| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (44)

Posted: Mar 19th 2011 11:10PM Apakal said

  • 2 hearts
  • Report
We call those ethical hackers "white hats" if you want to jazz it up a little more.

Glad to hear they made progress. Now they need to really push those authenticators, and they seriously SERIOUSLY need to consider a hardware option. Solely relying on apps and text services is a bad idea.

Posted: Mar 19th 2011 11:16PM kgptzac said

  • 2.5 hearts
  • Report
"Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend."

While it sounds a bit unclear to me, I hope what he means is there will be no more hacked account due to server vulnerbility. Anyway this is a happy ending to both Trion and and their players. And at the end of the day maybe we all could learn something, such as stop automatically assuming if a player's account is hacked, that player must be at fault of using bots/conduct RMT/running keylogger.

Posted: Mar 19th 2011 11:27PM drakon said

  • 3 hearts
  • Report
@kgptzac

Yep. Thats one my of my biggest MMO pet peeves, people assuming that if someone is hacked they have a keylogger or were stupid with their account info.
Reply

Posted: Mar 20th 2011 2:11PM Rialle said

  • 2 hearts
  • Report
@drakon

People assume this because 99% of the time, it is the case that the victim HAS been hit with a keylogger, phished, or been loose with their credentials. (It can be very difficult to avoid all the sources of keyloggers, unfortunately. Especially with things like 0-day Flash vulnerabilities running rampant online.)

Fixing this vulnerability was a must, however, and I'm glad that Trion owned up to it and fixed it ASAP. We do not know how many people with compromised accounts were actually impacted by this. I suspect most breached accounts since launch were the result of "traditional" means rather than this attack, however. (We also don't know how difficult this attack really was to pull off since the details were not disclosed.)

I also am glad to see the coin-lock feature and that two-factor authentication is planned.

Ultimately, whatever the cause of the account breach in a specific user, the true fault lies with the RMT sellers and those that buy from them rather than people who just randomly got their accounts broken into.
Reply

Posted: Mar 20th 2011 12:42AM (Unverified) said

  • Half a heart
  • Report
Another rift article.............shocking.

Posted: Mar 20th 2011 12:47AM exe973 said

  • 3 hearts
  • Report
@(Unverified) It's really not hard to skip RIFT articles, You just scroll past them.

This has been a public service announcement.
Reply

Posted: Mar 20th 2011 3:51AM Azules said

  • 3 hearts
  • Report
@(Unverified) Get used to it ;)
Reply

Posted: Mar 20th 2011 1:09PM lyons said

  • 2 hearts
  • Report
@(Unverified)
if you don't want to see rift articles then use this link

http://massively.joystiq.com/exclude/rift/

Reply

Posted: Mar 20th 2011 1:38PM Sorithal said

  • 2 hearts
  • Report
@(Unverified)

Haters gonna hate.
Reply

Posted: Mar 20th 2011 1:00AM Rindon said

  • 2 hearts
  • Report
I don't understand how there has been such an outbreak of security issues for games (newer releases). I have held accounts in Ultima Online and EverQuest for about 10 years now and never once have I had any type of security breach. I also have kept the same passwords in both of those games from the day that I created my account(s).
That being said, I have been hacked in both Aion/WoW. The odd thing is, I used a numerical with upper/lower case password which I would change on a monthly basis. Not sure if they have internal security breaches or what is going on, but it seems to be a big problem with a lot of AAA companies.

Posted: Mar 20th 2011 1:02AM Rindon said

  • Half a heart
  • Report
@Rindon
Oh, and yes, I am also sick of hearing about Rift :-)
Reply

Posted: Mar 20th 2011 5:18AM Averice said

  • 2 hearts
  • Report
@Rindon Because nobody cares about UO or EQ1.

It really sounds like you didn't even read the linked article.
Reply

Posted: Mar 20th 2011 1:15AM Graill440 said

  • Half a heart
  • Report
The numbers may be more than the 1% quoted by Hartsman, the foprums are rife with complaints about the customer service or actual non existance of it. WHich leads many to believe they have more problems than they let on.

When a person gets a trouble ticket back stating they are working on hack attempts as primary problems and if you still need your problem answered.......for the third time, tells me the outsourcing they have..........and they do, is filtering and running interference by stuffing tickets and telling folks to resubmit to buy time. This doesnt go over well and what Trion thinks they are getting away with will simply lead to bad word of mouth.

Posted: Mar 20th 2011 5:06AM socialenemy2007 said

  • 3 hearts
  • Report
@Graill440 "the numbers may be more than the 1% quoted by Hartsman"

Translation: You have no idea how many accounts have been hacked. Nor do you understand why, how, or care.

"the foprums are rife with complaints about the customer service or actual non existance of it. WHich leads many to believe they have more problems than they let on."

You are simply trolling Rift threads.

There, I fixed it for you.

20 days after the game launched, they release the coin lock system; how is customer service non-existent?

Troll harder please.
Reply

Posted: Mar 21st 2011 2:19PM KDolo said

  • 2 hearts
  • Report
@socialenemy2007

People are throwing around the phrase "Troll" too loosely and especially in response to criticism of RIFT.

Holding and expressing an opinion in a forum that is contrary to the forum dedicated to it is not Trolling. Expressing concerns about or raising issue with problems concerning a thing is not Trolling. Doing so to bait people into an argument is Trolling.

For people who have had to wait two weeks or more for restoration of their characters (I know of one personally who has been waiting and is still waiting this long) in light of a backdoor in Trion's security that was about the size of a truck might consider Trion's response time inexcusable and their customer service non-existent. Rightly so, I would say.

This is an issue Trion had tried to sweep under the rug and only recently admitted to and began to fix when it became apparent that the issue was on their end.

And to all the apologist fanboys; for a company who's ad campaign has repeatedly suggested that their world is better than Blizzard's is even now, why would you give them a pass on not having an authenticator?
Reply

Posted: Mar 20th 2011 2:17AM silvertemplar said

  • 3 hearts
  • Report
I can tell you why this happens so much more now.

1. Account Name = Email Address
2. Email Address are used to unlock, to change password to do whatever.
3. Email Address are to be found in any database on the web, every site, every game, everything will contain your email address.

So once a hacker picks up a database of forum members, it's a matter of time before they are able to use email address to get into any game that using it as your account name.

The Coin Lock is only moving the hack "point of entry" from Rift authentication to your Email account.

Anyway, i assume everyone is aware of Google's 2-step Authenticator for gmail? It works via your phone to generate these codes [without going via an email system] . So unless Trion considers "hiding" our email addresses and giving us new account -names- , they will probably have to end up with a full blown authenticator like Blizzard.

...and Blizzard is also making the same mistake with exposing the email address as the "login" . Hence why it's so easy to both get hacked and get spammed in your email.

Posted: Mar 20th 2011 2:25PM Rialle said

  • 2 hearts
  • Report
@silvertemplar

I agree that using the email address is not the wisest choice, and I don't like this trend of everyone wanting to use an email address as a logon. Yes, it makes it easier to remember, but at the same time this means a lot of people use the same login ID for their email, Facebook, Twitter, and all their games. And many likely use the same password because it's hard to remember them all.

This is why I keep a separate logon for each game account I have. I have completely separate email addresses for WoW/Battle.net, RIFT, Steam, PSN, and so forth.
Reply

Posted: Mar 20th 2011 6:44AM Ably said

  • 2 hearts
  • Report
hacker == guy who hacks wildely on his keyboard to produce code, of questonable quality most of the time.

cracker == guy who exploits security holes in software for malicious intend.

there is no such thing as an "ethical hacker" as there is no ethical code.

Posted: Mar 20th 2011 9:51AM Seegrey said

  • 2.5 hearts
  • Report
@Ably

Kudos firstly, for being one of the handful who have some idea on the difference, but a small correction is needed.

Hacking is about the problem solving process, but isn't computer related - a model railway club is widely accredited with being the first hackers, after setting up a remote switching system using old phone parts - no code used. In some cultures, one will use "hack something together" in place of "jury rig it". MacGyver is a great example of a hacker, actually.

Every situation has a set of rules that govern it, from games we play, to social interaction(Etiquette, social conventions, etc) to plain walking down the street(physics). A hacker is just someone who finds a problem, and uses every advantage/method they can in overcoming it, but doesn't follow convention.

Most crackers are hackers, in this sense(but not all hackers are crackers). hackers could also be people developing vaccines, working on new car engines that use lettuce as fuel, or the guys who put a rat brain into a robot(youtube "robot rat brain"). They're also the guys who make the anti-viruses, firewalls, encryption protocols and so forth we use to defend against crackers(along with most of your computer, servers and software, actually).

Updating the article, especially considering you're praising a hacker, would be a pretty respectful move, tbh. Yes, I know most of the audience is ignorant of the difference but that doesn't mean you shouldn't at least try to educate them, since 99% of them aren't idiots.
Reply

Posted: Mar 20th 2011 10:14AM Apakal said

  • 2 hearts
  • Report
@Ably

Yay for semantics!

/sarcasm
Reply

Featured Stories

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW