rift with what may have been a finer tooth comb than even Trion has - our in-house hypervisor-level file access monitor and the logs and stored traffic from my company router. No malware. If someone got my password it wasn't at the local-machine level - I can only surmise that they did it by sniffing traffic upstream from me or hacked Trion directly.

    And from the looks of things, the password isn't even coming from clients. I see that the launcher is connecting to an auth server to perform a simple go/no-go U/P check, creating an XML file (that also contains no password, but does contain some account details like a numeric account ID, last login time, whether you're banned, etc.), applying a signature hash (which looks to be SHA384 - if I find out I can collide, or worse, replicate, the hash it'll be proof that someone at Trion needs to be fired) to detect tampering, and sending that to the game's character selection servers, whose IP addresses you're passing to rift.exe through the command line. You've gotta be kidding me.

    Just to satiate my nosiness, I'm going to analyze the packet traffic between my launcher and Trion's servers to see how the game authenticates. I'll be very, very disappointed if I find credentials are being sent via plaintext or that the auth server is responding to a successful auth with something laughable like a plaintext 'OK' over port 80/443.
    If you are going to check it recommend you do it asap. i believe they know what the problem is. Will fix it tonight and claim the fix was this silly token they want to institute tomorrow.

    Funny how all these problems this weekend and tomorrow they patch the servers. HMMMMMMM

  8. #158
    Shadowlander Rigel12's Avatar
    Join Date
    Mar 2011
    Posts
    34

    Default

    Quote Originally Posted by Anev View Post
    The biggest thing you can do to protect yourself is to work with others to convince Trion to not use email addresses as part of your login. Half your security is compromised simply by using a public token that just about anyone now days can figure out.

    Seriously, any security person will tell you - a username is not a public vanity plate, it is part of secure key that should never be used but for the single purpose you created it for - in this case - securing your gaming account. WHY use something insecure like an email address.
    Agreed. I wondered why that wasnt the case when i first registered.
    Rigel of Harrow
    -THE RUFFIANS-
    Either this, Or Upon This.

  9. #159
    Soulwalker
    Join Date
    Mar 2011
    Posts
    11

    Default Email response

    Just a quick update. Roughly 12 hours after I put in my initial ticket, I received an email response:
    Thank you for contacting us regarding Rift!

    We do apologize for the delay in responding to your hacked account inquiry. Hacked account appeals are our #1 priority and we are attending to each ticket as quickly as possible.

    While waiting for us to respond to your petition, we recommend NOT playing on the affected characters until your account has been secured.

    Once we have investigated your account, we may offer you one of two options. Based on how severly your character was altered, we could restore your character to the most recent back-up we have prior to the account becoming compromised. The second option would be restoring any coin which may have been lost.

    Again, we do apologize for any inconvenience this has caused you, as well as for the delay in responding to your inquiry. I want to assure you that your inquiry has not been lost and we have not forgotten about you. We are taking steps to both increase our account security as well as increase our customer support staff in order to reduce these wait times. Thank you for your patience while we continue to strive to provide the level of customer service that you should come to expect from Trion.

    If you have any additional questions or concerns then please don't hesitate to let us know. Thank you for your continued support of Trion Worlds and for playing Rift. Your reference number for this question is XXXXXX-XXXXXXXX.
    Thought this may give some piece of mind to others, that at least they're working on things.

    Personally, I *am* worried how long the account review will take, and after that's complete, how long the restoration process is. Luckily I wasn't completely cleaned out - all but a few gold was gone, along with maybe half of the salable items in my bags, but bank/mail/AH/equipped gear wasn't touched.

    Besides getting my toon back in order, what can we do to prevent it happening again? Every scan I've run has come back clean (pre- and post-compromise, real-time and safe-mode scans), and there's no evidence of any intrusion to my system. If it's truly a client-side issue, what exactly is the problem and how do we fix it?

    Anyway, hope this is of some help to some of you.

  10. #160
    Plane Walker Dratikus's Avatar
    Join Date
    Feb 2011
    Location
    Boston
    Posts
    485

    Default

    With everyone talking about being "hacked" I think it is also important for those of us "not being hacked" to chime in once in a while. For the record, I have not been hacked.

  11. #161
    Rift Disciple polyoddity's Avatar
    Join Date
    Mar 2011
    Posts
    172

    Default

    people threatening to leave the game because their precious 2 1/2 week old characters were not restored fast enough is hilarious. cry some tears of blood why don't ya.
    Last edited by polyoddity; 03-16-2011 at 09:19 PM.

  12. #162
    Rift Disciple Torkel's Avatar
    Join Date
    Jan 2011
    Location
    Telara Incognita
    Posts
    121

    Default

    Quote Originally Posted by Anev View Post
    The biggest thing you can do to protect yourself is to work with others to convince Trion to not use email addresses as part of your login. Half your security is compromised simply by using a public token that just about anyone now days can figure out.

    Seriously, any security person will tell you - a username is not a public vanity plate, it is part of secure key that should never be used but for the single purpose you created it for - in this case - securing your gaming account. WHY use something insecure like an email address.
    Trion has already implemented a tool which addresses this. It is the "Change email address" link on your Account management page. Making a free e-mail account somewhere with an unguessable account name is easy.

    I agree that using a common e-mail address as your account name is ridiculously bad security. Usernames are not something to blithely give away (like Turbine did to its subscribers), but at this point the ball is in the subscriber's court, not in Trion's.
    One of the worst films ever made by western civilization was scripted entirely in Esperanto. That's not a coincidence.

    Don't know what Esperanto is? That's not a coincidence either.

    William Shatner had the leading role. That's .... well, I think you get the idea.

  13. #163
    Shadowlander Rigel12's Avatar
    Join Date
    Mar 2011
    Posts
    34

    Default

    Quote Originally Posted by Dratikus View Post
    With everyone talking about being "hacked" I think it is also important for those of us "not being hacked" to chime in once in a while. For the record, I have not been hacked.
    Me either.
    Rigel of Harrow
    -THE RUFFIANS-
    Either this, Or Upon This.

  14. #164
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by polyoddity View Post
    people threatening to leave the game because their precious 2 1/2 week old characters were not restored fast enough is hilarious. cry some tears of blood why don't ya.
    Firstly 2 posts and you are being a smart guy.

    Second even if you do not care about the people that were hacked are frustrated and leaving. Consider that less players, less money to trion. less money to trion less content developers . less content for you.

    Now on the human side people so frustrated they leave a game they like. Not good.

    I have to go look what your other post is since you have 2 . was it constructive? bet not.

  15. #165
    Soulwalker
    Join Date
    Mar 2011
    Posts
    4

    Default

    Quote Originally Posted by Missescake View Post
    Just a quick update. Roughly 12 hours after I put in my initial ticket, I received an email response:
    Thank you for contacting us regarding Rift!

    We do apologize for the delay in responding to your hacked account inquiry. Hacked account appeals are our #1 priority and we are attending to each ticket as quickly as possible.

    While waiting for us to respond to your petition, we recommend NOT playing on the affected characters until your account has been secured.

    Once we have investigated your account, we may offer you one of two options. Based on how severly your character was altered, we could restore your character to the most recent back-up we have prior to the account becoming compromised. The second option would be restoring any coin which may have been lost.

    Again, we do apologize for any inconvenience this has caused you, as well as for the delay in responding to your inquiry. I want to assure you that your inquiry has not been lost and we have not forgotten about you. We are taking steps to both increase our account security as well as increase our customer support staff in order to reduce these wait times. Thank you for your patience while we continue to strive to provide the level of customer service that you should come to expect from Trion.

    If you have any additional questions or concerns then please don't hesitate to let us know. Thank you for your continued support of Trion Worlds and for playing Rift. Your reference number for this question is XXXXXX-XXXXXXXX.
    Thought this may give some piece of mind to others, that at least they're working on things.

    Personally, I *am* worried how long the account review will take, and after that's complete, how long the restoration process is. Luckily I wasn't completely cleaned out - all but a few gold was gone, along with maybe half of the salable items in my bags, but bank/mail/AH/equipped gear wasn't touched.

    Besides getting my toon back in order, what can we do to prevent it happening again? Every scan I've run has come back clean (pre- and post-compromise, real-time and safe-mode scans), and there's no evidence of any intrusion to my system. If it's truly a client-side issue, what exactly is the problem and how do we fix it?

    Anyway, hope this is of some help to some of you.
    This is exactly what I am saying all along, I've waited 52+ hours to get this freaking canned e-mail response others longer, what put you in the "ANOINTED QUE" 40+ hours ahead of the rest of us... SO much for trusting the word of TRION nad securing their step by step process only to find that they do not follow their own guidelines...

Closed Thread
Page 11 of 82 FirstFirst ... 7 8 9 10 11 12 13 14 15 21 61 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts