GSU Team's Message About Account Security
HawkofStorms
Agreeed with Kumu. Tobi, it is against the EULA to share account information with anyone. A.net doesn't want people giving each other accounts, but rather, want people to buy a new account from them. It doesn't matter if you stole it or if you shared it. They are both violations of the EULA. You admitting to a.net it was your friends account was admitting to them you broke the rules. Not knowing the rules or the law is never an excuse. That was a just perma-ban.
Martin Alvito
Quote:
|
Originally Posted by Chthon
I'm talking a libel case. Defamation. Totally separate case. Totally separate misdeed. The misdeed is that they've sullied my reputation (and yours and several other people's too for that matter) by publicly branding me a liar when I am not.
|
1) They didn't call you out by name
2) The accusation of libel hinges on the definition of "critical vulnerability", as the text is worded
I also think that you're going to have difficulty proving that the damage to your reputation was sufficiently harmful to merit standing. I know I'd rule it was a frivolous case and toss it, but I'm not an expert. A liberal jurisdiction might have a different take.
greenthumb
Quote:
|
Originally Posted by HawkofStorms
greenthumb and others seem to not be noticing the most obvious problem.
Hackers who broke into your NCMA could then auto change your passwords for GW and other games without even needing those passwords. There was no password verification for your old passwords. Once they got into the NCMA, you had access to all the games, regardless of how secure your passwords were. This was an OBVIOUS flaw which is real. Heck, I'm pretty sure that's still how the password reset function works. There are posts on the Aion forum about people who had inactive accounts (ie, were no longer paying the $15 a month and no longer playing the game) getting their NCMA's hacked into, getting their password reset, and then the hackers adding game time to their account to use them. OBVIOUSLY the NCMA had to have been hacked into, because that is the only way to add game time or change the password of an Aion account. This is such an obvious lie that it's just pathetic. |
I'm amazed that the below statement (from Aug 2009) is still on Gaile Gray's User Support page on Account Security on the GW wiki site. (How embarrassing.)
Quote:
| Many players feel that having an NCsoft Master Account adds another level of security to the game's security. |
Meridon
On the subject of Anet's subsidiary status to NCsoft, I have something to add. In the end, it all comes down to the type of business ArenaNET is in terms of legislation. In other words, if it's a Joint Stock Company, a Limited company, etcetera. It also depends on the jurisdiction Anet falls under, I suppose it's United States law.
While I'm no expert on US business laws, I take as reference the theory I had on Dutch company jurisdiction, in which case Anet is probably a JSC, with 51% or more of it's shares in the hands of NCSoft. If Anet would want to leave NCsoft, it would mean that they would first need to find another company willing to acquire Anet, such as EA, Microsoft, etc. This new company would then have to negotiate with NCsoft about the purchase of Anet. All in all, a very lengthy and complicated process, which is likely not going to happen anytime soon.
If I had more info on this I would make more effort for a larger analysis. It´s getting terribly late here though so I´m just calling it a night.
While I'm no expert on US business laws, I take as reference the theory I had on Dutch company jurisdiction, in which case Anet is probably a JSC, with 51% or more of it's shares in the hands of NCSoft. If Anet would want to leave NCsoft, it would mean that they would first need to find another company willing to acquire Anet, such as EA, Microsoft, etc. This new company would then have to negotiate with NCsoft about the purchase of Anet. All in all, a very lengthy and complicated process, which is likely not going to happen anytime soon.
If I had more info on this I would make more effort for a larger analysis. It´s getting terribly late here though so I´m just calling it a night.
Cacheelma
Quote:
|
Originally Posted by pumpkin pie
At lease answer people's email when they send in detail information through the official wiki email system.
|
Quote:
|
Originally Posted by Meridon
On the subject of Anet's subsidiary status to NCsoft, I have something to add. In the end, it all comes down to the type of business ArenaNET is in terms of legislation. In other words, if it's a Joint Stock Company, a Limited company, etcetera. It also depends on the jurisdiction Anet falls under, I suppose it's United States law.
While I'm no expert on US business laws, I take as reference the theory I had on Dutch company jurisdiction, in which case Anet is probably a JSC, with 51% or more of it's shares in the hands of NCSoft. If Anet would want to leave NCsoft, it would mean that they would first need to find another company willing to acquire Anet, such as EA, Microsoft, etc. This new company would then have to negotiate with NCsoft about the purchase of Anet. All in all, a very lengthy and complicated process, which is likely not going to happen anytime soon. If I had more info on this I would make more effort for a larger analysis. It´s getting terribly late here though so I´m just calling it a night. |
After all, let's face it. Anet has... what, a game with 3 milking expansions, restless customer base, unproductive-yet-supposed-to-be-revolutionizing business model. And to top that off, a semi-vaporware GW2? Hell, I don't even know if NCSoft actually owns the "Guild Wars" trademark or not.
A company would sell off its subsidiary or its share if the value is going downhill in accelerated speed. I think that's why we rarely see such buyout happens in this business. I mean, if your subsidiary is doing great and has bright future, why would you want to sell it off? And on a flip side, if a subsidiary or its share is doing badly, who in their right mind would want to buy it??
Chthon
Martin, I think we're drifting off-topic here. I'm going to make this my last defamation post. (Presuming no further extreme stupidity from NCSoft...)
a. You can defame several people at once just as easily as an individual. The individual need only show that they were one of the people referred to in the defamatory statement.
b. I've seen an additional piece of evidence indicating that the "list
comment was a reference to me in particular that you haven't seen, and that I don't feel it would be appropriate to share at this time.
The test is what a reasonable person would think their statement to mean, not whatever weasel-meaning they meant it to have. "Accidentally logging people into the wrong account isn't 'critical'" doesn't fly. No reasonable person could think the vulnerabilities reported here aren't "critical." The only reasonable interpretation of their statement is that they claim we weren't telling the truth.
Because of the natural of reputational harm, you may bring a defamation suit in the US seeking a nominal $1 plus getting your name cleared in court. I'm not sure if that's a wise way to spend judicial resources, but that's how it works. I believe it's something we inherited from those silly British people.
Quote:
|
Originally Posted by Martin Alvito
I think they've got two holes to swim through here.
1) They didn't call you out by name |
b. I've seen an additional piece of evidence indicating that the "list
comment was a reference to me in particular that you haven't seen, and that I don't feel it would be appropriate to share at this time.
Quote:
| 2) The accusation of libel hinges on the definition of "critical vulnerability", as the text is worded |
Quote:
| I also think that you're going to have difficulty proving that the damage to your reputation was sufficiently harmful to merit standing. |
Martin Alvito
Quote:
|
Originally Posted by Chthon
b. I've seen an additional piece of evidence indicating that the "list comment was a reference to me in particular that you haven't seen, and that I don't feel it would be appropriate to share at this time.
|
Quote:
|
Originally Posted by Chthon
The test is what a reasonable person would think their statement to mean, not whatever weasel-meaning they meant it to have.
|
Quote:
|
Originally Posted by Chthon
Because of the natural of reputational harm, you may bring a defamation suit in the US seeking a nominal $1 plus getting your name cleared in court.
|
And with that, let's drop it.
pumpkin pie
Quote:
|
Originally Posted by Cacheelma
Unless your email starts with something minipets or masks-related, she won't bother.
|
Luckily I have copy of all my emails.
The most rofl things that follow the whole thing was, they send me a survey asking for me to rate their performance.
*or what didn't happen. basically haven't done anything listed in the guideline recently provided by Ms Regina link in this OP. except linking my account to NCSoft master account.
-----------x--------------x-----------x------
Just curious, you seems to think its okay for customer support to ignore its customers.
Why would a customer be ignored by customer support if they are asking for their game to be restored? give one good reason.
Cacheelma
Quote:
|
Originally Posted by pumpkin pie
Its an account of what happens* between signing up for the free storage pane leading to the hacked incident. No mention what so ever of anything about game stuffs restored.
Luckily I have copy of all my emails. The most rofl things that follow the whole thing was, they send me a survey asking for me to rate their performance. *or what didn't happen. basically haven't done anything listed in the guideline recently provided by Ms Regina link in this OP. except linking my account to NCSoft master account. -----------x--------------x-----------x------ Just curious, you seems to think its okay for customer support to ignore its customers. Why would a customer be ignored by customer support if they are asking for their game to be restored? give one good reason. |
Can't you see I was joking? Well, not exactly joking. But I'm not saying it's ok. I just say she sucks and you should've known by now that that's how she is. So unless she gets replaced, nothing good would come out of it.
C4RB1N3
I wonder how many times they will have to tell players these things, really they should already know this from basic internet common sense, and GM Luminary in an Aion GM, so all these benefits such as less bots, less RMT etc etc, pertain to Aion..this thread is somewhat useless to the Guild Wars community, unless people realy need to read all these safety tips for the 100th time.
tasha
Quote:
|
Originally Posted by sirmordicia
I wonder how many times they will have to tell players these things, really they should already know this from basic internet common sense, and GM Luminary in an Aion GM, so all these benefits such as less bots, less RMT etc etc, pertain to Aion..this thread is somewhat useless to the Guild Wars community, unless people realy need to read all these safety tips for the 100th time.
|
Especially on large forums its easy for seemingly obvious messages to get lost or be unfound - if I didn't visit Riverside and only used Guru for trading (as an example) I may never see this thread. It may be that this is the first time that some people have seen the message that NCSoft keep repeating. At that point this message becomes worthwhile as it may have stopped a few people from having their account accessed.
Guess my point is that just because its a tired message for most doesn't mean it is for all.
Meridon
Quote:
|
Originally Posted by Cacheelma
I mean, if your subsidiary is doing great and has bright future, why would you want to sell it off? And on a flip side, if a subsidiary or its share is doing badly, who in their right mind would want to buy it??
|
The price of the shares would first of all be based on market prices. Even though 51% would be in the hands of NCsoft and not out there being traded, it would be likely that a smaller amount of Anet's shares is in fact being sold somewhere on the stock exchange. This would be the starting point for the take-over price.
The determining factors are as you mentioned. If a Anet has a bright future, the buying company would have to pay more than the current market price. As long as the offer is reasonable enough, NCsoft could consider selling off Anet. On the flip side, if Anet has a dark future, and NCsoft is looking for a buyer to get rid of it, they would be forced to set their selling price per share much lower. This is all part of the negotiations.
On the other hand, another company could just as well take over NCsoft, and with it Anet.
Another Felldspar
Quote:
|
Originally Posted by Cacheelma
Unless your email starts with something minipets or masks-related, she won't bother.
|
I'm sorry, I don't usually respond to trolls but someone needs to stand up and call bullshit bullshit. And this is bullshit.
Gun Pierson
Quote:
|
Originally Posted by Scott Jennings
Now if you'll excuse me, I have another gold farmer cartel to ban.
|
You might want to use this as your war song:
http://www.youtube.com/watch?v=0dkkf...eature=related
Kattar
Quote:
| I'm sorry, I don't usually respond to trolls but someone needs to stand up and call bullshit bullshit. And this is bullshit. |
Regulus X
Quote:
|
Originally Posted by Katsumi
He's not being literal. He's pointing out the general attitude that seems to be apparent with most of the responses from ANet/NCsoft.
|
F2P + Nerfs - Anet(Care) = GW1
and
F2P + Guru(slanderous_posts) = Anet(Care)
HawkofStorms
So therefore with the substantive property,
F2P + Nerfs - F2P - Guru = GW1
Nerfs - Guru = GW1
F2P + Nerfs - F2P - Guru = GW1
Nerfs - Guru = GW1
JR
Quote:
|
Originally Posted by HawkofStorms
Hmm... now that I've actually had a chance to read into this... what a load of crap. Next time, run stuff past legal first before posting it. Flat out lying and saying there are no security vulnerabilities when there are is just asking for a class action against you.
|
Deny everything, commit to nothing.
mrmango
I liked the diction, but that was pretty fail overall if they meant to get out some new information.
TheRemedy
I read this post, it was a bigger waste of time than the game itself.
Summary: As most online games, Anet is concerned of other people making money through their games. The article states that RMT is a 2 billion dollar industry, they are mad that they cannot find a way to tap into this business model without ruining the game. Scare tactics are applied while the article gives the perception that there are more people working on getting gold buyers, and botters banned than there are working on game improvements. Typical game developer BS crying, and the rest of the article just states common sense.
Maybe I'm getting too old for games where dev teams cater to a 13yr old population, or maybe I'm just hating big businesses more since the recent US supreme court ruling has sided with their interests.
If ebay would let you sell virtual items still none of this crap would be happening.
Summary: As most online games, Anet is concerned of other people making money through their games. The article states that RMT is a 2 billion dollar industry, they are mad that they cannot find a way to tap into this business model without ruining the game. Scare tactics are applied while the article gives the perception that there are more people working on getting gold buyers, and botters banned than there are working on game improvements. Typical game developer BS crying, and the rest of the article just states common sense.
Maybe I'm getting too old for games where dev teams cater to a 13yr old population, or maybe I'm just hating big businesses more since the recent US supreme court ruling has sided with their interests.
If ebay would let you sell virtual items still none of this crap would be happening.
End
Anyone see that this is now on the in-game announcement section?
...
And i thought they were just trying to piss off the guru people...seems like they want everyone mad...
...
And i thought they were just trying to piss off the guru people...seems like they want everyone mad...
Nerel
Quote:
| Despite the fact that this report occurred over the holidays, when the majority of NCsoft employees were home with their families, our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. As a result of the point-by-point testing and analysis, our security team concluded no critical vulnerabilities had been demonstrated or identified, but our security team continues to research, to monitor closely, and to implement security improvements to address any potential weaknesses raised. |
Apparently the security team only tests the 'the erroneous' security concerns of the community, presumably ignoring all the valid security concerns that have been raised.
TheRemedy
I have a suggestion: Take the couple people who are the soldiers in this "war" and let them do something else, because honestly it appears they are losing. Take the billable hours you would have paid them, and use that money to invest in hardware upgrades for the few remaining guildwars players. The "war" against lag is a much more serious issue in my opinion.
Lord Dagon
hmm so let me get this straight on my earlier post. Based on what others have said, im not mad at you, but i will be not "skipping in a rainbow of preety flowers.", im gonna proved and example. Ok billie and peggie live in the same house, w/ a computer w/ GW installed on it. They only have 1 account which they both share. Lets say Anet reads a comment log of theirs saying that they are getting off and their brother is getting on. Based on what has been earlier described they could get a perma-ban. They are two different people that Are accessing 1 account. So by defintion anet could lay down the ban-hammer(halo players know that term only too well ;p) and perma-ban the account? Now, they probably wouldnt because,yet anyway, anet isnt a team of robots(or they are automated response anyone?, and they do have a morale concious. so is this scenario likely? possibly due to EULA. Is it probable? no. But, the moment 1 person buys an account for themselves then gets their friend to help them w/ it's RED ENGINE GOING GORED ENGINE RED ENGINE GORED. Wahts the difference? 1 thing is w/ a brother and sister, the other is between 2 good friends that have been playing for forever.
Shakti
Quote:
|
Originally Posted by Tobi Madera
hmm so let me get this straight on my earlier post. Based on what others have said, im not mad at you, but i will be not "skipping in a rainbow of preety flowers.", im gonna proved and example. Ok billie and peggie live in the same house, w/ a computer w/ GW installed on it. They only have 1 account which they both share. Lets say Anet reads a comment log of theirs saying that they are getting off and their brother is getting on. Based on what has been earlier described they could get a perma-ban. They are two different people that Are accessing 1 account. So by defintion anet could lay down the ban-hammer(halo players know that term only too well ;p) and perma-ban the account? Now, they probably wouldnt because,yet anyway, anet isnt a team of robots(or they are automated response anyone?, and they do have a morale concious. so is this scenario likely? possibly due to EULA. Is it probable? no. But, the moment 1 person buys an account for themselves then gets their friend to help them w/ it's RED ENGINE GOING GORED ENGINE RED ENGINE GORED. Wahts the difference? 1 thing is w/ a brother and sister, the other is between 2 good friends that have been playing for forever.
|
They ban for account sharing regardless of relationship. Not sure I understand your argument.
EDIT TO ADD:
I went back and read your earlier post. Your friend's account was fairly banned. Account sharing is illegal, doesn't matter who you are in relation to the account owner. Stating in open chat you were on another person's account wasn't smart. Contacting support basically saying "We weren't selling/hacking accounts, just violating EULA" didn't help.
cosyfiep
one person per account....I am not supposed to play on my husbands account nor is he allowed to play on mine. It in the EULA.
You and your little brother should have your own accounts, you and your friend should have your own accounts.....if you have problems there is only ONE owner, not two, 10, 20...only one.
So yeah there is a problem there, you can not play on someone elses account.
Has it been done, well yeah....have you ever gone over the speed limit? The rules are there for reasons.
You and your little brother should have your own accounts, you and your friend should have your own accounts.....if you have problems there is only ONE owner, not two, 10, 20...only one.
So yeah there is a problem there, you can not play on someone elses account.
Has it been done, well yeah....have you ever gone over the speed limit? The rules are there for reasons.
pumpkin pie
I don't see them say no! we don't want your money when my sister is buying stuffs for me using the online store thru my account
Lord Dagon
ok i get it. I'm not happy about it but i get it. oh admn to note: im an only child, i just used that example based on a "typical" family relationship(i.e 2 siblings getting on a comp togehter to go kill stuff and curse in AC lol)
Do i think the EULA is right? no. Will i do anything about it? no. Am i mad my friends account(in my eyes) got un-fairly perma banned? yes. But there is nothing i can do. Its in the Eula u are forced to essentially sign to play the game. Will i be buying less account in the future due to this? oh heck yea.
oh and on a side note: i heard ppl earlier in this thread are trying to get a GW2 dont sign list. If that comes available ill sign it. NCSoft with this message and their trigger happy ban-hammering have made me see they just arent a great company.
i lol'd at this. If i had a sibling and they bought that stuff i would hit them w/ the NCSoft stick while on the NCSoft tree(hit in the face w/ stupidity and hit all the way down w/ the ugly branch/idiocracy)
edit: i didnt say in "open chat i had someone else's account". When i got unfairly perma-banned for trying to hack? (was offering help to ppl in proph and noobs got mad for some reason), and when i was exspalaigning to NCSoft to get the account back did i say it wasnt my account. I never said to the noobs in LA" hey look this isnt my account that i;m helpign my friend w/" just to set the record stright ;p
Do i think the EULA is right? no. Will i do anything about it? no. Am i mad my friends account(in my eyes) got un-fairly perma banned? yes. But there is nothing i can do. Its in the Eula u are forced to essentially sign to play the game. Will i be buying less account in the future due to this? oh heck yea.
oh and on a side note: i heard ppl earlier in this thread are trying to get a GW2 dont sign list. If that comes available ill sign it. NCSoft with this message and their trigger happy ban-hammering have made me see they just arent a great company.
Quote:
|
Originally Posted by pumpkin pie
I don't see them say no! we don't want your money when my sister is buying stuffs for me using the online store thru my account
|
edit: i didnt say in "open chat i had someone else's account". When i got unfairly perma-banned for trying to hack? (was offering help to ppl in proph and noobs got mad for some reason), and when i was exspalaigning to NCSoft to get the account back did i say it wasnt my account. I never said to the noobs in LA" hey look this isnt my account that i;m helpign my friend w/" just to set the record stright ;p
Shakti
Quote:
|
Originally Posted by Tobi Madera
edit: i didnt say in "open chat i had someone else's account". When i got unfairly perma-banned for trying to hack? (was offering help to ppl in proph and noobs got mad for some reason), and when i was exspalaigning to NCSoft to get the account back did i say it wasnt my account. I never said to the noobs in LA" hey look this isnt my account that i;m helpign my friend w/" just to set the record stright ;p
|
OK i apologize. You said in the earlier post multiple ppl PMed you calling you an account stealing @#$! so I assumed they had reason to know it wasn't your account as it's kinda random otherwise....and coincidental, as it in fact wasn't your account.
Lord Dagon
no they didnt know. Im guessing they got hacked or knew a guy that got hacked by getting help. i'm ASSuming about that but it would exsplain there behavior. But no, i never reply to those, i always get a few of them in pre b/c(despite what you would think) alot of them are noobs. So hey, people are gonna be ppl. Am i mad that my friend got screwed out of $60? yea. Did i pay him for that? yes. Are we ever gonna do it again. probably but more hush hush and through emailing or vent ;p
Regina Buenaobra
I know some of you may not feel as if you've been listened to, or that we're taking your feedback seriously, but I want to assure you that we are listening, we are monitoring your comments here, and we are taking your feedback to heart. I've been working closely with the NCsoft security team on these issues, and escalating your concerns to them, as well as to top executives. Our security team has reviewed feedback and perceived vulnerabilities of the NCsoft website and account processes that were relayed to them from forum threads, PMs, emails, IMs, wiki posts, etc.--escalated by me and other ArenaNet staff members. While we're aware that Scott's post did not go over well with you all, because you feel as if we're brushing things under the rug; I just want to assure you that we’re not. Again, your concerns and feedback are important to us, and this is why the security team is deeply involved in research and monitoring to keep your accounts safe, and to proactively work to address potential weaknesses. I have been advocating for more information and details to be shared with you all. Please keep in mind that a certain amount of oversight is in place before security-specific information can be released to the public. So, while we can't share all the information you want from us, or go into great detail about internal processes, please be assured concrete steps are being taken to refine security measures. There will be change, and it’s through your help and influence that this change is happening. Thank you all for continuing to bring these issues to our awareness. And to those who contacted me privately to provide more information, I also thank you for taking that step.
Tom Swift
Quote:
|
Originally Posted by Regina Buenaobra
While we're aware that Scott's post did not go over well with you all, because you feel as if we're brushing things under the rug;
|
For example, a thread on a third-party Guild Wars forum this New Year's attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that "the only responsible thing NCsoft can do is to shut off their website, as soon as possible."...... our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised.
There was no real reason for the words I bolded except to insult the community. All three of them are negative and contain the pre-judgment that the person raising the concern was just blowing smoke - leaving us with the impression that ANet didn't even bother checking before making a decision about the existence of the security problem and was only going through the motions to obtain a pre-determined "all's fine with the world" result.
The only one of the three words that served a purpose other than to castigate the community for concern was the word "supposedly." And this could easily have been replaced with "were believed to have been" or some other less negative phrasing.
The way Scot phrased his told us that not only did the security team not find any security problems but that he wished to attack back at the community for causing him extra work - hence the very logical conclusion that he was brushing it all under the rug.
Regardless, his attitude is such that I certainly will not buy anything from a company that allows an employee with such disdain for his customers to post official statements.
It shows not only his arrogance but the unforgivable stupidity of the company which employs him.
Oh, and Kudos to the Guru team – now that is how you are supposed to handle a security problem!
End
Quote:
|
Originally Posted by Tom Swift
Oh, and Kudos to the Guru team – now that is how you are supposed to handle a security problem!
|
On this note I vote the guru admins take over ncsoft....
Quote:
| It shows not only his arrogance but the unforgivable stupidity of the company which employs him. |
HawkofStorms
Quote:
|
Originally Posted by End
Scott didn't actually write it |
And even if he didn't... somebody at the company did. It's not like a "statement fairy" wrote it. Thus, the company is responsible for this.
And, as a lawyer, I'm insulted by the fact that the statement either a) wasn't cleared with legal b) it was and the lawyer's advice was ignored or c) NCSoft's legal department didn't even realize the libelous nature of the statement.
karlik
Quote:
|
Originally Posted by Tom Swift
The way Scot phrased his told us that not only did the security team not find any security problems but that he wished to attack back at the community for causing him extra work - hence the very logical conclusion that he was brushing it all under the rug. Regardless, his attitude is such that I certainly will not buy anything from a company that allows an employee with such disdain for his customers to post official statements. It shows not only his arrogance but the unforgivable stupidity of the company which employs him. |
Quote:
|
Originally Posted by End
Scott didn't actually write it
|
Tom Swift
Quote:
|
Originally Posted by End
Scott didn't actually write it |
Quote:
|
Originally Posted by HawkofStorms
And even if he didn't... somebody at the company did. It's not like a "statement fairy" wrote it. Thus, the company is responsible for this.
|
Shakti
Quote:
|
Originally Posted by Tom Swift
lol - turns out this supposed letter was only an alarmist rumor and thorough testing shows that no one actually wrote this non-existent document. It was merely an accidental random arrangement of ones and zeroes which were interpreted by the readers as a message from NCsoft. Now, if you will excuse the NCsoft team, we heard some rumors of inappropriate character rnames and have to brush off the ban hammer to deal with these serious breaches of the EULA.
|
/win, you made me LOL
Regina, while we appreciate your effort to defend NCsoft's statement, and your assertion that it is all being taken seriously, I'm not sure a statement from you can undo the damage here. Both my husband and myself, our RL friends who play GW and many, many players here on Guru have been amazed first by the security issues, and now downright offended by the demeaning and belittling "official statement" they released. There is no way my husband or I will be spending any further money on a company who goes out of it's way to not only blow off legitimate security concerns of it's customers, but then deliberately insult them.
Chthon
Quote:
|
Originally Posted by Tom Swift
It was not just because it made it sound like NCsoft was brushing things under the rug. It did not go over well because of the arogant attitude with which he wrote it. From Scot's letter, for example:
For example, a thread on a third-party Guild Wars forum this New Year's attracted a good deal of attention. It detailed a list of security vulnerabilities that supposedly had been discovered on our account website, ending with the alarmist note that "the only responsible thing NCsoft can do is to shut off their website, as soon as possible."...... our security team responded immediately with a point-by-point testing and analysis of the erroneous concerns that were raised. There was no real reason for the words I bolded except to insult the community. All three of them are negative and contain the pre-judgment that the person raising the concern was just blowing smoke - leaving us with the impression that ANet didn't even bother checking before making a decision about the existence of the security problem and was only going through the motions to obtain a pre-determined "all's fine with the world" result. The only one of the three words that served a purpose other than to castigate the community for concern was the word "supposedly." And this could easily have been replaced with "were believed to have been" or some other less negative phrasing. The way Scot phrased his told us that not only did the security team not find any security problems but that he wished to attack back at the community for causing him extra work - hence the very logical conclusion that he was brushing it all under the rug. Regardless, his attitude is such that I certainly will not buy anything from a company that allows an employee with such disdain for his customers to post official statements. It shows not only his arrogance but the unforgivable stupidity of the company which employs him. Oh, and Kudos to the Guru team – now that is how you are supposed to handle a security problem! |
The clear implication of the highlighted words is that those people who went out of their way to help NCSoft by finding and compiling the security problems with their website must be liars or fools or both. That's simply not true. The problems exist. Many of us have seen them with our own eyes. To deny the self-evident truth insults our intelligence. To call us liars insults our honor. And you wonder why "Scott's post did not go over well with [us]"?
I realize that Scott did not write that letter, or at least not in its entirety. The contents of Flubber's link on page 4 make that pretty clear. Still, someone at NCSoft was responsible for it, and that someone seems to be remarkably talented at pissing off NCSoft's s (soon-to-be-former-)customers.
Quote:
|
Originally Posted by HawkofStorms
And, as a lawyer, I'm insulted by the fact that the statement either a) wasn't cleared with legal b) it was and the lawyer's advice was ignored or c) NCSoft's legal department didn't even realize the libelous nature of the statement.
|
End
Quote:
|
Originally Posted by karlik
How do you figure? The first five words are "Greetings, all. I'm Scott Jennings".
|
Try and keep up please...
Alesa
Quote:
|
Originally Posted by Regina Buenaobra
I know some of you may not feel as if you've been listened to, or that we're taking your feedback seriously, but I want to assure you that we are listening, we are monitoring your comments here, and we are taking your feedback to heart. I've been working closely with the NCsoft security team on these issues, and escalating your concerns to them, as well as to top executives. Our security team has reviewed feedback and perceived vulnerabilities of the NCsoft website and account processes that were relayed to them from forum threads, PMs, emails, IMs, wiki posts, etc.--escalated by me and other ArenaNet staff members. While we're aware that Scott's post did not go over well with you all, because you feel as if we're brushing things under the rug; I just want to assure you that we’re not. Again, your concerns and feedback are important to us, and this is why the security team is deeply involved in research and monitoring to keep your accounts safe, and to proactively work to address potential weaknesses. I have been advocating for more information and details to be shared with you all. Please keep in mind that a certain amount of oversight is in place before security-specific information can be released to the public. So, while we can't share all the information you want from us, or go into great detail about internal processes, please be assured concrete steps are being taken to refine security measures. There will be change, and it’s through your help and influence that this change is happening. Thank you all for continuing to bring these issues to our awareness. And to those who contacted me privately to provide more information, I also thank you for taking that step.
|