Oh crap I totally forgot about him
Oh crap I totally forgot about him
I started playing years later, but there was a thread on BG not that long ago (summer) talking about good 'ol FFXI drama.
There's talk in there about Taj locking people's relics (or whatever equipment you happened to wear in your slots) in bazaar and GMs not being able to revert it for awhile and him DCing everyone in the zone (hello Aery & Dominion) and then DCing a GM when he didn't beleive he could do that.
As for FFXIV, I'm starting to worry about my RL security at this point. I can roughly imagine how this hack was done (player ID loading into your memory for anyone interested to scan and then said ID used to sign commands to server), but what worries me, is what credentials about me (player ID? IP?) do they load into other people's memory and what can be done with it. SE has my credit card details and now is the time to ask how safe they are.
It's not even close to this.
That being said, the way it (was) happening is retarded, and is along the same lines as the levequest bug and "hey server, give me X" bug. There's basically weak/no verification on a ton of shit that is sent to the server, which allows things like this to happen.
You would think with all this lack of verification, the servers would be running better than they are instead of having someone die 3 seconds after a benediction/invincible goes off.
FFXIV: the game that keeps on giving. Just not in the way you'd expect it to.
There was like 5000 accounts in XI that got hijacked because of a major security failure from SE part, with their CC billed for world transfer and completely empty on gil but fishing exploits are seriouz business.
FFXI had its own crap. People locking relics and changing prices in people's bazaars.
Npcs buying back at higher prices.
Yes ffxi had done bad shit just like this.
People seem to forget that FF11 servers got DDOS'd way back that made it annoying to do anything. A game client that was capable of being DDOs'd to the point that it effected players. Granted in 2005 or 06 when it happened I don't think many other MMOs had to make countermeasures for that issue(not sure any MMOs were DDOS'd back then but I dont remember WoW Beta/Launch and im not sure if it effected other MMOs from that time like Runescape/Everquest/Helbreath/etc)
Why in the world are people comparing this to XI? This is far worse than things in XI, and the second huge exploit in a row in a relatively short amount of time (no idea if they even fixed the first one.) The games are both years apart, its like people are saying "hey ffxi had it too so its not that bad."
God this game sucks major dick, Lol. Security issues out the wazoo. This is why SE is garbage :<
What? In FFXI there was the following:
- Changing peoples bazaar prices
- Glitching peoples relic weapons to make them temporarily unusable
- POL Account passwords generated deterministically, 5k+ accounts stolen overnight due to this
- POS hacks insanely prevalent
- Pull bots insanely prevalent
- Could generate near-infinite gil with shell exploit on Jeuno vendor. This + fish bots ruined the economy for over a year
Japanese devs in general suck at modern tech, this isn't new and it isn't surprising in the least.
The Taj thing was an extremely isolated situation, he also didn't target people at random afaik. Not to say that wasn't a horrible flaw in security. Still not nearly on the level of the 14 shit. I wasn't talking about fish bots(though those have indeed had the biggest impact besides the tavnazian safehold gil dupe glitch). I was talking about being able to turn the fish you were catching into any item in the game.
Could you go into more detail on the 5000 accounts being compromised thing? I never remember anything on that kind of level. Sure, that's pretty damn bad if that was accurate. I was under the impression that account hackings were all keyloggers doings, besides the friendlist plus thing.
Taj targetted everyone who played xi that was 'stupid'. Using playonline+, since it didn't lock you out for too many failures, he brute forced every combination of pol ID with a pw that matched the last 4 numbers of the POL ID, which is what SE reset your password to when you requested it. SE tells you to change your password immediately, but plenty of people didn't.
Basically, if the player had actually changed their password after a reset then you wouldn't have gotten hit by him. Pretty sure that's all right, but someone feel free to correct me if any of it isn't.
Lets all not forget about being able to crash a zone in xi.
Xi again had just as bad shit, just because it was not as rampant does not mean it was not worse.
There is a ton of more players so Ya more people will see an effect due to their fuck ups
I don't remember this. Are you talking about being able to crash a client by sending a certain "character" into the chat log?
Out of all the things mentioned so far, only the "being able to change bazaar prices" seems as bad. Everything else was chump change. And this isn't even getting into the being able to turn any item into another item bullshit and other bullshit.