CEO of SecurePlay discusses account security (Anet and NCSoft)

Lots of references to NCSoft and ArenaNet in this. I think it's spot on but I'm sure there are some who will disagree.

Whole interview is here: http://www.massively.com/2010/01/18/...ount-security/

This question I thought was good, since I too found Anet's response inadequate:

And this line I wholeheartedly agree with:

Anet responded perfectly fine, even implementing the additional security of the Character Name at login.

NCSoft dropped the ball, not Anet.

As much as I love Lum, having him write the "company line" that clearly reeked of the management's touch was a bad move.

Very nice find. This does an excellent job of providing a reasoned appraisal of the situation.

Just curious, what would it take to separate ANet from NCsoft?

A lot of money that ANet doesn't have.

Make GW subscription based.

I know I'd be in the minority, it totally goes against the business model etc, but I would support this if it led to ArenaNet leaving NCSoft.

Back OT, the full interview is somewhat informative. Its also comforting to know that what has been going on with NCSoft of late has been noticed by the wider gaming community.

anet would have to create a lot of the business infrastructure that is currently being handled by ncsoft. if they did something like that, it would probably kill the company financially.

Meh, SecurePlay has a vested interest in seeming to 'know better' and to be critical of any companies security responses that don't involve licensing their (SecurePlay's) software solutions, what's more, F.U.D. is always good business sense for people offering the solution for a price, it's free advertising.

The listed responses they suggest for dealing with security issues was as follows...

1. Aware – Tell your customers that you are aware of the problem and are taking it seriously. Let them know that they (the customers) and their issues are important and that the integrity of the game is critical to the company.
2. Triage – Figure out what immediate action you can take to stop the problem from getting worse or spreading.
3. Investigate – Figure out what is really going on.
4. Patch – Identify short term solution or work around to get things "almost" normal.
5. Repair – Fix the problem and reconstitute the game.
6. Reflect – Look to see if there are related vulnerabilities in the game design, business operations, or other areas that can be exploited and fix them before they fix you.

Well, NCSoft seems to be following a similar protocol, they've been bleating about account security FOREVER, and in recent times in bright red letters... they've communicated that the accounts have been compromised, though not the exact nature of how these accounts are being compromised, they've stepped up with some quick fixes and are no doubt still looking for long term solutions to other future threats.

So, by SecurePlay's own account of things, NCSoft seems to be doing okay, other than being more forthright about the vectors being used in the attacks, and admitting any security vulnerabilities on their end.

Seeing as how SecurePlay is in the software security industry, it seems surprising that they condone releasing information about any potential security vulnerabilities and the steps being taken to defeat the 'hackers' before a solid fix is in place. Major software companies do this ALL THE TIME, they find out about an exploit and DON'T release that information until they HAVE A FIX. Saying "Hey we have X vulnerability and we're going to try doing doing Y and Z to overcome it" is just ADVERTISING your weakness to those who would exploit it.

TL: DR version. SecurePlay wants to sell their software. Cynical, but true.

^ and although it's probably true that SecurePlay is probably just trying to boost their own sales using this interview, the very fact that the interview came around to this topic means that people outside of GW are aware of the poor PR.

Sadly, in the gaming world, all publicity is not good publicity. It's a bad time to be known for poor security or poor PR, especially considering all the games that are supposed to come out when GW2 does :/

This right here. And I agree very much with the bolded section.

So, relating to this read, how is it appropriate to block accounts midmatch with no notice after being hacked?

Some things are just handled really badly, specifically communications from anets side.

Ditto. I don't think it's ever going to happen though.


I guess you weren't a regular visitor to the AionSource forums. NCsoft have been attempting to brush things under the carpet where Aion security is concerned since October. It's been really, really bad communication on their part. The abusive and dismissive letter from the GSU is typical of the way their CMs have addressed the Aion community. Oh, and they still have no GMs on the Euro servers despite it being a subscription game. GG NCsoft.

I don't disagree about SecurePlay coming from a "we have a product to sell" angle, though.

Damage control that's it is nothing more.

and p2p isn't the fix.

eh NCSoft can do what they want w/ their company, no one has to buy anything from it. Bad secruity=future games are gonan suck more due to lack of revenue. This is a simple fact and,for NCSoft and unfortunatly anet whoes caught up in this, i doubt it will change at any time soon. (not unless like the ceo of the company's account gets hacked and they cant figure out how to restore it ;p)

While sounding informative and informational, this interview provides little of import. SSDD

Question: What the hell do you mean people don't "buy stuff" from the company very often? "No Subscription Fees" is one of the key selling point of Guild Wars, how can you use that as a reason for not being able to tap into external security mechanisms?

Question: It is lucky (according to you) NOT many people buy stuff from you, otherwise, the stolen customers' identity would have been an even bigger problem then merely virtual stuff being stolen.

Question: How is it that you did not tap into external security mechanisms when you have IN-GAME STORE?

Basically when I reported my suspicion (late May 2009) that linking to NCSoft master account could be a cause of a hack, all of the above weren't done, it was all denial, NO it can't happen was the impression I got. We/I do not want to know what you are doing for security measure. Also you have just announced to the whole world that ArenaNet do not have external security measure ....

explained as you might, The ball is in your court, and YES CUSTOMERS ARE FICKLE, THEY WILL LEAVE!

PS: I do sound like a disgruntled customer, but this is not a complain, its things you do that are compromising (a better word could be use there) yourself. I am merely giving you feedback of what people (ME) perceive you to be when I/we read your messages.

I'd pay for this if it meant regular content updates and skill balancing.

Guild Wars as it is right now isn't really worth a subscription, but Guild Wars as it was two years ago, was.

Pumpkin, what I think he means is, people who get ticked off at a company for having an account get hacked, can quit the game. For subscription games, that means... oh boy, you better not tick off your customers.

For a.net... ehhh shrug who cares?

really weird.. I can't login to my GW account anymore. I changed password last night. Using the same password to login today and can't get in.... hmm something isn't right!

With GW2 on the horizon, ANet losing their customer base is certainly not not a big deal.

I do wonder if ArenaNet could be bought out by another publisher. Unlikely since that would likely be extremely expensive due to ArenaNet's success, but I suppose it is possible. For anything to happen, a lot of money is going to be involved. With so many other games coming out in the same period as Guild Wars 2, buying ArenaNet would be a very risky move.

Also remember that the ArenaNet founders are scattered to the winds, and several have positions in NCSoft now. They are still involved in Guild Wars 1 and 2, but in the production aspect rather than the developer.

Not a chance in hell.

As the interview and many indicated, there's really no reason to stick with a company that behaves in this manner and has these sorts of problems. Yes, Anet responded fairly well, but when coupled with mismanagement of GW1 as a whole, I can safely say that GW2 is not at the top of my list.

One right doesn't make up for multiple wrongs.

EDIT: I am one of those players who would prefer a free 2 play game, but I wouldn't mind forking over the money for quality, content, support, and regular updates. For us old GW1 players, we're pretty much getting what we're paying for: zilch.

Added to that is the fact that at the moment there can't be much profit coming in. A few people are still buying the game here and there but for the most part the player base isn't gonna grow much on a game that is almost 5 years old. And I hardly think the ingame store is producing enough to support the company.

With the high profit days of GW1 pretty much over and GW still dangling in the future, taking funds for development but not producing cash, as yet, I can't see many companies jumping up and down to buy ANet.

What really worries me about any potential change of hands with ANet is what happens to the link between the NCMA and the game account (whether valuable information is all deleted or just stored somewhere), the in-game store, and whatever kind of effect this might have on the HoM system.

^this

i know alot of ppl have NCSoft accounts(i dont i never cared about that extra storadge pane ;p) so this would be a big problem.

Knowing the unresponseable NCSoft as of today, id say they'd store it on an information sheet and stick it to the outside of their buildings front entrence.(this would be that so when the management or some subordinate gets mad they can randomly pick someone from the list and perma-ban them).

thats just my 2 cents

Why would NCSoft sell them anyway?

2009 seemed a good year for their stock value.

WOW, this CEO guy is awesome! He sure talks the talk... I couldn't find any prices though for the software security solutions...

Of course, I will need to POC first... because you know... quite often what Salesmen say (CEO is nothing other than a glorified salesman) is not how a product actually works and how their operation / business operates.

Proof is in the pudding. Good effort on the opportunistic Sales punt tho.

So with all the warnings and hacks I go to change my password. I log into GW select change password. (enter old password) (enter new one) (reenter new one again) and it code 11 on me. Over and over and over.... I try to no avail. Then I click go to NCsoft can't even log in to that site. While at NCSOFT GW has stopped responding a and I have to force close it. What am I doing wrong???


This is messed up now I can not sign into GW with old password but the intial one I tried that code 11 on me works. Thank god I remembered it WTH is that all about


UPDATE I went to log on again this morning and I am now disabled none of the passwords I tried new or old work very dissapointing especially when I was following there advice