Player identifies "huge security hole" in RIFT's authentication system, Trion seals it

Justin Olivetti — Sat, 19 Mar 2011 13:00:00 EST

Filed under: Fantasy, Game mechanics, Rumors, RIFT

Hacking and account hijacking have been severe issues for RIFT ever since launch, even though Trion Worlds anticipated the onslaught from the beginning. Yesterday we saw Trion implement the so-called Coin Lock patch to prevent hackers from selling other players' items in-game, which some see as a novel (partial) solution to the problem.

However, this may not be enough to stop the truly malicious invaders from getting into RIFT accounts. One player, identified as "ManWitDaPlan" on the forums, claims to have circumvented the account login completely, leaving a "huge security hole" for hackers to exploit:

"I have verified the authentication system can be bypassed by successfully logging into another account without needing its credentials. Worse, all it took was about thirty seconds of time once I got all of the details locked down. I did trigger Coin Lock, but I was fully able to access that handy delete-character button, so this exploit is a griefer's dream. I will not post details on how to do this (so don't ask), but I'm positive that I can reproduce this at will and likely on any account on the system."

Later in the thread, a Trion representative added: "We have some things in the works right now and have been passing on your feedback, concerns, and thoughts throughout the day (no matter how radical or unlikely). Sharing sensitive information about our actions (no matter how broad) naturally also informs those carrying out these attacks. This puts us in a tight spot with how much information we can provide, and the questions we can answer."

And it looks as though the problem may be fixed, as ManWitDaPlan posted late last night: "Got word back from Steve Chamberlin, the development lead for Rift. This hole is sealed."

Player identifies "huge security hole" in RIFT's authentication system, Trion seals it originally appeared on Massively on Sat, 19 Mar 2011 13:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Potential smoking gun found for Guild Wars security issues

Eliot Lefebvre — Sat, 02 Jan 2010 10:00:00 EST

Filed under: Fantasy, Guild Wars, Exploits, News items, Rumors

It started as a surprise. Guild Wars players reported suddenly finding themselves hacked, their accounts cleaned out, no indication of what could have caused the problem. NCsoft and ArenaNet offered suggestions, security safeguards, new measures being taken, hints that the problem lay in a popular third-party website with an undisclosed name. But with the recent rash of problems that Aion players have been having regarding security, new facts have begun coming to light, and they paint a picture that isn't pretty.

Specifically, some players seem to be finding that it doesn't take any skill to wind up hacking someone's account accidentally. And all it takes is a few log-in attempts to find yourself with access to someone's account name, password, and billing information for all of a player's NCsoft games.

Continue reading Potential smoking gun found for Guild Wars security issues

Potential smoking gun found for Guild Wars security issues originally appeared on Massively on Sat, 02 Jan 2010 10:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments