These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
 

Is the guessing of a password on Eveboard illegal?

First post
Author
Previous Topic Next Topic
Kat Ayclism
Republic Military School
Minmatar Republic
#41 - 2013-07-19 11:47:21 UTC
Anna Karhunen wrote:
The law is clear here, Kat. Rocket broke the Swedish law. You may blame the victim all you want, but it does not change the facts.

I suppose you're a Swedish lawyer?
Sentient Blade
Crisis Atmosphere
Coalition of the Unfortunate
#42 - 2013-07-19 11:47:41 UTC
Well, the information displayed on EVE Boards is actually the property of Chribba. Although it was downloaded from CCP with their consent, via an API, it has been post-processed and displayed via a third party, only accessible by using services from that third party.

But to the point of hand, as was said earlier, the 'crime' is unauthorised access. Be it through brute forcing, stupidity or scamming, an offence has been committed had the owner taken steps to protect the information, thus making it private.

The same goes for things such as scamming access to third party forums, teamspeaks and so forth. The EVE EULA means absolutely nothing in these cases, they're third party tools governed by their respective laws, and while nobody is going to waste time or money prosecuting anyone for doing so except in the most egregious cases, accessing them without permission, through false pretences, once consent has been explicitly withdrawn etc is all against the laws of most countries.

Long story short; you don't have to "hack" to commit an offence. You simply have to access something you shouldn't have access to. That the person in question clearly did it with malicious intent, it's open and closed.
Kat Ayclism
Republic Military School
Minmatar Republic
#43 - 2013-07-19 11:50:59 UTC  |  Edited by: Kat Ayclism
Is guessing the password to Poses illegal as well? We just may have to jail all of nullsec, a majority of lowsec, and a lesser but still significant portion of highsec!

(Though I'm sure those so intellectually gifted as to yammer on about information security and law while understanding neither may also be firmly in the "**** nullsec" arena and would quite happily push for that.)
Grauth Thorner
Vicious Trading Company
#44 - 2013-07-19 11:54:03 UTC
Ritsum wrote:
Kat Ayclism wrote:
Ritsum wrote:
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).



He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.

And since there was no punishment and the fact that the rules for setting a password is very weak it quite clearly points to eveboard not being secure.


Apparently he didn't just guess it, the PW was available for him through an application for PL as stated here:

RoCkEt X wrote:
except for the fact he posted his PW in his application to PL. so the information is out there :)


So no matter how many characters his PW contained, no matter how much leetspeak he used in his PW, no matter how many times you are able to guess a PW within a certain amount of time, he only needed to "guess" once while (possibly) having the right PW.

I'm not saying I approve that the PW is used for this outcome, I'm just saying that it's quite easy to blame Eveboard's security for Mino IV's choice to share his PW instead of keeping it private...

View real-time damage statistics in-game

>EVE Live DPS Graph application forum thread

>iciclesoft.com
handige harrie
Vereenigde Handels Compagnie
#45 - 2013-07-19 11:56:49 UTC
Kat Ayclism wrote:

Social engineering and hacking are not the same thing, friend.


http://www.amazon.com/Social-Engineering-The-Human-Hacking/dp/0470639539/
http://www.amazon.com/The-Art-Deception-Controlling-Security/dp/076454280X/ref=pd_bxgy_b_text_y

They can be used to get the same outcome however.

That said, you're using it wrong yourself.

Guessing a password is not Social Engineering, it's brute forcing,since you try stuff till it works. A social engineer would get the victim to give him the password thus requiring no guessing.

Baddest poster ever
Ritsum
Perkone
Caldari State
#46 - 2013-07-19 11:57:33 UTC
Grauth Thorner wrote:
Ritsum wrote:
Kat Ayclism wrote:
Ritsum wrote:
So from the sound of it Eveboard is not secure and will not punish those guessing passwords to gain access to private API details.

Thankfully my API is not on there. Hopefully people who want to keep there API details private to those around them learn from this display and never put their API on Eveboard thinking it is secure if you use "Private".

Except he didn't hack eveboard- this tells you nothing of the security of eveboard beyond the fact that it allows morons to use moronic passwords (as they're apt to do).



He says he guessed the password, yes? That is considered bad. The fact that the password in question was weak does not take away from the point of him guessing the password and gaining access to PRIVATE data.

And since there was no punishment and the fact that the rules for setting a password is very weak it quite clearly points to eveboard not being secure.


Apparently he didn't just guess it, the PW was available for him through an application for PL as stated here:

RoCkEt X wrote:
except for the fact he posted his PW in his application to PL. so the information is out there :)


So no matter how many characters his PW contained, no matter how much leetspeak he used in his PW, no matter how many times you are able to guess a PW within a certain amount of time, he only needed to "guess" once while (possibly) having the right PW.

I'm not saying I approve that the PW is used for this outcome, I'm just saying that it's quite easy to blame Eveboard's security for Mino IV's choice to share his PW instead of keeping it private...


Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.

Play EvE how you want to play it and do not let others dictate how you play. Evolve your playstyle to protect yourself from others! Even in "PVE", "PVP" is there, lurking in the shadows.
Kat Ayclism
Republic Military School
Minmatar Republic
#47 - 2013-07-19 11:58:14 UTC
Grauth Thorner wrote:

I'm not saying I approve that the PW is used for this outcome, I'm just saying that it's quite easy to blame Eveboard's security for Mino IV's choice to share his PW instead of keeping it private...

I have highlighted the relevant and conflicting parts of your statement. Please take some time to think on this- I do believe in your intellect friend!
Impugning chribba or the security of his work for the choices of its users is pretty dumb.
Grauth Thorner
Vicious Trading Company
#48 - 2013-07-19 12:01:13 UTC
Ritsum wrote:

Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.


Does it? It also could've been his first guess because he had read the application

View real-time damage statistics in-game

>EVE Live DPS Graph application forum thread

>iciclesoft.com
Ritsum
Perkone
Caldari State
#49 - 2013-07-19 12:03:46 UTC
Grauth Thorner wrote:
Ritsum wrote:

Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.


Does it? It also could've been his first guess because he had read the application


If he had read the application then he would of known the password and would not have had to "guess" the password. Pretty simple.

Play EvE how you want to play it and do not let others dictate how you play. Evolve your playstyle to protect yourself from others! Even in "PVE", "PVP" is there, lurking in the shadows.
Kiki Paige
Center for Advanced Studies
Gallente Federation
#50 - 2013-07-19 12:03:53 UTC
Grauth Thorner wrote:
Ritsum wrote:

Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.


Does it? It also could've been his first guess because he had read the application


according to his pastebin writings it took him 60 seconds of guessing

"......after about 60 seconds of trying different passwords‚ i came up trumps (1234... LOL)"
Bluemelon
Lowlife.
Snuffed Out
#51 - 2013-07-19 12:03:56 UTC
The amount of moron in this thread is ridiculous

For all your 3rd party needs join my ingame channel Blue's 3rd Party!

https://forums.eveonline.com/default.aspx?g=posts&t=365230&find=unread
Kat Ayclism
Republic Military School
Minmatar Republic
#52 - 2013-07-19 12:06:11 UTC  |  Edited by: Kat Ayclism
handige harrie wrote:

Guessing a password is not Social Engineering, it's brute forcing,since you try stuff till it works. A social engineer would get the victim to give him the password thus requiring no guessing.

You're needlessly making the definition of social engineering stricter than it is. Someone doing social engineering uses both direct and indirect means of info gathering to give a likely means of access- this is not always a password or even the means of getting the password that I'm using in example here. This can be using commonly used passwords or it can be talking to the person and getting them to give enough info that you can guess the password or even as you've used an example of getting them to give you the password.

The second (and usually the first) part is when something more technical (but still far-removed from the expertise required for hacking) comes in as you'd use the info you've gathered to generate a password table- most likely for bruteforcing.
Lucas Kell
Solitude Trading
S.N.O.T.
#53 - 2013-07-19 12:08:28 UTC
Nevyn Auscent wrote:
RoCkEt X wrote:


data isn't private when it's on eveboard; passworded or not, you are sharing your API. the only way this effects the individual is ingame. and does nothing to their RL privacy. Technically the data doesn't belong to them, as all EVE online accounts and such are property of CCP... and as CCP states that all information gained by sharing of API keys is solely the responsibility of the player who shares them.... :)

Stop whining, my ribs are hurting from the laughter :)


If it is passworded and you have come by the password via illegal means including guessing, it is private.
If I 'guess' the combination to your safe, I can't take whatever is in it without it being stealing, what you did is no different.
Personally I consider this good grounds for the player to request CCP reimburse him, as for all it wasn't particularly secure, he was hacked as part of the attack on his titan.

Didn't break the EULA so no reimbursement. Also reimbursement rules specifically state they only reimburse for server errors.

The Indecisive Noob - EVE fan blog.

Wholesale Trading - The new bulk trading mailing list.
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#54 - 2013-07-19 12:15:00 UTC
Grauth Thorner wrote:
Ritsum wrote:

Also note that he said "1234 was my first guess, by the way :)" on page 1 means he did not have access to that information until after the privacy invasion.


Does it? It also could've been his first guess because he had read the application


It's correct i guessed the PW prior to hearing of his app, the point of the information being on the PL board means it is publicly available information; whether i knew it at the time or not.

As it transpires; the information gained from being able to see his eve-board wasn't useful - as he died logging in randomly, with 3 days left on his skill plan.

In all honesty, this thread is incredibly stupid; his loss is a direct result of his own stupidity - his poor choice of password is just another irrelevant failure in a long string of so many. He won't get his ship back.

And i'm not gonna get arrested for guessing the password for publicly available information (i.e. PL forum app) especially considering i didn't even use the information (logged in with 3 days on skill plan) maliciously or otherwise, to blow up an internet spaceship in a game where information is traded and shared by the minute without the consent of it's originator.
Sentient Blade
Crisis Atmosphere
Coalition of the Unfortunate
#55 - 2013-07-19 12:21:09 UTC
RoCkEt X wrote:
It's correct i guessed the PW prior to hearing of his app, the point of the information being on the PL board means it is publicly available information; whether i knew it at the time or not.


Does not matter in the slightest. If you're going to try and argue your point using technicalities, it helps if you understand what the technicalities are.
symolan
BamBam Inc.
#56 - 2013-07-19 12:22:48 UTC
Kat Ayclism wrote:
Is guessing the password to Poses illegal as well?


No. As you're in New Eden where CCP's word is law and you don't own anything anyway.

But the other thing didn't start in New Eden and that's the problem with it.
Talon SilverHawk
Patria o Muerte
#57 - 2013-07-19 12:26:36 UTC  |  Edited by: Talon SilverHawk
Is accessing someone elses's account without their express permission illegal ? hmmm let me think about it .... err yes

Makes you think what other accounts he may try to access by guessing the password ?


Tal
RoCkEt X
Hostile.
PURPLE HELMETED WARRIORS
#58 - 2013-07-19 12:29:06 UTC
Talon SilverHawk wrote:
Is accessing someone elses's account without their express permission illegal ? hmmm let me think about it .... err yes

Makes you think what other accounts he may try to access by guessing the password ?


Tal


Oh dear... you got issues son. :)
Kat Ayclism
Republic Military School
Minmatar Republic
#59 - 2013-07-19 12:34:33 UTC
symolan wrote:
Kat Ayclism wrote:
Is guessing the password to Poses illegal as well?

you don't own anything anyway.

So what you're saying is this person was woefully deprived of something not belonging to him using information that also doesn't belong to him posted to a site at the bounds of the owners of both said thing and the informations own terms. And there's a grounds for legal prosecution... where?

I'll freely admit to not being a lawyer, but your distinction between the two events occurring within or outside "New Eden" aren't all that relevant here, especially as you folks seem to think this loss (of something he didn't own) that occurred in this "New Eden" was brought on by this.

Judgement in favor of the defendant in the amount of GET DUNKED YOU MORONIC E-LAWYER TARDS.
Zag'mar Jurkar
Legion Du Lys
#60 - 2013-07-19 12:47:57 UTC
So with so many lawyers here, when will Rocket X go to jail ?
Can't wait to see the conclusion of this unlawful story !

Eve is real right ?