Register for your free account! | Forgot your password?

Go Back   elitepvpers > General Gaming > General Gaming Discussion
You last visited: Today at 03:58

  • Please register to post and access all features, it's quick, easy and FREE!

 

This looks like fun (RoM password security)

Closed Thread
 
Old   #1
 
elite*gold: 0
Join Date: Jun 2009
Posts: 203
Received Thanks: 21
This looks like fun (RoM password security)

Seems like a bunch of people are raging now on both EU and US forums after this video was made about unencrypted passwords. Looks like fun to me lol

EU thread:
Video:

I so do love how secure Runes of Magic is.



rawrgodzilla is offline  
Old   #2
 
elite*gold: 24
Join Date: Apr 2010
Posts: 36,075
Received Thanks: 6,344
A way to hack users?


Drewfire-old is offline  
Old   #3
 
elite*gold: 81
Join Date: Jul 2005
Posts: 1,927
Received Thanks: 2,239
Quote:
Originally Posted by Drewfire View Post
A way to hack users?
No, it's the issue about the client sending the server the login in plaintext. Basically this means, even if the server calculates a hash serverside before comparing it to the database, a person who has access to this kind of interface could log the incomming authentication packets.

However, it's no indication or evidence that frogster breaks any law of saving private information. It simply means that the Client is running on a non certificated or encrypted stream, which alot of things do. And like many things it could be abused by someone bad working for them that has access to the server.
Atheuz is offline  
Thanks
1 User
Old   #4
 
elite*gold: 1
Join Date: Jul 2008
Posts: 419
Received Thanks: 89
thats not really interesting, because every game uses this way, so if someone hacks your account, he has to hack your pc, or th server.
What you need is a computercode trojan or an, trojaner which is always activate.

edit says: computercode = programmcode


ivits is offline  
Old   #5
 
elite*gold: 0
Join Date: Dec 2007
Posts: 501
Received Thanks: 61
Quote:
Originally Posted by ivits View Post
thats not really interesting, because every game uses this way, so if someone hacks your account, he has to hack your pc, or th server.
What you need is a computercode trojan or an, trojaner which is always activate.
/sign


A hacker needs to be in the middle. Something like this:

Server <-----> Trojan Horse (maybe) <-----> Your PC


p.s. Trojan is on your pc ^^
Fir3andIc3 is offline  
Old   #6
 
elite*gold: 24
Join Date: Apr 2010
Posts: 36,075
Received Thanks: 6,344
Quote:
Originally Posted by Fir3andIc3 View Post
/sign


A hacker needs to be in the middle. Something like this:

Server <-----> Trojan Horse (maybe) <-----> Your PC


p.s. Trojan is on your pc ^^
It's unnecessary
Drewfire-old is offline  
Old   #7
 
elite*gold: 6
Join Date: Dec 2007
Posts: 255
Received Thanks: 205
Quote:
Originally Posted by Drewfire View Post
It's unnecessary
No it's not! Your username and your password from your pc will be send unencrypted straight to the loginserver if you press the login button. Skillful hackerz have to use packet sniffing tools or something like (keylogger) trojans or other security vulnerabilities to steal your account data.

Quote:
thats not really interesting, because every game uses this way
someone posted somewhere that in other mmo games they use an encryption, while sending personal access data.
Digital Shadow is offline  
Old   #8
 
elite*gold: 24
Join Date: Apr 2010
Posts: 36,075
Received Thanks: 6,344
It's unnecesarry to use it, if a hack came on your pc.
Drewfire-old is offline  
Old   #9
 
elite*gold: 0
Join Date: Feb 2010
Posts: 761
Received Thanks: 204
yeah but you can hack the pw if its unencrypted without having a keylogger on your pc

and its easier to make a keylogger for unencrypted data
Deset is offline  
Old   #10
 
elite*gold: 24
Join Date: Apr 2010
Posts: 36,075
Received Thanks: 6,344
Then it's useless to use it, if no virus came on your pc.
Drewfire-old is offline  
Old   #11
 
elite*gold: 1
Join Date: Jul 2008
Posts: 419
Received Thanks: 89
Quote:
Originally Posted by Fir3andIc3 View Post
/sign


A hacker needs to be in the middle. Something like this:

Server <-----> Trojan Horse (maybe) <-----> Your PC


p.s. Trojan is on your pc ^^
the hardest part will be to place the trojan on the pc.
ivits is offline  
Old   #12
 
elite*gold: 0
Join Date: May 2010
Posts: 14
Received Thanks: 6
You just have to sniff his complete network traffic. Just search for his accountname & pw, and you should get it.
LCG is offline  
Old   #13
 
elite*gold: 81
Join Date: Jul 2005
Posts: 1,927
Received Thanks: 2,239
Quote:
Originally Posted by LCG View Post
You just have to sniff his complete network traffic. Just search for his accountname & pw, and you should get it.
Sometimes I believe people think sniffing a computer outside their own network is "easy" or even doable without installing third party programs on the victims PC.
Atheuz is offline  
Old   #14
 
elite*gold: 0
Join Date: Jan 2007
Posts: 126
Received Thanks: 83
Yes - having the username and password in plain text in the packets is bad. But its not THAT bad - there are much bigger threads to the account security. How is the the attacker suppose to find out the clients ip address? That's right - he can't. Unless he knows his "friend" uses an unprotected or cheap WEP 128bit encrypted wireless connection and plays Runes of Magic.

If somebody wants to steal accounts he could just upload a video on YouTube. Name the Video "Runes of Magic Godmode" ... or "...Onehitkill". Place a link in the description to a program that reads the usename and password from the memory and send the stuff to an emailaddress. There are so many retards in this world that would download and start the "cheattool". Even on this forum some "bad guy" already tried to upload his fake "cheattool". But the funny part was I found out his scamemail-address and pass because there were in plain text in his "cheattool". So I logged into his account, deleted all emails, changed to password, made a few screenshots and reported the scammer to the admin. A few hours later the post about his "cheattool" was deleted and the raged scammer pm'ed me lol.

If you ask me the biggest thread to account security is ALWAYS the accountuser. The "raged guys" in the official forum are probably the 13yr old "I-got-scammed-by-a-youtubevideo"-stereotype. But they don't wont to admit it was their fault or they don't even know they got scammed. They probably think "hey I have a firewall and AV that detects EVERY virus/trojan/scam/etc, I'm save!" ... lol.

ps: f***ing maintance on EU servers ****** me off -.-
run32.dll is offline  
Thanks
3 Users
Old   #15
 
elite*gold: 0
Join Date: Feb 2008
Posts: 116
Received Thanks: 4
XD Iīm yust 14, too. But i Programm little keyloggers into little Games. So i can spy out my friendīs ^^ Thatīs better than find out what uncrypted packages send my Runes of magic^^


elle56 is offline  
Closed Thread



« Previous Thread | Next Thread »

Similar Threads
NCsoft Password Security Update
As of May 12, 2010, the NCsoft Account Management and game account password features were updated to provide better security for our customers. ...
1 Replies - Aion Main - Discussions / Questions
NCsoft Password Security Update
As of May 12, 2010, the NCsoft Account Management and game account password features were updated to provide better security for our customers. ...
1 Replies - Lineage 2
Change Password without Security Question???
Hi guys; is it possible to change my password in Silkroad without answering the Security Question (i forgot the answer, so long ago:().
4 Replies - SRO Ask the Experts



All times are GMT +1. The time now is 03:58.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.