PlaneShift
Gameplay => General Discussion => Topic started by: citizen on June 10, 2008, 01:07:55 pm
-
Is there any measure against it? One of my closest friend in PS just suufered by account and chars deleting by a malicious attacker. Is there any possibility to put some safety procedure into account and char deleting?
Thanks.
-
As in GM or uber 1337 haxor? I've heard of some people modifying the files in there client, but GMs have a command for that to.
-
Ehmm... If I'm right you can't delete an account ;)
-
Ehmm... If I'm right you can't delete an account ;)
with stolen passwd/keylogger
-
There is no way I believe to do that.
-
there is no way to delete a ps account unless you have access to the database. also no gm can delete characters only devs can and dont do it lightly. Also the only way to delete a character is to know the password of the account as you said that is not too hard to figure out. So no there is not much around to stop this from happening. If you have suggestions make a feature request on the bug tracker and it might get ingame someday.
-
there is no way to delete a ps account unless you have access to the database. also no gm can delete characters only devs can and dont do it lightly. Also the only way to delete a character is to know the password of the account as you said that is not too hard to figure out. So no there is not much around to stop this from happening. If you have suggestions make a feature request on the bug tracker and it might get ingame someday.
I am not a sec expert, thats why not suggested just asked. And it can be quite difficult to be effective, because if the malicious person has access to your comp, he/she can bypass most sec measure :(
-
Why would someone go that far to delete a PS account anyway?
-
Why would someone go that far to delete a PS account anyway?
Jealous wife/husband? Of course this kind of coward action tells everything about that person but it can happen.
-
We are not in the business of protecting people's computers from jealous lovers.
Each user is must take precautions against such deletions as a personal responsibility.
-
We are not in the business of protecting people's computers from jealous lovers.
Each user is must take precautions against such deletions as a personal responsibility.
So my question is: not taking into account others accessing my comp, is the data exchange encoded in PS or anyone can catch passwords on the fly?
-
So my question is: not taking into account others accessing my comp, is the data exchange encoded in PS or anyone can catch passwords on the fly?
you would need a packet sniffer and you would need to decode the md5sum password, i dont think this would be too easy but i dont know much about it.
-
Although MD5 has been proven flawed (it's possible to calculate collissions), it may still take several months to crack a password. If you want to keep your PlaneShift account safe, just do this:
-Proper virusscanner
-Proper anti-spyware
-Proper browser
-Don't click on questionable links/attachments in questionable e-mails.
-Properly secured network (especially when wireless)
-Decent passwords
-Change passwords once in a while
In other words, keep your PC clean and safe.
There is nothing PlaneShift can do further, besides perhaps a "One day consideration time" when deleting characters.
-
Although MD5 has been proven flawed (it's possible to calculate collissions), it may still take several months to crack a password. If you want to keep your PlaneShift account safe, just do this:
-Proper virusscanner
-Proper anti-spyware
-Proper browser
-Don't click on questionable links/attachments in questionable e-mails.
-Properly secured network (especially when wireless)
-Decent passwords
-Change passwords once in a while
In other words, keep your PC clean and safe.
There is nothing PlaneShift can do further, besides perhaps a "One day consideration time" when deleting characters.
I agree, especially that grace period or longer would be nice.
-
So my question is: not taking into account others accessing my comp, is the data exchange encoded in PS or anyone can catch passwords on the fly?
you would need a packet sniffer and you would need to decode the md5sum password, i dont think this would be too easy but i dont know much about it.
it's not just a simple md5 password that's sent over the wire. while it would be possible to sniff the exchange, you'd pretty much have to be either right in the path (think compromised router), or have poisoned DNS so that packets get routed to you, and even then you'd also have to decode the password string
-
So my question is: not taking into account others accessing my comp, is the data exchange encoded in PS or anyone can catch passwords on the fly?
you would need a packet sniffer and you would need to decode the md5sum password, i dont think this would be too easy but i dont know much about it.
it's not just a simple md5 password that's sent over the wire. while it would be possible to sniff the exchange, you'd pretty much have to be either right in the path (think compromised router), or have poisoned DNS so that packets get routed to you, and even then you'd also have to decode the password string
Ok, it sounds good. Thanks for answering.