These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Assembly Hall

 
  • Topic is locked indefinitely.
 

[Proposal] CCP Needs to Revisit the Policy on Hacked/Keylogged Accounts
Author
Previous Topic Next Topic
Asuka Solo
I N E X T R E M I S
Tactical Narcotics Team
#41 - 2011-12-15 18:54:30 UTC  |  Edited by: Asuka Solo
Less (.)(.) More eve. I think its unfair to demand CCP fix your stupidity.

But if your keen on said pr 0n, remember to go go great firewall

Eve is about Capital ships, WiS, Boobs, PI and Isk!
1c3crysta1
Silent Majority.
Aspartame.
#42 - 2012-01-16 14:04:51 UTC
I for one partly agrees with the OP on this one, but only if those options remain OPTIONS.
In that way, the OP and the likes could anchor their mail, IP and maybe even MAC if they're more concerned about account security than mobilty and flexibility and the rest could just don't give a damn about those options. Except for the extra work of implementing those options, what downsides are there?
Drake Draconis
Brutor Tribe
Minmatar Republic
#43 - 2012-01-16 15:18:16 UTC
1c3crysta1 wrote:
I for one partly agrees with the OP on this one, but only if those options remain OPTIONS.
In that way, the OP and the likes could anchor their mail, IP and maybe even MAC if they're more concerned about account security than mobilty and flexibility and the rest could just don't give a damn about those options. Except for the extra work of implementing those options, what downsides are there?


Yes because necro'ing thread is smart!

....not.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
1c3crysta1
Silent Majority.
Aspartame.
#44 - 2012-01-16 15:23:41 UTC
Drake Draconis wrote:
1c3crysta1 wrote:
I for one partly agrees with the OP on this one, but only if those options remain OPTIONS.
In that way, the OP and the likes could anchor their mail, IP and maybe even MAC if they're more concerned about account security than mobilty and flexibility and the rest could just don't give a damn about those options. Except for the extra work of implementing those options, what downsides are there?


Yes because necro'ing thread is smart!

....not.


You can't mean that it's been inactive for to long to be responded to...
But if you're not, then what are you implying?
Drake Draconis
Brutor Tribe
Minmatar Republic
#45 - 2012-01-16 17:13:32 UTC
1c3crysta1 wrote:
Drake Draconis wrote:
1c3crysta1 wrote:
I for one partly agrees with the OP on this one, but only if those options remain OPTIONS.
In that way, the OP and the likes could anchor their mail, IP and maybe even MAC if they're more concerned about account security than mobilty and flexibility and the rest could just don't give a damn about those options. Except for the extra work of implementing those options, what downsides are there?


Yes because necro'ing thread is smart!

....not.


You can't mean that it's been inactive for to long to be responded to...
But if you're not, then what are you implying?


If you had bothered to read before you post...you'd notice no ones touched this thread in a month.

That tends to bring one to a rather obvious conclusion.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
1c3crysta1
Silent Majority.
Aspartame.
#46 - 2012-01-16 17:41:55 UTC  |  Edited by: 1c3crysta1
Drake Draconis wrote:
1c3crysta1 wrote:
Drake Draconis wrote:
1c3crysta1 wrote:
I for one partly agrees with the OP on this one, but only if those options remain OPTIONS.
In that way, the OP and the likes could anchor their mail, IP and maybe even MAC if they're more concerned about account security than mobilty and flexibility and the rest could just don't give a damn about those options. Except for the extra work of implementing those options, what downsides are there?


Yes because necro'ing thread is smart!

....not.

javascript:if%20(typeof%20posting=='undefined'||posting!=true)%20{posting=true;__doPostBack('forum$ctl00$PostReply','');}
You can't mean that it's been inactive for to long to be responded to...
But if you're not, then what are you implying?


If you had bothered to read before you post...you'd notice no ones touched this thread in a month.

That tends to bring one to a rather obvious conclusion.


Shocked
Didn't doublecheck until u said that, just saw it rather high up and the date 15...
My apologies, feeling clumsy missing something like that.
Drake Draconis
Brutor Tribe
Minmatar Republic
#47 - 2012-01-16 17:56:57 UTC
1c3crysta1 wrote:

Shocked
Didn't doublecheck until u said that, just saw it rather high up and the date 15...
My apologies, feeling clumsy missing something like that.


Lol Hey...at least you noticed...albeit later....your better off than most at this point.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
Benjamin Hamburg
Chaos.Theory
#48 - 2012-01-17 00:28:06 UTC
mxzf wrote:
It is completely in your power to prevent yourself from being a victim of a keylogger.


No it's not.

If it were the case, keylogger would'nt exist.

mxzf wrote:
I don't see how that's CCP's fault.


No it's not. He did'nt say it was CCP's fault.
Simi Kusoni
HelloKittyFanclub
#49 - 2012-01-17 00:34:03 UTC
Benjamin Hamburg wrote:
mxzf wrote:
It is completely in your power to prevent yourself from being a victim of a keylogger.


No it's not.

If it were the case, keylogger would'nt exist.

What he meant was that it is your responsibility to secure your own networks and computers, not that of CCP. If your system is compromised, CCP are not under any obligation to help you with that.

The fact that they try to do their best, without threatening the Eve market or opening themselves up to keylogger based scams from RMTers, is really really nice. And doesn't deserve a giant whine thread along the lines of "as far as I can tell, the only reason is that CCP does not want to do the work of fixing these problems".

Anyway, quit necro'ing this horrible horrible thread.

[center]"I don't troll, I just give overly blunt responses that annoy people who are wrong but don't want to admit it. It's not my fault that people have sensitive feelings"  -MXZF[/center]
Prince Kobol
#50 - 2012-01-17 18:25:42 UTC
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.

At the moment you can create a 100% untraceable Account in Eve.

I know of no other game where this is possible.

Before people say how...

1. Create a false email account using many of the free email services available.

2. Sign up with a VM Hosting Company (in order to hide your true IP address)

3. Run a simple script which configures your machine to use a free proxy service

4. Create Eve Account using false email account and run Eve via VM Hosting Company

5. Use PLEX to activate account

6. Untraceable Account.

Having read the December CSM meeting minutes all I can surmise is that CCP Screegs loves RMT.
mxzf
Shovel Bros
#51 - 2012-01-17 19:42:07 UTC
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).
Drake Draconis
Brutor Tribe
Minmatar Republic
#52 - 2012-01-17 20:16:18 UTC
mxzf wrote:
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).



This....and its already been said...to death....repeatedly.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
Vertisce Soritenshi
The Scope
Gallente Federation
#53 - 2012-01-17 21:18:59 UTC  |  Edited by: Vertisce Soritenshi
mxzf wrote:
It is completely in your power to prevent yourself from being a victim of a keylogger. I don't see how that's CCP's fault.

The OP's issue was already resolved with the very first reply on this thread...my post being the second reply was in agreement with that. Saying it again...stop buying ISK from third party sites. Problem solved.

/thread

Bounties for all! https://forums.eveonline.com/default.aspx?g=posts&m=2279821#post2279821
Prince Kobol
#54 - 2012-01-17 21:53:20 UTC  |  Edited by: Prince Kobol
mxzf wrote:
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).


So just to clarify.. you never play any MMO that requires you to enter your personal information, including steam, x-box live, etc

Also I presume you never use internet shopping as well as they usually require your personal information as well.
Drake Draconis
Brutor Tribe
Minmatar Republic
#55 - 2012-01-17 22:58:00 UTC
Prince Kobol wrote:
mxzf wrote:
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).


So just to clarify.. you never play any MMO that requires you to enter your personal information, including steam, x-box live, etc

Also I presume you never use internet shopping as well as they usually require your personal information as well.



So just to clarify... you never actually use your brain or think about things before you speak when it comes to common sense on matters of personal responcibility? Your answer to everything is to blame the company.

Got it.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
Mars Theran
Foreign Interloper
#56 - 2012-01-18 02:59:14 UTC
mxzf wrote:
Jehan Markow wrote:
According to the EULA Section 2A paragraph 3, "You may not share your Account with anyone, or allow anyone other than you personally (or your minor child, if you have registered an Account on behalf of your minor child) to access or use your Account. Joint or shared ownership or use of an Account by more than one user is prohibited." Logging in from multiple IPs would indicate a violation of the EULA, no?

The concept of flagging accounts that log in from unrelated IPs several times in succession is one OPTION not "the solution". There are many other security options CCP could investigate if the company really wants to stop isk scammers.

Don't you think it's bullcrap that CCP will write complex code to prevent me from choosing whatever password I want and additional code forcing me to type the name of a character on the account; however, they think it's too much work to write code to enable me the option of preventing others from changing the password or changing my email address without further security information?

Please, stop defending CCP's poor customer service record and lackluster security.
-JM


Well, I've logged on with four+ different IPs over the course of the same day, me personally, not sharing the account or anything like that. That's a horrible criteria for determining if the account has been hacked.

Also, the code for checking passwords to make sure they fit some criteria is trivially simple (if (len(pw)<8) | str.isalpha(pw) | str.isdigit(pw): self.throwBadPWError(); break). And if you follow proper security procedures to begin with, no one will ever be able to change your password or E-Mail in the first place.

And this isn't at all about CCP's security at all, their security is fine, this is about YOUR security (or lack thereof) and you letting someone know your password (even if you didn't intend to).

TL;DR: CCP can't fix stupid and they can't stop you from LETTING someone know your password.


Your responses are completely bizarre. You do realize of course, that most people have no control over their systems security don't you? Downloading or Installing a retail Internet Security program, finding independent anti-malware and installing that, and configuring your Router to prevent incoming requests all do absolutely squat to prevent someone getting in that wants to get in.

You may have some exceptional knowledge that makes you think it's childs play; but that really just puts you in the realm of those who do it. How else could you know, unless you were a IT Security professional; which I have to assume you are.

The rest of us only really have one last resort: Limiting our internet activities so as not to attract attention, or getting a better firewall. The best defense is being invisible; and the only way to achieve that, is not to go anywhere.

I'm not sure how at fault or not at fault the OP is; but I don't think it's your place to judge him for not having enough security on his system. When you have people out there hacking banks, government institutions, and Military installations; how can you honestly expect a Home user to be safe.

Maybe you just think you're safe, and the reality is you have two or three pieces of spyware and 4 keyloggers on your system. All they have to do is bypass the Network and Security programs to get in and stay hidden; and I know from experience, that is quite possible.

Uninstall F Secure, Install Panda.. Oh look: Spyware.
zubzubzubzubzubzubzubzub
Prince Kobol
#57 - 2012-01-18 07:32:40 UTC
Drake Draconis wrote:
Prince Kobol wrote:
mxzf wrote:
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).


So just to clarify.. you never play any MMO that requires you to enter your personal information, including steam, x-box live, etc

Also I presume you never use internet shopping as well as they usually require your personal information as well.



So just to clarify... you never actually use your brain or think about things before you speak when it comes to common sense on matters of personal responcibility? Your answer to everything is to blame the company.

Got it.


Erm.. not too sure where you are going with this to be honest.

My issue is to do with with stopping people from botting and RMT.

The fact you are able to create untraceable accounts means that you have zero ways of stopping people /organisations.

You can't ban accounts, you can't ban email addresses, you cant, ban via IP address therefore you can not stop them.

How does this have anything to do with personal responsibility?

As for having your account being hacked, yes you can take measures to stop this from happening, however since nobody is perfect and Eve is a big target due to the fact that out of all the mmo's it is the easiest to make rl money from, it can also ask as a deterrent.

I suggest you apply our comment to yourself in the future in order to stop yourself from looking like a fool Blink
Simi Kusoni
HelloKittyFanclub
#58 - 2012-01-18 11:12:44 UTC
Mars Theran wrote:
Your responses are completely bizarre. You do realize of course, that most people have no control over their systems security don't you? Downloading or Installing a retail Internet Security program, finding independent anti-malware and installing that, and configuring your Router to prevent incoming requests all do absolutely squat to prevent someone getting in that wants to get in.

You may have some exceptional knowledge that makes you think it's childs play; but that really just puts you in the realm of those who do it. How else could you know, unless you were a IT Security professional; which I have to assume you are.

The rest of us only really have one last resort: Limiting our internet activities so as not to attract attention, or getting a better firewall. The best defense is being invisible; and the only way to achieve that, is not to go anywhere.

I'm not sure how at fault or not at fault the OP is; but I don't think it's your place to judge him for not having enough security on his system. When you have people out there hacking banks, government institutions, and Military installations; how can you honestly expect a Home user to be safe.

Maybe you just think you're safe, and the reality is you have two or three pieces of spyware and 4 keyloggers on your system. All they have to do is bypass the Network and Security programs to get in and stay hidden; and I know from experience, that is quite possible.

Uninstall F Secure, Install Panda.. Oh look: Spyware.

Some people may not have the "expertise" to run windows update regularly and not download the .exe movie player for that cheerleader orgies website they love so much, but that doesn't make it CCPs responsibility to clear up the mess when they inevitably do get their system compromised.

As for people hacking banks, government institutions etc. sure, that happens sometimes. But usually it's due to one of the network's users being a complete idiot, and clicking that harmless looking spam video link that for some reason ended up in his spam folder.

The truth is, given the security of modern operating systems, it is very unlikely you'll fall victim to a zero-day vulnerability going about performing regular internet activities. By very unlikely I mean I've never seen it happen, ever. Almost every vulnerability is due to the user doing something stupid.

Anyway, I digress, whether you get infected or how at fault you are for that infection it is not CCPs responsibility to reimburse you anything you lost. The fact that they try and do as much as they can without negatively impacting Eve's market or opening themselves up to scams from unscrupulous people faking account hacks is just plain nice of them.

So quit whining, and let this thread die.

[center]"I don't troll, I just give overly blunt responses that annoy people who are wrong but don't want to admit it. It's not my fault that people have sensitive feelings"  -MXZF[/center]
Drake Draconis
Brutor Tribe
Minmatar Republic
#59 - 2012-01-18 15:01:40 UTC  |  Edited by: Drake Draconis
Prince Kobol wrote:
Drake Draconis wrote:
Prince Kobol wrote:
mxzf wrote:
Prince Kobol wrote:
The one thing that a authenticator would do is provide a major obstacle against botters and RMT Sellers.


Except that the RMTers/Botters would simply decline to use authentication ....

Or, if you're trying to force everyone to use authentication, anyone who cares at all about their personal privacy will simply refuse to use it and many will likely stop playing the game.

CCP is not and should not be responsible for leaks from the user side. If someone was capturing passwords when they were being sent or had hacked the authentication servers, that would be CCP's fault. But CCP is no more responsible for someone getting keylogged than they would be if you wrote down your login information and handed it to someone as you were walking down the street. It's the user's fault for having poor security (regardless of if they were aware of it).


So just to clarify.. you never play any MMO that requires you to enter your personal information, including steam, x-box live, etc

Also I presume you never use internet shopping as well as they usually require your personal information as well.



So just to clarify... you never actually use your brain or think about things before you speak when it comes to common sense on matters of personal responcibility? Your answer to everything is to blame the company.

Got it.


Erm.. not too sure where you are going with this to be honest.

My issue is to do with with stopping people from botting and RMT.

The fact you are able to create untraceable accounts means that you have zero ways of stopping people /organisations.

You can't ban accounts, you can't ban email addresses, you cant, ban via IP address therefore you can not stop them.

How does this have anything to do with personal responsibility?

As for having your account being hacked, yes you can take measures to stop this from happening, however since nobody is perfect and Eve is a big target due to the fact that out of all the mmo's it is the easiest to make rl money from, it can also ask as a deterrent.

I suggest you apply our comment to yourself in the future in order to stop yourself from looking like a fool Blink


"our" comment?

Whose the fool again?

You say things you obviously do not understand... saying "can't" do this and "can't" do that.

Please...stop blabbering like some expert and go away before you embarrass yourself in front of the security gurus.

CCP has a very nice system in place for dealing with people who mess around... your just not pleased because you think every tom **** and harry are botters and RMT'ers and demand immediate results.

Grow up..get over yourself...and take responsibility for your own actions and how you implement security on your system.

Its called common sense.

"assuming" your "stuff" is unassailable as far as your computer is concerned is just flat stupid....if someone wants your @$$ on a silver platter...its gonna happen..regardless.

But taking obvious measures...makes it very difficult for someone to attack you. Blaming CCP for your short comings...won't work... because it comes down to you and what you do with your computer.

CCP will take responsibility when and if they have a massive breech such as a DB compromise.

They will not take blame if your a fool and happen to visit porn on a regular basis.

And by the way smarty pants.... nothing on the internet is untraceable...won't get into a discussion but that's known to EVERYONE.

All you need a federal warrant...and life gets rather interesting.
The problem however is when it leaves the country...and honestly...most of these little attacks originate from our own country here as far as eve online...because people are just that stupid when it comes to personal security.

I deal with this problem every day at my job... and I have to tell you... the things people put for passwords and answers to secret questions...its a wonder we don't have more people losing their accounts because of this.

================ STOP THE EVEMAIL SPAM! https://forums.eveonline.com/default.aspx?g=posts&t=78152
Revolution Rising
Last-Light Holdings
#60 - 2012-01-18 15:09:55 UTC
Blizzard pulled a rabbit out of the hat with their one time password keychains and iphone apps. Why not ccp ?

(I have one for my starcraft 2 account, I'd certainly throw another on for this game!).

.