Item Search
     
BG-Wiki Search
Page 5 of 16 FirstFirst ... 3 4 5 6 7 15 ... LastLast
Results 81 to 100 of 304
  1. #81
    Sea Torques
    Join Date
    Jun 2007
    Posts
    682
    BG Level
    5
    FFXI Server
    Odin

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Viena
    Quote Originally Posted by Zero Serenity
    If you don't patch you're just asking for trouble, so I'm not going to even bother helping those folks.
    Whose fault is it that a product isn't safe upon release?
    The people that try to look for exploits.

    Long answer: There's no way to know that a program is completely safe upon release. Microsoft, SE or any company do not have an infinite number of enviroments to test on, therefore there can always be a chance that something gets exploited. Besides, those companies are not a collaberation of all the worlds best and brightest (as in some work for other companies, some don't work at all). There is no such thing as a perfectly protected program. I can crash a program by overwriting a protected memory address. Exploits like this always exsist, it's just a matter of looking.

    Registry: 103MBs? Good hell. *Does his own* 124MBs. Yeah, I guess it is getting bigger. *Thinks* As for cleaning it, it's farily fast to look through it anyway. The odds of you doing very much to help by using a cleaner are not entirely effective, but this now has me thinking about it again. I will conduct some of my own research then.

  2. #82
    rav
    Guest

    Re: Recent Hackings and Steps to Insure Account Safety.

    Don't know if this is helpful or not but my AV program (Kaspersky) blocked a trojan (Trojan-Downloader.JS.Agent.akd) from what I assume was one of the ads on ffxi.somepage.com a few hours ago..

  3. #83
    Ridill
    Join Date
    May 2005
    Posts
    13,568
    BG Level
    9

    Re: Recent Hackings and Steps to Insure Account Safety.

    I'm pretty sure that login_w.bin is keyed to your computer hardware signature; when I switched my ethernet card earlier this year, all my POL passwords got cleared.

    If SE is smart (which may not be the case), they've encrypted the passwords using some kind of asymmetric-key encryption system, which means that it's all but impossible to reverse the encryption.

  4. #84
    New Odin
    Join Date
    Jul 2006
    Posts
    8,659
    BG Level
    8
    FFXIV Character
    Sparthia Abysseant
    FFXIV Server
    Excalibur
    FFXI Server
    Lakshmi

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Ryko
    For one: SE is escalating the issue between them and RMT because we asked them to. Don't sit there, bitch, and cry foul that after years of complaining about RMT having server balls in a vice grip of monopolization that they actually did something about it. The players begged for RMT bannings, they got them.

    Secondly: It doesn't have to be RMT stealing your account for what I said originally to be the case. It is not SE's fault someone with access to your girlfriend's account was on a website they shouldn't have been on and picked something up. SE warns your asses not to go to those third party sites left and right, how the fuck is it their fault when you don't listen?
    First of all, you are saying because we asked for RMT bannings that SE couldnt predict there would be repercussions upon the playerbase for cutting a group of people outta what is pretty much their career? I never once said i regret SE fucking up the RMT operations but the way SE does things causes a ton of collateral damage for something we SHOULDNT have had to beg for in the first fucking place. (Hey, isnt RMT against the ToS? Last time i read it it was.)

    I dont know why you think because the STF is banning a few RMT that they still dont have the servers balls in a vice grip? They will just get better and better now SE doesnt give a fuck if they steal accounts to reach their ends. Its no longer lvl55 drgs with no sub that couldnt touch you, it'll be a whole army of stolen accounts and your logic will tell you:

    'hey all those morons that couldnt firewall the fuck outta their computers or scan for keyloggers every 30minutes deserved it.'

    No ones saying that you shouldnt practice to keep your computer secure, because you should. But dont start peddlng that shit that you dont visit sites like a FF wiki, Somepage, Vana Atlas or FFAH. Even BG could be considered a 3rd party forum website, so by your logic we should all quit posting here hide in our rooms and pray that the RMT dont get us?

    Dont try to off everyone that got hacked as inept morons that deserved what they got because im sure you'd be here crying foul just like everyone else.

    SE should be protecting the playerbase, they know that RMT cant hurt them so they let us all suffer in the process.

    Even if you have the best security and the most complex password you can STILL get hacked and the fact SE cant use common sense is the worst crime of all. Im not asking SE to install virusscan software on my computer, im asking them to address the issue.... in this century.

  5. #85
    E. Body
    Join Date
    Mar 2006
    Posts
    2,333
    BG Level
    7

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by aurik
    I'm pretty sure that login_w.bin is keyed to your computer hardware signature; when I switched my ethernet card earlier this year, all my POL passwords got cleared.

    If SE is smart (which may not be the case), they've encrypted the passwords using some kind of asymmetric-key encryption system, which means that it's all but impossible to reverse the encryption.
    big assumption there. i've seen an enterprise level system where the database was stored in flat files that were accessible to the users of the system. worse yet, passwords were stored in a table on the system too, albeit hashed. too bad they used the same hash w/o a randomly generated key for each user. i could see which had the same password and as such, guess which accounts likely had weak passwords. don't assume a lot on their part. ^^

  6. #86
    23 years old
    Rating: total douchebag

    Join Date
    May 2005
    Posts
    8,371
    BG Level
    8

    Re: Recent Hackings and Steps to Insure Account Safety.

    First of all, you are saying because we asked for RMT bannings that SE couldnt predict there would be repercussions upon the playerbase for cutting a group of people outta what is pretty much their career? I never once said i regret SE fucking up the RMT operations but the way SE does things causes a ton of collateral damage for something we SHOULDNT have had to beg for in the first fucking place. (Hey, isnt RMT against the ToS? Last time i read it it was.)
    SE is responsible for SE's programs/system/etc. They handled their end, it's a safe bet that the problem isn't coming from a security weakness in SE's program (and for those who say they don't acknowledge when it is, you're wrong. They tell you when you want to change things and when enough people didn't listen and lost their shit they took it an extra step and flat out changed people's passes for them to prevent it from happening moreso).


    'hey all those morons that couldnt firewall the fuck outta their computers or scan for keyloggers every 30minutes deserved it.'
    Didn't say it, wouldn't say it. But the situation came about because of a fuckup on your girlfriend's end, not SE's.

    I'm all for a good SE roast (by all means complain about their willingness and ability to fix the issue after it happens) but a spade's a spade. SE can't control what you do when you're not playing their game. If someone does something stupid as shit beyond what they can control then yeah, it's your bag.

    But dont start peddlng that shit that you dont visit sites like a FF wiki, Somepage, Vana Atlas or FFAH
    Today was the first time I checked somepage in ages, I don't really give a crap about the wikis and I uh... check the auction house in-game. At most I check those sites every two months. I could check those sites every day and it still wouldn't matter, it's NOT SE's responsibility if you get something from those sites, they're not SE's websites.

  7. #87
    Ashira
    Guest

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Ryko
    Today was the first time I checked somepage in ages, I don't really give a crap about the wikis and I uh... check the auction house in-game. At most I check those sites every two months. I could check those sites every day and it still wouldn't matter, it's NOT SE's responsibility if you get something from those sites, they're not SE's websites.
    But it's targeting their audience, and a company should be interested in protecting its audience.

    Everything out there gets some sort of fan base going with information compilation websites popping up left and right on the internet these days. It's just good business practice for them to figure out who and what is targeting their audience.

  8. #88
    23 years old
    Rating: total douchebag

    Join Date
    May 2005
    Posts
    8,371
    BG Level
    8

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Ashira
    Quote Originally Posted by Ryko
    Today was the first time I checked somepage in ages, I don't really give a crap about the wikis and I uh... check the auction house in-game. At most I check those sites every two months. I could check those sites every day and it still wouldn't matter, it's NOT SE's responsibility if you get something from those sites, they're not SE's websites.
    But it's targeting their audience, and a company should be interested in protecting its audience.
    Which once again doesn't change that SE has no control over those websites and therefore can not be held responsible for shit that goes down on said sites. Sorry, no amount of sentiment changes the facts of the matter. SE can't police stuff they have no access to and, furthermore, don't even endorse (likely because doing so would put them at implied fault, as opposed to people who screwed up passing the buck to the wrong people). This is very much like a parent telling a full grown offspring of theirs to not go playing in traffic. I don't care how many cars you've dodged, at that point it's not their fault if you get hit by something going 40 mph. Hell, it's not their fault if you trip over a stalling moped.

  9. #89
    Nidhogg
    Join Date
    Apr 2007
    Posts
    3,895
    BG Level
    7

    Re: Recent Hackings and Steps to Insure Account Safety.

    While what you said is true, Ryko, I still do believe SE could have better security of some form. Regardless if I am safe from infections, better account security of some form Yes, please.

  10. #90
    RIDE ARMOR
    Join Date
    Oct 2007
    Posts
    9
    BG Level
    0

    Re: Recent Hackings and Steps to Insure Account Safety.

    Not that I blame them for any of this, but SE could help by giving us official forums & libraries. I don't expect a kid to stay out of the street if they've got no yard to play in.

  11. #91
    Sea Torques
    Join Date
    Jan 2006
    Posts
    530
    BG Level
    5
    FFXI Server
    Asura

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Zero Serenity
    Long answer: There's no way to know that a program is completely safe upon release. Microsoft, SE or any company do not have an infinite number of enviroments to test on, therefore there can always be a chance that something gets exploited.
    That's why I don't follow the Firefox bandwagon .

    Most of the issues seem to come from malicious advertisements/scripts. I personally use ie7pro, I haven't seen an ad or pop up in months unless I intentionally unblocked one. If you stream audio, download random torrents or use AIM you're just as open to attack as if you use IE/Netscape w/o proper add-ons. Firefox is simply Netscape with a built in ad-blocker. It's complete preference as to which browser you're more comfortable using, as long as you're smart with it.

  12. #92
    Relic Weapons
    Join Date
    Apr 2007
    Posts
    348
    BG Level
    4
    FFXI Server
    Ragnarok

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by aurik
    I'm pretty sure that login_w.bin is keyed to your computer hardware signature; when I switched my ethernet card earlier this year, all my POL passwords got cleared.

    If SE is smart (which may not be the case), they've encrypted the passwords using some kind of asymmetric-key encryption system, which means that it's all but impossible to reverse the encryption.
    Steam has this, clientregistry.blob is by-system encryption, not sure by what, but copypasta from one computer to another doesnt work

  13. #93
    New Odin
    Join Date
    Jul 2006
    Posts
    8,659
    BG Level
    8
    FFXIV Character
    Sparthia Abysseant
    FFXIV Server
    Excalibur
    FFXI Server
    Lakshmi

    Re: Recent Hackings and Steps to Insure Account Safety.

    What's SE's fight with RMTs have to do with responsibility for hackings? Even if it were the very RMT they're fighting that's hacking us? You should be glad SE is trying so hard to remove them.

    I bet you're the kind of person who thinks 911 wasn't the terrorists' fault, but our own because of our foreign policy.
    And i bet your the kinda person that think RMT dont attempt to adapt after getting banned.

    STF starts banning people, naturally the RMT will reach a point they will not start from scratch anymore so they jack people or buy accounts, which would you do?

    Dont mention 9-11 please, i was one of the unfortunate people that had to be there, my opinions on that are my own. No ones suggesting some stupidshit conspiracy theory but when you and others start saying stuff for fact without any - your speculating as much as i am.

  14. #94
    Ive sucked 27 dicks, in a row.
    Join Date
    Apr 2006
    Posts
    1,569
    BG Level
    6

    Re: Recent Hackings and Steps to Insure Account Safety.

    Oy...

    First, as several people have mentioned, it's not any harder to hook clipboard change notifications than it is to hook keypresses, and you can safely assume that keylogger authors have known about copy/pasting passwords for years. It offers no additional protection, and leaves your passwords sitting around in plaintext, which is security-through-obscurity at best.

    Second, no matter how you input it, the password ends up in memory for at least a short period of time before POL hashes it and performs the login process. If the keylogger in question was written specifically to target POL (which seems possible, given the target audience), there's not really anything you can do to prevent it from grabbing the password out of memory during that vulnerable period. How long the vulnerable period is depends on how POL is written, and it's entirely possible that your password may be stored in plain text in memory for the entire duration of POL.exe's execution. I can't say I've looked myself, but I'd imagine that certain people here could tell you whether that's the case or not.

    Third, given the previous two points, using a stored POL password is the "safest" (not safe, just "safest") method of logging in. The passwords are stored hashed, and breaking them is (hopefully) more complex than simple keylogging. Again, there's some risk here, because we don't know what hash algorithm SE used, or if they implemented it safely, or if a pass-the-hash attack is possible provided that the attacker can get your stored password hashes. A major issue here is that POL can be forced to forget passwords via several mechanisms, including the hardware change that many of us have experienced, as well as simply deleting the stored password file. Should this happen, it's completely impossible to log into FFXI without your password entering memory somehow, which leaves you at a stalemate at best.

    Bottom line, if there's malicious code running on your system when you log in, there isn't anything you can do that will totally prevent access to your password and account. This isn't meant to scare people, but you shouldn't have a false sense of security because you think some trick will keep your passwords safe even if you're keylogged. If you're infected, you're fucked, and nothing you do is safe until you're completely and totally clean.

  15. #95
    Hydra
    Join Date
    Jul 2006
    Posts
    132
    BG Level
    3
    FFXI Server
    Asura

    Re: Recent Hackings and Steps to Insure Account Safety.

    Been said by many and I'll repeat it again. What we should be allowed would be to be able to use our FFXI registration key as proof of ownership, in case something like this happen. And some panic button to block account access with said master code would be useful, until you had the chance to talk to customer support people to unblock it.

    That they demand a credit card, in which they had no involvement in issuing it. for the latest accounts, the payment has been made, and as far as I remember, they only even validade the card at billing time, I'm pretty sure you can put just about anything there, but correct me if I'm wrong.

  16. #96
    Ridill
    Join Date
    Oct 2005
    Posts
    10,210
    BG Level
    9
    FFXI Server
    Asura

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by ronin sparthos
    What's SE's fight with RMTs have to do with responsibility for hackings? Even if it were the very RMT they're fighting that's hacking us? You should be glad SE is trying so hard to remove them.

    I bet you're the kind of person who thinks 911 wasn't the terrorists' fault, but our own because of our foreign policy.
    And i bet your the kinda person that think RMT dont attempt to adapt after getting banned.

    STF starts banning people, naturally the RMT will reach a point they will not start from scratch anymore so they jack people or buy accounts, which would you do?

    Dont mention 9-11 please, i was one of the unfortunate people that had to be there, my opinions on that are my own. No ones suggesting some stupidshit conspiracy theory but when you and others start saying stuff for fact without any - your speculating as much as i am.
    I guess the point is, no matter what reasons the terrorists/hackers/soup nazis have for bombing/hacking/not serving soup, it's always their fault, not the victims. It would be wrong to blame the victims for being bombed/hacked/soupless simply because the terrorist/hacker/soup nazi says "We wouldn't have done it if it weren't for your policies/attempts to remove us/insolence".

    Saying it's SE's fault that people are getting hacked because they're forcing the RMTs to resort to hacking to stay afloat is just... wrong.

    EDIT: :ashira:

  17. #97
    Smells like Onions
    Join Date
    Oct 2006
    Posts
    8
    BG Level
    0

    Re: Recent Hackings and Steps to Insure Account Safety.

    If people are still wondering as to a possible source of these keyloggers I came across a couple links on somepage.com. Somebody posted some very suspicious links in the comments area of items.

    http://ffxi.somepage.com/itemdb/2923

    http://ffxi.somepage.com/itemdb/8522

    http://ffxi.somepage.com/itemdb/3890

    The fact they arent clickable links is pretty lol. I guess stupid people will try anything.

    And yah I think it goes without saying dont copy and paste those links or you will probably get a keylogger.

  18. #98
    Ashira
    Guest

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by Khamsin
    I guess the point is, no matter what reasons the terrorists/hackers/soup nazis have for bombing/hacking/not serving soup, it's always they're fault, not the victims. It would be wrong to blame the victims for being bombed/hacked/soupless simply because the terrorist/hacker/soup nazi says "We wouldn't have done it if it weren't for your policies/attempts to remove us/insolence".

    Saying it's SE's fault that people are getting hacked because they're forcing the RMTs to resort to hacking to stay afloat is just... wrong.
    :ashira: says: "their"

    And what's worse, it was your bolded word in that statement.

    And I'm not faulting SE, I meant more that the argument of "well you shouldn't be using wikis/information websites" etc in the first place is just plain stupid. EVERYTHING ends up with compilation/fan sites... if someone started accessing bank account information of all the people that visited a particular network of "Chuck" websites, I'm sure NBC would at least issue warnings. In this case though, NBC isn't liable for anything lost from the bank accounts, of course.

    But banks send out emails saying "The email you got about your debit card is a hoax." or some such. In the case of the bank and in the case of SE, they actually control the service the customers use and is the common denominator and can hopefully do something further on their end to either protect their customers to a further extent, or help them find what happened by tracking account activity, or help them recover what was lost. The bank wasn't responsible for the hoax emails going out -- and SE isn't responsible for the websites we visit -- but they still would improve security hopefully to prevent things in the future.

  19. #99
    Ashira
    Guest

    Re: Recent Hackings and Steps to Insure Account Safety.

    Quote Originally Posted by NozE8
    If people are still wondering as to a possible source of these keyloggers I came across a couple links on somepage.com. Somebody posted some very suspicious links in the comments area of items.

    http://ffxi.somepage.com/itemdb/2923

    http://ffxi.somepage.com/itemdb/8522

    http://ffxi.somepage.com/itemdb/3890

    The fact they arent clickable links is pretty lol. I guess stupid people will try anything.

    And yah I think it goes without saying dont copy and paste those links or you will probably get a keylogger.

    What oddly chosen items to place those on though...

  20. #100
    Nidhogg
    Join Date
    Apr 2007
    Posts
    3,895
    BG Level
    7

    Re: Recent Hackings and Steps to Insure Account Safety.

    I'm not clicking.

    Which items? lol.

Page 5 of 16 FirstFirst ... 3 4 5 6 7 15 ... LastLast

Similar Threads

  1. Additions and Adjustments to Chocobo Raising (25/09/2006)
    By spooky in forum FFXI: Everything
    Replies: 64
    Last Post: 2006-09-27, 10:43
  2. Mijin Gakure damage and how to boost it
    By Benadar in forum FFXI: Everything
    Replies: 63
    Last Post: 2006-08-04, 22:52
  3. Hacking FFXI registry to up the back buffer
    By Russta in forum FFXI: Everything
    Replies: 28
    Last Post: 2006-03-24, 10:35
  4. I think the FFXI dev team gave up and left to play WoW
    By Razz in forum FFXI: Everything
    Replies: 10
    Last Post: 2005-04-24, 15:58