Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#61 Emerald Fox

    Member

  • PipPipPip
  • 62 posts
  • LocationN.Ireland

Posted 13 December 2012 - 05:41 PM

just thought id give you a heads up got a goggle warning as soon as i tried to go to the site and had to click procede anyways just to get here

#62 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 05:43 PM

Must be some script kiddy with nothing better to do than hack the forum because he cannot pilot a mech worth a dang.

Posted Image

Still coming up as malicious on firefox. If this was fixed hours ago well what is really going on?

http://www.stopbadwa...com%2Fforums%2F

Edited by DerelictTomcat, 13 December 2012 - 05:51 PM.


#63 Postumus

    Member

  • PipPipPipPipPipPip
  • Elite Founder
  • Elite Founder
  • 399 posts
  • LocationOregon

Posted 13 December 2012 - 05:45 PM

View PostAegis Kleais, on 13 December 2012 - 05:22 PM, said:

Well done PGI & Co.

Someone gave you guys a run for your money but it looks like you addressed it expeditiously. Nicely done.


I would think it would be best that they have both done to them.

A hashed password usually is just a MD5 checksum, and there are websites out there that have the checksums of MANY popular password combinations.

But if you encrypt the password too, the person has to figure our not only the algorithm used, but the key as well, making the chance to decipher it much harder than just standard hashing.


You forgot to discuss salting.

http://en.wikipedia....cryptography%29

#64 Sears

    Member

  • PipPipPipPipPipPipPip
  • Survivor
  • 973 posts
  • LocationU.K

Posted 13 December 2012 - 05:46 PM

[REDACTED]

Some confirmation as to whether the script found did have something to do with the email would be nice.

Edited by Viterbi, 13 December 2012 - 06:44 PM.
Removed reference to removed content


#65 Clownpuncher

    Member

  • Pip
  • Legendary Founder
  • Legendary Founder
  • 16 posts
  • LocationBoston

Posted 13 December 2012 - 05:49 PM

View PostAegis Kleais, on 13 December 2012 - 05:22 PM, said:

Well done PGI & Co.

Someone gave you guys a run for your money but it looks like you addressed it expeditiously. Nicely done.


I would think it would be best that they have both done to them.

A hashed password usually is just a MD5 checksum, and there are websites out there that have the checksums of MANY popular password combinations.

But if you encrypt the password too, the person has to figure our not only the algorithm used, but the key as well, making the chance to decipher it much harder than just standard hashing.


Hashing with a variable salt, plus mandating basic secure password policies is a about as secure as you need to be. This defeats both dictionary attacks and rainbow tables, Even better to use a real crypto hash such as bcrypt, which includes a time component to defeat brute force attacks.

Simply encrypting a password is only a shade of gray more secure then plain text passwords. If they have your database of passwords they probably have your keys as well.

#66 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 05:49 PM

View PostSears, on 13 December 2012 - 05:46 PM, said:

[Redacted]

Some confirmation as to whether the script found did have something to do with the email would be nice.


How does signing up with mwo@domain.etc and receiving this mail grab you? I wasn't bothered enough to do so but fortunately three clan members were.

Edited by Niko Snow, 13 December 2012 - 09:08 PM.
Quote Clean-up


#67 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 05:52 PM

View PostInertiaman, on 13 December 2012 - 05:49 PM, said:


How does signing up with mwo@domain.etc and receiving this mail grab you? I wasn't bothered enough to do so but fortunately three clan members were.


the email tied to this account is used solely for mwo and received the email.

The email is a week old and never used its sent 0 messages and received like 2 from MWO that's it so its not likely it got on the spam list some other way.

Edited by nom de guerre, 13 December 2012 - 05:53 PM.


#68 Sears

    Member

  • PipPipPipPipPipPipPip
  • Survivor
  • 973 posts
  • LocationU.K

Posted 13 December 2012 - 05:52 PM

View PostInertiaman, on 13 December 2012 - 05:49 PM, said:


How does signing up with mwo@domain.etc and receiving this mail grab you? I wasn't bothered enough to do so but fortunately three clan members were.


I did mean from PGI

I received the email and deleted it.

#69 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 05:52 PM

View PostEmerald Fox, on 13 December 2012 - 05:41 PM, said:

just thought id give you a heads up got a goggle warning as soon as i tried to go to the site and had to click procede anyways just to get here

View PostDerelictTomcat, on 13 December 2012 - 05:43 PM, said:

Still coming up as malicious on firefox. If this was fixed hours ago well what is really going on?

http://www.stopbadwa...com%2Fforums%2F

View PostThontor, on 13 December 2012 - 05:40 PM, said:

i'm still getting this in Chrome.  Tried clearing my cache, but didn't help.
Typically the delisting from Google's warning database will occur within a matter of hours, so long as the Google scanners verify the site is clean.

Edited by Ter Ushaka, 13 December 2012 - 05:52 PM.


#70 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 05:54 PM

So 6 hours isn't long enough or we still have issues here?

Playing devils advocate here. Someone steals and has access to your MWO account whats the worse that can happen? I mean seriously its not like Guildwars where you come on one day to see your toons stripped and nothing left in your account.

Worse that happens is they play your account and spend your mc on things you didnt want. They cannot transfer this or shut down the account correct?

Edited by DerelictTomcat, 13 December 2012 - 05:55 PM.


#71 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 05:56 PM

View PostDerelictTomcat, on 13 December 2012 - 05:54 PM, said:

Playing devils advocate here. Someone steals and has access to your MWO account whats the worse that can happen? I mean seriously its not like Guildwars where you come on one day to see your toons stripped and nothing left in your account.

Worse that happens is they play your account and spend your mc on things you didnt want. They cannot transfer this or shut down the account correct?


they can buy mechs with mc sell mechs, then burn all your cbills on mechs/equipment and then resell it so you only have 1/10th the cbills you started with thats about as mean as they can get in game.

Edited by nom de guerre, 13 December 2012 - 05:56 PM.


#72 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 05:57 PM

View Postnom de guerre, on 13 December 2012 - 05:52 PM, said:


the email tied to this account is used solely for mwo and received the email.

The email is a week old and never used its sent 0 messages and received like 2 from MWO that's it so its not likely it got on the spam list some other way.



Which is why I find the offical tone massively dangerous. It's the sodding Iraqi Information Minister all over again. No email addresses compromised?!! They haven't even realised that it's too late.



[REDACTED]

Edited by Viterbi, 13 December 2012 - 07:31 PM.
Removed offensive language


#73 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 05:59 PM

[Redacted]

Edited by Niko Snow, 13 December 2012 - 09:12 PM.
Flamebait


#74 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 06:02 PM

View PostDerelictTomcat, on 13 December 2012 - 05:54 PM, said:

So 6 hours isn't long enough or we still have issues here?


You have issues if you use the same user/pass combo for any popular sites. Amazon, ebay, spotify, steam, itunes etc etc. You have exposure here if your combo is remotely similar.

It seems fair to assume that if the user emails (uid's in this case) were available that easily then the passwords were equally available. Change them swiftly elsewhere - this is a bulk attack - not some random attention seeker. The immediate email intended to convert hints at some decent organisation.

[Redacted]

Edited by Niko Snow, 14 December 2012 - 12:57 AM.
CoC


#75 Dark Severance

    Member

  • PipPipPipPipPipPipPipPip
  • Knight Errant
  • Knight Errant
  • 1,151 posts
  • Facebook: Link
  • LocationPortland, OR

Posted 13 December 2012 - 06:02 PM

[REMOVED]

Nothing is totally avoidable, just ask the FBI, Google, Microsoft, Sony, etc :)

First and foremost no one should be using the same password for their email as their forum or even account for any game... PERIOD! If you do, then you are your own security risk.

Second email phishing scams do not matter, either does your email as long as you practice proper security. (ie: don't use the same username as an email. Don't use your forum name as an email or an account login, etc).

On the off chance some game is using your email/password as a login method and they did get compromised, you've lost nothing. Because you've stopped the infection from getting further by using different passwords, usernames and logins. At most they have your email. And at most you shouldn't be clicking links from your email for phishing scams anyways.

Next we'll have posters going "Oh noes! I've been hacked, all my mechs and CBills are gone".

Edited by Viterbi, 13 December 2012 - 07:32 PM.
Removed quoted removed content


#76 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 06:03 PM

Wow well OK I agree you do have issues if you use a gaming name/password for anything to do with personal information or money. None of that has anything to do with the makers of this game.

If you share important passwords with gaming sites you are the problem dead stop.

#77 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 06:04 PM

[Redacted]

Edited by Niko Snow, 13 December 2012 - 09:16 PM.
Quote Clean-up (Makin' movies, writin' songs and fightin' round the world!)


#78 Dark Severance

    Member

  • PipPipPipPipPipPipPipPip
  • Knight Errant
  • Knight Errant
  • 1,151 posts
  • Facebook: Link
  • LocationPortland, OR

Posted 13 December 2012 - 06:05 PM

For the record the main website itself was never compromised. What was compromised was the forum. Which PGI didn't write or create. These type of forum injections happen and pop up actually on a fairly regular level, even if someone was keeping up on their updates.

Edited by Niko Snow, 13 December 2012 - 09:16 PM.
Quote Clean-up


#79 M4NTiC0R3X

    Member

  • PipPipPipPipPipPipPipPip
  • Overlord
  • Overlord
  • 1,309 posts

Posted 13 December 2012 - 06:08 PM

Good to know it has been removed... I was typing a larger respone (but it only took maybe 10 minutes from last activity, so I didn't auto log out) and my AVG security auto logged me from the forums warning me about information trying to be sent from mwomercs.com and said the threat had been removed... I'm sure the log is there I'll come back with results.

My AVG reports that it detected and disabled Exploit Blackhole Exploit Kit (type 2363) which came from mwomercs.com/forums/index.php?whole bunch on random code. This occured at 11:14 am.

Good to know my AVG is working, gonna give it a scan for the hell of it :)

Edited by M4NTiC0R3X, 13 December 2012 - 06:21 PM.


#80 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 06:08 PM

View PostDark Severance, on 13 December 2012 - 06:02 PM, said:

First and foremost no one should be using the same password for their email as their forum or even account for any game... PERIOD! If you do, then you are your own security risk.


Yet people do. Hence the responsibility here to let people know what their potential exposure is - not to deny that information has been compromised in the face of 100% evidence to the contrary.

You say this isn't unavoidable - it is. You just don't ever hear about the companies doing it properly. PGI licence the forum software out and write the backend themselves. If it isn't PGI's responsibility to ensure our data is secure then who's exactly is it?

Edited by Inertiaman, 13 December 2012 - 06:09 PM.






12 user(s) are reading this topic

0 members, 12 guests, 0 anonymous users