Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Totally unsecured databse

2

Comments

  • TorvalTorval Oregon CountryPosts: 7,193Member Uncommon

    If this is true it is really horrible and makes the Neverwinter exploit look like a minor glitch. I really hope MMORP does some investigative reporting here and exposes the truth either way.

    Remember Cryptic got raked over the coals for far less than this while SE seems to be getting pass after pass.

  • GrailerGrailer HamiltonPosts: 876Member Uncommon

    you can pretty much buy cheat software for this game that allows you to get lvl 50 on all jobs and even edit what gear you want .  Pretty crazy stuff that they allowed client to be so much in control .

     

    Wonder if they will fix it or are they just poor programmers ?

  • TwoThreeFourTwoThreeFour Virginia, VAPosts: 2,131Member
    Originally posted by Grailer

    you can pretty much buy cheat software for this game that allows you to get lvl 50 on all jobs and even edit what gear you want .  Pretty crazy stuff that they allowed client to be so much in control .

     

    Wonder if they will fix it or are they just poor programmers ?

    Crafting leve exploit has been proven to exist but there is no proof yet that it isn't limited by your leve allowences amount, so far from s ure that you would be able all crafts to lv50 in 1 day using it.

     

    As for the "edit what gear you want", what proof do you have for it? It is certainly not enough to assume it is true just because someone advertises to sell it.

  • PhryPhry HampshirePosts: 6,288Member Uncommon
    Originally posted by Kyleran
    Originally posted by bcbully
    This is news worthy. I don't think I've heard anything as bad in a major mmorpg. I wouldn't be surprised to see a few articles from the major gaming sites.

    Well, unless of course it isn't really true, then you might not hear much about it.

     

    Kind of reminds me of one of Terry Pratchet's 'sayings'

    a lie is twice around the world before the truth has got its boots on.. or something like that. image

  • AlamarethAlamareth Cincinnati, OHPosts: 570Member
    Originally posted by bcbully
    This is news worthy. I don't think I've heard anything as bad in a major mmorpg. I wouldn't be surprised to see a few articles from the major gaming sites.

    Perfect World, Neverwinter, Vindictus, Legend of Ares, Diablo 2....I could go on all day....

    I thought this was fixed, but if you can trust DMKano with anything - perhaps it isn't.  I haven't heard anything about it since the massive banning, which is odd considering I'm part of a massive crafting LS.

  • DMKanoDMKano Gamercentral, AKPosts: 8,506Member Uncommon
    Originally posted by Alamareth
    Originally posted by bcbully
    This is news worthy. I don't think I've heard anything as bad in a major mmorpg. I wouldn't be surprised to see a few articles from the major gaming sites.

    Perfect World, Neverwinter, Vindictus, Legend of Ares, Diablo 2....I could go on all day....

    I thought this was fixed, but if you can trust DMKano with anything - perhaps it isn't.  I haven't heard anything about it since the massive banning, which is odd considering I'm part of a massive crafting LS.

    The big server maintenance on Monday should fix this exploit. In the meantime report folks that you see doing this - they are banning actively now. Just watch your text on screen for somebody gaining 30-40 levels in less than a minute.

    I reported 2 folks auto-killing mobs for skin/leather materials (both were logged on for days doing this) - this morning both are gone! I know this is a separate issue (botting) but its nice to see they are removing the bots. 

     

    P.S. Include the coordinates and zone/region name - it helps the process.

     

     

     

  • AlamarethAlamareth Cincinnati, OHPosts: 570Member
    Originally posted by DMKano
    Originally posted by Alamareth
    Originally posted by bcbully
    This is news worthy. I don't think I've heard anything as bad in a major mmorpg. I wouldn't be surprised to see a few articles from the major gaming sites.

    Perfect World, Neverwinter, Vindictus, Legend of Ares, Diablo 2....I could go on all day....

    I thought this was fixed, but if you can trust DMKano with anything - perhaps it isn't.  I haven't heard anything about it since the massive banning, which is odd considering I'm part of a massive crafting LS.

    The big server maintenance on Monday should fix this exploit. In the meantime report folks that you see doing this - they are banning actively now. Just watch your text on screen for somebody gaining 30-40 levels in less than a minute.

    I reported 2 folks auto-killing mobs for skin/leather materials (both were logged on for days doing this) - this morning both are gone! I know this is a separate issue (botting) but its nice to see they are removing the bots. 

     

    P.S. Include the coordinates and zone/region name - it helps the process.

    Yeah, same thing I do for the underground bots....

    I have no doubt they will ban all of them it's pretty flagrant.

  • TwoThreeFourTwoThreeFour Virginia, VAPosts: 2,131Member
    Originally posted by DMKano
    Originally posted by Alamareth
    Originally posted by bcbully
    This is news worthy. I don't think I've heard anything as bad in a major mmorpg. I wouldn't be surprised to see a few articles from the major gaming sites.

    Perfect World, Neverwinter, Vindictus, Legend of Ares, Diablo 2....I could go on all day....

    I thought this was fixed, but if you can trust DMKano with anything - perhaps it isn't.  I haven't heard anything about it since the massive banning, which is odd considering I'm part of a massive crafting LS.

    The big server maintenance on Monday should fix this exploit. In the meantime report folks that you see doing this - they are banning actively now. Just watch your text on screen for somebody gaining 30-40 levels in less than a minute.

    I reported 2 folks auto-killing mobs for skin/leather materials (both were logged on for days doing this) - this morning both are gone! I know this is a separate issue (botting) but its nice to see they are removing the bots. 

     

    P.S. Include the coordinates and zone/region name - it helps the process.

     

     

     

    That's great to hear! Thx for tips too about reporting zone/region name. 

  • HusvikHusvik Somewhere, ONPosts: 440Member

    If you want to do something like this and risk a ban then maybe you shouldn't be playing this game as you obviously don't care about the game like the majority of us do. in fact if you do, i hope you get banned for life as i don't want people like this playing my game anyway.

     

    It's a great game and completely worth my time and money.

  • skeaserskeaser Wichita Falls, TXPosts: 3,847Member Uncommon
    The bigger concern is how big is the flaw? Could a knowledgeable player potentially damage other players or the database itself? Could someone modify loot tables or spawn times for example or even spawn bosses in the starter area?
  • lovebuglovebug burnleyPosts: 256Member

    great game  shame its run so bad with se. i would  recomend anyone to steer clear of this game has it is now its just a hackers dream. with account bannings flying all over the place. might give it ago again next year if its still about .

    this is the first mmo ive ever had that i have been banned from. some hacker was on my acc2 that i never used and was spammimng gold sale so i am told.

    i have deleted my acc1 and 2 now back to playing the mmo ive been playing for the last 7 years thats never been hacket :)).

  • amber-ramber-r londonPosts: 323Member

    Problem really I think is they were rushed to push the game out before it was ready.  The basics of the game was ready but there is very little security in the game at all, pretty much anything is possible on here because there are very few server side checks that almost ever other mmo has.

     

    Given how active the botting and hacking community was on FFXI it made sense they went overboard with FFXIV v1 (almost every single action was server side), sad that instead of some kind of middle ground they they went so far the other way with ARR.  The server just blindly accepts whatever the client tells it and the client is always so easy to change that it should never be trusted on anything important.

     

    The low price of gil and the massive rmt selling presence makes a lot more sense now, also the massive amount of gil removed from the game (60 billion was it?) within weeks when it would of been impossible for that much gil to of been created legitimatly in such a small amount of time.

     

    [mod edit - please don't post links, details, pics, or videos with instructions on how to exploit]

  • TwoThreeFourTwoThreeFour Virginia, VAPosts: 2,131Member
    Originally posted by amber-r

    Problem really I think is they were rushed to push the game out before it was ready.  The basics of the game was ready but there is very little security in the game at all, pretty much anything is possible on here because there are very few server side checks that almost ever other mmo has.

     

    Given how active the botting and hacking community was on FFXI it made sense they went overboard with FFXIV v1 (almost every single action was server side), sad that instead of some kind of middle ground they they went so far the other way with ARR.  The server just blindly accepts whatever the client tells it and the client is always so easy to change that it should never be trusted on anything important.

     

    The low price of gil and the massive rmt selling presence makes a lot more sense now, also the massive amount of gil removed from the game (60 billion was it?) within weeks when it would of been impossible for that much gil to of been created legitimatly in such a small amount of time.

    [mod edit - please don't post links, details, pics, or videos with instructions on how to exploit]

    Changing numbers and images on your client is possible in every god damn game. The video you provided and screenshot you provided are no proof, simply because all that is editable in every game; what matters is if the server reckognizes those changes. 

     

    And no just because it looks like he bought the items inside the game, it doesnt mean that the game actually reckognizes them as valid trades. A simple test would have been to see him close the game , login from scratch in window mode and see if the money and items is still there (of course blurring names and login details).

     

    Furthermore, if there was a such true exploit, you would expect them to buyout all markets and expensive items in market, to show that they can and that SE fucked up; that hasn't happened.

     

    Of course, if the person providing the video wants to hack accounts or sell the "hack", they of course use the tools they can to fool potential buyers.

  • DoogiehowserDoogiehowser ParisPosts: 1,873Member
    Originally posted by Alamareth

    Seriously old news, most of us have known about this for weeks.  The concern trolling is unnecessary and gratuitous.

    Remember the whole 365 billion taken out of the economy?  This was part of that.

    Mtibbs and I even referenced these kind of exploits in the multitude of threads complaining about gil confiscations.  Threads that you (the OP) were involved in.

    Glad to see the air below the sand is so fresh.

    I didn't know about this. And i am glad OP posted it here.

    And who made you the forum police? 

    "The problem is that the hardcore folks always want the same thing: 'We want exactly what you gave us before, but it has to be completely different.'
    -Jesse Schell

    "Online gamers are the most ludicrously entitled beings since Caligula made his horse a senator, and at least the horse never said anything stupid."
    -Luke McKinney

    image

  • AoriAori Carbondale, ILPosts: 1,886Member Uncommon
    Originally posted by Doogiehowser
    Originally posted by Alamareth

    Seriously old news, most of us have known about this for weeks.  The concern trolling is unnecessary and gratuitous.

    Remember the whole 365 billion taken out of the economy?  This was part of that.

    Mtibbs and I even referenced these kind of exploits in the multitude of threads complaining about gil confiscations.  Threads that you (the OP) were involved in.

    Glad to see the air below the sand is so fresh.

    I didn't know about this. And i am glad OP posted it here.

    And who made you the forum police? 

    No one in my linkshells or FC have seen this yet either so I had no idea it was going on.

    Meh not like it was the first time this shit has happened in an MMO..

    WoW had the silent killer issue around this time last year, was funny until I died. I find that shit more frustrating as it affects me directly. Either way the people exploiting will get banned and lives will go on, it is just to easy to confirm someone used this type of exploit.

    So until someone can affect my character directly or gets my personal info straight from SE, it is what it is. Every game has bots, cheats and hacks that get banned only to use another account they got from some idiot who thinks hamburger is a safe password.

     

     

  • TorvalTorval Oregon CountryPosts: 7,193Member Uncommon
    Originally posted by Aori
    Originally posted by Doogiehowser
    Originally posted by Alamareth

    Seriously old news, most of us have known about this for weeks.  The concern trolling is unnecessary and gratuitous.

    Remember the whole 365 billion taken out of the economy?  This was part of that.

    Mtibbs and I even referenced these kind of exploits in the multitude of threads complaining about gil confiscations.  Threads that you (the OP) were involved in.

    Glad to see the air below the sand is so fresh.

    I didn't know about this. And i am glad OP posted it here.

    And who made you the forum police? 

    No one in my linkshells or FC have seen this yet either so I had no idea it was going on.

    Meh not like it was the first time this shit has happened in an MMO..

    WoW had the silent killer issue around this time last year, was funny until I died. I find that shit more frustrating as it affects me directly. Either way the people exploiting will get banned and lives will go on, it is just to easy to confirm someone used this type of exploit.

    So until someone can affect my character directly or gets my personal info straight from SE, it is what it is. Every game has bots, cheats and hacks that get banned only to use another account they got from some idiot who thinks hamburger is a safe password.

    Just so long as the people dismissing this problem remember that when other games release or have problems. Some people here have been really critical of other games like Neverwinter when they had problems.

    And to be fair, pretty the only way you can be totally secure in your passwords anymore is to use 2 factor authentication and a password manager than creates totally random complex strings. It doesn't matter if your password is "H@m13Urg3r" or "I @t3 at th3 t@st33 fRe3z3". Hacking algorithms are really powerful now. If you can remember a 16+ character acronym you might be in a better position, but other than that. It's all a false sense of security.

  • stayontargetstayontarget Tacoma, WAPosts: 6,068Member Uncommon
    Well when you have Gold spammers flooding chat on the first week of launch,  there's a dam good chance gold duping is going on.   I'm not surprised.

    Velika: City of Wheels: Among the mortal races, the humans were the only one that never built cities or great empires; a curse laid upon them by their creator, Gidd, forced them to wander as nomads for twenty centuries...

  • EvolvedMonkyEvolvedMonky Tulsa, OKPosts: 549Member
    Originally posted by Torvaldr
    Originally posted by Aori
    Originally posted by Doogiehowser
    Originally posted by Alamareth

    Seriously old news, most of us have known about this for weeks.  The concern trolling is unnecessary and gratuitous.

    Remember the whole 365 billion taken out of the economy?  This was part of that.

    Mtibbs and I even referenced these kind of exploits in the multitude of threads complaining about gil confiscations.  Threads that you (the OP) were involved in.

    Glad to see the air below the sand is so fresh.

    I didn't know about this. And i am glad OP posted it here.

    And who made you the forum police? 

    No one in my linkshells or FC have seen this yet either so I had no idea it was going on.

    Meh not like it was the first time this shit has happened in an MMO..

    WoW had the silent killer issue around this time last year, was funny until I died. I find that shit more frustrating as it affects me directly. Either way the people exploiting will get banned and lives will go on, it is just to easy to confirm someone used this type of exploit.

    So until someone can affect my character directly or gets my personal info straight from SE, it is what it is. Every game has bots, cheats and hacks that get banned only to use another account they got from some idiot who thinks hamburger is a safe password.

    Just so long as the people dismissing this problem remember that when other games release or have problems. Some people here have been really critical of other games like Neverwinter when they had problems.

    And to be fair, pretty the only way you can be totally secure in your passwords anymore is to use 2 factor authentication and a password manager than creates totally random complex strings. It doesn't matter if your password is "H@m13Urg3r" or "I @t3 at th3 t@st33 fRe3z3". Hacking algorithms are really powerful now. If you can remember a 16+ character acronym you might be in a better position, but other than that. It's all a false sense of security.

    Ah the password cracking myth .... Do you know how long it takes to crack a password based on possible sequences??? A very fn long time unless its some 4 digit pin.  One of my jobs, I have access to federal and state software used to crack cell phones and computers.... Ya your not going to sit and wait trying a password billions of times. Unless you have multiple NSA Computers fully dedicated to it, ya its not going to happen in a few hours more like days and weeks. And if your talking about the use of  1 number, 1 capital letter and 1 special character..... psshhhhh A month at least for a single  top of the line consumer grade computer.

    Now cracking passwords based on "password manager than creates totally random complex strings" Is much easier... cause theres no such thing as random to computers... most random is based on a math equation. If you know what X and Y in that equation is then the passwords are predictable.

    Anyways what im trying to say is. If your going to retrieve someones password its Easier and more logical to use the standard passwords the majority use, or phishing.  A third option I always use, if you have the software and the suspects hardware, find the stored encrypted key and just de-encrypt it....Cause everyone saves there passwords, I dont know why...... But for video games they got it from options 1 and 2.  

    image
  • AoriAori Carbondale, ILPosts: 1,886Member Uncommon
    Originally posted by Torvaldr
    Originally posted by Aori
    Originally posted by Doogiehowser
    Originally posted by Alamareth

    Seriously old news, most of us have known about this for weeks.  The concern trolling is unnecessary and gratuitous.

    Remember the whole 365 billion taken out of the economy?  This was part of that.

    Mtibbs and I even referenced these kind of exploits in the multitude of threads complaining about gil confiscations.  Threads that you (the OP) were involved in.

    Glad to see the air below the sand is so fresh.

    I didn't know about this. And i am glad OP posted it here.

    And who made you the forum police? 

    No one in my linkshells or FC have seen this yet either so I had no idea it was going on.

    Meh not like it was the first time this shit has happened in an MMO..

    WoW had the silent killer issue around this time last year, was funny until I died. I find that shit more frustrating as it affects me directly. Either way the people exploiting will get banned and lives will go on, it is just to easy to confirm someone used this type of exploit.

    So until someone can affect my character directly or gets my personal info straight from SE, it is what it is. Every game has bots, cheats and hacks that get banned only to use another account they got from some idiot who thinks hamburger is a safe password.

    Just so long as the people dismissing this problem remember that when other games release or have problems. Some people here have been really critical of other games like Neverwinter when they had problems.

    And to be fair, pretty the only way you can be totally secure in your passwords anymore is to use 2 factor authentication and a password manager than creates totally random complex strings. It doesn't matter if your password is "H@m13Urg3r" or "I @t3 at th3 t@st33 fRe3z3". Hacking algorithms are really powerful now. If you can remember a 16+ character acronym you might be in a better position, but other than that. It's all a false sense of security.

    So what you're telling me is that we should all change our passwords to hamburger? The issue is people use the same crap easy passwords across a range of accounts.

    Most complex passwords won't be cracked unless the cracker has the hash code. If that is the case then it is on the company at that point not the user. Unless of course they use the same freaking password on mmorpg.com that they use else where. 

  • RidelynnRidelynn Fresno, CAPosts: 4,172Member Uncommon


    Originally posted by Aori
    Unless of course they use the same freaking password on mmorpg.com that they use else where. 

    Wait - you mean I'm ~not~ supposed to have the same password?!?

    How the hell can I remember two passwords, 6 characters is hard enough as it is.

    Sh$t.

    Anyway, how did this get turned from S/E's unsecured database to a topic on password security. Yeah, it sucks people are abusing it, but if it's able to be abused people will do so. I saw a bit of the insta-leveling early on (like in the pre-release days), I thought it was legacy players logging on to be honest, but oh well, that is easily discoverable and that makes it easily bannable. I'm not terribly concerned about it yet. I don't play the marketplace too much, I make enough money to pay for my repairs and teleports as-is, so meh... I'm willing to see what happens to it.

    I do wonder if this morning's hotfix actually fixed this or not though.

  • AoriAori Carbondale, ILPosts: 1,886Member Uncommon
    Originally posted by Ridelynn

     


    Originally posted by Aori
    Unless of course they use the same freaking password on mmorpg.com that they use else where. 

     

    Wait - you mean I'm ~not~ supposed to have the same password?!?

    How the hell can I remember two passwords, 6 characters is hard enough as it is.

    Sh$t.

    Anyway, how did this get turned from S/E's unsecured database to a topic on password security. Yeah, it sucks people are abusing it, but if it's able to be abused people will do so. I saw a bit of the insta-leveling early on (like in the pre-release days), I thought it was legacy players logging on to be honest, but oh well, that is easily discoverable and that makes it easily bannable. I'm not terribly concerned about it yet. I don't play the marketplace too much, I make enough money to pay for my repairs and teleports as-is, so meh... I'm willing to see what happens to it.

    I do wonder if this morning's hotfix actually fixed this or not though.

    I may have mentioned that the cheaters will get banned only to do it again with stolen accounts with shitty passwords? @.@

  • Laughing-manLaughing-man Dublin, OHPosts: 3,415Member Uncommon
    Originally posted by LizardEgypt
    Have you considered that one of the reasons they delete these threads is not because they don't want people to know about it, but because you're now effectively telling anyone with database knowledge exactly where to start prodding to duplicate the exact same thing?

    Exactly this 100x's this.

    So if this is real, then you are making more and more people aware of it, and thereby use it.

    When SE, if they are deleting threads then they are CLEARLY aware of it.  Which by then you going around advertising this when they must not have a solution yet are just causing more and more people to exploit and ruin the game.

    GG OP.

    Thanks MMORPG.com

    /facepalm

  • Laughing-manLaughing-man Dublin, OHPosts: 3,415Member Uncommon
    Originally posted by stayontarget
    Well when you have Gold spammers flooding chat on the first week of launch,  there's a dam good chance gold duping is going on.   I'm not surprised.

    or compromised accounts?

    You know like every mmo?

  • TorvalTorval Oregon CountryPosts: 7,193Member Uncommon
    Originally posted by Ridelynn

    Originally posted by Aori
    Unless of course they use the same freaking password on mmorpg.com that they use else where. 

    Wait - you mean I'm ~not~ supposed to have the same password?!?

    How the hell can I remember two passwords, 6 characters is hard enough as it is.

    Sh$t.

    Anyway, how did this get turned from S/E's unsecured database to a topic on password security. Yeah, it sucks people are abusing it, but if it's able to be abused people will do so. I saw a bit of the insta-leveling early on (like in the pre-release days), I thought it was legacy players logging on to be honest, but oh well, that is easily discoverable and that makes it easily bannable. I'm not terribly concerned about it yet. I don't play the marketplace too much, I make enough money to pay for my repairs and teleports as-is, so meh... I'm willing to see what happens to it.

    I do wonder if this morning's hotfix actually fixed this or not though.

    I do a lot of database work (I migrate electronic medical record data between systems) and how easily trackable this is would depend on how their database is structured. The more you store and update the more costly it is in size, bandwidth, and performance. If they only keep a current value, for example, and not an incremental timeline, then it might be really hard, if not impossible to reliably track.

    You see a datapoint in the table and most likely, at best, the date of initial record and the date of last update. How are they going to know whether someone incremented that all overnight? In this scenario they could probably catch really stupid people who created a character and auto-leveled them overnight, but they aren't likely to catch someone who has an older character. If they did try and do this they would most likely get a lot of false positives, punishing innocent players along with the guilty.

    What would be worrisome to me is not that they can touch their own data, but a particularly savvy user might be able to touch the data of others. I suppose that also depends on how open and extensive the vulnerability is.

    The password security diversion came about because a previous poster inferred that this was because people use passwords like "hamburger" and not stronger ones. We're past the point where malicious users need the hash. If they can pull the encrypted password out of the database they can do an offline brute force decryption and figure it out. Here is one article discussing how what we have historically considered to be stronger passwords are now becoming very vulnerable: Ars Technica. There are still some password styles and methods that are much more inherently secure, but we're coming to a place where 2 factor authentication is going to be a must.

    @Aori - Of course someone shouldn't use "hamburger" because that just makes the job faster and easier. But, using more complex versions of the same word or even passphrases is no longer more inherently secure, just a little bit slower. When these sorts of vectors become common knowledge you can be assured they're already in full force use by those you don't want to use them, plus whatever else they've discovered that we don't know yet.

  • EvolvedMonkyEvolvedMonky Tulsa, OKPosts: 549Member
    Originally posted by Torvaldr
    Originally posted by Ridelynn

    Originally posted by Aori
    Unless of course they use the same freaking password on mmorpg.com that they use else where. 

    Wait - you mean I'm ~not~ supposed to have the same password?!?

    How the hell can I remember two passwords, 6 characters is hard enough as it is.

    Sh$t.

    Anyway, how did this get turned from S/E's unsecured database to a topic on password security. Yeah, it sucks people are abusing it, but if it's able to be abused people will do so. I saw a bit of the insta-leveling early on (like in the pre-release days), I thought it was legacy players logging on to be honest, but oh well, that is easily discoverable and that makes it easily bannable. I'm not terribly concerned about it yet. I don't play the marketplace too much, I make enough money to pay for my repairs and teleports as-is, so meh... I'm willing to see what happens to it.

    I do wonder if this morning's hotfix actually fixed this or not though.

    I do a lot of database work (I migrate electronic medical record data between systems) and how easily trackable this is would depend on how their database is structured. The more you store and update the more costly it is in size, bandwidth, and performance. If they only keep a current value, for example, and not an incremental timeline, then it might be really hard, if not impossible to reliably track.

    You see a datapoint in the table and most likely, at best, the date of initial record and the date of last update. How are they going to know whether someone incremented that all overnight? In this scenario they could probably catch really stupid people who created a character and auto-leveled them overnight, but they aren't likely to catch someone who has an older character. If they did try and do this they would most likely get a lot of false positives, punishing innocent players along with the guilty.

    What would be worrisome to me is not that they can touch their own data, but a particularly savvy user might be able to touch the data of others. I suppose that also depends on how open and extensive the vulnerability is.

    The password security diversion came about because a previous poster inferred that this was because people use passwords like "hamburger" and not stronger ones. We're past the point where malicious users need the hash. If they can pull the encrypted password out of the database they can do an offline brute force decryption and figure it out. Here is one article discussing how what we have historically considered to be stronger passwords are now becoming very vulnerable: Ars Technica. There are still some password styles and methods that are much more inherently secure, but we're coming to a place where 2 factor authentication is going to be a must.

    @Aori - Of course someone shouldn't use "hamburger" because that just makes the job faster and easier. But, using more complex versions of the same word or even passphrases is no longer more inherently secure, just a little bit slower. When these sorts of vectors become common knowledge you can be assured they're already in full force use by those you don't want to use them, plus whatever else they've discovered that we don't know yet.

    You think there pulling the passwords off of SE? While possible, very unlikely unless its an inside job. I mean im sure they contract there security to another firm. And I wouldnt risk jail time for a game... hell if you wanna go to all that just steal there CC info youll get more bang for the risk.

    image
2
Sign In or Register to comment.