Exploit nonsense

[Corrderio]

Oh crap I totally forgot about him

[Kelenae]

People complaining about the exploits in XIV obviously never played any mmo ever.

ftfm

[Zirael]

On phone, so not dealing with multi quotes, but people seem to think there was no incident in 11 where legit players were directly affected ( think even someone said that). Again, the 14 stuff is worse imo, but can't ignore the stolen account shit. But ya I actually don't remember how he was able to do it.

I started playing years later, but there was a thread on BG not that long ago (summer) talking about good 'ol FFXI drama.
There's talk in there about Taj locking people's relics (or whatever equipment you happened to wear in your slots) in bazaar and GMs not being able to revert it for awhile and him DCing everyone in the zone (hello Aery & Dominion) and then DCing a GM when he didn't beleive he could do that.

As for FFXIV, I'm starting to worry about my RL security at this point. I can roughly imagine how this hack was done (player ID loading into your memory for anyone interested to scan and then said ID used to sign commands to server), but what worries me, is what credentials about me (player ID? IP?) do they load into other people's memory and what can be done with it. SE has my credit card details and now is the time to ask how safe they are.

[Izzy]

As for FFXIV, I'm starting to worry about my RL security at this point. I can roughly imagine how this hack was done (player ID loading into your memory for anyone interested to scan and then said ID used to sign commands to server), but what worries me, is what credentials about me (player ID? IP?) do they load into other people's memory and what can be done with it. SE has my credit card details and now is the time to ask how safe they are.

It's not even close to this.

That being said, the way it (was) happening is retarded, and is along the same lines as the levequest bug and "hey server, give me X" bug. There's basically weak/no verification on a ton of shit that is sent to the server, which allows things like this to happen.

You would think with all this lack of verification, the servers would be running better than they are instead of having someone die 3 seconds after a benediction/invincible goes off.

[Ezek]

FFXIV: the game that keeps on giving. Just not in the way you'd expect it to.

[Ragns]

There was like 5000 accounts in XI that got hijacked because of a major security failure from SE part, with their CC billed for world transfer and completely empty on gil but fishing exploits are seriouz business.

[Viar]

This had to have been a gold mine for RMT against people who buy gil, lol. Person buys like 5M gil, RMT come back next day and force them to buy an item for 5M.

RMT: "Oh hey, I heard you spent that 5M already, would you like to buy 5M more?" *evil grin*

That's what RMTs been doing since forever. You know, hacked accounts and steal gil, sell gil to someone else, then hack more accounts for more gil to sell.

[Kaisha]

This is the first time I've seen in any SE MMO that another player could directly effect other players in a negative way. One could never steal gil/gear from someone's inventory in XI. This is bad.

No, but you were able to lock their ra/ex gear into their bazaar at one point in time.


Wasn't the XI account jacking done through their FriendList+ service not having the 3-tries-and-you're-out lock on wrong passwords?

[dejet]

FFXI had its own crap. People locking relics and changing prices in people's bazaars.

Npcs buying back at higher prices.

Yes ffxi had done bad shit just like this.

[Cleverness]

FFXI had its own crap. People locking relics and changing prices in people's bazaars.

Npcs buying back at higher prices.

Yes ffxi had done bad shit just like this.

People seem to forget that FF11 servers got DDOS'd way back that made it annoying to do anything. A game client that was capable of being DDOs'd to the point that it effected players. Granted in 2005 or 06 when it happened I don't think many other MMOs had to make countermeasures for that issue(not sure any MMOs were DDOS'd back then but I dont remember WoW Beta/Launch and im not sure if it effected other MMOs from that time like Runescape/Everquest/Helbreath/etc)

[Draylo]

Why in the world are people comparing this to XI? This is far worse than things in XI, and the second huge exploit in a row in a relatively short amount of time (no idea if they even fixed the first one.) The games are both years apart, its like people are saying "hey ffxi had it too so its not that bad."

[Akiyama]

God this game sucks major dick, Lol. Security issues out the wazoo. This is why SE is garbage :<

[MisterBob]

Why in the world are people comparing this to XI? This is far worse than things in XI, and the second huge exploit in a row in a relatively short amount of time (no idea if they even fixed the first one.) The games are both years apart, its like people are saying "hey ffxi had it too so its not that bad."

What? In FFXI there was the following:

- Changing peoples bazaar prices
- Glitching peoples relic weapons to make them temporarily unusable
- POL Account passwords generated deterministically, 5k+ accounts stolen overnight due to this
- POS hacks insanely prevalent
- Pull bots insanely prevalent
- Could generate near-infinite gil with shell exploit on Jeuno vendor. This + fish bots ruined the economy for over a year

Japanese devs in general suck at modern tech, this isn't new and it isn't surprising in the least.

[Korialstrasz]

What? In FFXI there was the following:

- Changing peoples bazaar prices
- Glitching peoples relic weapons to make them temporarily unusable
- POL Account passwords generated deterministically, 5k+ accounts stolen overnight due to this
- POS hacks insanely prevalent
- Pull bots insanely prevalent
- Could generate near-infinite gil with shell exploit on Jeuno vendor. This + fish bots ruined the economy for over a year

Japanese devs in general suck at modern tech, this isn't new and it isn't surprising in the least.

Despite all of those things (save for maybe the bazaar + account hack), I'd say being able to siphon all of the gil off of anyone who happens to wander past a market board is some of the worst fuckupery I've ever seen.

[Darkmagi]

The Taj thing was an extremely isolated situation, he also didn't target people at random afaik. Not to say that wasn't a horrible flaw in security. Still not nearly on the level of the 14 shit. I wasn't talking about fish bots(though those have indeed had the biggest impact besides the tavnazian safehold gil dupe glitch). I was talking about being able to turn the fish you were catching into any item in the game.

Could you go into more detail on the 5000 accounts being compromised thing? I never remember anything on that kind of level. Sure, that's pretty damn bad if that was accurate. I was under the impression that account hackings were all keyloggers doings, besides the friendlist plus thing.

[Deadgye]

Taj targetted everyone who played xi that was 'stupid'. Using playonline+, since it didn't lock you out for too many failures, he brute forced every combination of pol ID with a pw that matched the last 4 numbers of the POL ID, which is what SE reset your password to when you requested it. SE tells you to change your password immediately, but plenty of people didn't.

Basically, if the player had actually changed their password after a reset then you wouldn't have gotten hit by him. Pretty sure that's all right, but someone feel free to correct me if any of it isn't.

[dejet]

Lets all not forget about being able to crash a zone in xi.

Xi again had just as bad shit, just because it was not as rampant does not mean it was not worse.

There is a ton of more players so Ya more people will see an effect due to their fuck ups

[Deadgye]

Lets all not forget about being able to crash a zone in xi.

Xi again had just as bad shit, just because it was nut as rampant does not mean it was not worse.

I don't remember this. Are you talking about being able to crash a client by sending a certain "character" into the chat log?

Out of all the things mentioned so far, only the "being able to change bazaar prices" seems as bad. Everything else was chump change. And this isn't even getting into the being able to turn any item into another item bullshit and other bullshit.

[Edelweiss]

What?

Your mistake was even responding to Draylo in the first place.

[dejet]

I don't remember this. Are you talking about being able to crash a client by sending a certain "character" into the chat log?

Out of all the things mentioned so far, only the "being able to change bazaar prices" seems as bad. Everything else was chump change. And this isn't even getting into the being able to turn any item into another item bullshit and other bullshit.

i want to say it was him again...but forget who. There was a video of someone crashing DA and other zones. Forget how it was done. but i think it was fixed fast.