GSU Team's Message About Account Security
Regina Buenaobra
NCsoft has published a message from our Game Surveillance Unit today, regarding account security. For the full message, please go to the NCsoft web site.
Introverted Dimensions
Very helpful, Thank you!
Cale Roughstar
Just a few things.
Really? I would hate to see how bad things would be if there were any less effort.
Are you serious? That sounds like a complete denial that anything went wrong on NCSoft's part. The rest of the article is the usual BS telling us how we shouldnt be stupid. Come on, was I just imagining the thread where people were saying that it was possible to get into someone else's NCSoft master account through accidental redirects?
Quote:
| Many of you have noticed the decrease in bots, farmers, and gold spammers as a result of our efforts |
Quote:
| Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
Shayne Hawke
Quote:
| For example, a thread on a third-party Guild Wars forum this New Year's attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that "the only responsible thing NCsoft can do is to shut off their website, as soon as possible." |
@Regina: I would like more of the community to have easy access and awareness to this. Is there any chance that a link to this report could become available at the log-in screen to the game?
HawkofStorms
Cale, that part really isn't directed at GW (which doesn't have a large gold farmer/botter population anyways every since 55 stoped being the most effective farming builds). That post is more in reference to Aion, which has had a good drop in gold spammers (partly due to their filter). Gold sellers aren't going to buy 3 games to get the builds and be able to do the runs that make them even with real players. It's not a problem in GW AT all compared to most other MMOs. We have bots, but they are run by private individuals for achievements like PvP. We do not have a large scale gold seller/botting problem. Which is a far worse situation as it causes inflation and is a major source of account theft.
And nice find Shayne Hawke. I've found quite a few posts in other NCSoft game forums (CoX, Aion) saying how "well, NCSoft blows, but at least A.net was able to fix the problem." A.net is getting some good PR for being the responsible part of the company. Although, really, it was guru that found and helped fix most of those vulnerabilities. Give yourself a pat on the back guru community.
Edit: Recanting the second paragraph. Only glanced at the statement for 10 seconds before going to work. I now realize what a slap in the face it is.
And nice find Shayne Hawke. I've found quite a few posts in other NCSoft game forums (CoX, Aion) saying how "well, NCSoft blows, but at least A.net was able to fix the problem." A.net is getting some good PR for being the responsible part of the company. Although, really, it was guru that found and helped fix most of those vulnerabilities. Give yourself a pat on the back guru community.
Edit: Recanting the second paragraph. Only glanced at the statement for 10 seconds before going to work. I now realize what a slap in the face it is.
Kattar
Quote:
| It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that "the only responsible thing NCsoft can do is to shut off their website, as soon as possible. |
Relevant bits bolded.
Further on:
Quote:
| our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. |
Deviant Angel
Changes coming in the next few months? Some of the things we ask for, like email confirmation before changing passwords, shouldn't take months.
KiyaKoreena
Quote:
| Don't run programs designed by third parties for use with our games. |
Dzjudz
Quote:
|
Originally Posted by KiyaKoreena
Then PLEASE give us an official multi-launcher. Give us a switch for high rez textures everywhere.
|
Winterclaw
...
...
...
My opinion on this statement, and it is only an opinion, is that NCsoft is making this statement on the matter in order to reduce their risk of legal liability and nothing else.
...
...
My opinion on this statement, and it is only an opinion, is that NCsoft is making this statement on the matter in order to reduce their risk of legal liability and nothing else.
Riot Narita
Do they really expect us to believe that they take account security seriously?
When their website has been there for all to see, for HOW LONG, with below-industry-standard "features" like NOT asking for old password before allowing you to set a new password, sending you an alert email AFTER your password was changed etc? Only a bunch of incompetent clowns would have made that system in the first place. Never mind LEAVE it there so long.
I find their message insulting.
When their website has been there for all to see, for HOW LONG, with below-industry-standard "features" like NOT asking for old password before allowing you to set a new password, sending you an alert email AFTER your password was changed etc? Only a bunch of incompetent clowns would have made that system in the first place. Never mind LEAVE it there so long.
I find their message insulting.
MisterB
Quote:
|
Originally Posted by Katsumi
Umm, I'm pretty sure they're brushing off anything we mentioned as nothing of value.
|
The Drunkard
Quote:
|
Many of you reading this letter are experienced online game players. You've heard the "don't do this" and "don't click that" and "don't run that thing" warnings over and again, you're not dumb, you'd never get your account stolen simply because you know better. You're wrong. I know this because I know many people who thought they knew better--people who work in the gaming industry, and have done so for years, and still tried to log in one day and found their password changed and someone else logged into their account cleaning out their inventory. |
Arduin
So the reports about the supposed security hole in the NCSoft Master Account were all faked?
Shakti
......wow.......
The use of the phrases Katsumi pointed out like "supposedly" and "alarmist" especially read in context say to me "you guys are wrong, nothing to see here"...what utter crap.
Sorry, personally I put more faith in the long term dedicated players and mods who located this security problem than the head-in-the-sand people who have continually ignored the problems covering their asses. This problem DOES exist, people are hacked daily. Most may be from the causes he listed...but not all are.
I have been a GW fan girl for years...my husband and I bought Proph around 2 weeks after release. I love the game and have been excited about GW2, but if this condescending pile of steamy crap is NCsoft's idea of "official response"....think we may pass.
The use of the phrases Katsumi pointed out like "supposedly" and "alarmist" especially read in context say to me "you guys are wrong, nothing to see here"...what utter crap.
Sorry, personally I put more faith in the long term dedicated players and mods who located this security problem than the head-in-the-sand people who have continually ignored the problems covering their asses. This problem DOES exist, people are hacked daily. Most may be from the causes he listed...but not all are.
I have been a GW fan girl for years...my husband and I bought Proph around 2 weeks after release. I love the game and have been excited about GW2, but if this condescending pile of steamy crap is NCsoft's idea of "official response"....think we may pass.
Gigashadow
I see nothing there that indicates NCSoft is going to stop designing their games (like Aion, Lineage 2) in such a way that it encourages players to RMT.
Also check this thread out http://www.aionsource.com/forum/aion...aion-poop.html
"We have reactivated the game account.
Further violations on this account, committed by anyone for any reason, may require us to close it permanently, so please take extra care to avoid association with activities prohibited by the User Agreement."
So even if someone got hacked to due NCSoft security flaws in the first place, too bad; anything else that happens to that account, regardless of whose fault it is, means permaban.
What a terrible company.
Also check this thread out http://www.aionsource.com/forum/aion...aion-poop.html
"We have reactivated the game account.
Further violations on this account, committed by anyone for any reason, may require us to close it permanently, so please take extra care to avoid association with activities prohibited by the User Agreement."
So even if someone got hacked to due NCSoft security flaws in the first place, too bad; anything else that happens to that account, regardless of whose fault it is, means permaban.
What a terrible company.
Highlander Of Alba
Well the Guys are trying you have to look at the big picture here..
The main thing that happened was when Aion got launched they were inundated with Bots .gold sellers ect.
This is a Joint Statement concerning all games under the NCSift umbrella ..not only GW..
There message although does not assist ones who have been attacked or buying things from other sources..namley gold sellers in Aion./Bots /Powerleveling...note the 3 parts its mainly Aion
So guys they have came out and made a statement,...you know what this all died down until we see the release of a statement by NCSoft not Arenanet
The main thing that happened was when Aion got launched they were inundated with Bots .gold sellers ect.
This is a Joint Statement concerning all games under the NCSift umbrella ..not only GW..
There message although does not assist ones who have been attacked or buying things from other sources..namley gold sellers in Aion./Bots /Powerleveling...note the 3 parts its mainly Aion
So guys they have came out and made a statement,...you know what this all died down until we see the release of a statement by NCSoft not Arenanet
Gennadios
Quote:
|
Originally Posted by Katsumi
Umm, I'm pretty sure they're brushing off anything we mentioned as nothing of value.
|
The fact that they even gave GURU lip service speaks volumes.
They can brush of all the want in their official notices, but they heard, and they're scared
Junato
Sometimes I think people don't bother speaking in terms that everyone would understand...
Jenn
My, what cynics you all are ; ).
Of course articles such as Jennings' will contain some sort of 'political' agenda, but in the grand scheme, the intent comes from a good place. They hear us - heck - they even quoted one of us. Our words are not going unread. True, we can point fingers at mistakes, but they can also do it to us (yes - I'm looking at all you people who leave your account open to vulnerabilities).
This isn't meant to play kiss-ass for NCSoft - organizations are never even close to perfect, especially with a convoluted structure of departments. If we snap our fingers, changes won't - believe it or not - happen overnight. When you deal with the many thousands of people that they do, with all sorts of details and complications, there is hardly a simple fix at the switch of a button. It is not unreasonable for their time-line to be estimated in weeks, or even months.
It is our account security but worse things could go wrong if they hasten a response. How many of you guys have actually seen the structure behind the interface we see, both for the website and multiple games they create? At best, it is organized chaos. One fix here could result in a bug there, or another vulnerability elsewhere, etc. etc. Trust me - you want these people to be as meticulous as the can.
Thanks for looking into it and hearing us. You guys aren't perfect, the gamers aren't perfect. Sometimes you guys screw shit up and so do we. Let's call it even?
Of course articles such as Jennings' will contain some sort of 'political' agenda, but in the grand scheme, the intent comes from a good place. They hear us - heck - they even quoted one of us. Our words are not going unread. True, we can point fingers at mistakes, but they can also do it to us (yes - I'm looking at all you people who leave your account open to vulnerabilities).
This isn't meant to play kiss-ass for NCSoft - organizations are never even close to perfect, especially with a convoluted structure of departments. If we snap our fingers, changes won't - believe it or not - happen overnight. When you deal with the many thousands of people that they do, with all sorts of details and complications, there is hardly a simple fix at the switch of a button. It is not unreasonable for their time-line to be estimated in weeks, or even months.
It is our account security but worse things could go wrong if they hasten a response. How many of you guys have actually seen the structure behind the interface we see, both for the website and multiple games they create? At best, it is organized chaos. One fix here could result in a bug there, or another vulnerability elsewhere, etc. etc. Trust me - you want these people to be as meticulous as the can.
Thanks for looking into it and hearing us. You guys aren't perfect, the gamers aren't perfect. Sometimes you guys screw shit up and so do we. Let's call it even?
The Drunkard
Quote:
|
Originally Posted by Highlander Of Alba
Well the Guys are trying you have to look at the big picture here..
The main thing that happened was when Aion got launched they were inundated with Bots .gold sellers ect. This is a Joint Statement concerning all games under the NCSift umbrella ..not only GW.. There message although does not assist ones who have been attacked or buying things from other sources..namley gold sellers in Aion./Bots /Powerleveling...note the 3 parts its mainly Aion So guys they have came out and made a statement,...you know what this all died down until we see the release of a statement by NCSoft not Arenanet |
Diana Belevere
So..They're denying what people have actually proven? :| I'm pretty sure people around here wouldn't lie about account security and problems with the website. Honestly, what would it get them if they did? :|
So anyone feel inclined to write to Kotaku, but I'm guessing they'll side with NCSOFT and completely the email completely. What do you guys think?
I really wish Anet would find a way to break away from NCSOFT. *sigh*
So anyone feel inclined to write to Kotaku, but I'm guessing they'll side with NCSOFT and completely the email completely. What do you guys think?
I really wish Anet would find a way to break away from NCSOFT. *sigh*
Karate Jesus
Quote:
|
Originally Posted by Illfated Fat
Of course articles such as Jennings' will contain some sort of 'political' agenda, but in the grand scheme, the intent comes from a good place. They hear us - heck - they even quoted one of us. Our words are not going unread. True, we can point fingers at mistakes, but they can also do it to us (yes - I'm looking at all you people who leave your account open to vulnerabilities).
|
I'm glad that we're being listened to. That's nice, but it doesn't change the fact that he basically called all of us liars.....
Gennadios
Quote:
|
Originally Posted by Karate Jesus
I'm glad that we're being listened to. That's nice, but it doesn't change the fact that he basically called all of us liars.....
|
If anything it caps, bolds, and underlines the fact that Koreans have inept customer service, utterly condescending PR, and NCSoft in general is a shit company.
Don't take it personally, NCSoft is like a kid /w turrets. It can't help itself. Believe what it does, not what it says.
Enon
All I saw was a big wall of a text with a finger pointing towards me, while it should be pointing in the other direction.
cosyfiep
just remember folks, that ncsoft is the SAME company that will be bringing to you guildwars 2 (through anet, though they will still be doing the 'security' etc)......no doubt their customer service, security etc WILL NOT CHANGE anytime soon----so we can all speak to them where it counts----the wallet!!!!!!
we are just a bunch of idiots
, however, we BUY the product and we can decide if we want to throw our money at a company who treats us this way, or take our business elsewhere (remember the thread where someone looked up the BBB report on ncsoft???? they have one of the worst rating possible)...
we are just a bunch of idiots
, however, we BUY the product and we can decide if we want to throw our money at a company who treats us this way, or take our business elsewhere (remember the thread where someone looked up the BBB report on ncsoft???? they have one of the worst rating possible)...
Karate Jesus
Quote:
|
Originally Posted by Gennadios
Don't take it personally, NCSoft is like a kid /w turrets. It can't help itself. Believe what it does, not what it says.
|
And I wasn't planning on buying GW2 anyway, so NCSoft slapping us in the face doesn't really bug me all that much. I do think it's funny, but that's about it.
Actually, it's also pretty hilarious that half the wikipedia entry for NCSoft is about their controversies and poor customer satisfaction (http://en.wikipedia.org/wiki/NCsoft)
Btw, if anyone wants to start a petition to boycott GW2 unless Anet leaves NCsoft, then I'm more than ready to sign up. I'd buy GW2 if NCsoft wasn't involved, but watching how this has played out over the years makes me less than enthusiastic to buy another NCsoft game.
MisterB
Quote:
|
Originally Posted by Karate Jesus
he basically called all of us liars.....
|
Quote:
| no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
Read between the lines of that quote. Bolded emphasis on the relevant bits. Don't expect an admission of fault, but they don't completely deny all security vulnerabilities. Or maybe I'm reading it wrong.
edit: The use of the word "critical" before vulnerabilities and the use of "potential weaknesses' is what I am referring to here. These adjectives are qualifiers, or at least that is the way I read and interpret them.
Faer
Quote:
|
Originally Posted by Deviant Angel
Changes coming in the next few months? Some of the things we ask for, like email confirmation before changing passwords, shouldn't take months.
|
Saph
This seems like one big blame game to me. Everyone is pointing fingers, yet no one is willing to say "Yes, we screwed up majorly". And on that note, I hardly think a mass amount of players had a brain fart that allowed so many accounts to get hacked around the same time. It's not adding up, not at all.
Lord Dagon
i agree w/ what alot of people are saying here,, i feel like i just got hit upside the head for doing something wrong... You shouldnt feel that way after you get a "comfirmation" from a company. And, i think its just wrong they can blantently just say preety much that we all lied about getting into other people's accounts from THEIR website. Its preety much like saying "well we looked into this matter but we didnt find anything in our 10min search so, by defult, your all wrong." its just not right. Its exactly like them saying(although on a much less severve scale) that their servers dont cause lag spikes. WE all know that it isnt entierly all their fault but we know alot of the time it is, yet they refuse to even acknoledge this as a fact. So thanks NCsoft, i enjoyed getting called a liar by your paralegals. It was really fun, glad i could give you that great feeling like you got something done(especially since ive had the game since it first came out).
Winterclaw
Quote:
|
Originally Posted by Theocrat
They must first hire people they are sure can do the job. It is no secret that the web development teams at NCSoft and their subsidiaries are less than amazing at what they do. From ArenaNet not understanding simple vBulletin settings to NCSoft breaking their code in a way that allows you to randomly access the accounts of others, it's clear that there is a shortage of knowledgeable employees in somebody's department. The art and design teams may be great, but the web developers are a joke.
|
Good employees require good pay/benefits. Good programs require good QA. Good QA requires a committed management and not being the low people on the corporate totem pole.
In other words NCsoft would have to do a lot of expensive internal changes.
Black Metal
That GSU message was nothing more than a glorified version of the login messages stating not to use 3rd party software, don't fall for phishing attempts, etc etc. Pretty tired stuff in light of what we know to be proven and true (that the recent deluge of account thefts are due to NCSoft security holes). And again we, their paying customers, have been cast as idiotic children.
Also we can see Regina for who she is: a schill for corporate hq, not our advocate. But we already knew that.
So despite this trumped-up press release-esque GSU garbage, it's more of the same: denials, blame-shifting, and ass covery.
edit: vv LOL at Cluebag vv
Also we can see Regina for who she is: a schill for corporate hq, not our advocate. But we already knew that.
So despite this trumped-up press release-esque GSU garbage, it's more of the same: denials, blame-shifting, and ass covery.
edit: vv LOL at Cluebag vv
Cluebag
Hmm, was I dreaming, or didn't I read somewhere that Linsey's account was compromised as well?
You hear that Linsey, you big dummy? Stop using bots, buying in-game money, downloading keyloggers and all that other stuff that must have happened, since NCSoft security is bulletproof. We alarmists will be minding our own business/erroneous concerns over here while you sort your "doing-it-wrong" self out...
/rollseyes
Quote:
|
Originally Posted by Mr. Condescending NCSoft GM Man
So how you can protect yourself from the sort of constant attacks that we've been seeing?
Many of you reading this letter are experienced online game players. You've heard the "don't do this" and "don't click that" and "don't run that thing" warnings over and again, you're not dumb, you'd never get your account stolen simply because you know better. You're wrong. I know this because I know many people who thought they knew better--people who work in the gaming industry, and have done so for years, and still tried to log in one day and found their password changed and someone else logged into their account cleaning out their inventory. Don't share your password with anyone.Don't let your friends log in to your game account. Don't use bots. Ever. Don't buy in-game money. Don't use power-leveling services. Don't run programs designed by third parties for use with our games. Beware of phishing. Beware of keylogger links on forums. Protect your system. Don't use the same password for your game account that you use on Internet forums. |
/rollseyes
Faer
Quote:
|
Originally Posted by Cluebag
Hmm, was I dreaming, or didn't I read somewhere that Linsey's account was compromised as well?
|
Bob Slydell
Quote:
|
Originally Posted by Enon
All I saw was a big wall of a text with a finger pointing towards me, while it should be pointing in the other direction.
|
HawkofStorms
Hmm... now that I've actually had a chance to read into this... what a load of crap. Next time, run stuff past legal first before posting it. Flat out lying and saying there are no security vulnerabilities when there are is just asking for a class action against you.
Bob Slydell
Quote:
|
Originally Posted by HawkofStorms
Hmm... now that I've actually had a chance to read into this... what a load of crap. Next time, run stuff past legal first before posting it. Flat out lying and saying there are no security vulnerabilities when there are is just asking for a class action against you.
|
LOL if a class action suit comes I'd laugh hard for the next 100 years.
Lycan Nibbler
Quote:
|
Originally Posted by Illfated Fat
Thanks for looking into it and hearing us. You guys aren't perfect, the gamers aren't perfect. Sometimes you guys screw shit up and so do we. Let's call it even?
|
StormDragonZ
I should be ashamed of myself for even thinking NCSoft's security was problematic to begin with.
/sarcasm
Actually, now that I think about it, this almost makes me think buying GW2 is a bad thing. If I buy and play it, I'll somehow GO RED ENGINE myself up. If it's our fault for the problems that are what they are now, I guess making it happen again would be bad. I will do a good deed of not buying GW2 so this injustice never happens again.
Oh yeah, before I forget, I don't do any of that botting and/or buying in-game money, so in the general sense, everyone gets blamed for someone else's stupidity. Thanks a lot, NCSoft. Hope you feel good about yourselves now.
My apologies if anyone are offended by my comments.
/sarcasm
Actually, now that I think about it, this almost makes me think buying GW2 is a bad thing. If I buy and play it, I'll somehow GO RED ENGINE myself up. If it's our fault for the problems that are what they are now, I guess making it happen again would be bad. I will do a good deed of not buying GW2 so this injustice never happens again.
Oh yeah, before I forget, I don't do any of that botting and/or buying in-game money, so in the general sense, everyone gets blamed for someone else's stupidity. Thanks a lot, NCSoft. Hope you feel good about yourselves now.
My apologies if anyone are offended by my comments.