Gaile LF people who experience NCSMA glitch.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

06 Jan 2010 at 19:09 - 1
She wants to contact the people who claimed they managed to log onto stranger's NCSoft master account. Remember this is not the same thing as the Aion website glitch.

Posting for exposure. Mods feel free to merge into the sticky I guess.

Quote:
Oh, you can be sure the code is being scoured, as well. But when issues get reported, there's great value in direct replication and testing, so that's what the team member did (and is probably still doing). In addition to the logging that was put in place, we're just not seeing a single instance of switching between NCMAs through any means.

I'm still hoping to hear from someone who stated that he or she experienced this issue. They can get in touch with me, Regina, Martin, or support. I'm still hopeful that the two or three people who claimed they have personally experienced a switch between NCMAs will contact one of us. Right now, testing can't find it, logging doesn't see it, and no one has stepped forward to provide details. -- Gaile 18:31, 4 January 2010 (UTC)
Quote:
Yes, there are a few of people claiming personal experience with this, but as far as I know, none of them have stepped forward to discuss the matter with us, the people who are the path to testing and resolution. (I believe Regina may have gotten some rather vague info, but as far as I know, none of us have enough details to be worthwhile.)

I have made it very clear that we welcome the reports of people who have experienced this glitch. PMs have been sent. Posts have been made. And info is still not forthcoming. If you or someone you know experienced this situation -- actually personally experienced this situation -- please write me at [email protected]. Thanks. -- Gaile 06:57, 6 January 2010 (UTC)

Hells Fury

Hells Fury

Krytan Explorer

Join Date: Aug 2009

W/D

06 Jan 2010 at 21:20 - 2
I'm looking forward to see someone stepping up and admitting he was able to log into others accounts (maybe transfer just an ecto or two for rainy days).

Mercesa

Mercesa

Frost Gate Guardian

Join Date: Aug 2009

Netherlands

N/

06 Jan 2010 at 21:22 - 3
OMFG I KNEW THAT I LOST MY ACCOUNT AND IT WAS NOT MY FAULT!

Anyway finally they admit that It's not the player their fault but the company their fault.
Don't hate the player hate the game.

Black Metal

Black Metal

Desert Nomad

Join Date: Jan 2009

N/

06 Jan 2010 at 21:37 - 4
The last time someone stepped up to duplicate a known bug (mapping to Mallyx's outpost), they were greeted with an in-game ban (one of them has posted here about this recently).

MMSDome

MMSDome

Raged Out

Join Date: Sep 2005

06 Jan 2010 at 21:39 - 5
It's a shame I don't remember my NCSoft account username or PW because then I could help out!

MisterB

MisterB

Furnace Stoker

Join Date: Oct 2005

Planet Earth, Sol system, Milky Way galaxy

[ban]

W/

06 Jan 2010 at 21:41 - 6
Quote:
Originally Posted by Black Metal View Post
The last time someone stepped up to duplicate a known bug (mapping to Mallyx's outpost), they were greeted with an in-game ban (one of them has posted here about this recently).
I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.

snoozer80

Wilds Pathfinder

Join Date: Oct 2007

Poland

For Your Entertainment [FYE]

06 Jan 2010 at 21:44 - 7
they may ban those ppl which accidently found that glitch cause they may blame them they stripped those accounts..

Black Metal

Black Metal

Desert Nomad

Join Date: Jan 2009

N/

06 Jan 2010 at 21:49 - 8
Quote:
Originally Posted by MisterB View Post
I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.
It was where you could map right to Mallyx and fight him, instead of having to do all the DOA areas first. Basically you get his green drop and the gemstones, but as legit drops from killing him.

Enko

Forge Runner

Join Date: Jun 2006

VA

Mo/

06 Jan 2010 at 21:55 - 9
Quote:
Originally Posted by MisterB View Post
I think it was the armbrace dupe. As far as I know, mapping to that outpost required hacking the client. Correct me if I am wrong.
fenix and i were banned for about 4 hours after we sent in the duping method. gaile got our accounts fixed almost immediately after we got a message to her.

MisterB

MisterB

Furnace Stoker

Join Date: Oct 2005

Planet Earth, Sol system, Milky Way galaxy

[ban]

W/

06 Jan 2010 at 22:04 - 10
Right. I was posting about 2 separate exploits. The duping one was when 2 guru members duplicated a red dye as pointed out above. Their accounts were returned after the automatic bot ANet ran banned all the duped item accounts.

But as far as I know, it was impossible to map to the Ebony Citadel of Mallyx outpost initially without hacking the client to allow that. Other people could tag along in the party of someone who hacked their client to get there or someone who was "anchored" there from their hall.

Shayne Hawke

Shayne Hawke

Departed from Tyria

Join Date: May 2007

Clan Dethryche [dth]

R/

06 Jan 2010 at 22:10 - 11
Since it seems that the people who are getting logged into this way are people who are logging into their NCSMA from elsewhere, I'm going to put this under "Things To Not Do". No point in trying to crack into someone else's account if it's going to make my own vulnerable at the same time.

Grunntar

Grunntar

Lion's Arch Merchant

Join Date: Apr 2005

06 Jan 2010 at 22:28 - 12
Quote:
Originally Posted by Mercesa View Post
Anyway finally they admit that It's not the player their fault but the company their fault.
Don't hate the player hate the game.
Umm, huh? She is saying that they can't duplicate this, implying that it's not possible. That's about 180 degrees away from "yes, it's possible, and it's our fault..."

I'd recommend that you re-read the original post.

Black Metal

Black Metal

Desert Nomad

Join Date: Jan 2009

N/

07 Jan 2010 at 00:22 - 13
Quote:
Originally Posted by Shayne Hawke View Post
Since it seems that the people who are getting logged into this way are people who are logging into their NCSMA from elsewhere, I'm going to put this under "Things To Not Do". No point in trying to crack into someone else's account if it's going to make my own vulnerable at the same time.
Precisely my point. Say in the near future they figure out how to track who is doing this (say, anyone who has tried to log on 200 times in an hour). Then people trying on Gaile's behalf get thrown into that pool, and poof, you are perma'd.

Besides that, I sure as hell don't want someone to get into my NCSMA by doing Gaile's bidding.

Cuilan

Cuilan

Forge Runner

Join Date: Mar 2008

Me/

07 Jan 2010 at 00:44 - 14
I'm not bothered by there being security related glitch.

I'm not bothered by them not knowing what is wrong.

I am bothered by the fact they are still allowing people to log into their NCsoft accounts. All log ins should have been disabled right when they knew something like this was up. No excuses.

Grunntar

Grunntar

Lion's Arch Merchant

Join Date: Apr 2005

07 Jan 2010 at 01:04 - 15
Quote:
Originally Posted by Cuilan View Post
I am bothered by the fact they are still allowing people to log into their NCsoft accounts. All log ins should have been disabled right when they knew something like this was up. No excuses.
I'm guessing that they don't think that there actually is a problem with the NCsoft accounts (NCMAs). The only people that "know" that there is an problem with the NCMAs is the player base. So from NCsoft's point of view, "why fix it if it ain't broke!"

But even if they did think that there were problems, they wouldn't be able to instantly disable the NCMAs, since there are things that need to happen which depend on these accounts, so at this time, they are required. NCsoft wouldn't be able to disable the master accounts until substitute processes were put into place.

Dzjudz

Dzjudz

Furnace Stoker

Join Date: Jun 2005

gwpvx.com/user:dzjudz

07 Jan 2010 at 01:13 - 16
So Cuilan, when some random person makes a random accusation about guild wars being easily hackable, without actual proof or it being reproducible, anet should just shut down guild wars for all of us? Or do you see how that might be the wrong action?

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

07 Jan 2010 at 01:37 - 17
Just so everybody knows, screenshots of you being inside of somebody else's account aren't good for anything apparently. I'm not exactly sure what they want from the community, really. Anything the community can possibly provide (unless they do some illegal shit to the NCSoft website) is too "vague" and not "worthwhile".


...meh. At least we got that previous password thing in there.

Regina Buenaobra

Regina Buenaobra

ArenaNet

Join Date: Apr 2008

Me/

07 Jan 2010 at 01:55 - 18
Theocrat: Any information provided will be followed up on by the NCsoft security team. At this point they're focusing on trying to replicate the error. Screen shots help, but they just show that there might be a bug, and the security team is digging much deeper, by trying to verify that the error exists. We sincerely appreciate those few people who have provided us with information.

Please keep in mind that, so far, we have discovered no malicious compromises having occurred in the manner described (random account switches). As I told you all before, we have added additional logging and security measures to further strengthen existing processes and preventative systems.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 02:01 - 19
Quote:
Originally Posted by Theocrat View Post
Just so everybody knows, screenshots of you being inside of somebody else's account aren't good for anything apparently. I'm not exactly sure what they want from the community, really. Anything the community can possibly provide (unless they do some illegal shit to the NCSoft website) is too "vague" and not "worthwhile".


...meh. At least we got that previous password thing in there.
I imagine they need stuff like time/date, account names and IPs et al.

Kattar

Kattar

EXCESSIVE FLUTTERCUSSING

Join Date: Mar 2007

SMS (lolgw2placeholder)

Me/

07 Jan 2010 at 02:02 - 20
Automated login scripts and the like don't seem to produce the bug. It's has to be a human doing it. Someone I have no reason to doubt set up a script to do that and was unable to log in. Another person was able to reproduce it first try. Another user reported getting into a different account after a few more tries. Several hundred, I believe.

That may be the reason you haven't been able to reproduce it up to now.

Short of recording everything we do, there's no other proof we can give to you. But we do care about this, that's why some of us put in the work. Take it or leave it.

(I would name names, but I really don't see the need to, especially if it may result in some kind of disciplinary action from NCsoft.)

Zehnchu

Zehnchu

Popcorn Fetish

Join Date: Dec 2005

[GODS]

Mo/Me

07 Jan 2010 at 03:55 - 21
Quote:
Originally Posted by Katsumi View Post
Automated login scripts and the like don't seem to produce the bug. It's has to be a human doing it. Someone I have no reason to doubt set up a script to do that and was unable to log in. Another person was able to reproduce it first try. Another user reported getting into a different account after a few more tries. Several hundred, I believe.
Where they able to reproduce more then once? I've been reading and forgive me if I missed the answer in this fast flowing information.

I also doubt what browser and version they are running and if they have any add-on running might have a bit of influence. But it's just a random thought I had.

Cacheelma

Cacheelma

Desert Nomad

Join Date: Jun 2005

The Ascalon Union

Me/Mo

07 Jan 2010 at 04:34 - 22
I think it's bad enough that it has to be US the customers who found out about this security breach of such big company. Now they're telling us "Proof or it didn't happen"?

I mean, seriously? Can't you find out about it by yourself? You have the G. D. source code in your hands. We don't. Relying on us to point out your mistakes should stay in beta. Your COMPANY is not in beta state anymore.

And Regnobra: I don't know about you, but for me, bugs and errors in softwares or scripts are practically the same thing: FLAWS that should be fixed.

Arkantos

Arkantos

The Greatest

Join Date: Feb 2006

W/

07 Jan 2010 at 04:50 - 23
Quote:
Originally Posted by Regina Buenaobra View Post
Theocrat: Any information provided will be followed up on by the NCsoft security team. At this point they're focusing on trying to replicate the error. Screen shots help, but they just show that there might be a bug, and the security team is digging much deeper, by trying to verify that the error exists. We sincerely appreciate those few people who have provided us with information.

Please keep in mind that, so far, we have discovered no malicious compromises having occurred in the manner described (random account switches). As I told you all before, we have added additional logging and security measures to further strengthen existing processes and preventative systems.
What proof would you like us to give you? I mean, I've heard from multiple reliable sources that they've randomly logged into a random NCSoft account who can provide screenshots, which isn't enough proof. People on multiple fansites (both GW and Aion) have claimed to have logged into random accounts. My Aion account was hacked (good thing I quit ) and I'm 100% sure that my computer is clean and that I'm not at fault. Whether NCSoft wants to admit it or not, it exists. I'll sit at my computer for hours recording me logging in and out of my master account until the bug occurs if that's enough proof. Just please, please, don't tell me this is a 'proof or it doesn't exist' situation. It does exist.

On another note, thanks a lot for the added GW security.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 06:31 - 24
Quote:
Originally Posted by Arkantos View Post
What proof would you like us to give you? I mean, I've heard from multiple reliable sources that they've randomly logged into a random NCSoft account who can provide screenshots, which isn't enough proof. People on multiple fansites (both GW and Aion) have claimed to have logged into random accounts. My Aion account was hacked (good thing I quit ) and I'm 100% sure that my computer is clean and that I'm not at fault. Whether NCSoft wants to admit it or not, it exists. I'll sit at my computer for hours recording me logging in and out of my master account until the bug occurs if that's enough proof. Just please, please, don't tell me this is a 'proof or it doesn't exist' situation. It does exist.

On another note, thanks a lot for the added GW security.
I do not think they are 'demanding proof' specifically. If just one person who claims they experienced this bug would E-mail Gaile, she could ask the questions she needs to ask(I am guessing info like date/time ips ect) and may be able to look at it from their side(server-side) and figure the situation out.

It has been days and as of her post this morning, not one person has come forward. Why?

I do not think anyone has to worry about being banned.

Cacheelma

Cacheelma

Desert Nomad

Join Date: Jun 2005

The Ascalon Union

Me/Mo

07 Jan 2010 at 06:43 - 25
Quote:
Originally Posted by Lucci_Slevin View Post
I do not think they are 'demanding proof' specifically. If just one person who claims they experienced this bug would E-mail Gaile, she could ask the questions she needs to ask(I am guessing info like date/time ips ect) and may be able to look at it from their side(server-side) and figure the situation out.

It has been days and as of her post this morning, not one person has come forward. Why?

I do not think anyone has to worry about being banned.
Theocrat's post seems to imply that screenshots are sent to Anet and NCSoft already. And I'd imagine that honest people who have found this bug didn't really record the date/time and IP when it happened, as they'd think it's some kind of an accident or internet hiccups. She shouldn't expect us to have done that to begin with, really. And what would that prove? That these people lied becuase..hmm.. they can't remember the exact date/time and their IP addresses when such thing happened?

Please. It's "demanding proof" alright.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 06:46 - 26
Quote:
Originally Posted by Cacheelma View Post
Theocrat's post seems to imply that screenshots are sent to Anet and NCSoft already. And I'd imagine that honest people who have found this bug didn't really record the date/time and IP when it happened, as they'd think it's some kind of an accident or internet hiccups. She shouldn't expect us to have done that to begin with, really. And what would that prove? That these people lied becuase..hmm.. they can't remember the exact date/time and their IP addresses when such thing happened?

Please. It's "demanding proof" alright.
What could it hurt? Gaile does not bite.

P.S.- I do not know what kind of questions she wants to ask, I was just guessing. But if one of these people e-mail her we might all find out.

Enko

Forge Runner

Join Date: Jun 2006

VA

Mo/

07 Jan 2010 at 06:53 - 27
Quote:
Originally Posted by Lucci_Slevin View Post
What could it hurt? Gaile does not bite.
lucci, cacheelma said that screenshots and such were probably already sent to anet and ncsoft. what probably wasn't sent were exact date/times and the ip address they were on or accessing. do you constantly keep an ip recorder on? unless you were actually looking to try to reproduce this and recorded all of your actions (such as arkantos said he would even be willing to do if that's what it took), you wouldn't have that information.

what's annoying the community now is that they are saying "we can't reproduce it, so as far as we're concerned, it doesn't exist" even though multiple people who I consider reliable have already told them.

Quote:
Originally Posted by Lucci_Slevin View Post
P.S.- I do not know what kind of questions she wants to ask, I was just guessing. But if one of these people e-mail her we might all find out.
also have you thought that maybe no one has posted in this thread because they have been messaging them? just because its not posted on a forum thread, does not mean that the information wasn't sent in.

do you know that NO ONE has sent anything in? are you somehow magically connected to the mind of every person on guru?

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 07:13 - 28
Quote:
Originally Posted by Enko View Post
also have you thought that maybe no one has posted in this thread because they have been messaging them? just because its not posted on a forum thread, does not mean that the information wasn't sent in.

do you know that NO ONE has sent anything in? are you somehow magically connected to the mind of every person on guru?
I am aware of that possibly.

I said:
Quote:
It has been days and as of her post this morning, not one person has come forward. Why?
Your post seems to imply I was ignoring the possibility. Not at all.

What bothers me is today(Jan6) was not the first day she asked for people to contact her. (Jan2) was the first time. And again on (Jan4). Between the the 2nd and the 6th no one emailed. Maybe they did not know, but she is looking for them.

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

07 Jan 2010 at 07:33 - 29
Quote:
Originally Posted by Lucci_Slevin View Post
It has been days and as of her post this morning, not one person has come forward. Why?
Because that isn't true. At all.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 07:35 - 30
Quote:
Originally Posted by Theocrat View Post
Because that isn't true. At all.
Did you E-mail her?

P.S.- If you did not. Do it. I promise she won't bite.

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

07 Jan 2010 at 07:39 - 31
No. If you'll recall, I already explained to you that Gaile ignores me, and other people who directly gave her information on the wiki. I did, however, go to Regina with what we had available (on Jan 03, 2010, 5:18AM EST, in case that is of interest to you) . She, at least, was willing to give us the time of day - and I really must thank her for that.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 07:42 - 32
Quote:
Originally Posted by Theocrat View Post
No. If you'll recall, I already explained to you that Gaile ignores me, and other people who directly gave her information on the wiki. I did, however, go to Regina with what we had available (on Jan 03, 2010, 5:18AM EST, in case that is of interest to you) . She, at least, was willing to give us the time of day - and I really must thank her for that.
Well just try that E-mail in the OP. I am sure she will not ignore you on this.

Sierraa

Sierraa

Supastar~ ???

Join Date: May 2006

USA [GMT -7]

Sierraas Asian Harem [love]

Me/

07 Jan 2010 at 07:43 - 33
Quote:
Originally Posted by Lucci_Slevin View Post
I do not think they are 'demanding proof' specifically. If just one person who claims they experienced this bug would E-mail Gaile, she could ask the questions she needs to ask(I am guessing info like date/time ips ect) and may be able to look at it from their side(server-side) and figure the situation out.

It has been days and as of her post this morning, not one person has come forward. Why?

I do not think anyone has to worry about being banned.
It's not really worthy of a thread to be like: LOL DONT WORRY GUYS. I EMAILED HER.

Sorry, it's really none of your business. :P

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

07 Jan 2010 at 07:48 - 34
Quote:
Originally Posted by Lucci_Slevin View Post
Well just try that E-mail in the OP. I am sure she will not ignore you on this.
I am sure I'd rather discuss the matter with people who care more about pressing community issues than missing masks and talking frogs. Gaile has ignored the things that matter far too many times for myself and many others to even bother anymore. A Support Liaison should not casually disregard things of this magnitude.

Regina has everything Guru has to offer. I have faith that she can handle passing it around the office.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 07:48 - 35
Quote:
Originally Posted by Sierraa View Post
It's not really worthy of a thread to be like: LOL DONT WORRY GUYS. I EMAILED HER.

Sorry, it's really none of your business. :P
Well you would not need to make a thread yourself. She would undoubtedly post a public response herself on the wiki afterwords.

shoyon456

shoyon456

Desert Nomad

Join Date: Jul 2006

D/

07 Jan 2010 at 07:49 - 36
I don't know whether this is true or not, and there's no reason why I'd want to test such a thing. But I still have some faith in Anet, and it is possible the vulnerability was exaggerated. It may be possible that they didn't try replicating it manually, which I doubt, or there is a difference in their system that can't replicate it.

Either way, since Anet has been working extensively trying to find these vulnerabilities, I am now looking at this a bit more skeptically. Unless you were able to do it yourself (in which case you should talk to Anet support), then I don't think we are in a position to be pointing fingers or crying foul, especially since Anet has been working very hard and continues to test this potential vulnerability despite not being able to reproduce it after many attempts over many days.

Cacheelma

Cacheelma

Desert Nomad

Join Date: Jun 2005

The Ascalon Union

Me/Mo

07 Jan 2010 at 07:51 - 37
Quote:
Originally Posted by Lucci_Slevin View Post
Well just try that E-mail in the OP. I am sure she will not ignore you on this.
Who are you to know such thing? The Frog?

Don't answer that.

Faer

Faer

La-Li-Lu-Le-Lo

Join Date: Feb 2006

07 Jan 2010 at 07:51 - 38
Quote:
Originally Posted by shoyon456 View Post
But I still have some faith in Anet
This is an NCSoft issue, not an ArenaNet one. Besides the usual mishaps and mayhem, we're all still pretty solid in our belief that ArenaNet can get things done with their game, one way or the other. It's NCSoft we can't trust any more than a politician, especially given that this is not the first time their security has been a huge joke.

Sierraa

Sierraa

Supastar~ ???

Join Date: May 2006

USA [GMT -7]

Sierraas Asian Harem [love]

Me/

07 Jan 2010 at 07:56 - 39
Quote:
Originally Posted by Lucci_Slevin View Post
Well you would not need to make a thread yourself. She would undoubtedly post a public response herself on the wiki afterwords.
You missed my point completely. It's none of YOUR business if we emailed her or not. It's really none of guru's business either be it thread or a post. It's for the parties involved.

Gaile has failed to post a public response for other questions that have been posted, I'm sure she'd forget to read mine since I'm not thankful of what she does. :] sorry.

Lucci_Slevin

Frost Gate Guardian

Join Date: Nov 2008

Liars Cheats and Thieves

07 Jan 2010 at 08:20 - 40
Well if you guys will not budge on this, I will leave it be.

But the fact remains they were looking to talk to you directly since January 2nd. The day after that thread popped up.