I know a few people were asking about getting more eyes on this issue through other media outlets, etc. Massively just posted this story on the issue:
Final Fantasy XI hacked; Square-Enix hides behind policy
It appears to touch on most arguments for why and how this is occurring.
-Ten
- Forums
- Final Fantasy XI
- General Discussion
- Massively.com Story on FFXI Hacking
Massively.com Story on FFXI HackingFollow
That was a good read. Kudo's for finding it.
However, it is only one website in the sea of milions. And quite honestly, if you hadn't pointed us to this one in particular, i doubt many would have found it.
There needs to be news on this on a website with a little more impact, you know?
Something people visit daily, even those that do not play FFXI.
._.
However, it is only one website in the sea of milions. And quite honestly, if you hadn't pointed us to this one in particular, i doubt many would have found it.
There needs to be news on this on a website with a little more impact, you know?
Something people visit daily, even those that do not play FFXI.
._.
It's going to be funny to see what happens when SE gets put on the spotlight.
It's also nice to see that this story has gotten out to several other media outlets, thank you for the link.
It's also nice to see that this story has gotten out to several other media outlets, thank you for the link.
tl;dr. Nice avatar. â–²
I liked the graphic for the article. And I had to look up concomitant cause I forgot what it meant. 
Edited, Dec 17th 2007 11:28am by Dandruffshampoo
I liked the graphic for the article. And I had to look up concomitant cause I forgot what it meant. 
Edited, Dec 17th 2007 11:28am by Dandruffshampoo
I highly doubt WoTG has any connection....
The only thing I can say, it is likely a "DDoS" styled attack..they've done it to SE before (that was more due to Japan vs China issues really though) and its likely happening again, only this time on a more severe level and because SE is literally destroying businesses.
The only thing I can say, it is likely a "DDoS" styled attack..they've done it to SE before (that was more due to Japan vs China issues really though) and its likely happening again, only this time on a more severe level and because SE is literally destroying businesses.
I swear I just watched that avatar for 10 mins.
On topic: Glad word is getting aro... oooh plaid skirts! ur? *cough* around.
On topic: Glad word is getting aro... oooh plaid skirts! ur? *cough* around.
SE will never admit they had a security breach if they really had one. In january they will probably implement something to help players but it's already too late.
Massively.com is a new weblog of the Joystiq line, which includes WoWInsider. So hopefully more will see this than usual.
I'll drive off-topic because of all the comments about the Avatar ^^v
Because everyone needs a little Tomoko Kawase this time of year...
Tommy heavenly6 - I LOVE XMAS
-Ten
Edited, Dec 17th 2007 10:36am by Tenzai
Edited, Dec 17th 2007 11:34am by Tenzai
I'll drive off-topic because of all the comments about the Avatar ^^v
Because everyone needs a little Tomoko Kawase this time of year...
Tommy heavenly6 - I LOVE XMAS
-Ten
Edited, Dec 17th 2007 10:36am by Tenzai
Edited, Dec 17th 2007 11:34am by Tenzai
KumoKuroki wrote:
SE will never admit they had a security breach if they really had one. In january they will probably implement something to help players but it's already too late.
SE admitted when they were getting pelted with DDoS attacks, that in a sense is a security breach.
Hm. Seems like more stuff i already knew. Anyways, if their servers really ARE getting hacked, the best solution is to have a strong password. If they have the hash of your password, and its something weak, especially a dictionary word, it can be easily cracked ...I don't see how this article's claim that it could be weak code in the expansion, though. all the keypassing and initial encryption is done through POL viewer, without any involvement of the expansions. this seems of little practical relevance.
Your client is constantly in contact with the POL server, but the contact traffic going to the POL server is entirely separate of that which goes to the ffxi server. Since the traffic is between your computer and 2 different servers, I really see no way weak code in the expansion could affect the viewer in such a way.
The somepage explanation is still more plausible.
Your client is constantly in contact with the POL server, but the contact traffic going to the POL server is entirely separate of that which goes to the ffxi server. Since the traffic is between your computer and 2 different servers, I really see no way weak code in the expansion could affect the viewer in such a way.
The somepage explanation is still more plausible.
Quote:
SE admitted when they were getting pelted with DDoS attacks, that in a sense is a security breach.
DDoS like Denial of Services?
Because a DoS attack (I dont know what a DDoS is exactly or where the extra D comes from) is just an attempt to slow down or interrupt services. A security breach is when someone successfully get access to private informations like databases or files.
Edit : quote
Edited, Dec 17th 2007 11:46am by KumoKuroki
KumoKuroki wrote:
Quote:
SE admitted when they were getting pelted with DDoS attacks, that in a sense is a security breach.
DDoS like Denial of Services?
Because a DoS attack (I dont know what a DDoS is exactly or where the extra D comes from) is just an attempt to slow down or interrupt services. A security breach is when someone successfully get access to private informations like databases or files.
Edit : quote
Edited, Dec 17th 2007 11:46am by KumoKuroki
Exactly..which is why I said "in a sense", and why I didn't say exactly the same :P
This is why I said I believe its a DDoS attack on a far severe level, because now SE is destroying businesses (RMT is a business after all..) and the ones dedicated to FFXI got hurt -pretty- bad.
Hehe ok sorry maybe I read it wrong ;)
I knew RMT's were going to try new ways of making gils, but never expected them to be THAT efficient. I kinda hoped they would migrate to more "popular" games like WoW.
I knew RMT's were going to try new ways of making gils, but never expected them to be THAT efficient. I kinda hoped they would migrate to more "popular" games like WoW.
Quote:
Hehe ok sorry maybe I read it wrong ;)
I knew RMT's were going to try new ways of making gils, but never expected them to be THAT efficient. I kinda hoped they would migrate to more "popular" games like WoW.
I knew RMT's were going to try new ways of making gils, but never expected them to be THAT efficient. I kinda hoped they would migrate to more "popular" games like WoW.
Could you use digg.com to link to that story?
disclaimer: Forgive me if I'm mistaken, I've never actually used digg.com other than to read stories, not share them.
disclaimer: Forgive me if I'm mistaken, I've never actually used digg.com other than to read stories, not share them.
KumoKuroki wrote:
Quote:
SE admitted when they were getting pelted with DDoS attacks, that in a sense is a security breach.
DDoS like Denial of Services?
Because a DoS attack (I dont know what a DDoS is exactly or where the extra D comes from) is just an attempt to slow down or interrupt services. A security breach is when someone successfully get access to private informations like databases or files.
Edit : quote
Edited, Dec 17th 2007 11:46am by KumoKuroki
DDoS is a Distributed Denial of Service, meaning its a grouping of machines causing the attack and not really a singular point of attack.
http://en.wikipedia.org/wiki/Denial-of-service_attack
Quote:
Hehe ok sorry maybe I read it wrong ;)
I knew RMT's were going to try new ways of making gils, but never expected them to be THAT efficient. I kinda hoped they would migrate to more "popular" games like WoW.
RMTs are more active in games like WoW than they are in FFXI. I believe Lineage II is generally regarded as the RMT mecca, followed by WoW, and then by other games such as FFXI.
You just don't hear about it much because you're not involved with WoW. Blizzard is incredibly pro active when it comes to RMT, but there are still daily hackings and RMT trying to link keyloggers and such to the official web site.
So, RMT are MORE active in MORE popular games such as Lineage and WoW, but it's not like they're going to pass up good money from a game like FFXI, which "only" has half a million subscribers.
I know someone is gonna call me a SE-hugger for saying this... but isn't that story kinda misleading?
I mean FFXI hasn't been hacked that anyone knows of, we know that there are keyloggers out there stealing peoples accounts and some people are stupid enough to get their 3rd party software from the stupidest places so...
Claiming that the game itself or its servers have been hacked is about as valid a theory as that guy who swore SE employees rmt'd his account.
I mean FFXI hasn't been hacked that anyone knows of, we know that there are keyloggers out there stealing peoples accounts and some people are stupid enough to get their 3rd party software from the stupidest places so...
Claiming that the game itself or its servers have been hacked is about as valid a theory as that guy who swore SE employees rmt'd his account.
PlanckZero wrote:
I know someone is gonna call me a SE-hugger for saying this... but isn't that story kinda misleading?
I mean FFXI hasn't been hacked that anyone knows of, we know that there are keyloggers out there stealing peoples accounts and some people are stupid enough to get their 3rd party software from the stupidest places so...
Claiming that the game itself or its servers have been hacked is about as valid a theory as that guy who swore SE employees rmt'd his account.
I mean FFXI hasn't been hacked that anyone knows of, we know that there are keyloggers out there stealing peoples accounts and some people are stupid enough to get their 3rd party software from the stupidest places so...
Claiming that the game itself or its servers have been hacked is about as valid a theory as that guy who swore SE employees rmt'd his account.
Yes, it was pretty speculative. It's nice to have at least one site paying attention to the issue, though, even if I think they are being a little playful with the facts as they stand.
Thanks for the link, it was an interesting read.
What I find most impressive is that there are STILL people who don't know exactly where the malicious code came from, and what it's doing. It's been posted all over the common ffxi sites (including this one, ffs); somepage dot com had no administration for a long period of time. This resulted in RMT hacking the site and putting a malicious iframe (inline frame) on the front page. Then, whenever someone with activex control (IE onry) loaded the page, the iframe would make use of an exploit found in real player (also fixed, if people actually updated) at least a month ago to install a trojan on said person's computer. This trojan would then access the saved password file for POL and send it to wherever the RMT wanted it to go. The encryption for this file being compromised, the RMT then had everything they needed to steal the account.
edit: word filters are irritating.
Edited, Dec 17th 2007 1:16pm by Blubbartron
edit: word filters are irritating.
Edited, Dec 17th 2007 1:16pm by Blubbartron
Okay, I'm a bit disappointed in the article, nor do I think it will change much. From what I'm understanding in this whole fiasco is that people seem to be blaming SE for a lot more then should (please correct me if I get any of the following incorrect).
Case 1:
"Trusted" (and I use that term loosely) website XYZ has malicious code on it that exploits software holes in user's computer that installs a key logger of some sort that allows ABC malicious party to steal login information.
SE at fault: No
Users at fault: Yes & No (Yes: Install prevention software/updates you ninnies! No: The victim is never at fault, right? It's a double edged sword really, I mean it is a community "trusted" site after all...being naive is blissful).
Users angry: Yes
Case 2:
User installs "third-party" application/utility (the kind that actually allows you to cheat/bots), that could be riddled with malicious code in (such as a key logger) that allows ABC malicious party to steal login information.
SE at fault: No
Users at fault: Yes (stop cheating you bastards)
Users angry: Yes
Case 3:
SE's account retrieval process to prove that you are the actual owner of the account after theft has happend due to case 1 or 2, is lacking greatly.
SE at fault: Yes
User at fault: No
User angry: Yes
Does is capture the correct cases, or did I miss some?
Case 1:
"Trusted" (and I use that term loosely) website XYZ has malicious code on it that exploits software holes in user's computer that installs a key logger of some sort that allows ABC malicious party to steal login information.
SE at fault: No
Users at fault: Yes & No (Yes: Install prevention software/updates you ninnies! No: The victim is never at fault, right? It's a double edged sword really, I mean it is a community "trusted" site after all...being naive is blissful).
Users angry: Yes
Case 2:
User installs "third-party" application/utility (the kind that actually allows you to cheat/bots), that could be riddled with malicious code in (such as a key logger) that allows ABC malicious party to steal login information.
SE at fault: No
Users at fault: Yes (stop cheating you bastards)
Users angry: Yes
Case 3:
SE's account retrieval process to prove that you are the actual owner of the account after theft has happend due to case 1 or 2, is lacking greatly.
SE at fault: Yes
User at fault: No
User angry: Yes
Does is capture the correct cases, or did I miss some?
Wow, I hope just the title of that article has SE running in fear.
For those of you who think Sqeenix can't be hacked you are wrong, it can be, just as we can be hacked. It's ridiculous to point fingers at anyone because the attacks are many, blended and varied. The most we can do is to stay on top of the problem and the threat is growing everyday. What works one day will be overcome the next so instead of trying to blame any party for this check out this article by Sergey Golovanov of Kaspersky: Online games and fraud: using games as bait
This doesn't mean don't do your utmost to prevent this but we need to be united against it. Trying to find scapegoats to heap scorn on isn't helping anyone.
This doesn't mean don't do your utmost to prevent this but we need to be united against it. Trying to find scapegoats to heap scorn on isn't helping anyone.
Any tard with a big enough botnet can launch a DDoS attack. Systematically stealing account logins isn't anywhere near the same thing.
A DDOS attack can be used to help sniff out passwords.
Let's suppose that SE didn't encrypt their packet for login, (or use a very weak encryption scheme). A DDOS attack can be used in conjunction with a malicious routing table to redirect the traffic intended for FFXI servers.
Let's suppose that SE didn't encrypt their packet for login, (or use a very weak encryption scheme). A DDOS attack can be used in conjunction with a malicious routing table to redirect the traffic intended for FFXI servers.
Yeah, there's no way SE's servers can be hacked into.
I wonder what fleetools those PS2 players who lost their accounts and don't even own PCs were running.
Morons.
I wonder what fleetools those PS2 players who lost their accounts and don't even own PCs were running.
Morons.
Recent Visitors: 362
All times are in CST
Anonymous Guests (362)
- Forums
- Final Fantasy XI
- General Discussion
- Massively.com Story on FFXI Hacking
© 2024 Fanbyte LLC