+ Reply to Thread
Page 1 of 6 1 2 3 4 5 ... LastLast
Results 1 to 15 of 77

Thread: To those that blamed those who got hacked

  1. #1
    Rift Disciple
    Join Date
    Jan 2011
    Posts
    94

    Default To those that blamed those who got hacked

    So with all the accounts getting hacked and posting here, there have been just as many people mocking those people and blaming them for it. Now it has come out that the hacking was a result of a security flaw on the side of Trion. You only need a password to access the game launcher, not the servers. So as long as the hacker knows your e-mail, which can be obtained off these forums, then they can access your account in-game. So trolls will be trolls, and as usual, they were wrong.

    It's unfortunate that Trion has yet to fix this glaring issue. My friend who was hacked on Monday has yet to get his character rollback. He is very discouraged by that and by the reason he learned why he got hacked. We both find the game fun, but he is considering not coming back now because of the hacking. When friends of his from WoW asked about Rift today, he told them it was fun, but they may want to stay away with all the hacking going on.

    As for me? I signed up for this game with my friend. We have gamed together for years. He is a real life friend. If he leaves, I have less incentive to stick around myself. This isn't a I'm leaving thread. I'm sticking around for now, and am trying to convince my friend to stick it out. But this huge security flaw is costing subs. It NEEDS to be fixed now.

  2. #2
    Champion
    Join Date
    Jan 2011
    Posts
    496

    Default

    What's my email address?

  3. #3
    Prophet of Telara Sneezer's Avatar
    Join Date
    Jan 2011
    Posts
    1,052

    Default

    Just out of curiosity.

    Which rift related websites has he visited? (not blaming him)

    Just asking..cause well Zam has had problems with malicious code being included in their banner ads by 3rd party advertisers in the past. This could be happening on any rift related site, soul calculator, blog, etc which has flash-enable banner ads.

    Not blaming your friend here, but it isn't necessarily Trion's fault either.

  4. #4
    Rift Master Sonoko's Avatar
    Join Date
    Jan 2011
    Posts
    658

    Default

    ...No?

    The launch parameters everybody keeps posting needs a token that's generated upon logging into the launcher. You know, like how on any website with a login system, instead of having to log in every single page view you're given a cookie with a token that identifies who you are, and that you have authenticated, without actually storing your password and constantly resending it?

  5. #5
    Prophet of Telara Sneezer's Avatar
    Join Date
    Jan 2011
    Posts
    1,052

    Default

    Quote Originally Posted by thatsmystapler View Post
    But this huge security flaw is costing subs. It NEEDS to be fixed now.
    You mean the security flaws in Flash, Internet Explorer, Chrome, even Firefox?

  6. #6
    Shadowlander Zaskaszh's Avatar
    Join Date
    Aug 2010
    Posts
    30

    Default

    Quote Originally Posted by thatsmystapler View Post
    . You only need a password to access the game launcher, not the servers. So as long as the hacker knows your e-mail, which can be obtained off these forums, then they can access your account in-game. So trolls will be trolls, and as usual, they were wrong.
    No offence but...there are many, many, many other places that a person's e-mail can be obtained from. Blaming trion is still a half-arsed thing to do. All trion is doing right now is taking extra steps to protect people from their own stupidity. They're doing the work for them.

    But I digress.

  7. #7
    Rift Disciple
    Join Date
    Jan 2011
    Posts
    94

    Default

    Quote Originally Posted by Herculeet View Post
    What's my email address?
    You've hidden yours. By default, your contact information is not hidden on here. You actually have to go into the profile settings and change it to to only be visible to friends. Most people don't know this.

  8. #8
    Plane Touched
    Join Date
    Jan 2011
    Posts
    235

    Default

    Quote Originally Posted by thatsmystapler View Post
    Now it has come out that the hacking was a result of a security flaw on the side of Trion.
    You'd better provide a source for that before you start throwing around those kinds of accusations.

  9. #9
    Rift Disciple
    Join Date
    Jan 2011
    Posts
    94

    Default

    Quote Originally Posted by Zaskaszh View Post
    No offence but...there are many, many, many other places that a person's e-mail can be obtained from. Blaming trion is still a half-arsed thing to do. All trion is doing right now is taking extra steps to protect people from their own stupidity. They're doing the work for them.

    But I digress.
    True. E-mails can be obtained many places. However, it is Trion's fault that the don't require a password login to the server. Something that was pointed out to them as a security vulnerability back in Beta.

  10. #10
    Champion
    Join Date
    Jan 2011
    Posts
    496

    Default

    Quote Originally Posted by thatsmystapler View Post
    You've hidden yours. By default, your contact information is not hidden on here. You actually have to go into the profile settings and change it to to only be visible to friends. Most people don't know this.

    You are a big crying liar.

  11. #11
    Telaran Xarddrax's Avatar
    Join Date
    Jan 2011
    Posts
    78

    Default

    Quote Originally Posted by thatsmystapler View Post
    You only need a password to access the game launcher, not the servers. So as long as the hacker knows your e-mail, which can be obtained off these forums, then they can access your account in-game.
    Where did you get this info?

  12. #12
    Sword of Telara Tosh's Avatar
    Join Date
    Jan 2011
    Posts
    819

    Default

    Quote Originally Posted by Itvar View Post
    You'd better provide a source for that before you start throwing around those kinds of accusations.
    He can't link you what his in game buddy told him 'on good authority'.. sheesh don't you know that? ;)
    What lies behind us and what lies before us are small matters compared to what lies within us. - Ralph Waldo Emerson
    It is difficult to argue with a whole generation of self entitled petulant children with a battle cry taken from Veruca Salt.

  13. #13
    Plane Walker Qlippoth's Avatar
    Join Date
    Feb 2011
    Posts
    431

    Default

    Quote Originally Posted by thatsmystapler View Post
    You've hidden yours. By default, your contact information is not hidden on here. You actually have to go into the profile settings and change it to to only be visible to friends. Most people don't know this.
    Ehm... no?

  14. #14
    Champion of Telara
    Join Date
    Jan 2011
    Posts
    1,081

    Default

    I'm not sure where people get this crazy idea that you don't need your password to login to the Rift servers. That's like saying I can log into any WoW account with the master password '12345'. It could be possible but unless someone from inside specifically told you this, there isn't even any way for you to tell this is indeed the case.

    I think people are confusing this with the standard message board 'remember me' feature. When you authenticate to the board, you put your account and password, the message board says you look trustworthy enough so next time when you come back, just tell me the secret phrase '12345' and I'll know it's really you. Next time you come back you tell Trion's server '12345' and it says okay you must XYZ, next time tell me '54321'. This stuff is easily hijackable, as an attacker can see this in your cookie and just tell Trion '54321' and Trion will believe you. But all this would do is allow someone to impersonate you on the message board. You can't use this to log into your Rift game account, and you can't change your password with this (changing password requires you to know your password). So all you can do is impersonate someone else on the message board, which is annoying but presumably not really that dangerous, which is why the security mechanism is weak.

  15. #15
    Rift Chaser Sammybear's Avatar
    Join Date
    Feb 2011
    Posts
    312

    Default

    Quote Originally Posted by thatsmystapler View Post
    You've hidden yours. By default, your contact information is not hidden on here. You actually have to go into the profile settings and change it to to only be visible to friends. Most people don't know this.
    Thats odd, because mine is set to allow everyone, but holy bat ****, my email is not listed!!!!! I must be magic or something.

+ Reply to Thread
Page 1 of 6 1 2 3 4 5 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts