Re: New Hackings Begin ... Security Token or Not.

This. They haven't quite yet reached the point of hacking routers or ISPs to intercept sessions. That would probably allow hacking even PS2, depending on details of how it works. After all, the PC malware can have key loggers too.

But this is why SSH has an initial key exchange the first time you talk to a new host. BOTH sides exchange their unique public key, and store the other key somewhere. Every time you start a session, they send something encrypted with the private key, and if it doesn't match up, it bitches you about the potential MAN IN THE MIDDLE ATTACK and you have to confirm that you want to continue. HTTPS is also designed to identify MITM situations.

FFXI is a bit more complicated, because I think it uses UDP to allow packets to be lost without breaking the connection, so it's not one big stream like SSH or HTTPS. But the main point is that if your protocol isn't secure from a MITM attack, and people are sufficiently motivated, it will happen eventually. And apparently it's easy now on Winderz for malware on your own computer to be MITM.

About the only way you can keep a PIN code secure is to do what the US banks do, and inject an encryption key into the pinpad's RAM, which encrypts the PIN with the pad's own unique key before it ever leaves the (potted) hardware device. And the bank has to have a database of every keypad and what key it's using. The difference with the token is that your PIN is effectively 0000, and the encryption is the same for like 30 seconds, so if they're fast enough, they can use it from somewhere else.

SE needs to go hire some crypto guys, FAST, and figure out how to secure the password/account information related parts of the protocol. (They can't encrypt everything, because that's a lot of extra CPU usage on the server side.) Whenever you have an amateur roll his own security, there's always going to be holes.

So anyhow, I guess this explains the recent drop in RMT gil prices. If SE isn't going to block them from spamming us, the least I can do is watch the price to see how much they're hurting.

(Aside: I remember back in the old days of modems, I was shocked when I found out that AOL's protocol transmitted your password in the clear. Holy WTF Batman. I think when they added TCP/IP connections, it was still in the clear at first.)

Re: New Hackings Begin ... Security Token or Not.

To do that don't you also need to input a password from the security token again?

Re: New Hackings Begin ... Security Token or Not.

They aren't ever using your token to even get control of your character. As you attempt to log in, the token code that you use while your POL is hanging is what they intercept and use to change your password. I don't think this has happened that much, but from what I read of the thread on BG, it's possible.

As far as I know, they haven't been stealing accounts, just taking over your connection and stripping them. People report that their friends red dot for a minute, then warp from what they're doing to delivery box all of their stuff to some 3rd party.

Re: New Hackings Begin ... Security Token or Not.

Wow. This is a real {/facepalm} if true. Apparently the FFXI design just relies way too much on the client preventing you from doing crazy things. First speed/pos hacks, then tell spam (which apparently bypasses the client), now delivery boxing in the middle of nowhere? (sure, they could make it check your pos first, just don't idle next to a dbox NPC, lol)

Re: New Hackings Begin ... Security Token or Not.

Technically, all hacking started on Phones.

How does hijacking your gaming session while you're playing and well past the PlayOnline part mean PlayOnline is the reason you're being hacked?

Who said anything about dboxing in the middle of no where? Aksannyi specifically mention people suddenly warping home to head to a Dbox. That has nothing to do with a client fault and everything to do with people letting bugs and back doors into their systems.

Re: New Hackings Begin ... Security Token or Not.

No they put a trojan on your pc and steal your information there. Unless your using the same password for your token, I don't see how they use your token code to get into your game. The one time is no longer useable ones it flashes off. And not just any token code will work. I think this falls more on the user like everyone is stating not SE.

Re: New Hackings Begin ... Security Token or Not.

My son's account was hacked and he used a token. He is well educated in computers, in fact, he's fucking amazing when it comes to them. So he didn't have a trojan or keylogger or anything on his computer when it happened so don't assume that you HAVE to have one. As I explained in another thread on this forum, the very suspicious thing that happened when he reported it was that they took care of it very quickly. If anyone has dealt with SE, they know how slow they are to fix issues like this so when my son was back in full swing within approx 2 days of reporting it....ya thats damn odd. The GM was just trading him stuff like crazy. He'd say "I had this." and boom he'd get a trade and the GM would give it to him. About the only thing he had a problem with was abjurations...the GM was only going to give him the abj and not the cursed piece. LOL So ya...damn strange that they were so accommodating. He thought he'd be out of the game at least a month. Makes you think that they knew there was an issue somewhere...

Re: New Hackings Begin ... Security Token or Not.

Meh. There are two kinds of people who can say with confidence "I don't have keylogger or other malware on my computer," when the computer is connected to the Internet. 1. People who know just enough about computers to be dangerous (usually, to themselves). 2. Computer security experts--professionals who work on protecting computers, or breaking computer protections, or both.

The rest of us lesser computer geeks go by best practices and hope for no malware.

Re: New Hackings Begin ... Security Token or Not.

so much truth

Re: New Hackings Begin ... Security Token or Not.

I posted in another thread, I suspect that 1 or 2 things have happened to SE in the past 30 days.

1. Their Registration server got hacked, and this would explain why TGM's Son was so well taken care of.

2. Someone or some group is very unhappy with SE's 3-d secure decisions. and they have the knowledge to exploit some weakness's in SE's security. Supposedly according to BG the registration servers went down this morning, and people couldn't log into POL or the game.

3. ???

4. Both

Re: New Hackings Begin ... Security Token or Not.

SE is digging it's own grave with the POOREST AND LAMEST customer support that I havee ever known

Re: New Hackings Begin ... Security Token or Not.

http://www.ffxionline.com/forums/ask...tml#post842666

#1 happened in June, so I'm going to say that the 30 day time period myth is busted.

Re: New Hackings Begin ... Security Token or Not.

WEll, a freind of mine got hacked, it has been 2 weeks and SE has not given his account back...

Re: New Hackings Begin ... Security Token or Not.

What step of the process is he in now?

#1 Account gets hacked, info changed so you can't log back in.
#2 Call SE to be shut down because none of the information matches.
#3 Get told someone will contact you about this.
#4 Wait....
#5 Call back.
#6 SE Gets tired of you calling so they send you a letter to be notarized and set back.
#7 Letter is sent back
#8 Wait....
#9 SE emails you some contact information to call them with so that you can get your account unlocked.
#10 Call SE to get account back.
#11 Get account back.
#12 Get to resurface all deleted characters and pay monthly bill lol.

That's how it was last April, but I dunno how it works now.

Re: New Hackings Begin ... Security Token or Not.

He was told by SE that they are investigating the report of "missing" items.
The account is currently locked up.

The hackers moves his char and his mules to different servers and his CC ws charged 100 UDS

so yeah....