Pages: [1] 2 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
xenodia
|
Posted - 2006.01.15 10:10:00 -
[1]
Yes, the account hackers are back. I was online just after 0900 server time, and saw one of my corpmates log in briefly, then log off, then on again, then off. I happened to be on teamspeak with him at the time discussing some things, so I asked him what was the problem and was he coming back. He was generally confused because he hadnt signed on at all. So he goes and logs on, and finds himself sitting in a pod at a gate instead of in the covert ops he was in when he logged earlier in the day, and he discovers his wallet is cleaned out.
Someone logged in his character, fired on someone at a gate to get concordokkened (for insurance payout I assume), and then transferred the contents of his wallet to a character named Indian Revenge (which of course was not online when I checked once we discovered this).
Fortunately, whoever did this didnt realize he was a director in the corp, or we could have lost several billion isk from the corp wallet.
Obviously, this problem was NOT solved by whatever measures were taken last week.
So, where does he go to get his stuff replaced ? He lost several hundred million ISK from his personal wallet, plus a buzzard covert ops ship with CO cloak and other gear.
|
Embattle
|
Posted - 2006.01.15 10:14:00 -
[2]
Uses the petition system. ----------- That's twice....most probably be three times by next week. |
Benglada
|
Posted - 2006.01.15 10:20:00 -
[3]
Who ever said they left? I change my password weekly now. --------------------------- Ftw!? |
Tobiaz
|
Posted - 2006.01.15 10:24:00 -
[4]
Don't forget to check if they have been messing with your account details like password retrieval email adress, and make sure you're not using the same passwords.
RMR hiatus |
Necrosmith
|
Posted - 2006.01.15 10:33:00 -
[5]
Yeah, they got me kicked out of a corp I had just joined yesterday.
Sucks.
|
chingon
|
Posted - 2006.01.15 10:52:00 -
[6]
oh noes,not again I really would like to continue to play after dt Ö By Lardarz B'stard |
Iron Monkey
|
Posted - 2006.01.15 11:17:00 -
[7]
ugh this ****es me off. Password hackers should be shot
|
Dakath
|
Posted - 2006.01.15 11:47:00 -
[8]
Bullets are too noble for such swine. I say they should be fried in the world's largest frying pan.
Originally by: Iron Monkey ugh this ****es me off. Password hackers should be shot
LAG!Ö |
RedClaws
|
Posted - 2006.01.15 12:06:00 -
[9]
Torture is an idea i like a lot
|
Jhonen Senraedi
|
Posted - 2006.01.15 12:12:00 -
[10]
I favour red hot coals sewn into their ******* myself....
|
|
megabuzster
|
Posted - 2006.01.15 12:17:00 -
[11]
Typical hackers death...
Take their skin off and then salt them, fry on slow fire, and to fill in a fused lead in their throat
|
Gonada
|
Posted - 2006.01.15 13:01:00 -
[12]
hackers will always be around. its up to you though to sa***uard your computer, not CCP.
-I don't necessarily agree with everything I say.-
|
Scrammer
|
Posted - 2006.01.15 13:06:00 -
[13]
Originally by: Gonada hackers will always be around. its up to you though to sa***uard your computer, not CCP.
We're not trying to sa***uard our computer, we're trying to sa***uard our account which is ultimately owned by CCP.
So yeah, it is CCP's problem and it is their responsibility.
|
megabuzster
|
Posted - 2006.01.15 13:32:00 -
[14]
Originally by: Scrammer
Originally by: Gonada hackers will always be around. its up to you though to sa***uard your computer, not CCP.
We're not trying to sa***uard our computer, we're trying to sa***uard our account which is ultimately owned by CCP.
So yeah, it is CCP's problem and it is their responsibility.
As and experienced user I can say that it is not only users problmes... I guess somebody in CCP may do that.. GM`s? )
|
Gonada
|
Posted - 2006.01.15 13:37:00 -
[15]
um yes it is your problem.
if you changed your passwords weekly, if you always kept your computer up to date and virus free you would not be having these problems you wierdo.
CCP is responcable on their end to make sure hackers dont break into the system on their end, but its up to you to do your part.
-I don't necessarily agree with everything I say.-
|
MrBadidea
|
Posted - 2006.01.15 14:29:00 -
[16]
Originally by: Gonada um yes it is your problem.
if you changed your passwords weekly, if you always kept your computer up to date and virus free you would not be having these problems you wierdo.
CCP is responcable on their end to make sure hackers dont break into the system on their end, but its up to you to do your part.
Be honest; do you even bother to change your password weekly? I hardly think so, and to be honest, I'm starting to think that these hack attempts aren't based off information gathered from users computers; far too many users have been hacked for the hackers to be using some kind of remote exploit of users machines to gather passwords, it's just too unlikely that all of these people will have managed to pickup the same backdoor/trojan allowing the hackers to theif teh infos.
|
Archa
|
Posted - 2006.01.15 15:01:00 -
[17]
Edited by: Archa on 15/01/2006 15:01:38 ccp servers weren't hacked, there might either have been a bug in the client wich hackers exploited to get password and ccp kept their end of protecting our accounts by changing all the passwords.
However, there are alot of people out there that changed their password back to their old original password and therefor still got hacked.
Unfortunately there are people out there who share their account login/password with other people and they get "hacked"
Even more unfortunate is that there are people out there that don't have an antivirus program on their pc, that don't run a firewall and never use ad-aware programs to clean up their pc. And these same muppets download programs that they shouldn't download, for instance: "this amazing rozor macro will work for you making you millions of isk while you sit down and watch the tele... DOWNLOAD NOW!" these programs are filled with keyloggers and other kinds of crap that give access to your pc.
Oh yeah, and another major stupid mistake most people make is setting their account login/pass the same as their hotmail/gmail account password. And they have the answer avaible in the secret question section. something like: what is my dogs name? sparky? spotty? beethoven ! bingo! any moron can hack that.
And yet, you think ccp is to blame?
|
Sim Frost
|
Posted - 2006.01.15 15:12:00 -
[18]
Archa,
Yours is one of the most informative posts on the recent hack-fest which still seems to be going on. However, we still can't know who is reasonable and how it has happened and who to blame for sure since CCP has not made any official announcement so far.
Yes I have firewall and yes my password is well protected and yes I have antivirus, etc. So, am I safe? See, I don't know, because CCP has not yet revealed how this hacking has actually happened and they have not sent a word of caution too all their customers as to "what we should do to remain safe" in this particular series of hacks. Last thing I heard is that it was CCP's servers got hacked, not clients. So, is my client safe, if not what should I do keep it safe other than general precautions?
Pls, DO NOT LOCK SUCH THREADs, because these are the only way people can know hacking is still continuing
|
ElCoCo
|
Posted - 2006.01.15 15:32:00 -
[19]
Originally by: Gonada um yes it is your problem.
if you changed your passwords weekly, if you always kept your computer up to date and virus free you would not be having these problems you wierdo.
CCP is responcable on their end to make sure hackers dont break into the system on their end, but its up to you to do your part.
Yo smarta$$.
Since CCP hasn't released any info on how the attacks actualy took place, I can assume it's CCP's fault and you can assume it's the player's fault ok?
Some of the ppl that have been attack were reeeeeal security freaks
|
Aadahn
|
Posted - 2006.01.15 16:24:00 -
[20]
Originally by: RedClaws Torture is an idea i like a lot
buy a portajon (sort of a plastic outhouse that can be moved from place to place). suspend them upside down in the tank of it. place the portajon at a construction site. It would take a while before they drowned. If you want that extra twist, hook them up to an iv and hang large bags of saline. Then just let them urinate themselves to death. Takes lots longer though.
just a thought.
on the password issue, when I first saw it in the news I changed my pass and will continue to do so on a regular basis. Have too much invested in my char to have some 1/16 wit mess about with it. psst... wanna buy a hamster? |
|
JamesTalon
|
Posted - 2006.01.15 16:35:00 -
[21]
I actually changed my password not too long before this happened, but I ended up using an older password that I haven't used in a while, so no one actually knows it. Hehe, my account isn't even worth hacking anyways. I got almost nothing ^.^
|
Bawldeux IV
|
Posted - 2006.01.15 16:44:00 -
[22]
-what OTHER internet services are you using -what websites do you goto that are not of a "trusted" nature -what applications/tools have you installed (from the internet) -what other games have you installed (from the internet)
Passwords and account names being stolen and hacked all point to keyloggers, backdoors, trojans, and for ANY of those things to get the info, means YOU allowed it by introducing the tool into your PC.
The fault is with those that are trusting their emails, websites, and 'free' things they install from the internet or magizines, WITHOUT scanning or verifying they are clean.
One thing that would help to determine the source of all the accounts and passwords that have been stolen, would be some background of what tools and web sites you installed/looked at before the problem occured (this info should be reported to CCP and not posted)
By simply going to a website that was set up to inject a BHO into your browser, you can be hijacked and a keylogger put into your PC. (no, I am not kidding)
...most of the sites that are set up for this, are sites the person would not want others to know they went to, and thus they dont tell where they went...
Ooooops, had a nice siggy, but its 14k over the size limit....<sniff, tears>
|
Macdeth
|
Posted - 2006.01.15 17:04:00 -
[23]
Edited by: Macdeth on 15/01/2006 17:05:24 I'd like to once again thank CCP for not communicating well on this at all, but the consensus of quite a few people I talk to is that the accounts still being hacked are having their login details obtained through keystroke loggers which were installed either by a) some exploitation of the recent Windows/IE WMF vulnerability or b) through some third party programs related to EVE (By which I do -not- mean ECM).
Tell the people who were hacked to run the free online antivirus scanner, Trend Housecall, and please report back whether that discovered any keystroke loggers on their computer, because some people have reported so, although not enough for us to be 100% sure.
(Edit to fix link)
|
Jenny Spitfire
|
Posted - 2006.01.15 17:11:00 -
[24]
Edited by: Jenny Spitfire on 15/01/2006 17:11:56
----------------
RecruitMe@NOINT! |
Jenny Spitfire
|
Posted - 2006.01.15 17:11:00 -
[25]
Another thing ppl can think of,
1. Having username and password that are the same as your EvE account on private forums is a no-no.
2. Some EvE online tech shops like NAGA, BIG (examples, I dont think they would still password but just for examples) use your character name or you may have entered a new username that is the same as you account and put the same password that can get you compromised.
3. Having the same username and character name is also bad.
There are many ways to hacking. But most hacks arent like Hollywood movies/series where you can hack into a system without having any idea the system is in less than 30 minutes.
HTH. ----------------
RecruitMe@NOINT! |
Bluedagger
|
Posted - 2006.01.15 17:30:00 -
[26]
I've just been hacked this morning, and luckily they didn't know I was a ceo . I changed my password back when they sent out the emails and once again I changed it after this problem. I've had 3 people contact me within EVE about this problem and 1 was from my own corp. Only thing we can do now is complain and petition . Just hope ccp can resolve this issue.
|
Bombcrater
|
Posted - 2006.01.15 17:31:00 -
[27]
The whole thing about running virus checkers and anti-spyware scanners is probably irrelevant. Those programs can only catch infections that they know about. If the password hacking is being done via a virus or spyware it would need to have been isolated and its details incorporated into the virus scanners signature database in order for it to get caught.
TBH, I think the most likely way this is happening is a key logger. Those are trivially easy to write and very hard to defend against - even a really bad coder can write something that checks to see if a task called 'eve.exe' has started up, captures the next 50 or so keystrokes, and fires them off to some sever in siberia.
The only real defence is to run a firewall like ZoneAlarm and only give outbound access to programs that you know should be sending data.
This is why a lot of banks give you a number for their on-line banking system and then make you select certain digits from that number using the mouse before letting you in. CCP should think about doing this, because even if a keylogger isn't responsible for this attack it's bound to happen at some point.
|
Macdeth
|
Posted - 2006.01.15 17:39:00 -
[28]
Originally by: Bombcrater The whole thing about running virus checkers and anti-spyware scanners is probably irrelevant. Those programs can only catch infections that they know about. If the password hacking is being done via a virus or spyware it would need to have been isolated and its details incorporated into the virus scanners signature database in order for it to get caught.
The only real defence is to run a firewall like ZoneAlarm and only give outbound access to programs that you know should be sending data.
Two things, though.
One is that a number of people playing eve says that Trend Housecall (specifically) has found a keystroke logger on their computer, whereas nobody's mentioned another AV program picking it up.
The other is that ZoneAlarm will only stop the stupid ones (most, yes) - you can avoid ZoneAlarm's detection entirely with ease, though I'm not going to describe how here, even if you doubt me on that point.
|
Xio2
|
Posted - 2006.01.15 17:58:00 -
[29]
if it is due to programs and keyloggers and such..maybe its possible they are being downloaded by the IRC based chat system used ingame? not sure but just a thought. -------------- now this is the way a sig should be Xio2 |
Maya Rkell
|
Posted - 2006.01.15 18:47:00 -
[30]
If the chat was IRC based, they'd not of had a FRACTION of the issues they've had with it. But eh.
Check for keyloggers (there are free programs out there for it), but I'm becoming increasing convinced that this is a spoofing attack which no password change will protect against.
Warning: above post may contain traces of sarcasm. "Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
|
|
|
|
Pages: [1] 2 :: one page |
First page | Previous page | Next page | Last page |