Pages: [1] 2 3 4 5 6 7 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Aylanaa
Jiangsu Rongsheng Heavy Industries Group
4
|
Posted - 2013.07.19 09:18:00 -
[1] - Quote
So this RoCkEt X guessed Mino IV's password on Eveboard, which allowed him to figure out when Mino IV would log his titan chararcter on enabling RoCkEt X to kill said titan. The story is here http://themittani.com/news/legion-alts-downs-avatar-low-sec, and here http://pastebin.com/u9XjXtAa Too me it seems in the grey area just curious on other people's thoughts. |
|
Chribba
Otherworld Enterprises Otherworld Empire
8930
|
Posted - 2013.07.19 09:24:00 -
[2] - Quote
As far as eveboard goes, that doesn't really give any details to that kill apart from when the skill ran out which sure could give a theory in what timeframe a pilot would log on to change queue.
Is it illegal, from my view no it's not illegal, but should there be a need for me to implement additional security measures to prevent brute force (than those already in place) I will do so.
If anything, I'd rather see the whole ISboxer setup being more of a grey zone in this case.
/c
|
|
Anna Karhunen
Inoue INEXP
92
|
Posted - 2013.07.19 09:27:00 -
[3] - Quote
It is illegal*. As the EVE board is Chribba's I suppose it falls within Swedish law, though ask Chribba if you want to know for sure. Accessing other person's account (any account) without their explicit approval is never a good idea.
Edit: *Whether authorities do anything, that is different question. Unless there has been damage, they are probably not going to make a move. Losing ships in a game... I think they will laugh. |
Cannibal Kane
Temple of Kane
2068
|
Posted - 2013.07.19 09:30:00 -
[4] - Quote
I dont think so..
The hundreds of chars using a combination of 123 to 12345 does not make it hard. "I saw him fight by the monument in Jita. -áHe flowed in his Machariel like a Shinto spirit, 800MM shells sprouting in his passing. -áHis hair flowed in the corona of his target's warp core breach. -áIt was truly majestic. -áAnd while everyone stared in awe I stole the loot and ran off.-áBecause I am like that." --áNEONOVUS |
Inxentas Ultramar
Ultramar Independent Contracting Home Front Coalition
606
|
Posted - 2013.07.19 09:38:00 -
[5] - Quote
As we know our governments excell in retardation when it comes to anything internet, including legislation concerning it. The only proper answer would be who cares about legality. Legality is defined by people that have no clue anyway. Whether or not Chribba approved is a more interesting question. He might even consider this legit gameplay, and as such allow it explicitly, making it legal. I couldn't find a EULA on Eveboard to check.
Im my country some dude got sentenced because he guessed the GET parameter of a badly secured website. The trick is that the website in question was of the government, so instead of fixing it they deemed prosecuting the 'hacker' more usefull. A person like Chribba might actually have a life and not press charges over this form of data mining! |
Pak Narhoo
Splinter Foundation
1039
|
Posted - 2013.07.19 09:40:00 -
[6] - Quote
Chribba wrote:
Is it illegal, from my view no it's not illegal in that sense, but not really wanted either,
Well, you could maybe make it harder by preventing passwords like 1234, by making them 6-8 characters long with a mandatory character/number combo. Like 123456a or abcdefg8.
Then again people will create dumb passwords, no matter what you do. Looks to me like he didn't wanted that Avatar anyway. |
|
Chribba
Otherworld Enterprises Otherworld Empire
8930
|
Posted - 2013.07.19 09:49:00 -
[7] - Quote
Pak Narhoo wrote:Chribba wrote:
Is it illegal, from my view no it's not illegal in that sense, but not really wanted either,
Well, you could maybe make it harder by preventing passwords like 1234, by making them 6-8 characters long with a mandatory character/number combo. Like 123456a or abcdefg8. Then again people will create dumb passwords, no matter what you do. Looks to me like he didn't wanted that Avatar anyway. There could be plenty of things made of course. I could even do token authentication with RSA dongles... question would be how far to take it really.
It's a small character sheet site after all while I do take security seriously it needs to be balanced so I'm most likely not going to start to block passwords or force the use of complex ones (I'd need to open up a support division to handle all the requests from ppl who forget their already easy 1234 passwords lol)
/c
|
|
RoCkEt X
Tr0pa de elite. Pandemic Legion
32
|
Posted - 2013.07.19 09:52:00 -
[8] - Quote
from: http://community.eveonline.com/support/api-key/
Quote:I still don't like it. If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys.
I think that pretty much says it all.
1234 was my first guess, by the way :)
|
Thorn Galen
Bene Gesserit ChapterHouse Sanctuary Pact
1237
|
Posted - 2013.07.19 09:53:00 -
[9] - Quote
Consider this.
Dude has a bunch of keys. He goes around to random houses to see which key will fit a lock. Eventually he finds one which opens a door.
Just because the key fits the door does not make his action legal, it's still a crime.
Likewise, nor should such an action as discussed here be condoned. Same legal principles apply. There's nothing "meta' about it, it is illegal, plain and simple.
o7
Personnel Division Director - Bene Gesserit Chapterhouse CEO Sanctuary Pact Alliance --áSanctuary Pact |
Tippia
Sunshine and Lollipops
15627
|
Posted - 2013.07.19 09:57:00 -
[10] - Quote
Thorn Galen wrote:There's nothing "meta' about it, it is illegal, plain and simple. What law does it break? GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥
Get a good start: newbie skill plan 2.0. |
|
dexington
Dexington Corporation
700
|
Posted - 2013.07.19 10:00:00 -
[11] - Quote
RoCkEt X wrote:from: http://community.eveonline.com/support/api-key/Quote:I still don't like it. If you are not certain that the web site or program asking for your API key is safe, please do not give it to them! You are responsible for any usage of the information obtained by using your API keys. I think that pretty much says it all. 1234 was my first guess, by the way :)
That don't give you the right to hack someones profile on another site, if i send a xml dump of my api data to my private email adresse, would it then be okay for you to hack it? I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous. |
dexington
Dexington Corporation
700
|
Posted - 2013.07.19 10:03:00 -
[12] - Quote
Tippia wrote:Thorn Galen wrote:There's nothing "meta' about it, it is illegal, plain and simple. What law does it break?
Depends on the country, i Denmark it would be -º 263 I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous. |
Tippia
Sunshine and Lollipops
15627
|
Posted - 2013.07.19 10:06:00 -
[13] - Quote
dexington wrote:Tippia wrote:[What law does it break? Depends on the country, i Denmark it would be -º 263 What does this paragraph state? GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥
Get a good start: newbie skill plan 2.0. |
Lucas Kell
JSR1 AND GOLDEN GUARDIAN PRODUCTIONS SpaceMonkey's Alliance
164
|
Posted - 2013.07.19 10:08:00 -
[14] - Quote
It's illegal as it's unauthorized use of a system, illegal in most places under varying terminology. That said it is so low down on the list, I doubt any law enforcement agency would take it seriously.
It doesn't violate the EULA since it's not CCP owned so CCP shouldn't do anything either.
It should however be illegal to use the password 1234 and someone should clout that guy up the side of his head for being so stupid. The Indecisive Noob - A new EVE Fan Blog for news and stuff. |
dexington
Dexington Corporation
701
|
Posted - 2013.07.19 10:09:00 -
[15] - Quote
Tippia wrote:dexington wrote:Tippia wrote:[What law does it break? Depends on the country, i Denmark it would be -º 263 What does this paragraph state?
You are not allowed to access other peoples private data, or invade their privacy and so on.
I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous. |
RoCkEt X
Tr0pa de elite. Pandemic Legion
32
|
Posted - 2013.07.19 10:14:00 -
[16] - Quote
dexington wrote:Tippia wrote:dexington wrote:Tippia wrote:[What law does it break? Depends on the country, i Denmark it would be -º 263 What does this paragraph state? You are not allowed to access other peoples private data, or invade their privacy and so on.
data isn't private when it's on eveboard. the only way this effects the individual is ingame. |
Anna Karhunen
Inoue INEXP
94
|
Posted - 2013.07.19 10:14:00 -
[17] - Quote
If it was under Finnish law, it would result in fine or up to one year prison sentence. If it was planned or done for criminal organization, then it would be fine or up to two years prison sentence. |
dexington
Dexington Corporation
702
|
Posted - 2013.07.19 10:20:00 -
[18] - Quote
RoCkEt X wrote:dexington wrote:Tippia wrote:dexington wrote:Tippia wrote:[What law does it break? Depends on the country, i Denmark it would be -º 263 What does this paragraph state? You are not allowed to access other peoples private data, or invade their privacy and so on. data isn't private when it's on eveboard. the only way this effects the individual is ingame.
If it was public available why did you then need to guess the password, that pretty much proves the data was not public available and the owner had not given you access, else you would have already know the password.
It's the same with postcards, you are not allowed to read a postcard you have not send or received without permission, just because there is no envelope protecting the content does not make it legal for you to read it. I'm a relatively respectable citizen. Multiple felon perhaps, but certainly not dangerous. |
Malcanis
Vanishing Point. The Initiative.
10905
|
Posted - 2013.07.19 10:20:00 -
[19] - Quote
Tippia wrote:Thorn Galen wrote:There's nothing "meta' about it, it is illegal, plain and simple. What law does it break?
Quite a few countries have laws against unauthorised access.
Of course it's really only against the law when it embarrasses a big corp or the government but eh
1 Kings 12:11
|
Nevyn Auscent
Broke Sauce
322
|
Posted - 2013.07.19 10:20:00 -
[20] - Quote
RoCkEt X wrote:
data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)
Stop whining, my ribs are hurting from the laughter :)
If it is passworded and you have come by the password via illegal means including guessing, it is private. If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different. Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.
|
|
Alua Oresson
Demon-War-Lords Fatal Ascension
278
|
Posted - 2013.07.19 10:21:00 -
[21] - Quote
Tippia wrote:Thorn Galen wrote:There's nothing "meta' about it, it is illegal, plain and simple. What law does it break?
Since the "crime" occured in Sweden, I would venture that Swedish law was broken. A little Googling results in the offence being laid out in Chapter 4 Section 9c of the Swedish penal code.
Quote: Section 9c A person who, in cases other than those defined in Sections 8 and 9, unlawfully obtains access to a recording for automatic data processing or unlawfully alters or erases or inserts such a recording in a register, shall be sentenced for breach of data secrecy to a fine or imprisonment for at most two years. A recording in this context includes even information that is being processed by electronic or similar means for use with automatic data processing. (Law 1998:206)
http://pvpwannabe.blogspot.com/ |
Anna Karhunen
Inoue INEXP
94
|
Posted - 2013.07.19 10:25:00 -
[22] - Quote
Figures. Our lawmakers just copied the Swedish law (again) and made some minor changes to hide the plagiarism. |
RoCkEt X
Tr0pa de elite. Pandemic Legion
32
|
Posted - 2013.07.19 10:26:00 -
[23] - Quote
Nevyn Auscent wrote:RoCkEt X wrote:
data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)
Stop whining, my ribs are hurting from the laughter :)
If it is passworded and you have come by the password via illegal means including guessing, it is private. If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different. Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.
except for the fact he posted his PW in his application to PL. so the information is out there :) |
Anna Karhunen
Inoue INEXP
94
|
Posted - 2013.07.19 10:28:00 -
[24] - Quote
RoCkEt X wrote:
except for the fact he posted his PW in his application to PL. so the information is out there :)
That is irrelevant point. What matters is that you did not have permission to use it. |
RoCkEt X
Tr0pa de elite. Pandemic Legion
32
|
Posted - 2013.07.19 10:31:00 -
[25] - Quote
Anna Karhunen wrote:RoCkEt X wrote:
except for the fact he posted his PW in his application to PL. so the information is out there :)
That is irrelevant point. What matters is that you did not have permission to use it.
So, if i post my API here, and select one person in this thread whom i allow to use it, anyone else using it is doing so illegally? i don't think so. |
Anna Karhunen
Inoue INEXP
94
|
Posted - 2013.07.19 10:41:00 -
[26] - Quote
I am pretty sure lot of laws have been broken here in EVE and will be broken in the future. Now, in your case, you have broken the law, sure, but I am certain you will be safe because 1) the only person who can won't go hop through the hoops to get the issue moving in Sweden and 2) if police and DA do get the report, they probably decide not to do anything because the loss was an internet spaceship and they have better things to do with their time. At least here in Finland police has that right to decide what to investigate. |
RoCkEt X
Tr0pa de elite. Pandemic Legion
32
|
Posted - 2013.07.19 10:43:00 -
[27] - Quote
ofcourse, the irony of all this is that he logged in 3 days before his skill finished.
so as a fact, me having his eveboard info turned out to be irrelavent :) |
Anna Karhunen
Inoue INEXP
94
|
Posted - 2013.07.19 10:51:00 -
[28] - Quote
Assuming that the claims made in the comment section of the article at themittani.com are true, the kill becomes even more ironic. They claim there that the titan was going to be PL titan. Go there, read the comments and judge for yourself. |
Gealbhan
True Slave Foundations Shaktipat Revelators
390
|
Posted - 2013.07.19 10:54:00 -
[29] - Quote
See, this is why you use an alpha-numeric password at least 16 characters long of upper and lower case letters with numbers sprinkled through it too. It's not fool proof but it makes your password a hell of a lot harder to guess, also rotate it frequently. |
Ritsum
Ubiquitous Hurt
207
|
Posted - 2013.07.19 11:07:00 -
[30] - Quote
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.
Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private". Play EvE how you want to play it and do not let others dictate how you play. Evolve your playstyle to protect yourself from others! Even in "PVE", "PVP" is there, lurking in the shadows. |
|
|
|
|
Pages: [1] 2 3 4 5 6 7 :: one page |
First page | Previous page | Next page | Last page |