Players beware

[StormCinder]

Umee wrote:

It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs.  Posts have been made that SOE is aware of the issue (see: Community News forum).  It's an awful thing.  I truly feel sorry for those who thought they were safe (this means, not those who've shared their information).  I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else.  I have several I cycle through for forum passwords.  I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can.  This is a serious matter and is likely hogging a lot of resources until it's all figured out.  It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked.  It's great that this community can work together to help pinpoint issues like this.  However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing.  I ask with Halfling pleas to not blame other sites without proof

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsible.

SC

[bleap]

StormCinder wrote:

Umee wrote:

It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs.  Posts have been made that SOE is aware of the issue (see: Community News forum).  It's an awful thing.  I truly feel sorry for those who thought they were safe (this means, not those who've shared their information).  I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else.  I have several I cycle through for forum passwords.  I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can.  This is a serious matter and is likely hogging a lot of resources until it's all figured out.  It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked.  It's great that this community can work together to help pinpoint issues like this.  However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing.  I ask with Halfling pleas to not blame other sites without proof

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsible.

SC

This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords? Sure it would be another scandal among other recent ones, but if it's true they were hacked and it gets out to the public, they will lose all credibility and trust....If someone can hack the login/password DB who's to say the credit card DB hasn't been compromised. I believe they are legally obligated to notify their subscribers that use credit cards if that information is lost, stolen or destroyed...

[Fraug]

StormCinder wrote:

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsifble.

SC

I'm sorry, but this is almost completely, patently false.  What you hear about more often are the bigger compromises, since they are much bigger and more newsworthy. What you DON'T hear about are the individuals who are continually getting phished or losing their identities to things like spyware, malware, or keyloggers here and there (it's actually a lot more frequent than what you might think).  Attacking a big corporation with a centralized (or decentralized) database is a big deal.  Furthermore, there's a MUCH bigger chance that you're going to get caught and made an example out of if you attempt such things... Keyloggers or even malware/spyware, on the other hand, are relatively simple.  Writing GOOD collectords that filter out info you are actually LOOKING for is not really any harder (it's actually pretty trivial, in-relation).  Really you only need to trap one of a handful of applications being launched (email, MMOs, etc); ones that you're "interested in" persay.  Grabbing the username/passwords are *incredibly* easy to pick out (particularly with many of them generally just using hooks in to IE with static HTML forms for their login sequences).  Then compromise one of many thousands of player/victim frequented sites to distribute your malware to your intended victims (how many sites do you know that run an old phpbb or another easily-rooted piece of software?).  Your malware then takes all the info it gathers and drops info to another compromised box somewhere else in the world -- likely something hosted overseas so-as to further complicate investigation and/or extradition/subpoena of the mounds of evidence. You lose *any* piece of that chain and it's not really that big a deal... there are many more where that came from, really. It's really a much EASIER means of compromising large numbers of accounts and making it VERY difficult for someone such as SOE (or any large company and/or random player/victim) to track you down.Also, keep in mind that if this was a huge compromise, chances are MANY more accounts would have been stripped, you'd not have seen it so widely distributed in virtually every online game on the market  (eg. you'd see a single, focused attack or an ongoing/continuous thrust against a single community).  Chances are, it also WOULDN'T keep going on, as SOE (or anyone else) would have surely taken appropriate action (forced password reset with the originally registered email address, forced verification of any credit card on file, etc).  Besides, I believe with things like SOX... a public American company such as SOE would virtually be forced to disclose *some* idea that they were compromised and/or fixed along with the rough number of persons affected (since they hold people's financial information, are publically traded, etc).Remember that individual PCs, particularly ones without firewalls or with poor browser configurations are under continual onslaught of virii, malware, spyware and a whole host of other things.  If you really want to see how bad it is and have an extra machine, try installing a fresh copy of Microsoft Windows and putting it on an unsecured network -- you don't need to worry about anything else for a little while.  An hour or two later, maybe even a day or two, try running a virus or malware scanner on it (that is, if your ISP hasn't disconnected you by then).  As of the middle of March 2008, average "survival" time for a Windows machine is measured in minutes (less than 50 (fifty)), where-as UN*X is closer to about 1000 (though I don't that's an unfair number, as most UN*X admin are smart enough to move things off of common ports, where-as that's really not an option in Windoze).Reference: Internet Storm Center - Survival Time

[Fraug]

bleap wrote:

This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords?

I believe things like SOX basically mandates that public American companies are swift and forthright with such types of disclosures in the event of such an issue... you can thank Enron for that one.  Not doing so, as you had also pointed out, would likely be catastrophic to their business reputation (and I believe they could even be financially and criminally liable).  And it probably goes without saying that SOE, along with their parent company, are certainly very well respected in their industries (at least as far as I know).

[StormCinder]

bleap wrote:

StormCinder wrote:

Umee wrote:

It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs.  Posts have been made that SOE is aware of the issue (see: Community News forum).  It's an awful thing.  I truly feel sorry for those who thought they were safe (this means, not those who've shared their information).  I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else.  I have several I cycle through for forum passwords.  I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can.  This is a serious matter and is likely hogging a lot of resources until it's all figured out.  It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked.  It's great that this community can work together to help pinpoint issues like this.  However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing.  I ask with Halfling pleas to not blame other sites without proof

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsible.

SC

This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords? Sure it would be another scandal among other recent ones, but if it's true they were hacked and it gets out to the public, they will lose all credibility and trust....If someone can hack the login/password DB who's to say the credit card DB hasn't been compromised. I believe they are legally obligated to notify their subscribers that use credit cards if that information is lost, stolen or destroyed...

Yes, it would.

I didn't say that they knew they were hacked and are trying to act like they weren't.  I'm just saying that it might be a  tad premature for SOE to point the finger at the clients before they know they were NOT hacked.  And yes, I am reading the CMs posting above that states that since other games were hacked as well, then it's not SOEs fault.  If SOE was hacked, then it IS their fault. 

And I believe that it is more likely that a central source of userid/pw was hacked rather than sending out thousands of keyloggers, as so many have stated.  It may not be SOE.  It could be any number of sites that have this information.

The biggest net security faux pas I've seen people commit time and again:  registering to be a member of site X.  In the sign-up process they are required to include an email address.  Then they are asked to submit a username/password.  Many MANY people use the same password for multiple sites.  So it's not a huge leap to take the email address and password provided in the registration process and access a person's email. 

Now, if you're a site that is focused on a certain niche of people...say MMORPG players...some kind of fan site, or centralized info site...and that site gets hacked for it's username/pws.  There have been several DoS attacks recently on several of the more popular sites that span any number of games.  DoS attacks are often one part of an attack that often includes gaining access to secure portions of websites.

Until this gets resolved, I am changing my password frequently...daily if possible.

SC

[StormCinder]

Fraug wrote:

StormCinder wrote:

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsifble.

SC

I'm sorry, but this is almost completely, patently false.  What you hear about more often are the bigger compromises, since they are much bigger and more newsworthy. What you DON'T hear about are the individuals who are continually getting phished or losing their identities to things like spyware, malware, or keyloggers here and there (it's actually a lot more frequent than what you might think).  Attacking a big corporation with a centralized (or decentralized) database is a big deal.  Furthermore, there's a MUCH bigger chance that you're going to get caught and made an example out of if you attempt such things... Keyloggers or even malware/spyware, on the other hand, are relatively simple.  Writing GOOD collectords that filter out info you are actually LOOKING for is not really any harder (it's actually pretty trivial, in-relation).  Really you only need to trap one of a handful of applications being launched (email, MMOs, etc); ones that you're "interested in" persay.  Grabbing the username/passwords are *incredibly* easy to pick out (particularly with many of them generally just using hooks in to IE with static HTML forms for their login sequences).  Then compromise one of many thousands of player/victim frequented sites to distribute your malware to your intended victims (how many sites do you know that run an old phpbb or another easily-rooted piece of software?).  Your malware then takes all the info it gathers and drops info to another compromised box somewhere else in the world -- likely something hosted overseas so-as to further complicate investigation and/or extradition/subpoena of the mounds of evidence. You lose *any* piece of that chain and it's not really that big a deal... there are many more where that came from, really. It's really a much EASIER means of compromising large numbers of accounts and making it VERY difficult for someone such as SOE (or any large company and/or random player/victim) to track you down.Also, keep in mind that if this was a huge compromise, chances are MANY more accounts would have been stripped, you'd not have seen it so widely distributed in virtually every online game on the market  (eg. you'd see a single, focused attack or an ongoing/continuous thrust against a single community).  Chances are, it also WOULDN'T keep going on, as SOE (or anyone else) would have surely taken appropriate action (forced password reset with the originally registered email address, forced verification of any credit card on file, etc).  Besides, I believe with things like SOX... a public American company such as SOE would virtually be forced to disclose *some* idea that they were compromised and/or fixed along with the rough number of persons affected (since they hold people's financial information, are publically traded, etc).Remember that individual PCs, particularly ones without firewalls or with poor browser configurations are under continual onslaught of virii, malware, spyware and a whole host of other things.  If you really want to see how bad it is and have an extra machine, try installing a fresh copy of Microsoft Windows and putting it on an unsecured network -- you don't need to worry about anything else for a little while.  An hour or two later, maybe even a day or two, try running a virus or malware scanner on it (that is, if your ISP hasn't disconnected you by then).  As of the middle of March 2008, average "survival" time for a Windows machine is measured in minutes (less than 50 (fifty)), where-as UN*X is closer to about 1000 (though I don't that's an unfair number, as most UN*X admin are smart enough to move things off of common ports, where-as that's really not an option in Windoze).Reference: Internet Storm Center - Survival Time

Reading your last paragraph put your whole post in perspective.  I see that you gather all of your information second-hand via what you read on the "interwebs."

You have no knowledge about how these attacks are conducted and how they are successfully exploited.  Two large grocery chains allowed access to customer information in early December.  Those intrusions were not detected until Feb...after several thousand fraudulent uses of personal information were committed.  Less than 1% of the exposed customers were violated.

Your  hackneyed attacks against an OS is sooooo three years ago.  Taking the position that the end-user is the one responsible with absolutely no knowledge of the situation confirms that you are part of the problem.

SC

[StormCinder]

BTW, if people seriously believe that the problem lies with keyloggers, then the WORST thing you could do is change your password and/or log into the game or even these forums until the situation is resolved.

SC

[Fraug]

StormCinder wrote:

WellI didn't say that they knew they were hacked and are trying to act like they weren't.  I'm just saying that it might be a  tad premature for SOE to point the finger at the clients before they know they were NOT hacked.  And yes, I am reading the CMs posting above that states that since other games were hacked as well, then it's not SOEs fault.  If SOE was hacked, then it IS their fault. 

And I believe that it is more likely that a central source of userid/pw was hacked rather than sending out thousands of keyloggers, as so many have stated.  It may not be SOE.  It could be any number of sites that have this information.

The biggest net security faux pas I've seen people commit time and again:  registering to be a member of site X.  In the sign-up process they are required to include an email address.  Then they are asked to submit a username/password.  Many MANY people use the same password for multiple sites.  So it's not a huge leap to take the email address and password provided in the registration process and access a person's email. 

Now, if you're a site that is focused on a certain niche of people...say MMORPG players...some kind of fan site, or centralized info site...and that site gets hacked for it's username/pws.  There have been several DoS attacks recently on several of the more popular sites that span any number of games.  DoS attacks are often one part of an attack that often includes gaining access to secure portions of websites.

Until this gets resolved, I am changing my password frequently...daily if possible.

SC

It's very likely that the problem is another compromised site, some place (though the email compromise is a possibility, it's a lot more difficult to grab someone's email and sort through it, looking for passwords).  Unfortunately, the whole keylogger/malware distribution with some means of collecting data is really a whole lot simpler than I think anyone's really given them credit.How many phish emails does the average person get on the average day?  Me, I get hundreds (last I looked, I also drop 3-5k spams a day).   Don't think for a second that the sites they use for their info collection is anything less than a box they've already hacked through any one of a thousand automatic root kits (there are many sites dedicated to this exact pursuit).Injecting a piece of software on to someone's machine through a fault in a web browser, especially IE, is trivial.  There are literally tens of thousands of websites on the Internet that will tell you how to do it -- mind you, many of them also provide the same sorts of "services" as you're browsing them (ie. I wouldn't recommend surfing for them unless you know what you are doing, here).  It's not like you're hacking each individual box to "place" a keylogger or anything of the sort... you simply hack one exposed site (from the hundreds of thousands out there) and leave your stuff there to propagate -- ironically, bulletin board systems are probably one of the worst in terms of site security.  And again, a large portion of this can be trivially automated.Really the toughest piece of this is developing or obtaining a keylogger or piece of malware that will deposit your logs in some unobtrusive spot on some unsuspecting server some place where some admin won't find it (my favorite was always "/var/tmp.. " -- that's var-tmp-dot-dot-space).  Of course, there are kits and :cookie sheets" out there for that sort of stuff, too, where all you need do is change a config file and "away you go."Really... I've said it a few times already, but the keylogger/malware mechanism is by far the most likely scenario, here.  And no, I don't work for Sony or any of its affiliates, nor have I ever... but, I will say, I've done a lot of stuff in this particular arena in one form or another.

[bleap]

StormCinder wrote:

bleap wrote:

StormCinder wrote:

Umee wrote:

It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs.  Posts have been made that SOE is aware of the issue (see: Community News forum).  It's an awful thing.  I truly feel sorry for those who thought they were safe (this means, not those who've shared their information).  I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else.  I have several I cycle through for forum passwords.  I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can.  This is a serious matter and is likely hogging a lot of resources until it's all figured out.  It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked.  It's great that this community can work together to help pinpoint issues like this.  However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing.  I ask with Halfling pleas to not blame other sites without proof

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register.  Blaming the users before confirming that the data warehouses have not been hacked is irresponsible.

SC

This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords? Sure it would be another scandal among other recent ones, but if it's true they were hacked and it gets out to the public, they will lose all credibility and trust....If someone can hack the login/password DB who's to say the credit card DB hasn't been compromised. I believe they are legally obligated to notify their subscribers that use credit cards if that information is lost, stolen or destroyed...

Yes, it would.

I didn't say that they knew they were hacked and are trying to act like they weren't.  I'm just saying that it might be a  tad premature for SOE to point the finger at the clients before they know they were NOT hacked.  And yes, I am reading the CMs posting above that states that since other games were hacked as well, then it's not SOEs fault.  If SOE was hacked, then it IS their fault. 

And I believe that it is more likely that a central source of userid/pw was hacked rather than sending out thousands of keyloggers, as so many have stated.  It may not be SOE.  It could be any number of sites that have this information.

The biggest net security faux pas I've seen people commit time and again:  registering to be a member of site X.  In the sign-up process they are required to include an email address.  Then they are asked to submit a username/password.  Many MANY people use the same password for multiple sites.  So it's not a huge leap to take the email address and password provided in the registration process and access a person's email. 

Now, if you're a site that is focused on a certain niche of people...say MMORPG players...some kind of fan site, or centralized info site...and that site gets hacked for it's username/pws.  There have been several DoS attacks recently on several of the more popular sites that span any number of games.  DoS attacks are often one part of an attack that often includes gaining access to secure portions of websites.

Until this gets resolved, I am changing my password frequently...daily if possible.

SC

I cannot for the life of me think of one valid reason SOE would share this information with anyone...But if you can please enlighten us. If I found out that SOE was selling this information or using it in any manner other than to manage my gaming experience I would cancel my account and the account of my wife right away...no one else has this information....period...I don't use it for any other game or fan site...

[ke'la]

Jesdyr@Unrest wrote:

Zarador wrote:

My friend often boasts how "If it's anything game related, I don't have to worry about remembering passwords".  So basically, his login information for all games is on about 5 Games and maybe 20+ fan sites as well as several email accounts.  Brilliant? No?

It is stupid yes .. but this isnt what is happening here. Accounts where the user did everything "right" are getting taken over. I dont think we will ever know because it is unlikely SoE will tell us.

So your saying SoE has access to Blizzard, NCsoft, etc.'s player account information. Get this through your head IT IS NOT JUST SOE GAMES THAT ARE HAVING THIS ISSUE. Every MMO out there are seeing this issue, wich means its FAR more likly the the useres got hacked in some way, such as thru My Space or some other non-game related thing they all do on the internet.

[ke'la]

Rqron wrote:

Jesdyr@Unrest wrote:

This seems more and more like a problem with SoE. The hijacked accounts are having their passwords changed .. You cannot change an account password without knowing the challenge question answer. While these are often a very weak method of security, they are not something that is often typed in by the user for a keylogger to even pick up. Unless all these people had passwords that have not been changed in YEARS which means they do not have the new security measures in place.

I still believe someone hacked they're computers and stole account info. It is to widespread to be just a few end users. Like I said they seemed to be concerned enough to change the LoN advertising upon login to a warning to end users..typical for big cooperations, never admit its they're fault but dump it all onto the end user and as such getting a lot of the people to change the passwords because they are paranoid. And if something happens to the rest who do not change the password, then they will say..hey you obviously did something against the eula or whatever crap..the problem is, no user will ever be able to proof otherwise . And now you can get a "one time complimentary" rollback..bah with all the hurdles and such one get to have even the smallest thing done within the game and one has to go through hoops to even get services that you are entitled to as a paying customer, and suddenly SOE "offers" this "service" out of the kindness of they're hearts? I smell something fishy and very rotten here.J.C.

THere is nothing "sudden" about the roll back service, they have been offering 1 time roll backs for years, its just they don't advertise it because then the number of people trying to scam them could go up.

[Fraug]

StormCinder wrote:

Reading your last paragraph put your whole post in perspective.  I see that you gather all of your information second-hand via what you read on the "interwebs."

You have no knowledge about how these attacks are conducted and how they are successfully exploited.  Two large grocery chains allowed access to customer information in early December.  Those intrusions were not detected until Feb...after several thousand fraudulent uses of personal information were committed.  Less than 1% of the exposed customers were violated.

Your  hackneyed attacks against an OS is sooooo three years ago.  Taking the position that the end-user is the one responsible with absolutely no knowledge of the situation confirms that you are part of the problem.

SC

*laugh*If you really think that, well... if you only really knew...Your complete dismissal of my post with no real supporting evidence only further validates the same point.  I didn't point out "hackneyed attacks against an OS" -- I pointed out simple and common attacks that are used today, and used an example of an unprotected Windoze machine as a point of perspective.  Even though you simply dismiss it, IE and its Active X problems still tops the charts for 2007 as the biggest problem for client machines, and those problems have actually increased significantly over the last year.  Strangely enough, web application vulnerabilities are also on the rise, and along with Windows services, are the top two  security issues on the Internet over the last year. Feel free to check SANS, CIAC, FIRST, NVD or any of a number of other well-respected security sites if you don't believe me.  Strange though, that you would indicate that it was "so three years ago" when it's pretty clear from the cited sources that they continue to not only be on the rise, but are largely more and more successful year over year (though worm propagation across specific OS' is admittedly on the decline).I'm also aware of the SQL injection type compromises you speak of... as well as some other recent attacks (specifically the grocery stores, among others) -- though they claim that no personal information was compromised, they still haven't divulged the intrusion method.  It is a bit ironic, though, that many SQL injection type attacks happen through web applications, no?  If you're depending on MSNBC's sensationalistic perspective on the whole thing, though... well, that's how they keep people glued to them, I guess.  Anyone want to bet that grocery store chain was running Windows server, though?  I'm not saying that database type attacks or similar don't happen, -- I said they're far less likely/common.  I also said that given the way in which I've heard of folks here being compromised (and the "rate" if you will), it seems it's likely a rogue site that's injecting malware on to systems or otherwise compromising people's accounts through common passwords or any of a number of other means, many of which have been pointed out multiple times by multiple people.  We all know how long it takes game spammers to get in and out of the game as it is... let's be realistic here: do you really think with a large scale compromise that each-and-every one of us wouldn't already directly know someone who had been affected?To the best of my recollection, so far all the people that I've talked to who have been hacked (or friends who have told me that they had friends who were hacked), all seem to have some level of participation in online EQ activities outside of EQ itself (eg. guild websites, off-site forums, character sharing or any of a number of other similar sorts of EQ-like activities -- and I realize character/account sharing is against the EULA, but I hear people still doing it).  Considering the contingent of folks I know that don't tend to participate in any of those sorts of online activities -- I can't say I know directly of a single one that's been hacked (and I think something would have already hit our out-of-game mailing list(s) or similar had it happened).  To me, that just further points the finger at keyloggers/malware...And yes, perhaps a certain part of me has a bit of "wishful thinking" in pointing the finger at a client... but experience has taught me that, 98 to 99 times out of 100, that's the case.  And yes, I worry/dread that other 1 or 2 and, really, is what I devote a large portion of my life to... " />But, simply making personal attacks on me without supporting your arguments really doesn't help here... but, who are we to kid, right?  This is in SOE's court and, I'm sure, they're doing their best to help get to the bottom of it... no amount of arguing/debate we do here is going to really help them solve this one though.Edit: grammatical clarification

[Fraug]

ke'la wrote:

So your saying SoE has access to Blizzard, NCsoft, etc.'s player account information. Get this through your head IT IS NOT JUST SOE GAMES THAT ARE HAVING THIS ISSUE. Every MMO out there are seeing this issue, wich means its FAR more likly the the useres got hacked in some way, such as thru My Space or some other non-game related thing they all do on the internet.

I couldn't have said it more concisely myself. (guess I can be a little long-winded, eh? *blush*)

[strNpwrKC]

Has absolutely nothing done with "hacking".It has ALL been traced back to guildportal.com running keyloggers in some of their software. Nothing more, nothing less

[Jacmac]

Most people reading these boards are smart enough to enable firewalls, stay away from shady web sites, not install spyware/malware and uninstall or end a process that looks suspicious. Just being on the forums talking about it puts you ahead of 90% of the playerbase that doesn't know a bit from a byte. Hacking of the kind that is going on now from China has been going on for years, and it is specifically aimed at the stupid and careless. They aren't going to waste their time trying to hack Sony's servers or any other mega-company, instead they shower the Internet and hope a few drops come back.Ten years ago you could randomly type \64.x.x.xc in IE and half the time 'administrator' with no password would get you access to somebody's drive. Things have gotten better, but there are still millions of hapless users out there that barely know how to open the Control Panel.

[Fraug]

Jacmac wrote:

Most people reading these boards are smart enough to enable firewalls, stay away from shady web sites, not install spyware/malware and uninstall or end a process that looks suspicious. Just being on the forums talking about it puts you ahead of 90% of the playerbase that doesn't know a bit from a byte. Hacking of the kind that is going on now from China has been going on for years, and it is specifically aimed at the stupid and careless. They aren't going to waste their time trying to hack Sony's servers or any other mega-company, instead they shower the Internet and hope a few drops come back.Ten years ago you could randomly type \64.x.x.xc in IE and half the time 'administrator' with no password would get you access to somebody's drive. Things have gotten better, but there are still millions of hapless users out there that barely know how to open the Control Panel.

Well... Malware's not generally a choice -- Hell, Windows Vista comes packaged with it out of the box!  Most spyware/malware often comes "packaged" with other "neat" utils (such as self-proclaimed "cheat" software, [Removed for Content] videos, etc) or as an "added bonus" to someone that doesn't necessarily turn off Javascript/Active-X (i'd post a site here that would probably very well demonstrate it on 90% or more of the browsers even here, but I think that's a ban'able offense).Yeah, overall I think/agree that our community is a lot more educated about these things than your average, run of the mill Internet user... at least I'd like to think so, anyway.  But, starting with SP2 for XP, file sharing (at least at that level) is turned off by default and XP's built-in firewall is a decent start... but it still generally doesn't turn off the default share that someone could likely exploit through something like SAMBA (perhaps not "exploit" persay, but a connection's a connection at times).  And, like you said, I can't tell you how many machines I've gotten in to simply by using a "guest" or "administrator" account that was "never" logged in to... there are other default/ignored accounts for OEM'd machines, too, that tend to give you admin access right out of the gate.But yeah, you're right... they work on the same principle the spammers here work on -- flood the channels and hope that you get as much as a half or 1% hit rate; then you've hit paydirt (a lot with the sheer numbers we're talking about, here).  And somewhere I have a screen shot of a virus/malware scan I did on someone's machine... back when a "big" drive was less than 120GB (probably a LOT less), I think we hit something like 160k infected files... my "personal best."  I'll have to look for the screen shot we took - it was comedy gold.  We didn't tell the end user that, of course -- they just wanted to know why their machine was so freakin' slow and kept locking up... *laugh*

[Wingrider01]

Fraug wrote:

Jacmac wrote:

Most people reading these boards are smart enough to enable firewalls, stay away from shady web sites, not install spyware/malware and uninstall or end a process that looks suspicious. Just being on the forums talking about it puts you ahead of 90% of the playerbase that doesn't know a bit from a byte. Hacking of the kind that is going on now from China has been going on for years, and it is specifically aimed at the stupid and careless. They aren't going to waste their time trying to hack Sony's servers or any other mega-company, instead they shower the Internet and hope a few drops come back.Ten years ago you could randomly type \64.x.x.xc in IE and half the time 'administrator' with no password would get you access to somebody's drive. Things have gotten better, but there are still millions of hapless users out there that barely know how to open the Control Panel.

Well... Malware's not generally a choice -- Hell, Windows Vista comes packaged with it out of the box!  Most spyware/malware often comes "packaged" with other "neat" utils (such as self-proclaimed "cheat" software, [Removed for Content] videos, etc) or as an "added bonus" to someone that doesn't necessarily turn off Javascript/Active-X (i'd post a site here that would probably very well demonstrate it on 90% or more of the browsers even here, but I think that's a ban'able offense).Yeah, overall I think/agree that our community is a lot more educated about these things than your average, run of the mill Internet user... at least I'd like to think so, anyway.  But, starting with SP2 for XP, file sharing (at least at that level) is turned off by default and XP's built-in firewall is a decent start... but it still generally doesn't turn off the default share that someone could likely exploit through something like SAMBA (perhaps not "exploit" persay, but a connection's a connection at times).  And, like you said, I can't tell you how many machines I've gotten in to simply by using a "guest" or "administrator" account that was "never" logged in to... there are other default/ignored accounts for OEM'd machines, too, that tend to give you admin access right out of the gate.But yeah, you're right... they work on the same principle the spammers here work on -- flood the channels and hope that you get as much as a half or 1% hit rate; then you've hit paydirt (a lot with the sheer numbers we're talking about, here).  And somewhere I have a screen shot of a virus/malware scan I did on someone's machine... back when a "big" drive was less than 120GB (probably a LOT less), I think we hit something like 160k infected files... my "personal best."  I'll have to look for the screen shot we took - it was comedy gold.  We didn't tell the end user that, of course -- they just wanted to know why their machine was so freakin' slow and kept locking up... *laugh*

"Windows Vista comes packaged with it out of the box!" Interesting statement, conjecture, opinion or reputable documented fact?

The bottom line is most people DO NOT want to mess with the results of using the heightened security systems that have been patched into XP and comes with Vista, look in the tech forum on any board for any game - first thing that people say they do is turn off UAC in vista, while it is not perfect, and it can be a pain sometimes, there are very few applications out there that will not run with UAC turned on, people just do not want to take the time to adjust the settings and adjust their habits to work with it. EQ2 DOES run with Vista's UAC turned on, you just have to take the time to set it correctly, and adjust to the fact that pre-sp1 it will ask for permission to continue with elevated permissions everytime you launch. The majority of end users do not want to be bothered with that.  I doubt that 60 percent of general users would even virus scan their systems regularly if the application did not automaticly set it up. I have worked with end users that setup a wireless network in their home or office that did not even bother to set a security key on it, then they wonder why their information is gone or their network is compromised. 

 At the end of the day, security of a end users systems is the end users responsiblity, while it is a slight possiblity that an issue occurred at SOE's end for user id's and passwords, I would be willing to bet that the security breach occurred outside of SOE's world in in the world of the 3rd party websites. Been thinking about it - do not recall ANY 3rd party site that utilizes a SSL certificate, where as the SOE login page IS SSL'd.

[Journee]

strNpwrKC wrote:

Has absolutely nothing done with "hacking".It has ALL been traced back to guildportal.com running keyloggers in some of their software. Nothing more, nothing less " width="15" height="15" />

Can you please provide where you found out this information?  I would love to believe that it has been solved but with so many tin-foil hats out there I would like to see something that lets me know it is safe to go out and play again

Thank you

~Journee~

[Jacmac]

Here's what I read on a guild blog about guildportal.com:

If you've visited a GP [GuildPortal.com] site lately, and use the IE browser, you may have been affected by this. Many of the antivirus and spyware programs do not detect this. To check (assuming you are running Windows XP) open your C:WINNTsystem32 folder and look for mppds.dll and mppds.exe. If you see either, then you have been infected by this keylogger.

[Effie]

StormCinder wrote:

And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines.  I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.

Wow, that's ignorant.

To imply that it would be easier to hack a server with 1024 bit security than it would be to plant a keylogger on someone's desktop PC is mind blowing in it's absurdity.

[Miladi]

Here's a copy and paste from the WoW forums regarding Guildportal.com

 Q u o t e:Dear GuildPortal Members, Over the past few days we have been fighting a brute force attack against our servers by multiple (10+) computers that we suspect are located in China. While we have secured the services and the problem is gone, we want to let you know, fully, what exactly happened. The attacks were successful to an extent, in that they were able to modify content on many sites, injecting code into welcome messages that contained a hidden iframe. This frame would then load script into the user's browser that installed a keylogger. This did not affect all guilds or all users. The users that were affected were running Internet Explorer on Windows with no virus protection installed. We have been working very hard with Rackspace to identify the means the attackers used and to nullify their ability to continue, but our top priority was always to reverse the injections as soon as we possibly could. We don't expect or deserve any pity for missing sleep, to be sure, but please believe that we have been doing everything we can to first remove the malicious code from your sites and then remove their ability to do it again. Many times during this, we have brought GuildPortal completely down in order to prevent the spreading of the trojan while we removed the code that loaded it. The process the attackers used to do this was automated -- our ability to counter what they were doing was not. We believe we have patched up the problem that made what they did possible. However, please, if you use Internet Explorer under Windows, install a virus scanner if you don't already have one. If you don't, odds are overwhelmingly in favor of you already being infected with something. Blizzard has an excellent write-up on securing your computer here, as well as information on what to do in case your World of Warcraft account has been compromised at this link. Over the next few days, we are conducting a full security audit of our entire infrastructure, to locate and eradicate any other even remotely possible security risks. We cannot promise a security problem will never happen again -- no more than Microsoft promises their operating systems or browsers will be completely secure and virus-free after a service pack release -- but we will call (and have been calling) on all of the resources we have at our disposal to secure every part of the site, and it is our top priority. We apologize for any inconvenience and, as always, thank you very much for choosing GuildPortal as your guild's home on the web!

Just so you know that its not a rumor this time. Don't visit Guildportal.com unless they've cleaned up their act and website.

[Geothe]

Btw

Genious.You may want to check the DATE that was actually posted...

it was a year ago. LOL

CLICKY

See, that lovely date right at the top, yeah, 2007.

[Miladi]

Geothe wrote:

Btw

Genious.You may want to check the DATE that was actually posted...

it was a year ago. LOL

CLICKY

See, that lovely date right at the top, yeah, 2007.

I stand corrected, I missed the year on the posting, and didn't really pay attention to it and I should have. Mea culpa.

BTW, its spelled GENIUS, no O in it

[g0thiC_iCe_cReaM]

BTW, I can assure you it wasn't a security breach at SOE.

This article was posted on SANS when this happened. This has good information on what is going on:

http://isc.sans.org/diary.html?storyid=4139

[StormCinder]

A couple of new aspects to chew on today:

The requirements (security, reporting breaches, etc) for CC security don't apply to userid/pw for a video game.

Also, I'm pretty sure the EULA states that SOE owns everything you have in-game.  So the only way you can report any true, criminally fraudulant activity is if someone uses your account to purchase other subscriptions/items.  As far as has been reported thus far, no actual CC information has been breached.

There's nothing to see here.

SC

[Sevlar]

I find it funny that almost 3 pages after the link to the ABC news story was posted that people are still speculating on how or where people are getting infected.

Mcaffee stated in the news story that at least 10,000 sites or more were infected. Its not SOE or just guild portal, its a ton of sites that aim to get passwords from MMO's.

For those that were to lazy to click on the ABC news link I will copy it here......

 http://www.abcnews.go.com/Technology/PCWorld/story?id=4441255

Password-Stealing Hackers Infect Thousands of Web Pages

Hackers looking to steal passwords used in popular online games have infected more than 10,000 Web pages in recent days.

  March 13, 2008 1:00:00 AM PDT

The Web attack, which appears to be a coordinated effort run out of servers in China, was first noticed by McAfee researchers on Wednesday morning. Within hours, the security company had tracked more than 10,000 Web pages infected on hundreds of Web sites.

McAfee isn't sure how so many sites have been hacked, but "given how quickly some of these attacks have come on, it does seem like some automation has gone on," said Craig Schmugar, a researcher with McAfee's Avert Labs. In the past, attackers have used search engines to scour the Internet for vulnerable Web sites and then written automated tools to flood them with attacks, which ultimately let criminals use legitimate sites to serve up their malicious code.

The infected Web sites look no different than before, but the attackers have added a small bit of JavaScript code that redirects visitors' browsers to an invisible attack launched from the China-based servers. This same technique was used a year ago, when attackers infected the Web sites of the Miami Dolphins and Dolphins Stadium just prior to the 2007 Super Bowl XLI football game.

The attack code takes advantage of bugs that have already been patched, so users whose software is up-to-date are not at risk. However, McAfee warns that some of the exploits are for obscure programs such as ActiveX controls for online games, which users may not think to patch.

If the code is successful, it then installs a password-stealing program on the victim's computer that looks for passwords for a number of online games, including the Lord of the Rings Online.

These online game passwords are a popular hacker target, in part because many online gaming resources can be stolen and then sold for cash.

Widespread Web attacks such as this are becoming more common too.

In January, security vendor Finjan reported a widespread hacking effort that infected 10,000 Web sites with malicious code that attacked visitors and then installed data-collecting software on their machines.

This type of attack is attractive to criminals, in part because it can be hard to thwart. "It's more subtle than spamming a malicious executable file to billions of e-mail addresses," Schmugar said. "You allow the people to go to the sites that they normally go to and pull off a low-scale attack that flies under the radar."

[FluffyGoat]

I wish SOE gave us an option that Paypal just recently started using.  It's called a Security key protection.  Everytime you login to Paypal you are required to press the button on a watch sized encrypted code generator.  No one can login to you account unless they physically have your key generator.  I know a lot of other companies use this for their employees.A hacker could have my bank username and password but they would not be able to access it unless they somehow hacked the key that was generated on this little device