So You've Been Hacked...
http://bifftheunderstudy.wordpress.c...e-been-hacked/
GSU Team's Message About Account Security
Miscreant_Moon
greenthumb
Quote:
| We have a team of security professionals with years of experience in massively multiplayer games and online security in Seoul, Seattle, Austin, and Brighton that is striving to make our servers as secure as they can be. Any vulnerability that is discovered is addressed and fixed. |
I don't believe there's been adequate accountability on the part of NCsoft (or at least not publicly acknowledged). The additional security measure taken on New Year's Day seemed to address an obvious, glaring security hole. I'm not an IT or security specialist, but the ability to change GW account credentials without any authentication or control (in that event that the NCsoft master account was compromised) seems like a fairly obvious security hole. E.g., a player might've had lax account credentials for the NCMA (sharing login and password on a compromised site), but might've maintained a strong unique password for their GW account, but that wouldn't necessarily matter and could be circumvented easily because of the NCMA security design.
That issue seemed to be a noted issue since at least October from what I can glean. I just wonder how many account thefts could've been prevented if NCsoft took that measure earlier rather it require major escalation on New Year's Day to make such a change.
Given NCsoft has so many security professionals with so many years of experience, I do wonder why it took months for such an obvious security hole to be addressed (obvious to a layperson such as myself). Players need to be educated and do more, but with a large population of players, there will be varying levels of sophistication. Lapses by players which might enable their accounts to be compromised doesn't excuse NCsoft from their own conduct or failure to act that facilitates player accounts to be compromised.
End
Quote:
|
Originally Posted by Regina Buenaobra
NCsoft has published a message from our Game Surveillance Unit today, regarding account security. For the full message, please go to the NCsoft web site.
|
Edit: I have nothing against anet in terms of security I commend them on their fast action adding in a new security feature before ncsoft even began to look at the issue.
isildorbiafra
I take this like the bimonthly skillupdate and every other thing they said they were going to do; but never did. All lies!
Cacheelma
Quote:
|
Originally Posted by Illfated Fat
This isn't meant to play kiss-ass for NCSoft
|
But to be honest this whole thing is really tiring. Let's not open this can of worm again. I don't see any good coming out of it anytime soon.
Martin Alvito
Quote:
| As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
Quote:
| We'll continue to audit our systems, and you will see some dramatic changes in the next few months. NCsoft views account security as a very important matter. |
Gun Pierson
Quote:
|
Originally Posted by Cluebag
You hear that Linsey, you big dummy? Stop using bots, buying in-game money, downloading keyloggers and all that other stuff that must have happened, since NCSoft security is bulletproof. |
To NCSoft...Yes there's a war going on I agree with that, but it has been going on for years. Yes we must all fight it together, but in case you didn't know, the grunts are fighting for months now and where the hell were you? More so, people changed their passwords after the alarming message on the GW log in screen and many got their account raped after that action. But you didn't fool me, same old password since release thank you. However you did trick me into getting the free storage pane which forced me to link my GW account to an NCSoft main account. Which reminds me, I saw a thread about a list with accounts info that was stolen somehow.
People got wrong support tickets and so on. So I'm not sure what you can do for us in this war as from what I understand it will take some time before the extra security or whatever it is you talk about gets into operating mode.
You make Anet and the players look bad NCSoft and I didn't even like you before all this. If it wasn't for GW2, I would never buy a product from you again.
YunSooJin
Quote:
|
Originally Posted by Illfated Fat
My, what cynics you all are ; ).
Of course articles such as Jennings' will contain some sort of 'political' agenda, but in the grand scheme, the intent comes from a good place. They hear us - heck - they even quoted one of us. Our words are not going unread. True, we can point fingers at mistakes, but they can also do it to us (yes - I'm looking at all you people who leave your account open to vulnerabilities). This isn't meant to play kiss-ass for NCSoft - organizations are never even close to perfect, especially with a convoluted structure of departments. If we snap our fingers, changes won't - believe it or not - happen overnight. When you deal with the many thousands of people that they do, with all sorts of details and complications, there is hardly a simple fix at the switch of a button. It is not unreasonable for their time-line to be estimated in weeks, or even months. It is our account security but worse things could go wrong if they hasten a response. How many of you guys have actually seen the structure behind the interface we see, both for the website and multiple games they create? At best, it is organized chaos. One fix here could result in a bug there, or another vulnerability elsewhere, etc. etc. Trust me - you want these people to be as meticulous as the can. Thanks for looking into it and hearing us. You guys aren't perfect, the gamers aren't perfect. Sometimes you guys screw shit up and so do we. Let's call it even?  |
thedarkmarine
Quote:
|
Originally Posted by Martin Alvito
Don't insult my intelligence. It makes me very angry.
See, the issue is that if there weren't problems, you would not take action. Action is costly, so you wouldn't expend resources on the site unless you thought the downside risk from not taking action was greater than the cost of taking action. Your behavior reveals that your denial is a lie. |
Lord Dagon
And you know what the sadest thing about this is? even past the account secrutiy adn their blatent lie that NCSoft has no flaws? its that Neither Martine or Regina will ever read the thread that they created ever again. And i mean NEVER. Its just "here you go guys *they go hide in the lead bomb shelter*" . it seems they just want us to sit in our own stew here.. or the fact they truely believed that this conformation would make us happy and start skipping down a nice gold bricked lane. Its the fact that they see us w/ the intelligence of cows and the value of how much crap we buy from them. good day anet *htits them w/ a white glove* its time for war -.-
Kattar
Quote:
|
Originally Posted by Tobi Madera
And you know what the sadest thing about this is? even past the account secrutiy adn their blatent lie that NCSoft has no flaws? its that Neither Martine or Regina will ever read the thread that they created ever again. And i mean NEVER. Its just "here you go guys *they go hide in the lead bomb shelter*" .
|
Martin Alvito
Quote:
|
Originally Posted by thedarkmarine
Every buy insurance?
|
End
Quote:
|
Originally Posted by Katsumi
Regina's reading the thread right now. Just because you can't see her doesn't mean she's not here.
|
I am frankly surprised she even bothered to post in This thread...but its hard to ignore 59 pages of posts....
We'll see what happens here
Kattar
Come come, End, just educating the new user of how the forum works.
Why would they idle in threads all day though? To fool the mod staff?
Eh, I've been watching them enough to know their habits. They have been reading this thread. Sadly you just have to take my word for it.
Why would they idle in threads all day though? To fool the mod staff?
Eh, I've been watching them enough to know their habits. They have been reading this thread. Sadly you just have to take my word for it.
End
Quote:
|
Originally Posted by Katsumi
Why would they idle in threads all day though? To fool the mod staff?
|
Or yeah idling just for gits and shiggles
edit: not to mention anyone can look at how many people are viewing...and checking out how many names it displays...and relies some people be hiding...
Kattar
Quote:
| Actually I've found that this site dosen't update that down there often...had my ex-guild leader listed as reading a thread....two hours after they logged out and closed firefox... |
But regardless, this is a little off topic.
End
Quote:
|
Originally Posted by Katsumi
When you spaz around the forum half the day like I do, back and forth between profiles and threads, it does.
But regardless, this is a little off topic. |
@ChrisWorld below me...last night I think it was one of those ad people was listed as banned with a green dot
Giga_Gaia
What is this pathetic attempt to cover your incompetence, NCSoft? A giant wall of text (that I actually read) which basically tells nothing useful except to say "hey, other companies are being targeted as well so we're not the only ones. Sure Google managed to protect their customers while we still won't admit that we suck at security; but hey it's your fault if you get hacked".
And reading the Aion forums, it's clear that NCSoft really doesn't know how to do business. You never, ever use that kind of attitude like GM Ash did when dealing with your clients. I could go on but what's the point.
And reading the Aion forums, it's clear that NCSoft really doesn't know how to do business. You never, ever use that kind of attitude like GM Ash did when dealing with your clients. I could go on but what's the point.
End
Quote:
|
Originally Posted by Giga_Gaia
You never, ever use that kind of attitude like GM Ash did when dealing with your clients. I could go on but what's the point.
|
Diana Belevere
Quote:
|
Originally Posted by Theocrat
It was indeed. But clearly in her case it was not an issue of her doing something wrong; that only applies to the rest of us.
|
Speaking of Linsey, does anyone have any proof of her supposed hacking? I heard it was posted on her facebook or something like that. I havent seen screenshots or seen it posted anywhere else.
Jenn
Quote:
|
Originally Posted by YunSooJin
Probably give you more perspective if you got hacked and then read that little gem of theirs. Hopefully you will learn to gain perspective simply by using that hypothetical as a mental exercise, although if it still doesnt bring perspective maybe being hacked is what's needed *shrug*.
|
One thing I have learned is that there are at least two sides to every story. It's not just the victims, the antagonists, or NCSoft - it's all of them. All I'm saying is that it's extremely unreasonable to expect anything overnight. I don't think you are qualified to judge whether or not I lack perspective; I'm sure most of us here have lost far more precious things than some silly online items. It just sounds like you're saying I lack your particular perspective.
People do have the right to have high expectations - we are paying them, but NCSoft can't protect everyone, and people aren't perfect. That's all I'm saying
. They've clearly seen what we've had to say, so that is a good thing. I'm merely offering to you another side in all of this since the only thing anyone else here seems content to do is hate on someone/something. We can't change what has happened, and I think they got the message that people are pissed off - why not try and move on to something more constructive? (Or are my hopes too high? 
)Ok, now let's all hold hands and sing a song. Yay optimism!
Chthon
Quote:
| Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
Quote:
|
Originally Posted by Karate Jesus
I'm glad that we're being listened to. That's nice, but it doesn't change the fact that he basically called all of us liars.....
|
Well, if that's their attitude. All I can say is that I'm done with them. I don't care how awesome GW2 looks, I'm never buying another product from NCSoft. Period. It's a shame that a-net, after acting halfway responsible through this mess, ends up caught in the middle, but that's what's going to happen.
Quote:
|
Originally Posted by End
You should just remove the link. Your just gonna piss more people off....
|
Snow Bunny
Arenanet,
You have no credibility or integrity. Re-read that line. You're about as honest as Richard Nixon and I'm being generous here.
You lie (often) to your playerbase/CONSUMER base. You frequently make illogical decisions that defy previously-stated policy.
Your community managers are never straight - they're either duplicitous or stupid or both. They've frequently issued statements that contradict established fact, and they make about-faces as if they're going out of style.
Your product used to be good. Now it's not. Now it's a piece of shit that isn't worth the change in my pocket that I use to buy coffee.
I don't much play your game any more, mainly because your game is terrible and it's bloated, but I stick around partly because I retain a glimmer of hope that someone at your company that has any say in the process isn't goddamn braindead, and partly because it's actually very interesting to watch a company like yours make baffling mistakes on such a frequent basis.
In sum, you're pathetic.
You have no credibility or integrity. Re-read that line. You're about as honest as Richard Nixon and I'm being generous here.
You lie (often) to your playerbase/CONSUMER base. You frequently make illogical decisions that defy previously-stated policy.
Your community managers are never straight - they're either duplicitous or stupid or both. They've frequently issued statements that contradict established fact, and they make about-faces as if they're going out of style.
Your product used to be good. Now it's not. Now it's a piece of shit that isn't worth the change in my pocket that I use to buy coffee.
I don't much play your game any more, mainly because your game is terrible and it's bloated, but I stick around partly because I retain a glimmer of hope that someone at your company that has any say in the process isn't goddamn braindead, and partly because it's actually very interesting to watch a company like yours make baffling mistakes on such a frequent basis.
In sum, you're pathetic.
HawkofStorms
While I'm not as jaded as Snow Bunny, I agree with Chthon that these statements are insulting.
Even though I actually like Aion, I'm thinking of canceling my account over these security issues, so as to not provide any financial support to NCSoft. Obviously, A.net/NCSoft isn't going to admit liability for stolen accounts and credit card information, but to actually lie about it shows complete contempt for your customers.
Even though I actually like Aion, I'm thinking of canceling my account over these security issues, so as to not provide any financial support to NCSoft. Obviously, A.net/NCSoft isn't going to admit liability for stolen accounts and credit card information, but to actually lie about it shows complete contempt for your customers.
YunSooJin
Quote:
|
Originally Posted by Illfated Fat
YSJ,
One thing I have learned is that there are at least two sides to every story. It's not just the victims, the antagonists, or NCSoft - it's all of them. All I'm saying is that it's extremely unreasonable to expect anything overnight. I don't think you are qualified to judge whether or not I lack perspective; I'm sure most of us here have lost far more precious things than some silly online items. It just sounds like you're saying I lack your particular perspective. People do have the right to have high expectations - we are paying them, but NCSoft can't protect everyone, and people aren't perfect. That's all I'm saying . They've clearly seen what we've had to say, so that is a good thing. I'm merely offering to you another side in all of this since the only thing anyone else here seems content to do is hate on someone/something. We can't change what has happened, and I think they got the message that people are pissed off - why not try and move on to something more constructive? (Or are my hopes too high? )Ok, now let's all hold hands and sing a song. Yay optimism! |
I'm not particularly out to pillory ANET/NCsoft - in some ways I couldn't care less, since nothing has happened to me - but to dismiss their shitty service and then to proceed to lecture the community about internet safety (their list btw, is something that has been going around for months) strikes me as an incredibly insensitive, hamfisted approach.
There's a place for optimism, but I think right now its not the right time.
End
Quote:
|
Originally Posted by HawkofStorms
Even though I actually like Aion, I'm thinking of canceling my account, so as to not provide any financial support to NCSoft.
|
I love the game...but...not going to support this...
MagmaRed
This is sad and disappointing. I wonder why Anet would have EVER allowed that NCSoft response be seen, as it insults the customers who worked to PROVE problems in hopes of getting them fixed. I have never been a fan of NCSoft, but I'm QUICKLY losing hope for Anet...... 
pumpkin pie
Yeah! this attacked happened since May last year not over the recent holiday! YOU DID NOT LISTEN ArenaNet! my email has not been reply! GOOD FOR YOU TO GET INTO THIS SHIT.
but thanks for finally trying.
If you want to fight RMT, go to court! make sure all in game items are belong to you and for use by the players and cannot be sold by any third party what so ever!
but thanks for finally trying.
If you want to fight RMT, go to court! make sure all in game items are belong to you and for use by the players and cannot be sold by any third party what so ever!
Giga_Gaia
Quote:
|
Originally Posted by MagmaRed
This is sad and disappointing. I wonder why Anet would have EVER allowed that NCSoft response be seen, as it insults the customers who worked to PROVE problems in hopes of getting them fixed. I have never been a fan of NCSoft, but I'm QUICKLY losing hope for Anet......
|
Either that or these folks really are that naive, to think people would actually believe their lies.
Martin Alvito
Quote:
|
Originally Posted by HawkofStorms
Obviously, A.net/NCSoft isn't going to admit liability for stolen accounts and credit card information, but to actually lie about it shows complete contempt for your customers.
|
The rash of hacks stopped after they finally added additional protections to the in-game password reset mechanism on the NCSoft website. The implication is clear. There was a means of gaining unauthorized access, and accounts were being stolen with the password reset mechanism.
So telling us that they found nothing is an obvious lie, unless the vaunted security team is hopelessly incompetent. People were getting in somehow. Whether the mechanism posted on New Year's was the method is immaterial.
A business relationship is invariably founded on trust. You have to believe that the other party is going to take costly actions in the future that are in your interest. NCSoft has revealed through behavior that the company is not very interested in taking costly actions to guarantee the security of our accounts, and will not take responsibility for its own failings.
In a sense, the problem here is caused by the business model. We don't provide a continuous stream of revenues, so why invest resources in keeping us happy? But that's shortsighted thinking. They want to sell us the next game. Hiring proper support resources is simply a necessary marketing expense.
trialist
Quote:
|
Originally Posted by Martin Alvito
In a sense, the problem here is caused by the business model. We don't provide a continuous stream of revenues, so why invest resources in keeping us happy?
|
Face it, throwing wads of cash in their faces isn't going to solve the sheer incompetence of ncsoft.
Pity that Anet is going to continue to suffer for their association with ncsoft.
Arkantos
Quote:
| Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
LONGA
Pretty much common sense on NC wall of text.Seems like NC don't have much active measure to prevent hack at the moment.
BTW I already stopped playing GW long ago due to technical problems that NC cant find a reasonable answer to me.
BTW I already stopped playing GW long ago due to technical problems that NC cant find a reasonable answer to me.
gone
gonna drop this off here. post/reply #16 is what you want to be looking at.
http://forums.f13.net/index.php?topic=18547.0
http://forums.f13.net/index.php?topic=18547.0
maxxfury
Quote:
|
Originally Posted by flubber
gonna drop this off here. post/reply #16 is what you want to be looking at.
http://forums.f13.net/index.php?topic=18547.0 |
Quote:
| Given how many oversight hoops that article had to jump through to make it on the official site, I hope you all will understand if I can't comment any further on the subject. |
I had to lie my ass off to keep the managment here happy and bs you all just to be allowed to get some kind of response out. now ive been proverbially gagged so the company can try and safe face in light of this farce! btw we RED ENGINE GORED ENGINE GORED ENGINE GORED ENGINE GOed up but arent allowed to admit it.
Turbo Ginsu
I think that ultimately, this stupid statement and all of the angst and righteous indignation being shown here as a direct response to it, vindicate my position, and the position of the many like-minded individuals that have expressed similar thoughts, and given good explanation of the reasons for their feeling that way.
Several times, I and others, have voiced concern over aNet and ncSoft's management of security, and more than anything have voiced our belief that aNet has indeed created something far bigger than they either expected it to be, or possibly, they bit off more than they could chew in respect to being able to provide adequate support, bug fixing or skill balancing in general. Every time we've been hit by a wall of the atypical fanboy-isms in the shape of "I r think that jo r a n00b, and don't knows!!"
Well, that does seem to have changed doesn't it? All the twats that accused all of the hacked of being idiots, are now, thanks to anets admission by denial, being made to look like exactly the fanboy asshats they truly are.
What you got to say now boys and girls? You still gonna follow the ncsoft line of "Nothings wrong, move along!" Or are you finally going to 'fess up, come clean, spill the beans, take the wet fish slap and tell the truth? Or is your stone wall of denial arrogance and sheer stupidity just too much of a comforter to let go of?
It's your call anet. Do you want to keep all of your customers, or do you just want the blinkered yes-man variety?
Several times, I and others, have voiced concern over aNet and ncSoft's management of security, and more than anything have voiced our belief that aNet has indeed created something far bigger than they either expected it to be, or possibly, they bit off more than they could chew in respect to being able to provide adequate support, bug fixing or skill balancing in general. Every time we've been hit by a wall of the atypical fanboy-isms in the shape of "I r think that jo r a n00b, and don't knows!!"
Well, that does seem to have changed doesn't it? All the twats that accused all of the hacked of being idiots, are now, thanks to anets admission by denial, being made to look like exactly the fanboy asshats they truly are.
What you got to say now boys and girls? You still gonna follow the ncsoft line of "Nothings wrong, move along!" Or are you finally going to 'fess up, come clean, spill the beans, take the wet fish slap and tell the truth? Or is your stone wall of denial arrogance and sheer stupidity just too much of a comforter to let go of?
It's your call anet. Do you want to keep all of your customers, or do you just want the blinkered yes-man variety?
Iuris
Quote:
| We've SEEN the problems with the NCSoft site. |
I haven't seen any, sir. Where could I see some? They sound scary.
Divine Ashes
I can't help but feel most everybody is hopping on the Anet hate bandwagon.
I personally appreciate the time it took to write that message, although I agree with most it did seem a little patronizing and condescending at points. As far as the NCSoft master account problem goes, I believe them when they say they couldn't recreate the problem. There is little to no reason for them to blatantly lie and say they could not recreate it. As a company, it would be disadvantageous to lie about such a thing when there was respect and understanding to be gained from the community by admitting the mistake. As the problem was stated in that note, though, it does seem as if it is simply being dismissed solely on the basis that they couldn't recreate it. It was not fair to toss aside the evidence gathered by those this has happened to, but to be fair, though, Anet did call for people who this did happen to to come forward and tell them exactly what happened. IMO, Anet did everything right as far as dealing with the problem, and the outrage right now seems to be stemming solely from unthoughtful wording.
I personally appreciate the time it took to write that message, although I agree with most it did seem a little patronizing and condescending at points. As far as the NCSoft master account problem goes, I believe them when they say they couldn't recreate the problem. There is little to no reason for them to blatantly lie and say they could not recreate it. As a company, it would be disadvantageous to lie about such a thing when there was respect and understanding to be gained from the community by admitting the mistake. As the problem was stated in that note, though, it does seem as if it is simply being dismissed solely on the basis that they couldn't recreate it. It was not fair to toss aside the evidence gathered by those this has happened to, but to be fair, though, Anet did call for people who this did happen to to come forward and tell them exactly what happened. IMO, Anet did everything right as far as dealing with the problem, and the outrage right now seems to be stemming solely from unthoughtful wording.
gone
Quote:
|
Originally Posted by Divine Ashes
I can't help but feel most everybody is hopping on the NCsoft hate bandwagon.
|
EPO Bot
All of you will buy GW2 anyway.