3LikesYou know, it's funny.
I pretty much never see any security problem without someone saying that about it.
You know, it's funny.
I pretty much never see any security problem without someone saying that about it.
Not really. As someone above pointed out, it can be DAMN hard to spot non obvious flaws in your code. Your brain just kind of slides around the issue because it knows how it is 'supposed' to work.Originally Posted by Cargh
I've been known to send my code off to a friend with no explanation of how I thought it was supposed to work to see what messes they can uncover...and that's just basic code. Network protocols and network security are far stranger beasts.
Personally, I don't.
The first week of this game, there were a few incidents of players reporting hacked accounts. These are almost certainly from either key loggers (as claimed by Trion), or from people using credentials already known to gold sellers.
These people deserved to be told that it was their fault.
Then, last week, we suddenly had an influx of hacked accounts. We had people that were clearly smart enough to know how to keep an account secure still managing to get hacked. After a few of such threads, it was obvious to most people that it was something more than just a keylogger in a number of cases.
As has been said, this exploit was probably first used last weekend. Everyone being hacked before then deserved to be grilled for it, as does anyone that is hacked now. I personally have no issues pointing this out to the next person that starts a "my account just got hacked" thread.
Actually, uhm. It may have been "obvious to most people", but a whole lot of people continued to repeat exactly the same "it's not Trion, it's you" and "stop buying plat" lines. For the whole week.
Although, as you point out... Now the problem will be that people who really DID get compromised through their own carelessness will just assume it's another login bug. Yeah, I'm guessing that people are going to be going over that whole section of RIFT's design very carefully for a while yet looking for anything else they may not yet have found.
I want to correct a previous post I made basically saying that because of Coin Lock RMT might be dead.
Not if the hacker has both your Rift and email passwords. They can still get in if someone gets a keylogger and/or uses the same password for both. There are ways to login to your email securely, but I'm not so sure a lot of people use/know about them.
*ahem*For those of you that say "give 'em lifetime accounts", etc. I don't want to go into any details aside from saying that this was apparently a pretty big hole and Trion seems very happy with me for some reason. I'll be around for a while...
It occurs to me that people may have taken me a little too literally when I suggested that I didn't really do anything to help with this. I think MWDP will agree that I taught him everything he knows about computers, and that really this was all my idea. *cough* Yes, yes, I'm sure I had a HUGE impact on how things turned out. Why, as it turns out I am actually secretly the person who invented cryptography, among other things, and in fact I developed the CPUs that allow for cryptographic signatures, and also I invented TCP/IP, as well as SSL.
*puppyeyes*
If so, KEWL BEANS!! I'm just a 56yr old gamer.
"Some people are alive only because it's illegal to kill them"
If it hasn't been said already...
These are not good for wireless players. I FREQUENTLY get disconnected when playing from school. When I do, or when I log out naturally, there is about a 90% chance the next time I try and log in I'll be hit with "your external IP has changed" and not be let into the game. There is no way for me to control my IP, nor any way to fix this error. Thankfully it seems to clear when I change locations to one not at school, but I lose 2-6 hours of possible playtime several times per week due to this. I am NOT looking forward to also repeatedly un-coin locking myself.
As to "significantly different location", um no. Flat no. Yesterday I was sitting in the cafeteria in the exact same spot I played from Tuesday night. I got the IP changed lockout. I decided after half an hour to try again, and to my surprise I got in. I hadn't moved my system one inch. I played about 45 minutes, got disconnected, and to my not surprise was hit with the IP has changed lockout.
While IP lock and coin lock are great for those in a home with static IP, those playing behind a stealth router, or those playing wirelessly, are being treated very very poorly.
You guys really need to get an authenticator and allow those with the authenticator to turn off the IP lock and coin kock.
**Canceled Oct '11, cannot reply on forums. Contact me through my site.**
rabb1t.com - pc gaming hardware tech talk for everyone / rabb1t's ramblings podcast
rabb1t's Gamer Day 2010 After Party videos
joo can has Rift iPhone 4 and Droid wallpapers
I'm pretty sympathetic to those concerns. I guess...
I would rather they make this mistake than the mistake of not locking things down adequately, in the immediate term. Yes, it needs to get improved so it is less of a problem for people in those situations, but compared to the previous state, I think this is the right call. Keep in mind that, at the time when this patch went live, they suspected that it would stop the exploits, but they couldn't be totally sure that there wasn't some aspect of the exploit in the wild they hadn't picked up on. So for all they knew, they'd still be relying on coin lock to protect people...
If it's still massively overactive two weeks out, yell at 'em. Right now, let them know it's a problem but cut them some slack. MHO.
well .. i logged into the game tonight.. and was hacked
i have never bought gold.. i never went to any suspicious site and the only think i did stupid was have my log in to the forums the same as my game account.. i know dumb..but im sitting in game naked waiting on a roll back i hope...
ive played mmos for years and never been hacked.. actually not sure what to do
Good luck Slypunks. I'm in the same boat and have been waiting for a restore since 22:14 on 14th March.
slypunks:
1. File a ticket in game. Note the "Hacked Account" category of the Contact GM tab. (? button to open the support window.)
2. When did you last log in?
If you last logged in:
Wednesday or earlier: Don't worry, there was an issue which has since been fixed.
Thursday or early Friday: You should check on things to make sure your PC doesn't have a keylogger or something.
Friday night: Absolutely scan everything.
Actually, let's be honest: ALWAYS scan everything. Scan for viruses, scan for malware, check everything out. But!
In this one case, first time I've ever said this in the last 10+ years, if you were hacked before Thursday or so, maybe Friday, it is genuinely possible that the issue was a security hole in the login process, not in your account. If that's it, the attackers did not need to have your email or password to get in.
seems i got hacked on wed night.. or Thursday ..
waiting on ticket..
sad panda
Heros among us...
MWTP and crew that took time out of your lives to work on this for the good of this great game and the people that play it and love it soo much....I am alot of us and I am sure Trion applaude you, you guys are true heros! THE DEXTER IT GUYS!!!!!
I know you guys didnt slave on this for your own gain for 15 min of fame, you did it for the peace of mind and safety to play a game you love.....just very heartwarming and touching what you guys did, and of course none of this would have worked if Trion would have been on a high horse like alot of MMO companies out there and not taken the time to work with you on this.
TRION I totally applaude you too and am so thrilled that you care enough about your product, your investment, your baby to get this fixed for your customers, and for your company. Words cant express how impressed I am with the professionalism I am seeing from this. Trion Worlds has set a great example today of teamwork with the customers to really make this game something that is and will continue to be a major factor for the MMO market and for alot of the other companies that have been around forever to stop and take notice of how is SUPPOSED TO BE if you want success. You have made the game's customers and the game's developers a family....families that play and work together, stay together....hats off to all involved, we are seeing the saving of a great game here today folks and I think this kind of cooperation can make this game one that even WOW might have to stop and take notice of and be in awe of.
I think I speak for all of us in saying a heartfelt thank you to all involved....
TRION can we get white horses in game for the heros? so all know on site how special these guys really are?? and maybe job offerings?? trips to Disneyland too??
In all seriousness though you guys would be a wonderful addition to the TRION team...scoop these guys up! throw them an offer that will make them be on the next plane relocating to cali to work for you!
now if you excuse me I have a to log in to clear my coin lock and uncancel my sub....I feel ok with putting my cc info back in database now but if you guys can get gametime cards I would love you long time!!!
Well, the good news is, the security hole is fixed now and new tickets are no longer flooding them, it should improve now.
Posting Permissions
Bookmarks