"
Adolan wrote:
"
Rannasha wrote:
"
Adolan wrote:
there was talk on krips stream that someone had found a vulnerability in the GGG forums.
It appears they were right..
There "was talk" about all kinds of weird exploits to take over accounts in the period just after D3 launched and a ton of accounts were stolen. They all ended up being just rumours without basis in fact. It's surprisingly easy to get a rumour about some exploit started and growing. In D3 there was a period that tons of people didn't join public games because that's was allegedly how the attackers would steal your account.
Krip was chatting to his IT guy 'james' hes the guy that helps krip with his DOSing attacks. James said he found something in the webiste code and that he was messaging chris about it...go watch the VOD from yesterday, it was about 30min for the end of his stream. - hardly a rumour
Let me translate the talk, he implied that Kripp's Wii could get compromised, which he hadn't thought about, then they talked about linking images from a malicious website to get Kripp's IP address, then they agreed Kripp could use a proxy to hide his true IP while browsing.
Obvious things. They're bothering the devs with a "serious vulnerability" which is prevalent across the entire world wide web.
So, to be extra careful, GGG will probably set up trusted image hosts and not allow direct images from everywhere. And they're adding an exit page to stop the phishing as well as protecting anyone who might get a DoS from their IP being exposed.
Last edited by ionface#0613 on Feb 21, 2013, 6:40:37 PM
|
Posted byionface#0613on Feb 21, 2013, 6:39:21 PMAlpha Member
|
"
Lask001 wrote:
"
tritonxiv wrote:
What's the point of playing an item-based game if at any time you could lose all your items with no recourse to get them back? Seems kind of silly to me.
What's the point of playing an item based game if you can just dupe everything easily? Seems kind of silly to me.
is it possible to check account manipulations to see what I for example was trading for ?
also i have to say that i still don't really know how I was hacked , cause there was nothing I do wrong.
IGN: @NARAIONE
|
Posted byunloder1#7886on Feb 21, 2013, 6:56:49 PM
|
"
sirspikey wrote:
"
Kilvoctu wrote:
Clearly not as safe as it has to be.
And if you don't have time to continually be proactive in your computer security, then what can we really say when something goes wrong... Leave the title of "safe and secure" to people with common sense who, in addition, actually are obsessive enough to always monitor their computer processes and network activity, among other factors. The best you can claim is "unlikely to be compromised" with such a lackadaisical approach to security. You may as well move into a bunker if you want security while expending little effort on it.
People think they can run a virus+malware scan once a day with a firewall implemented and that's all the action it takes to be safe and secure. Technology can only do so much to prevent human idiocy. It's another example of people relying too much on technology to do/automate everything for them. Fools.
Common sense you say... So what are your common sense telling you is a adequate time to spend on your computers security a day? Do you think 90% of the peoples on the internet or playing games are obsessive with their security? -Hardly.
Most people have the common sense NOT to be obsessive with their computer, sp what are you gonna tell them? -They are fools, idiots, that it's their own fault? Yes if you are that self centered you will.
No, it is not their own fault, no they are not fools, they have other things to do like working with their reports to Science or Nature.
So yes my computer is as safe at is has to be.
But just out of interest, what exactly do you do to prevent things like this happening to your computer? What have you done that prevented this chines-guy to take over your account?
I agree with this.
You dont have to be a retard to get hacked, we all have dealt with malware at some point.
Yet alot of those who got lucky to not get hacked look down on the hacked ones.
And if GGG restores an account that was comprimised due to a support member getting scammed, while our accounts stay damaged, I'm feeling like they are blaming us for not beeing experts/obsessed and letting us eat the pain.
|
Posted bydamajer#5719on Feb 21, 2013, 7:10:24 PM
|
"
unloder1 wrote:
"
Lask001 wrote:
"
tritonxiv wrote:
What's the point of playing an item-based game if at any time you could lose all your items with no recourse to get them back? Seems kind of silly to me.
What's the point of playing an item based game if you can just dupe everything easily? Seems kind of silly to me.
is it possible to check account manipulations to see what I for example was trading for ?
also i have to say that i still don't really know how I was hacked , cause there was nothing I do wrong.
They have 17 employees last I check. They don't have the time or man power.
It's not good luck we didn't get hacked, it was a mistake on your part that got you hacked. Unless you want to say it's luck we didn't make a small mistake.
|
Posted byLask001#4507on Feb 21, 2013, 7:30:15 PM
|
"
unloder1 wrote:
"
Lask001 wrote:
"
tritonxiv wrote:
What's the point of playing an item-based game if at any time you could lose all your items with no recourse to get them back? Seems kind of silly to me.
What's the point of playing an item based game if you can just dupe everything easily? Seems kind of silly to me.
is it possible to check account manipulations to see what I for example was trading for ?
also i have to say that i still don't really know how I was hacked , cause there was nothing I do wrong.
They have 17 employees last I check. They don't have the time or man power.
It's not good luck we didn't get hacked, it was a mistake on your part that got you hacked. Unless you want to say it's luck we didn't make a small mistake.
|
Posted byLask001#4507on Feb 21, 2013, 7:30:15 PM
|
"
Lask001 wrote:
It's not good luck we didn't get hacked, it was a mistake on your part that got you hacked. Unless you want to say it's luck we didn't make a small mistake.
and what mistake would that be?
|
Posted bysirspikey#3353on Feb 21, 2013, 9:07:14 PM
|
|
Why is Lask still being allowed to troll these threads? Where are the moderators on this?
|
|
|
Just got hacked today, I have done nothing as far as I know other than add a level 1 character to my friends list that never talked back. I assume he was checking to see when I am logged off so he could jump on my account last night and take all my valuables. The only possibility that seems plausible is that someone linked a build on the witch/marauder forums which I clicked - but going through them all now and they all seem to be official. I sincerely hope it is our error and not a leak on GGG's side.
Last edited by Palyu#7596 on Feb 21, 2013, 10:50:32 PM
|
Posted byPalyu#7596on Feb 21, 2013, 10:50:14 PM
|
"
Palyu wrote:
The only possibility that seems plausible is that someone linked a build on the witch/marauder forums which I clicked - but going through them all now and they all seem to be official.
Please point out to me by PM exactly which posts/links you clicked.
The behaviour we've seen recently is that these people edit their phishing links to actual genuine build links a little while after they're up, and they've already caught some people, to cover their tracks if anyone goes looking back.
EDIT: Thanks Palyu for linking me to those threads. I don't personally have time to check all the pages of them in detail, I'm afraid, but form looking at the first couple, and last couple of pages of each, I didn't find any edited bad links on those ones.
Please do be aware that people are doing this - we've banned multiple accounts, but they'll come back as long as even a few people fall for it, and they can be hard to find, especially when they cover their tracks by editing their links to real ones afterwards. I'm not a part of the support team and don't usually deal with this stuff myself, so I've only banned one myself, but that phishing site was so much like ours that if I hadn't known I was looking for it because it was reported as fishy, and had been perhaps a little tired or inattentive, it might have fooled me.
If clicking a link on the forums, check that the url it's taking you to is actually what the link is labelled as, and don't 'log in' to see a passive skill tree or anything of the sort that you've found from a link. It only takes a moment's inattention to be caught.
Last edited by Mark_GGG#0000 on Feb 21, 2013, 11:26:39 PM
|
Posted byMark_GGGon Feb 21, 2013, 10:54:10 PMGrinding Gear Games
|
"
Palyu wrote:
Just got hacked today, I have done nothing as far as I know other than add a level 1 character to my friends list that never talked back. I assume he was checking to see when I am logged off so he could jump on my account last night and take all my valuables. The only possibility that seems plausible is that someone linked a build on the witch/marauder forums which I clicked - but going through them all now and they all seem to be official. I sincerely hope it is our error and not a leak on GGG's side.
Thinking of what you did recently is futile, the overwhelming majority of account compromises are not immediate; they are from information that has been compromised days, weeks, even months prior.
|
Posted byjordonus#5838on Feb 21, 2013, 11:17:59 PM
|
