Guild Wars Guru Security Notice
Arkantos
Gun Pierson
Thanks for the heads up and keep up the good work!
al_capowned
Quote:
Originally Posted by Tobi Madera
great job guys top notch job. NCSoft could learn a thing or two from you. 
what is so "top notch"? Being more than a week behind security updates? Using outdated software? Having a relaxed attitude towards user security? or utilizing a piece of web software that is notorious for security holes?
what is so "top notch"? Being more than a week behind security updates? Using outdated software? Having a relaxed attitude towards user security? or utilizing a piece of web software that is notorious for security holes?
Inde
No one is happy about this, and I wouldn't expect them to be. I apologize we were a week behind on a security update for a piece of software. Nowhere have we had a "relaxed" attitude towards our user's security. As for a web software "notorious for security holes" that's highly debatable. I'm sure I could link you to many top name sites who use that software if that is what you would like. You seem to be intentionally trying to get a rise out of either us or the players, I appreciate and will continue to respond to legitimate questions or concerns. But you don't seem to have asked anything in your previous post that you care to hear a response to. If that's not the case please let me know and I'll be happy to answer.
Inde
Yep, and I can appreciate that attitude actually al_capowned. I'll tell you that I also had a few choice words when I found out. Informing my other admins they also said similar about the "f-up". (Except it was more detailed, with more curse words and name dropping.) Your response is honest and I can only tell you it fell through the cracks as we had dropped the project a month back so weren't actively watching for the update.
Loralai_gw
Well being that i used a unique email and password for this site, I'm not worried. Gotta say you guys worked fast, informed us in a timely manner, have answered our questions and been really honest about it all. So for that I thank you. Seems like more than what a lot of sites would do, not even referring to anything guild wars related there.
This sites been open for a long time and with everything happening in WoW and Aion lately, and still happening it seems, nice to know that maybe someone at least knows or will fess up to what's going on. Pretty sure if we're all flooded with spam mail soon at least we'll now have some knowledge. Right now it just seems like everyone's fishing around for answers.
Maybe that's why some people are so grateful, referring to al_capowned there, because at least we know. No speculation, no assumptions.
I still don't think this could hack any guild wars account considering our character names weren't in there. I'll be watching my email though, let you know if something pops up since I don't use it for anything but this site.
This sites been open for a long time and with everything happening in WoW and Aion lately, and still happening it seems, nice to know that maybe someone at least knows or will fess up to what's going on. Pretty sure if we're all flooded with spam mail soon at least we'll now have some knowledge. Right now it just seems like everyone's fishing around for answers.
Maybe that's why some people are so grateful, referring to al_capowned there, because at least we know. No speculation, no assumptions.
I still don't think this could hack any guild wars account considering our character names weren't in there. I'll be watching my email though, let you know if something pops up since I don't use it for anything but this site.
Sir Skullcrasher
I would imagine no amount of security features will deter the hackers. (in no way am I saying we shouldn't have any) I mean if they REALLY want the information, they might as well take their sweet time to hack away until they got it. Either way, I know all security features can and WILL be compromised at any given time. Still, it's kind of weird how the hackers came here for emails instead of other big sites!
drunk n angry
thank you for the transparency involved in the hack. as a community member it is VERY appreciated. so ty.
cosyfiep
yes thanks for the information!
(and people laugh at my tinfoil hat, HA!)
(and people laugh at my tinfoil hat, HA!)
PuppyEater
Exactly how much did they get? The whole package or just a few emails?
Artemis Alexandrae
Thanks for the heads up.
JR
wilson
Thanks for the warning! I changed my info on all the guru related sites.
Faer
Quote:
Originally Posted by Sir Skullcrasher
Still, it's kind of weird how the hackers came here for emails instead of other big sites!
I can't name any forums bigger than Guru and Guru 2 for their respective games. When your goal is to gather bulk information (in this case, email addresses), it's only logical to hit up the biggest source of it.
pumpkin pie
I am inclined to ask, change passwords and email address (actually open yet another new email account just for guru, hehehehe) that is all I could do, right?
Thanks JR!
Thanks JR!
JR
Tullzinski
ROFL @ hackers, good luck with my email and password from this site and
GWG2 site. One thing about being in the military is that you constantly move. The email address associated with this site was from being stationed in Hawaii and the GWG2 site has an email I created specifically for that site only.
I will keep an eye on it to see if any spam happens.
Thanks for the heads up!
GWG2 site. One thing about being in the military is that you constantly move. The email address associated with this site was from being stationed in Hawaii and the GWG2 site has an email I created specifically for that site only.
I will keep an eye on it to see if any spam happens.
Thanks for the heads up!
Another Felldspar
I can't tell you how much I appreciate you letting us know. It has increased my respect for Guru.
Jk)Phoenix
changed all passwords,
thx a lot for letting us know it, great community!
thx a lot for letting us know it, great community!
Painbringer
Bad thing is many have listed our character names so one less security block for them to worry about
As said before Crap happens
As said before Crap happens
milan
Thanks for letting us know. Good job on the communication, much appreciated.
Lycan Nibbler
Inde, JR and team.. luv you guys <3
If only NCSoft would look and learn from your actions rather than more likely look and go "see"....
If only NCSoft would look and learn from your actions rather than more likely look and go "see"....
JR
Quote:
Originally Posted by Painbringer
Bad thing is many have listed our character names so one less security block for them to worry about
As said before Crap happens Character names were wiped from the forum two months or so ago, when the change to remove them was first implemented.
If you are concerned about posts you made containing your character names, that can be resolved too. Simply do a search on the forum for your character name, and edit the posts that come up.
[EDIT: If you can't edit your post because the thread is closed (and only if the thread is closed) PM me with direct links to the posts and I will remove them.]
As said before Crap happens Character names were wiped from the forum two months or so ago, when the change to remove them was first implemented.
If you are concerned about posts you made containing your character names, that can be resolved too. Simply do a search on the forum for your character name, and edit the posts that come up.
[EDIT: If you can't edit your post because the thread is closed (and only if the thread is closed) PM me with direct links to the posts and I will remove them.]
Earth
If you are really worried about your character names but you can no longer edit a post because the thread is closed, send a PM to JR with direct links to the posts concerned. Only do this if the thread is closed.
nologic
glad i changed my mail to a fake none that forwards my mail adress to the real one.. Same goes on another forum.
But I do think its good to keep the website up and running with newest builds released for the forums and wordpress in the future also inform wordpress about it so they wont make the same mistake in the future.
But I do think its good to keep the website up and running with newest builds released for the forums and wordpress in the future also inform wordpress about it so they wont make the same mistake in the future.
lilDeath
I applaud Guru for their open communications, working in the Internet business for 10 years now - I know it is not easy to be so brutally honest, with the potential of being ripped apart by your clients.
Luckily, I have practiced good security and none of passwords are the same, and I also deleted my char names on forums / posts / screens ever since the security breaches became known.
I will go ahead and change the passwords on Guru / Guru2 anyway - I am not worried about the e-mail address, since if it was used in a Spam attack there are ways to take this further and find out the source.
Also, people should not be fooled about 'just getting e-mail addresses' - SPAM is big business, for every 1 million (very small number) SPAM mails sent, even a 0.5-1% uptake is significant, especially if it is a phishing attempt, that is 5000-10000 people more that have been affected and potentially spreading the attack even wider themselves - yes, it is the ripple-effect.
I won't be as harsh as a previous poster about being late with security patches, it can easily get out of control... I know how things can happen and projects get stopped for whatever reason, and again shit does happen... that is true.
I myself (and my team ofc) am responsible for 250+ servers, which is our own and also our clients, and I am personally very diligent to view any security releases and I must assess what needs to be done and IF it needs to be done.
Luckily, we work on a steady release-cycle, and we patch our systems within 12-24 hours of release and the out-of-band (0-day) stuff is done ASAP.
So, I can certainly appreciate what it takes to keep your systems up to date and somehow... I am sure the Guru folks won't be waiting that long again and that they would have put 'something' in place to prevent this from reoccuring.
Thanks again, Guru guys and gals!
Luckily, I have practiced good security and none of passwords are the same, and I also deleted my char names on forums / posts / screens ever since the security breaches became known.
I will go ahead and change the passwords on Guru / Guru2 anyway - I am not worried about the e-mail address, since if it was used in a Spam attack there are ways to take this further and find out the source.
Also, people should not be fooled about 'just getting e-mail addresses' - SPAM is big business, for every 1 million (very small number) SPAM mails sent, even a 0.5-1% uptake is significant, especially if it is a phishing attempt, that is 5000-10000 people more that have been affected and potentially spreading the attack even wider themselves - yes, it is the ripple-effect.
I won't be as harsh as a previous poster about being late with security patches, it can easily get out of control... I know how things can happen and projects get stopped for whatever reason, and again shit does happen... that is true.
I myself (and my team ofc) am responsible for 250+ servers, which is our own and also our clients, and I am personally very diligent to view any security releases and I must assess what needs to be done and IF it needs to be done.
Luckily, we work on a steady release-cycle, and we patch our systems within 12-24 hours of release and the out-of-band (0-day) stuff is done ASAP.
So, I can certainly appreciate what it takes to keep your systems up to date and somehow... I am sure the Guru folks won't be waiting that long again and that they would have put 'something' in place to prevent this from reoccuring.
Thanks again, Guru guys and gals!
Gigashadow
FYI AionSource also had a trojan on it (confirmed by AionSource webmaster in the thread below) that nailed some people. Looks like fansites are under heavy attack these days.
http://www.aionsource.com/forum/aion...appen-you.html
http://www.aionsource.com/forum/aion...appen-you.html
4thVariety
Wartower got hacked as well, so it appears that somebody is trying all angles right now.
Tullzinski
Not suprising to see the increase in hacking attempts referenced above. Looks like the recent security improvements to NCsoft Master Hub and GW had an impact.
Inde
Can anyone get me the german translation of wartower's message please?
http://www.wartower.de/news/
And yes, I can google translate too We are debating a line in the google translation though. Thanks!
http://www.wartower.de/news/
And yes, I can google translate too
We are debating a line in the google translation though. Thanks!
Painbringer
Just an FYI I got spooked after reading this and went on GW to change my password and I kept getting a code 11 error. It never said I changed anything, but now I can not log in at all. One of the passwords I tired worked for last night but today I am locked out. Not sure if many other people have had the same issue but Now I have no GW at all
Inde
Painbringer, you'll want to contact Support definitely, but I don't know if this is exactly related to the Guru issues. In your previous post you said you logged into Guild Wars and then couldn't change your password from that point. To log into Guild Wars you need your IGN (which is not stored on Guru). Then you stated that your Guild Wars had stopped responding and needed to force to close it. After that you stated "I can not sign into GW with old password but the intial one I tried that code 11 on me works".
This could be a technical issue or a simple case of mistyping since I haven't seen anyone have the exact problem you've described. But please let us know what support tells you and if you can get that resolved.
This could be a technical issue or a simple case of mistyping since I haven't seen anyone have the exact problem you've described. But please let us know what support tells you and if you can get that resolved.
glacialphoenix
Quote:
Originally Posted by Painbringer
One of the passwords I tired worked for last night but today I am locked out
Have you tried logging in using the new password?
Painbringer
This is exactly what happened
I logged in to my GW account and got to character selection screen then I went to change password option. The screen came up (enter old password enter new password re enter new password). I did this and added a new password nothing happened and I got a-code 11 error. I backed out and re tried the new password again nothing happened-code 11. I then thought maybe I need to add some numbers so I tried a new password with numbers added and nothing happened again – code 11. I tired it a couple more times and I got fed up. I selected the Ncsoft link address on the code 11 message and went to there site. Could not log on (not totally sure what to log on with since I do not remember ever going here with my account.) After a couple attempts I gave up. Went back to the GW window it was locked on me. Closed it with task manager and reopened it tried to log on and my old password did not work. I then tried the first new password I tried that code 11 on me and it worked. I played last night then shut it down. I had a bad feeling something was screwy so I tried to log on again this morning and none of the passwords I used work. Old / new / new with numbers… nothing works.
Keep in mind I am only 5 % worried about a hacker getting me. I really think it was a mess up on GW site maybe too many people trying at once to change passwords. Remember the issues with the free storage pane-too much flow at once.
I sent a ticket this morning and will let you know, but I bet I miss the Redo winterfest
I should have sticked to my "If it aint broke Don’t Touch IT" motto when it comes to electronical things
I logged in to my GW account and got to character selection screen then I went to change password option. The screen came up (enter old password enter new password re enter new password). I did this and added a new password nothing happened and I got a-code 11 error. I backed out and re tried the new password again nothing happened-code 11. I then thought maybe I need to add some numbers so I tried a new password with numbers added and nothing happened again – code 11. I tired it a couple more times and I got fed up. I selected the Ncsoft link address on the code 11 message and went to there site. Could not log on (not totally sure what to log on with since I do not remember ever going here with my account.) After a couple attempts I gave up. Went back to the GW window it was locked on me. Closed it with task manager and reopened it tried to log on and my old password did not work. I then tried the first new password I tried that code 11 on me and it worked. I played last night then shut it down. I had a bad feeling something was screwy so I tried to log on again this morning and none of the passwords I used work. Old / new / new with numbers… nothing works.
Keep in mind I am only 5 % worried about a hacker getting me. I really think it was a mess up on GW site maybe too many people trying at once to change passwords. Remember the issues with the free storage pane-too much flow at once.
I sent a ticket this morning and will let you know, but I bet I miss the Redo winterfest
I should have sticked to my "If it aint broke Don’t Touch IT" motto when it comes to electronical things
Earth
Quote:
Originally Posted by Inde
http://www.wartower.de/news/
And yes, I can google translate too
We are debating a line in the google translation though. Thanks!Currently a lot of game fansites are under attack from outside parties. After Guru was attacked, Wartower was also targeted.
We have closed the security hole. The attackers have managed to steal encrypted passwords of Wartower-Forum accounts. We suggest that you change your forum passwords immediately. It may be possible for the attackers to log on to your forum account under certain circumstances and abuse it. This also includes accounts on other websites, if you use the same account name and password on multiple sites.
Last part is just an explanation about how to change your password.
Hope this helps.
I guess you were debating the "It may be possible for the attackers to log on to your forum account under certain circumstances" line? I'm not too sure what they mean with that to be honest, so don't entirely trust my translation
. What they probably mean is that the attackers are able to log in to the forum accounts.EDIT: German isn't my first language, so I'm happy to see our translations are more or less the same
Guess all those lessons are good for something 
Wheel of time
I can give it a try (german is my first language so the english may not be perfect):
At the moment fansites are obviously under heavy attacks from the outside. After the attack of GWG the wartower has been targeted as well.
We closed the security gap. But the attackers managed to steal encyphered passwords of the wartower forum accounts. We therefore ask you to change your forumpasswords. The attackers may under these circumstances be able to log in with your accounts and abuse them. This includes accounts somewhere else where you used the same data.
My opinion: Im truly worried about all that bad attention gw forums seem to get recently and i sincerely hope for the consequences to be as few as possible.
E: hmmm i should translate faster i guess^^
still we seem to agree more or less on the translation
At the moment fansites are obviously under heavy attacks from the outside. After the attack of GWG the wartower has been targeted as well.
We closed the security gap. But the attackers managed to steal encyphered passwords of the wartower forum accounts. We therefore ask you to change your forumpasswords. The attackers may under these circumstances be able to log in with your accounts and abuse them. This includes accounts somewhere else where you used the same data.
My opinion: Im truly worried about all that bad attention gw forums seem to get recently and i sincerely hope for the consequences to be as few as possible.
E: hmmm i should translate faster i guess^^
still we seem to agree more or less on the translation
Inde
Thank you both so much!
frinoh
About the wartower.de incident:
I'm german and I skimmed through the thread on their forums, the admin mentioned that their passwords are md5/salt protected, so their message that passwords were stolen might be a bit over the top. It seems the attackers merely aquired the encrypted password file.
I'd still recomend changing your password of course.
I'm german and I skimmed through the thread on their forums, the admin mentioned that their passwords are md5/salt protected, so their message that passwords were stolen might be a bit over the top. It seems the attackers merely aquired the encrypted password file.
I'd still recomend changing your password of course.