Exploits

Last week, we brought you the news that a terrible exploit had made itself known in EVE Online. The exploit allegedly involved filtering network traffic for specific packets which told the server to join the local chat channel. As a result, the player would remain hidden in the local channel and could sneak up on unsuspecting victims for an easy kill. Most of the controversy surrounding the exploit hinges on whether or not a certain group of players from Pandemic Legion alliance had been abusing the bug to kill farmers and macros. "The MonkeySphere" and his crew have spent months killing the macro element in nullsec using an unannounced but clearly effective strategy. Suspecting him of cheating, Russian players managed to recreate a set of conditions under which a player would remain hidden from the local channel.

Although posting the actual exploit details is not permitted on the official EVE forums, the thread discussing the exploit and The MonkeySphere's alleged involvement has now exceeded 50 pages. Showing a refreshing sense of transparency, CCP opted to keep the thread open while they investigated. Players used the thread to bring forth evidence of the exploit in action and filed bug reports on the issue. On Tuesday, CCP announced that a hotfix for the exploit had been deployed which should prevent the exploit from being used. Meanwhile, debate over The MonkeySphere's involvement with the exploit continue in the original discussion thread.

Hackers beware. The team at Star Vault have their eyes on you, and it's time to stop any and all shenanigans you've got going on in Mortal Online. Or else, you say? Or else the banhammer awaits you -- and according to their most recent update, it means an instant, permanent ban that could leave you staring at the login screen in frustration.

According to a post by Maerlyn on the Mortal Online forums, there is currently no set date on when software monitoring will come into play, or even what method they'll use to monitor for third-party applications or changes in the game files that are being reported. A follow-up posting by Tazaterra in the same thread indicates that anyone who has modified game files needs to stop at this time.

With the game still being tweaked pending release, we're glad to see the team at Star Vault is taking a proactive stance on this before the floodgates officially open. In a game where PvP is everything, players need to know that anyone using exploits, hacks, bots or the like to tip the game balance will be dealt with swiftly and before it causes game imbalances.

[via TTH]

A nasty exploit has raised its ugly head in EVE Online this week, allowing players to prevent themselves from showing up in the local chat channel. Unless you're in a wormhole system, this channel is meant to show a list of every pilot in the system and must update instantly when a player jumps in. In the deep nullsec regions, the local channel is the primary way a player will know if he's safe or not. If you're alone in the channel, there's nobody else logged on in the system that can attack you. If an enemy fleet rolls by, you'll see a list of names suddenly appearing in the channel and know it's time to get to a safe place. If a pilot were able to somehow hide himself from the local channel, he could sneak up on unsuspecting victims without them knowing he's there.

Skip past the cut for an investigative look at this unsettling development.

Continue Reading

There's an understandable problem with selling game currency in subscription games, where it's generally considered verboten for good reason. While some subscription games will sell you things in addition to the monthly fee, there's a general sense that you should earn your advantages. But in free-to-play games that have a cash shop allowing players to purchase items directly... well, the very idea of gold selling seems kind of silly. But it can happen, and Runes of Magic has experienced a bit of a problem of late with the trade of Diamonds (their cash shop currency) for gold.

The game has traditionally treated the currencies as interchangeable insofar as players with lots of Diamonds and not enough gold could sell their excess to other players. Unfortunately, the current spate of RMT activities have called for draconian measures: they've taken away the ability to trade Diamonds for gold. They've also temporarily removed the ability to send gold through the mail. The official announcement stresses that this is a temporary measure to combat unacceptable behavior. While less gold spam is a good thing, fewer features are a negative, so this new is a mixed bag for Runes of Magic players.

On Wednesday, we brought you the news of CCP's plans to nerf deep safe spots in EVE Online. Deep safe spots are bookmarks far outside the outer boundaries of a solar system. Being several hundred AU from the nearest celestial body, ships in a deep safe spot are far outside normal scanning range. The spots have been created using a variety of exploits over the years, and with Tyrannis on the way they're headed for a nerf. The announcement of the change was met by strong opposition from some players on the official EVE forums, not about the nerf itself but the planned implemention.

On May 18th, all ships and objects over 10AU further from the system's star than the outer-most planet were scheduled to be deleted. Any ships or items inadvertently left there would be gone and any pilots logged off in these locations would log in to find themselves without a ship. In response to player feedback, CCP have decided to rethink their plan to delete objects in deep safe spots. These objects will instead be moved to the outer edge of the solar system. In the new announcement, CCP took the time to clarify what objects will be moved with a handy diagram. The announcement was rounded off with some interesting statistics, showing that there are currently about 345 ships without pilots abandoned at deep safe spots across EVE. As these ships will eventually be moved to within normal probing distance, some lucky players may find them unexpectedly.

With any player-generated content system, a game becomes a struggle between two equal and opposing forces: the designers who want to cram in every possible exploit to get the best possible rewards with the least possible effort, and those who just want to make really neat story arcs. City of Heroes recently dropped a small patch in the hopes of fighting something that had been a target for exploits, and unfortunately the latter group got caught in the crossfire.

In short, the patch was designed to target allied NPCs in missions who didn't attack, but buffed the player characters to the gills in order to make missions easier. Unfortunately, caught in the crossfire were almost any missions that involved things other than enemies, up to and including missions where players would rescue hostages. Needless to say, player response has not been kind.

Sean "Dr. Aeon" McCann was quick to give an official statement on the matter, explaining that the idea was to implement a temporary fix that would prevent current farming, with a more permanent one coming around Issue 17's launch. (Although we don't have a specific date on that, it's been generally pegged for early this month.) Until then, City of Heroes players might find themselves advised to take a break from Mission Architect for a little while.

[ Thanks to Steve for the tip! ]

You might think that Wizard101 is just a kid's game, which wouldn't be totally incorrect. But if you thought that meant they would just let you do whatever you want... well, nope, not in this playground. KingsIsle Entertainment is demonstrating that they are more than willing to step in and take the reigns when they're aware of an exploit. In this instance, it looks as if an exploit was found regarding the new wings available in the game's cash shop that work as a mount. Players had found a way to purchase their wings via gold alone, getting an unfair advantage on those buying them legitimately.

So the game is clipping their wings -- clipping them off entirely, as it were. The wings will be removed from the player's account, all gold spent will be refunded to the player, and they will be reminded that exploiting the game client will lead to a permanent ban from the game. It's not the harshest penalty, but it comes as a stern reminder that no matter how fluffy the exterior might be, Wizard101 still takes cheating very seriously. So it's a bit more like school than you might have thought.

Yesterday we reported that a wide number of e-mail password phishing scams were being sent out to Aion users. Today, AionSource.com has sent out an e-mail announcement to all of their users that this new wave of scams may have been due to a hacking attack on their website.

Knite Shadowbane, administrator of AionSource, has posted that AionSource.com had been under hacker attack five days ago on the 24th of January. The staff has since cleared the attack and has proceeded to beef up their security, but today's e-mail to all AionSource members warns that their database could have been used for these phishing scams. So, if you are a member of AionSource, keep an eye out for any unusual e-mails coming your way.

Even if you aren't a member, always remember to check the source of any e-mails coming to you that request for you to "access your account" or "confirm your password" or require you to log into an unverified source.

Knite has also posted a handy guide to securing your account, such as changing your password and installing anti-virus software.

There are a lot of choices we face where we don't so much pick a good option as we pick the option that's least negative. Most people would argue that going to work is a better choice than faking illness and calling out, but not really a choice they like. Kill Ten Rats recently posed an interesting question along the same lines: would you rather your game have gold farmers or cheaters?

As the full piece argues, gold farmers are the greater evil to the companies running the game -- they aren't paying customers and they're disrupting the playerbase. But the average player is more likely to run into cheaters than gold farmers, and they're more likely to have a direct negative effect upon the experience of the game. Yet teams tend to be more active in pursuing gold farmers (witness Aion's theatrical destruction of them) because cheaters, to the company, are a slightly lesser problem.

Obviously, it's not a binary equation, and some games (such as Final Fantasy XI) place both at an equally high target priority. The fundamental question, however, is an excellent one -- cheating jerks, or RMT bots? There's no good option.

It's an immutable law: create an online game where virtual currency is used and it'll inevitably give rise to a black market for that currency, not to mention for the various items in the MMO. Earthrise will be no different, but developer Masthead Studios aims to be proactive about the problem of gold sellers, rather than reactive. They also feel that their game will be difficult to bot. "Most of Earthrise design has followed the paradigm of requiring player interaction and skill through every aspect of combat, crafting and logistic movement so we firmly believe the game will be, by design, very difficult to automate via known methods," Masthead explains in their latest Question of the Week.

Another factor that Masthead Studios feels will curb black market activities in Earthrise, at least in respect to items, is that every use of gear slowly degrades the item in question. Of course, where there's a will there's a way. So when Earthrise enters open beta Masthead Studios will keep a close eye on the various ways players find to exploit the economy.

Continue Reading

"We have met the enemy and he is us." The player identified as "Patrick" is not the malevolent monstrosity we'd like to see. Nor is he a victim of circumstance, at that. He acts for all the world like a perfectly normal gamer, and if you didn't know he'd scammed between $10,000 and $20,000 in a year of reprehensible behavior, you certainly wouldn't be able to guess. That's what makes a video interview with him, mirrored and annotated at PlayNoEvil and originally recorded by Marcus Eikenberry, so odd on many levels.

The full interview lasts thiry-eight minutes, which makes it a bit long for casual viewing. The article which mirrors the video notes some of the highlights, including when he almost breathlessly exhorts the moment he realized that there was nothing in PayPal's EULA that prevented him from not transferring his EVE Online account to a purchaser on Craigslist.

His rationalizing of the actions include the loss of his job and financial instability, even as he begins the interview explaining how he would scam players in both EVE Online and World of Warcraft for fun. His words are unsettling, but what makes them all the more eerie is the fact that without the foreknowledge... there's no way to tell his voice from any of ours. When you have the time, the whole interview is well worth looking at if you're at all interested in account security and the culture of scammers.

NCsoft hasn't been having an easy start to the year, at least not in the eyes of security-minded players. The entire Guild Wars security question recently came to a head with suspicions and accusations that the flaw was something wrong with NCsoft's account management, a black eye if ever there was one. Of course, that raises questions about not just Guild Wars, but any game under the company's aegis, which includes City of Heroes. So it should come as little surprise that a reminder about account security has recently been posted on the official site.

The reminder itself is fairly standard boilerplate, reminding everyone to avoid giving out their account information to any other players, only log in from secure locations, and so forth. It also addresses the issue at hand in a roundabout fashion, mentioning that they found no malicious workarounds after investigating "current claims." However, the very next line mentions that they have added more robust logging and security procedures, which can lead to the obvious conspiracy theories. With fewer items to be traded than many other games, City of Heroes has a smidge more built-in security -- but a little extra reminder and caution never hurts.

It started as a surprise. Guild Wars players reported suddenly finding themselves hacked, their accounts cleaned out, no indication of what could have caused the problem. NCsoft and ArenaNet offered suggestions, security safeguards, new measures being taken, hints that the problem lay in a popular third-party website with an undisclosed name. But with the recent rash of problems that Aion players have been having regarding security, new facts have begun coming to light, and they paint a picture that isn't pretty.

Specifically, some players seem to be finding that it doesn't take any skill to wind up hacking someone's account accidentally. And all it takes is a few log-in attempts to find yourself with access to someone's account name, password, and billing information for all of a player's NCsoft games.

Continue Reading

Square-Enix can get very touchy about certain things with Final Fantasy XI. Revealing the precise numbers and mechanics behind many of the game's elements seems to be one of them that none of the game's fans are terribly pleased with, but they're just as touchy about people cheating in the game, which fans can't help but be happy about. The game's terms of use clearly state that the use of third-party applications interacting with the game is expressly forbidden, and the game has recently dropped the hammer for good on one of the distributors of third-party hacks.

The announcement, which can be found on the official site or mirrored on Allakhazam.com, states that the game's team had been monitoring the sale and distribution of certain undisclosed third-party applications, and they had subsequently shut down both the servers for the programs as well as the sellers. The specific applications are not named, as is normal for Final Fantasy XI -- they don't want to encourage anyone to seek out the cheats, after all. The announcement also includes the usual warnings about bannings and account security when connected with third-party cheats. It's always good news when the less scrupled side of a game's community gets shut down -- now if only we could pass some of this along to NCsoft for their recent woes.

CCP Games has made some sweeping changes to how players claim and contest territory in EVE Online, with the recently-launched Dominion expansion. These changes haven't been without issue, however, and a significant problem with the new Sovereignty Blockade Units (SBU) has arisen. SBUs are anchored by attackers at stargates in a solar system belonging to the territory-holding alliance and disrupts the control of the Sovereignty holder, providing opportunities for attackers to usurp the space holding alliance. Issues with the SBUs prompted the devs to declare an exploit over the weekend. EVE's Community Manager CCP Wrangler stated:

"An issue has been discovered that makes outposts and infrastructure hubs vulnerable to attacks without the attacker having adequate Sovereignty Blockade Unit (SBU) coverage in the system. Attacking outposts and/or infrastructure hubs without adequate Sovereignty Blockade Units in the system is an exploit and any incidents will be dealt with accordingly. Situations where attackers have the proper SBU coverage are not subject to this rule. The problem is under repairs and will be fixed as soon as possible. We thank you for your understanding and patience in this matter."

Continue Reading