Closed Thread
Page 4 of 82 FirstFirst 1 2 3 4 5 6 7 8 14 54 ... LastLast
Results 46 to 60 of 1219
Like Tree3Likes

Thread: Account Security Discussion

  1. #46
    Shadowlander XxpeddyxX's Avatar
    Join Date
    Feb 2011
    Posts
    30

    Default

    Quote Originally Posted by Thorrand View Post
    Wish it could have been implemented sooner. logged on this morning to a naked toon. Put in a ticket about 9 hours ago with no response. Will this be fixed soon or should I go ahead and cancel my acct?
    It's normal, I sent in a ticket Tuesday, it is now Thursday. I enjoy Rift, but long story short - if I don't get my stuff back I'll just cancel, I don't have time to level another char to 50..

    For the record, a ticket I sent early last week was never resolved nor replied to regarding the LH instance not giving out the exp reward at the end.

  2. #47
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Rift devs there are certain common questions.

    1. What is a small portion of players. 1 percent, 1/2 percent ect.

    2. what is the cause of the hacks. You said it is on our side. Ok throw us a bone. What is the process and any idea on how to remove or find it or.... Personally I would like to know how you have come to this determination.

    3. How will the coin work on different types of hacks.
    Man in the middle?
    Key loggers (It wont work unless it is specific to this game and if so tell us how to find it and get rid of it. If it is a general logger then they have our mail as well. )
    Server side
    Client side
    4. What is the Q to return accounts that have been attacked?
    5. When can we expect a security device that has a chance of working. I personally am not buying into the coin lock.

    The less you tell us the more conspiracy theories abound. This has been long enough some beauties have started up.

    Please realize peoples patience only go so far and being thrown what can best be described as propaganda frustrates people more then being given the answer we do not know or we goofed.

    Remember that once people push cancel on their account it is unlikely they will be signing up again.

    Well if the Devs can fess up and give us some real answers it would really be appreciated.

  3. #48
    RIFT Guide Writer Sinfullysweet's Avatar
    Join Date
    Jan 2011
    Location
    Georgia
    Posts
    2,525

    Default

    Quote Originally Posted by Elrar View Post
    And in regards to specifically WHO is doing this -

    There are a wide number of individuals and organizations, all with their own degrees of sophistication, resources and tools at their disposal. It's impossible for us to provide details on them all but I'll see what I can find out.

    Thank you, I know it is a hard thing to ask but it would be something at least to ease my mind, and convince my husband to continue paying for a game I enjoy. I know that the ingame emails on all the sites the whois lookup is the same (same company, same location).

    Thank you in advance for at least communicating with us. It is appreciated.

    To the previous poster that asked if I did those steps in that post, I did sadly. Nothing came back. =\

    Sinfullysweet of Grievance on Wolfsbane
    PLAY ~*~Twitter ~*~ Raptr ~*~ Sinfullysweet's Steam ~*~ Sin's Xbox Profile
    WorldofWardrobes.net is no longer available due to hosting issues *RIP*.

  4. #49
    Rift Disciple Codexena's Avatar
    Join Date
    Dec 2010
    Posts
    92

    Default Information about hacking and Hacking statistics

    There has been a cry about adding additional security and the blame for all this hacking is all Trion's fault. However, there is enough information about the hacking trend to determine that the most likely is from the client side, but there is enough evidence to indicate a possible server side issue as well. The following focuses on the client side and server issues which also fall into the home PC/Laptop environment as well. Many of the following are considered experts in their field and has published many articles and white papers on the subject.

    The following is a possible way a hacker can obtain information about your account:

    “The list of what Long and his fellow Google hackers have been able to dig up is impressive: passwords, credit card numbers and unsecured Web interfaces to things like PBXs, routers and Web sites” (McMillan, 2005).

    “Microsoft's MSN Search, make them critical tools for computer attackers, says
    Mikko Hypponen, chief research officer with security company FSecure” (McMillan, 2005).

    The following is some of the methods used by hackers:

    “Other characteristics are more useful for criminal exploits. Bots focus on efficient remote control of a large network of compromised systems; Trojan-horse programs attempt to fool the victim into running the code by appearing to be some other application; and phishing attacks use e-mail to fool the user into running code or visiting a malicious Web site”(Lemos, 2006).

    The following show some of the geographic locations of hacking attempts and the implementations used:

    Chinese hackers regularly release Trojans that leverage flaws in Microsoft Office to install software aimed at stealing corporate secrets. South American and Eastern European fraudsters use phishing attacks. The latest attacks target a small number of victims so that the attacker can stay below the radar of antivirus companies and financial institutions. That makes reactive technologies, such as antivirus and antispyware programs, a lot less useful for potential victims. Home and small-business users need more active defenses (Lemos, 2006).

    “Computer viruses have become a standard tool of hacker criminals. Hackers send them out to infect vulnerable computers, turning them into "zombies" that can then be manipulated to launch attacks, or using Trojan horse viruses that surreptitiously cull credit-card data, passwords or other sensitive information. Just like the mythical equine of old, a hacker horse usually comes as an e-mail attachment masquerading as something tempting, such as "sex.movie.mpg." Opening the attachment activates a program that gives the hacker access to the contents of the infected computer and the ability to control it. Last month in Brazil, police arrested 28 hackers in four states who had stolen more than $10 million using a Trojan horse disguised as a "You've Just Won a Trip" promotion” (Piore, Brown, Titova, et all, 2003).

    "There are so many industry-best practices not being implemented by home users," says Dartmouth's Bakos. Among the recommended practices are using firewalls and security software. Says Lee Byong Ki, police chief in charge of cybercrimes in South Korea: People "need to understand that as soon as their server is connected to the Internet, their information is exposed to hacker attacks." (Piore, Brown, Titova, et all, 2003).

    The following is information about the extent of hacking worldwide:

    Back in 2002 there was over 80,000 reported hacking incidents and this figure has grown at an increasing rate (Bischoff, 2002).

    According to BREACH Security via their “The Web Hacking Incidents Database 2009” shows the first half of 2009 indicated a steep raise in attacks against Web 2.0 sites that included 19% of all reported incidents. Authentication abuse was the 2nd most active attack vector and accounted for 11% of the attacks. The planting of Malware remains the most common outcome of web attacks (28%), while loss of sensitive information came in 2nd with 26% (“The Web Hacking Incidents Database”, 2009).

    The forms of attacks used include 19% from SQL Injection, 11% from insufficient authentication, 11% from unknown sources, 10% from content spoofing, 10% from DoS/Brute Force, 10% from other, 8% from Configuration/Admin Error, 8% from Cross-site Scripting (XSS), 5% from Cross-site Request Forgery (CSRF), 5% from DNS Hijacking, and 3% from Worms (“The Web Hacking Incidents Database”, 2009).

    As the above data show that problem is large worldwide and can come from any number of sources. A virus scanner may not pick up on some keyloggers and other forms of backdoors.

    The gaming industry falls under Entertainment and the total number of reported hacks were 7% in this industry. The number one industry attacked is Social/Web 2.0 sites with 19% of the reported incidents followed by the Media at 16% (“The Web Hacking Incidents Database”, 2009).

    In addition, according to Trustwave report titled “The Web Hacking Incident Database 2010”, the planting of malware was identified at 14.01%, and the number one outcome of a hack is the leakage of information at 20.38% (“The Web Hacking Incident Database”, 2010).

    Therefore, it is most likely that the problem is at the client side, but there is also the possibility that there is a problem at Trion as well. However, we must take steps to protect ourselves and our accounts. Physical devices and software based double authentication can also fail as well. In addition, these approaches may also just hide the problem and may again raise when they access another game or account.




    References:

    . The Web Hacking Incidents Database 2009. (2009, August 2009), from http://www.breach.com/resources/whit...dents-2009.pdf

    . The Web Hacking Incident Database 2010. (2010), from http://www.yhff.co.uk/WHIDWhitePaper_WASC.pdf

    Bischoff, G. (2002). HACKING OFF THE HACKERS. Telephony, 243(13), 24. Retrieved from EBSCOhost.
    Lemos, R. (2006). Hacking for Dollars. PC Magazine, 25(23), 117. Retrieved from EBSCOhost.

    McMillan, R. (2005). Google hacking. Network World, 22(35), 1. Retrieved from EBSCOhost.

    Piore, A., Brown, F., Titova, N., Kepp, M., Sennott, S., Lee, B. J., & ... Simons, C. (2003). Hacking for DOLLARS. Newsweek (Pacific Edition), 142(25), 44. Retrieved from EBSCOhost.

  5. #50
    Rift Disciple Ariella's Avatar
    Join Date
    Feb 2011
    Posts
    159

    Default

    Quote Originally Posted by the_real_seebs View Post
    I know that the general rule is that it's nearly always client-end compromises, but when you have two people playing the same rift install on the same machine, and only one of them gets hit... It is sorta suspicious.
    If you have a keylogger attached to your Rift launcher, set to self distruct once it obtains the info it was after, it doesn't seem odd at all that only one account was compromised.

  6. #51
    Rift Disciple
    Join Date
    Feb 2011
    Posts
    175

    Default

    Quote Originally Posted by Elrar View Post
    And in regards to specifically WHO is doing this -

    There are a wide number of individuals and organizations, all with their own degrees of sophistication, resources and tools at their disposal. It's impossible for us to provide details on them all but I'll see what I can find out.
    I am ok with this but all these people have figured out how to get this done so well that none of our antivirus suites can find it. Really???

    What do we use then.

    I have played these games since Ultima Online and never had a problem suddenly a new game like this has many companies that have created hacks specifically for this game that are so sophisticated that very expensive antivirus programs/suites can not find them?

    If that is the case I am good with it but need to know how to get it removed.

    Frankly we need some direction if this is the case .

    And what is the Q time to get accounts back?

  7. #52
    Plane Touched DataWraith's Avatar
    Join Date
    Jan 2011
    Posts
    283

    Default

    Quote Originally Posted by Elrar View Post
    And in regards to specifically WHO is doing this -

    There are a wide number of individuals and organizations, all with their own degrees of sophistication, resources and tools at their disposal. It's impossible for us to provide details on them all but I'll see what I can find out.
    Since you have stated it's client side, I am more interested what is causing these compromises.

  8. #53
    Champion Thorrand's Avatar
    Join Date
    Oct 2010
    Posts
    577

    Default

    Quote Originally Posted by Ariella View Post
    If you have a keylogger attached to your Rift launcher, set to self distruct once it obtains the info it was after, it doesn't seem odd at all that only one account was compromised.
    and no one that's been hacked has up to date protection and firewalls on their system amirite?

    No evidence of infection has been found to date. I can't stress that enough.

  9. #54
    Rift Disciple Codexena's Avatar
    Join Date
    Dec 2010
    Posts
    92

    Default A good approach to identify keyloggers

    The following is a bit dated, but it provides a section to teach you how to find it yourself. It also has suggestions on software you can use as well.

    http://wskills.blogspot.com/2007/01/...eyloggers.html

    I do not have a hacked account and I use Norton that is updated daily, I also do a scan daily and have all email and web traffic scanned in real time. I also use firewalls and address translation which may be part of why my account has not been hacked.

  10. #55
    Rift Disciple
    Join Date
    Jan 2011
    Posts
    123

    Default

    This is great news, however there are a few people (myself being one of them) who for reasons I'm not going to go into here don't own a cell phone. I would be willing to buy a physical key chain fob type of thing, but I don't have access to a cell phone. I refuse to get one just for this game. I will not give up my land line until I have to as well. I'm not going to go into the money aspects or said reasons for not having one, but I hope that your so-called authenticator is available in other formats besides for cell phones and androids.

  11. #56
    Rift Disciple Codexena's Avatar
    Join Date
    Dec 2010
    Posts
    92

    Default

    Quote Originally Posted by Ariella View Post
    If you have a keylogger attached to your Rift launcher, set to self distruct once it obtains the info it was after, it doesn't seem odd at all that only one account was compromised.
    Do they login as different people, or use the same account on the PC/Laptop? If they use different accounts this may explain why one is hacked and one is not.

  12. #57
    Plane Touched Rajani Isa's Avatar
    Join Date
    Jan 2011
    Posts
    227

    Default

    Quote Originally Posted by Safiraa View Post
    Since it is same username and password for forums games etc and many people will use same password for mail as game this fix do
    One should alway keep the following passwords unique :

    Banking

    Billing (and game accounts fall under this)

    and

    EMAIL! - for just this kinda thing.

    Quote Originally Posted by Sezyrrith View Post
    [Edit:]You're telling the guy working for Trion, who probably has the numbers right in front of him, that he's wrong because you've heard from someone that it's more?

    Seriously?
    I believe the phrase you are looking for is

    "The plural of anecdote is not data"

  13. #58
    Telaran
    Join Date
    Feb 2011
    Posts
    62

    Default

    Thanks for passing along the info!

    By any chance, can you give everyone a rough estimate as to when we can expect the GMs to get back to us concerning our hacked accounts? I've personally been waiting 48 hours now and I'd like to get a rough time frame as to when my main characters will "go back to normal".

    I understand you guys are super busy and I'm not mad or anything like that... just trying to plan out times when I can next join in and quest with my friends who are my level (who are sitting around crafting because a naked tank isn't much fun )

    Thanks again for the update and keeping the masses informed! Hopefully things die down tomorrow, make things move a bit quicker and free up the developers and GMs days!

  14. #59
    Shadowlander
    Join Date
    Jan 2011
    Posts
    30

    Default

    Quote Originally Posted by Sinfullysweet View Post
    Oh I do, I understand it is a new company and completely sympathetic. I just am a bit nervous to log in and play because I don't know if it is going to be cleaned out again, because I just can't find what caused it in the first place. I really do want to play though, I enjoy playing, they have a great game on their hands. (Plus still waiting on the rollback so not playing on any of my characters until then, and until coin lock gets into place)
    So I havent been hacked, but reading all these posts I felt the need to change my email to a more secure address and greatly increased my password complexity for this game. I found something odd when I went through this process, I thought reporting it may be helpful:

    I changed my password and email on the trion worlds site from my work computer at the office.

    Got home, forgot to change my account name to the new email account, entered my password - 'unable to contact authentication server' message came up, I was like hmm, I changed my account name to my new account name, and pressed enter without entering my password. The Play light lit up. I thought, wow that's odd, I didnt enter my password.

    I pressed cancel, went back and tried it again and I couldnt replicate the behavior (well to be fair I didnt change my account name again)

    I'm sure that I did not enter my password that first time after changing my email, and the play light was lit. It was very, very unnerving.

    Just an observation, I'm sure it's totally off base, but I thought it may be worth mentioning it here.

  15. #60
    Telaran Felinae's Avatar
    Join Date
    Feb 2011
    Location
    Ottawa ON
    Posts
    69

    Default

    Thank you for giving us some word. I am also very pleased that the spam mail people that send my toon mail every few minutes will now be on my ignore list. Thank you Thank you !

Closed Thread
Page 4 of 82 FirstFirst 1 2 3 4 5 6 7 8 14 54 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts