Account Hackings - The Source

pumpkin pie

pumpkin pie

Furnace Stoker

Join Date: Jul 2006

behind you

bumble bee

E/

03 Jan 2010 at 13:42 - 441
Quote:
Originally Posted by Regina Buenaobra View Post
I just wanted to elaborate on one of the points I made earlier regarding the random account switching bug, which, according to reports made here, is a possible security vulnerability. The Security team has added logging in order to reproduce it internally so it can be tested. At this point, they have been unable to reproduce it internally. Until we're able to reproduce the bug, we won't be able to verify the vulnerability exists. While we made changes to processes, adding additional checks before an account's password can be changed, based upon the possibility that this error exists, we also continue to work on internal testing to reproduce the problem, so it can be addressed. So far, the information we have about this is vague. We're doing everything we can, in terms of testing, with the info we do currently have. More details would be useful. If you have information that could help us reproduce the error, we would appreciate if you could contact us. Thanks again.
Why can't the old tickets be deleted immediately? its the fastest way to make sure no character's name are available to get stolen from the NCSoft webpage.

By the time ArenaNet and NCSoft varify and reporduce the vunerability reported in this thread, more players' accounts are gonna get stolen.

Turbo Ginsu

Turbo Ginsu

I despise facebook

Join Date: Feb 2008

Australia

Meeting of the Lost Minds

Me/

03 Jan 2010 at 13:52 - 442
Quote:
Originally Posted by pumpkin pie View Post
Why can't the old tickets be deleted immediately? its the fastest way to make sure no character's name are available to get stolen from the NCSoft webpage.

By the time ArenaNet and NCSoft varify and reporduce the vunerability reported in this thread, more players' accounts are gonna get stolen.
Kudos to this line of thought. I see no reason for the system not to delete old tickets, just like a browser does with your history. IMHO a closed support ticket should be purged after a couple days to a week, and for the purpose of keeping personal records, there should also be an option to save the ticket to your computer as a pdf, or some other standard type of file, which would also have a matching copy archived in ncSoft/aNet's system as is generally standard practice for documents of this type anyway.

Gun Pierson

Gun Pierson

Forge Runner

Join Date: Feb 2006

Belgium

PIMP

Mo/

03 Jan 2010 at 14:00 - 443
Quote:
Originally Posted by Fril Estelin View Post
I wasn't in favor of this thread at all (which IMHO has much more negative sides than people would like to see)
Like with every decision in life, you have pros and cons. Ofcourse the OP choose the worst possible timing from a company's point of view, but it's a chance to make a statement, which Anet did.

Also more disturbingly, GW players did loose their accounts and some of them got wrongly accused for being an 'idiot' etc. The sooner this came out, the better.

Even though it may not look good, it's always better that the truth comes out. So the right action can be taken when nescessary. In the end, what is important to us players, that it was a white hat or a black hat or santa? No, it's that our accounts are more 'secured', which happened within 7 hours after this thread was created. Without this info, we (GW players) would all still think we're safe and people would still loose their stuff and be called idiots because of this bug in the NCSoft site. The recent increase of accounts thefts wasn't clearly enough to ring a bell for NCSoft and they ensured Gaile nothing was going on.

I'm not a fan of keeping the public dumb.

JR

JR

Re:tired

Join Date: Nov 2005

W/

03 Jan 2010 at 14:17 - 444
I think we have seen the most good that could possibly have come out of this thread: ArenaNet is aware of the issues, has introduced new security measures, and is investigating the NCsoft Master Account issue.

If you have any further information on the security issues I suggest you contact Regina directly through PM here, or on her wiki page.