Guild Wars Guru Security Notice

JR

JR

Re:tired

Join Date: Nov 2005

W/

27 Jan 2010 at 10:28 - 121
Quote:
Originally Posted by frinoh View Post
About the wartower.de incident:

I'm german and I skimmed through the thread on their forums, the admin mentioned that their passwords are md5/salt protected, so their message that passwords were stolen might be a bit over the top. It seems the attackers merely aquired the encrypted password file.

I'd still recomend changing your password of course. All vBulletin forums will md5 passwords, and anyone on the ball with security will have them salted too. That said, I think it's a mistake to imply that 'things might be ok'. Anything that is encrypted can be cracked, it's just a matter of time and resources.

It is our (fansite admins) responsibility to ensure people change their passwords, and talking down the risk (however insignificant it is) is not the way to do that.

Wynthyst

Wynthyst

Site Contributor

Join Date: Aug 2006

Gems of Destiny

D/

27 Jan 2010 at 11:40 - 122
Quote:
Originally Posted by JR View Post
Character names were wiped from the forum two months or so ago, when the change to remove them was first implemented. While the Character names were wiped from the forum database, they are a required part of the Auction database to facilitate in game communication between buyers and sellers.

Since the Auction database was also hit, it is that much more necessary that people change passwords, and keep unique email addresses for each fansite.

JR

JR

Re:tired

Join Date: Nov 2005

W/

27 Jan 2010 at 13:53 - 123
Quote:
Originally Posted by Wynthyst View Post
While the Character names were wiped from the forum database, they are a required part of the Auction database to facilitate in game communication between buyers and sellers. Character names are part of the Auction House user table, yes. In the post you quoted I was responding to a concern about them having been listed on the forum.

If I dealt more with the Auction House it probably would have been instinctive to add that clarification.

Archress Shayleigh

Archress Shayleigh

Wilds Pathfinder

Join Date: Feb 2009

Guild Hall

R/

27 Jan 2010 at 17:49 - 124
As of the security breach, and the recommendation of the mods to change the username and pass of GWG, I've decided to change my info. I have NO idea how, though. I've looked around, and I haven't found how. Anyone like to assist me?
Thanks,
Shayleigh.

Yasmine

Yasmine

Wilds Pathfinder

Join Date: Nov 2007

The Lost Souls Of Jugdement [KJCD]

27 Jan 2010 at 18:02 - 125
To change your password: user cp->edit email&password (on left, under settings&options). To change username you will have to pm an administrator though (tell why you need to change it, the new name, etc).

Archress Shayleigh

Archress Shayleigh

Wilds Pathfinder

Join Date: Feb 2009

Guild Hall

R/

27 Jan 2010 at 18:06 - 126
Didn't mean username, meant email. But ty, there's that option there, too. Thanks Yas.

Yasmine

Yasmine

Wilds Pathfinder

Join Date: Nov 2007

The Lost Souls Of Jugdement [KJCD]

27 Jan 2010 at 18:12 - 127
Np, yw 12 chars

Evasion Twenty

Evasion Twenty

Lion's Arch Merchant

Join Date: Jul 2009

Outside

Balthazars Chosen [BC]

R/P

28 Jan 2010 at 00:13 - 128
Does this also affect GW2 or just GW1G?

Snograt

Snograt

rattus rattus

Join Date: Jan 2006

London, UK GMT??0 ??1hr DST

[GURU]GW [wiki]GW2

R/

28 Jan 2010 at 00:50 - 129
Both, sadly.

Evasion Twenty

Evasion Twenty

Lion's Arch Merchant

Join Date: Jul 2009

Outside

Balthazars Chosen [BC]

R/P

28 Jan 2010 at 02:06 - 130
Quote:
Originally Posted by Snograt View Post
Both, sadly. Gotcha, thanks for the reply

Wynthyst

Wynthyst

Site Contributor

Join Date: Aug 2006

Gems of Destiny

D/

28 Jan 2010 at 05:37 - 131
Quote:
Originally Posted by JR View Post
If I dealt more with the Auction House it probably would have been instinctive to add that clarification. It's ok JR, and trust me, you don't want to have to deal with the Auction .

I just wanted to make sure people knew that while we were able to remove character names from the forum database, it's just not possible with the auction and still have it as a functional thing.

Again, if users are following the often repeated security recommendations of using unique emails, usernames, and passwords for each area/site, having character names available really does not pose that much of a threat, however, if people have not followed those recommendations, things like this can be more problematic.

Anson Carmichael

Ascalonian Squire

Join Date: Jan 2007

US

Lost Guardians of Vormis

29 Jan 2010 at 07:53 - 132
All things considered, catching this quickly and solving it is really wonderful.

Taking 6 months to realize a problem has occurred and losing 97k social security numbers is far worse: http://news.cnet.com/8301-1009_3-10236793-83.html

Assertions of scale aside, GWG respects players, has enough professionalism to monitor its servers, and tailors its website to user needs.

Thank you for making videogaming more fun, accessible, and entertaining to me. Sometimes, the day is made better by reading someone's QQ about issues that haven't yet arisen.

That said, fix yo bugs in teh interblags.