Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#261 Sevaradan

    Member

  • PipPipPipPipPipPipPip
  • 909 posts
  • LocationTexas

Posted 16 December 2012 - 11:33 AM

View PostTaizan, on 16 December 2012 - 10:35 AM, said:

Dito. Unique mail address was spammed, but luckily only one message, changed password anyway.


this pretty much guarantees that a little more happened than PGI admits.

#262 Particle Man

    Member

  • PipPipPipPipPipPipPipPip
  • FP Veteran - Beta 1
  • FP Veteran - Beta 1
  • 1,029 posts
  • LocationPhoenix, AZ

Posted 16 December 2012 - 11:34 AM

Well considering that winXP is less secure than win7, maybe its your mythical gaming machine that's never been on the net (sounds legit) and since never on the net, never updated or secured.

#263 Firelizard

    Member

  • PipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 607 posts

Posted 16 December 2012 - 01:14 PM

I've still yet to see this email people keep talking about, and I've been checking my spam folder fairly constantly just to see.

Of course, it could be that it bounced off my UTM box and never even made it into the network.

#264 Stainless Steel

    Member

  • Pip
  • FP Veteran - Beta 1
  • 11 posts

Posted 16 December 2012 - 03:46 PM

As an additional data point.

When it first came out, I registered my account with my preferred username. This was registered to mechwarrior@ [my domain name]

Then later on I thought "Hell, what about this other username" and I registered a second account that I never logged into after the day I created it, about a week after the initial "Reserve your Username now". That was registered to mwonline@ [my domain name], an account that has never posted here.

Both of those emails addresses got the windows 8 email. It was flagged by my host as junk mail, and moved into the spam folder, so it wasn't initially visible.




Delivered-To: mechwarrior@xxxxxxxxxxxxx
Received: by 10.216.177.3 with SMTP id c3csp40574wem;
Thu, 13 Dec 2012 10:37:49 -0800 (PST)
Received: by 10.180.24.70 with SMTP id s6mr25970109wif.22.1355423869739;
Thu, 13 Dec 2012 10:37:49 -0800 (PST)
Return-Path: <nobody@bungle.evolutionwebhost.co.uk>
Received: from bungle.evolutionwebhost.co.uk ([2a02:af8:6:2300::1:712])
by mx.google.com with ESMTPS id n3si13589407wjf.71.2012.12.13.10.37.49
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 13 Dec 2012 10:37:49 -0800 (PST)
Received-SPF: neutral (google.com: 2a02:af8:6:2300::1:712 is neither permitted nor denied by best guess record for domain of nobody@bungle.evolutionwebhost.co.uk) client-ip=2a02:af8:6:2300::1:712;
Authentication-Results: mx.google.com; spf=neutral (google.com: 2a02:af8:6:2300::1:712 is neither permitted nor denied by best guess record for domain of nobody@bungle.evolutionwebhost.co.uk) smtp.mail=nobody@bungle.evolutionwebhost.co.uk
Received: from nobody by bungle.evolutionwebhost.co.uk with local (Exim 4.80)
(envelope-from <nobody@bungle.evolutionwebhost.co.uk>)
id 1TjDfJ-0002zW-At
for mechwarrior@xxxxxxxxxxxxx; Thu, 13 Dec 2012 18:37:49 +0000
To: mechwarrior@xxxxxxxxxxxxx
From: fremanfighter@dune.com
Subject: Windows 8 Is Fail
Message-Id: <E1TjDfJ-0002zW-At@bungle.evolutionwebhost.co.uk>
Date: Thu, 13 Dec 2012 18:37:49 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bungle.evolutionwebhost.co.uk
X-AntiAbuse: Original Domain - xxxxxxxxxxxxx
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - bungle.evolutionwebhost.co.uk
X-Get-Message-Sender-Via: bungle.evolutionwebhost.co.uk: authenticated_id: nobody/only user confirmed/virtual account not confirmed



Delivered-To: mwonline@xxxxxxxxxx
Received: by 10.216.177.3 with SMTP id c3csp45429wem;
Thu, 13 Dec 2012 12:14:16 -0800 (PST)
Received: by 10.180.92.71 with SMTP id ck7mr5439117wib.20.1355429656948;
Thu, 13 Dec 2012 12:14:16 -0800 (PST)
Return-Path: <nobody@bungle.evolutionwebhost.co.uk>
Received: from bungle.evolutionwebhost.co.uk ([2a02:af8:6:2300::1:712])
by mx.google.com with ESMTPS id d4si250616wjy.29.2012.12.13.12.14.16
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 13 Dec 2012 12:14:16 -0800 (PST)
Received-SPF: neutral (google.com: 2a02:af8:6:2300::1:712 is neither permitted nor denied by best guess record for domain of nobody@bungle.evolutionwebhost.co.uk) client-ip=2a02:af8:6:2300::1:712;
Authentication-Results: mx.google.com; spf=neutral (google.com: 2a02:af8:6:2300::1:712 is neither permitted nor denied by best guess record for domain of nobody@bungle.evolutionwebhost.co.uk) smtp.mail=nobody@bungle.evolutionwebhost.co.uk
Received: from nobody by bungle.evolutionwebhost.co.uk with local (Exim 4.80)
(envelope-from <nobody@bungle.evolutionwebhost.co.uk>)
id 1TjFAe-0005Mn-8Q
for mwonline@xxxxxxxxxx; Thu, 13 Dec 2012 20:14:16 +0000
To: mwonline@xxxxxxxxxx
From: fremanfighter@dune.com
Subject: Windows 8 Is Fail
Message-Id: <E1TjFAe-0005Mn-8Q@bungle.evolutionwebhost.co.uk>
Date: Thu, 13 Dec 2012 20:14:16 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bungle.evolutionwebhost.co.uk
X-AntiAbuse: Original Domain - xxxxxxxxxx
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - bungle.evolutionwebhost.co.uk
X-Get-Message-Sender-Via: bungle.evolutionwebhost.co.uk: authenticated_id: nobody/only user confirmed/virtual account not confirmed

#265 Lonestar1771

    Member

  • PipPipPipPipPipPipPipPip
  • 1,991 posts
  • LocationTexas

Posted 16 December 2012 - 03:52 PM

PGI can't even do websites correctly... Must have been what they landed on with the Wheel of Ruin™ at the Monday morning meeting.

#266 Karl Split

    Member

  • PipPipPipPipPipPipPip
  • 727 posts

Posted 16 December 2012 - 04:49 PM

Ahh that explains the whole google site advisor thingy. Should we be changing passwords incase it scraped it while logging in to the forums?

#267 Taizan

    Com Guard

  • PipPipPipPipPipPipPipPip
  • 1,692 posts
  • LocationGalatea (NRW)

Posted 16 December 2012 - 05:47 PM

View PostKarl Split, on 16 December 2012 - 04:49 PM, said:

Ahh that explains the whole google site advisor thingy. Should we be changing passwords incase it scraped it while logging in to the forums?

Yes, change your password. Even if PGI may have not detected any compromise or extraction of passwords, it is the best thing to do on your behalf. It takes 1 minute at the most and you have covered your bases. Even though there seem to be no reports of account abuse or passwords being extracted etc. its such a small thing to do that there really is no reason not to do so.

I don't really blame PGI for this, they are a game developer not a web application dev studio. Forum software from almost all providers have been prone to different "hacks" or code injections in the past, they acted swiftly and notified their customers as soon as they were up to speed what happened. Other companies that have lost CC data and personal information like social security numbers have sometimes not even notified their customers.

The only issue is using game login for the forum, but otoh Blizzard does this since years. An e-mail confirmation / token would give users more safety though. The system Steam uses doesn't bring much pain to users and offers an additional layer of account security. As with Steam some of us have cash invested into our accounts, so it would be advisable for PGI / IGP to introduce such a verification system.

#268 Sikosis

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 210 posts
  • LocationLake Ozark, Mo

Posted 16 December 2012 - 06:32 PM

View PostBryan Ekman, on 13 December 2012 - 04:14 PM, said:

It has come to our attention that a vulnerability in our licensed forum software allowed a malicious redirect script to be injected.
  • This has been discovered and removed.
We understand that you are very concerned about your private information, including email addresses, passwords and credit card information.




We can confirm:
  • At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  • PGI and IGP does not store, nor have access to any user credit card information.
  • Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.
Web and forum access to our site is now back to normal.




We’re sorry for any inconveniences this may have caused.

The MechWarrior Online Team



are we sure this is the short and long of it all? aren't you required to have notices sent out and provide third party verification that nothing "vital" was compromised?

#269 Sevaradan

    Member

  • PipPipPipPipPipPipPip
  • 909 posts
  • LocationTexas

Posted 16 December 2012 - 07:05 PM

View PostSikosis, on 16 December 2012 - 06:32 PM, said:



are we sure this is the short and long of it all? aren't you required to have notices sent out and provide third party verification that nothing "vital" was compromised?

Its pretty clear there was more damage from the attack than they are admitting to.

#270 Paul BlackJack Cady

    Member

  • PipPipPipPipPipPip
  • 467 posts
  • Google+: Link
  • LocationLyran Sector, Planet: Canal, Primary Base HQ

Posted 17 December 2012 - 12:28 AM

View PostParticle Man, on 16 December 2012 - 11:34 AM, said:

Well considering that winXP is less secure than win7, maybe its your mythical gaming machine that's never been on the net (sounds legit) and since never on the net, never updated or secured.

Why are you trying to put me down, and make excuses for them on this subject??
It's not my (mythical) machine, you don't know me... you don't know how often I've updated it, you don't know how I use it.
SO WHY ARE YOU INTENTIONALLY BEING AN *** TO ME!
I can/could tell you volumes about this rig, but you would sit there in your underwear, eating chips&soda and just call me a liar anyway..
XP is and always will be better than 7, you don't know what I'm running nor do I care to explain it to an ubr-loser like you.

#271 Paul BlackJack Cady

    Member

  • PipPipPipPipPipPip
  • 467 posts
  • Google+: Link
  • LocationLyran Sector, Planet: Canal, Primary Base HQ

Posted 17 December 2012 - 12:48 AM

And another thing, I post questions and responses on this forum to engage in FRIENDLY conversation, to give advice and seek counsel and advice from others that I trust.

I don't post here to be attacked, called a liar, made fun of or to start a flame war. but I am not going to sit idle and let unscrupulous people be a forum bully and make fun of other peoples misfortunes, problems or troubles.

To attack one's post and to infer questionable remarks, undermine there issue or just to make light of them and make them feel insecure and not want to post anymore is totally uncalled for and should be punished...

Edited by Paul BlackJack Cady, 17 December 2012 - 12:49 AM.


#272 Vassago Rain

    Member

  • PipPipPipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • Bridesmaid
  • 14,396 posts
  • LocationExodus fleet, HMS Kong Circumflex accent

Posted 17 December 2012 - 06:41 AM

I'm seeing the warning again, but it was gone for the past 12 hours or so.

#273 Dark Severance

    Member

  • PipPipPipPipPipPipPipPip
  • Knight Errant
  • Knight Errant
  • 1,151 posts
  • Facebook: Link
  • LocationPortland, OR

Posted 17 December 2012 - 06:50 AM

View PostStainless Steel, on 16 December 2012 - 03:46 PM, said:

This was registered to mechwarrior@ [my domain name]

That was registered to mwonline@ [my domain name], an account that has never posted here.
You do realize that using any email with the name of anything is right up there with dictionary@domain emails. If you use any email that is easily identified by a game, character, etc you will get SPAM. I'm surprised you haven't gotten SPAM earlier honestly.

#274 GODzillaGSPB

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,030 posts
  • LocationGermany

Posted 17 December 2012 - 07:47 AM

...will they ever get this sorted? O_o

#275 Oderint dum Metuant

    Member

  • PipPipPipPipPipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 4,758 posts
  • LocationUnited Kingdom

Posted 17 December 2012 - 10:18 AM

View PostPaul BlackJack Cady, on 16 December 2012 - 09:10 AM, said:

Also I'm amazed how you can even start trying to flame me, when all I did was state the facts. All I need to do is go back through the forums and copy and paste the denials of an attack...it's funny that you even deny that there are even denials…

In you lame excuse that (nobody here denies there was an attack, infact many tracked down what pages the injection was put into and posted here.)
Is clearly apparent that you don’t read beyond this one thread, in website support and others there must be 20 topics regarding how this is a fake attack or misleading members to MWO's way of trying to reset everyone to 0 to just plan “denial” of attack..
And
Sir; I was one of them, I have been in contact with people you don’t even know working on this problem, but you most likely won’t believe that either, so even in writing this reply I know it will fall on deaf ears. I just hope others won’t feel scared or afraid to voice their opinions in the wake of insecure people like you.


1) Given that PGI released a statement and the attack was obvious, im not sure why you would consider forum goers outside of the official thread saying there was no attack as relevant, the details are here on the first page to see.
Injection code was put in by unscrupulous people because the Forum software was insecure, PGI and the Forum software designers are at fault for that completely.

2) Nobody should be scared about posting here, but neither should people be criticized for pointing out flaws in the information people pass out.

3) As to the random attack of me being insecure, sure thing im not the one liking my own posts.

View PostPaul BlackJack Cady, on 17 December 2012 - 12:28 AM, said:

Why are you trying to put me down, and make excuses for them on this subject??
It's not my (mythical) machine, you don't know me... you don't know how often I've updated it, you don't know how I use it.
SO WHY ARE YOU INTENTIONALLY BEING AN *** TO ME!
I can/could tell you volumes about this rig, but you would sit there in your underwear, eating chips&soda and just call me a liar anyway..
XP is and always will be better than 7, you don't know what I'm running nor do I care to explain it to an ubr-loser like you.


He is not trying to put you down, on the information you provided "Your computer had never been online" short of obtaining the updates and having them on CD/USB it would be logical to assume you may well be missing critical updates to XP that could have been exploited.
XP was a very good stable OS, 7 is better its a fact, and it still has many of XP's core features at its heart but 7 also has many more security features and secure coding.
Time moves on, as does technology XP is now outdated and insecure for the future.

It would be like installing Windows ME or 2000 and expecting it to be a safe and secure running environment, its simply not designed for today's world.

#276 Attalward

    Member

  • PipPipPipPipPipPip
  • Knight Errant
  • Knight Errant
  • 382 posts
  • LocationSpain

Posted 17 December 2012 - 10:23 AM

At this time the mwomercs.com/forums site is still flagged as dangerous using firefox from Spain.

#277 Vassago Rain

    Member

  • PipPipPipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • Bridesmaid
  • 14,396 posts
  • LocationExodus fleet, HMS Kong Circumflex accent

Posted 17 December 2012 - 02:08 PM

It's back after being gone for a few hours.

#278 Myles

    Member

  • Pip
  • 18 posts

Posted 17 December 2012 - 02:29 PM

View PostBryan Ekman, on 13 December 2012 - 04:14 PM, said:

It has come to our attention that a vulnerability in our licensed forum software allowed a malicious redirect script to be injected.
  • This has been discovered and removed.
We understand that you are very concerned about your private information, including email addresses, passwords and credit card information.




We can confirm:
  • At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  • PGI and IGP does not store, nor have access to any user credit card information.
  • Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.
Web and forum access to our site is now back to normal.




We’re sorry for any inconveniences this may have caused.

The MechWarrior Online Team


I'd like to respectfully reject the statement, as have many others, that no database at all was compromised. Either one of the MWO databases has been compromised, or an affiliate of yours has been caught in the crossfire, or someone with a list of MWO email addresses.

I have also recieved the "Windows 8 Fail" email on the 13th, and initially disregarded it as just another spam email, until I happened on this forum post. The only reason I remembered the email is that it was so unusual, nothing like the usual spam content I recieve.

The header content matches another poster's material as well, so I find it concerning that the day of a compromise, that a number of users are all reporting that they are victims of a similar spam campaign, yet I have not seen the emails on other email accounts I maintain, which are quite widely used.

I had not signed into the game for quite some time, have not visited the forums either, so as a result would have missed any compromise and would not have entered my credentials into the site.

I have scanned my machine and it is clean, and I'm not aware of any other service I use suffering a compromise either.

I would recommend also contacting your affiliates, to ensure they were not potentially compromised.. as I imagine you share the email addresses with marketing groups and if they visited the site at the time of the infection it could be that you are clear, but an afiliate you trusted has been compromised.. and as a result has caused a loss of confidence in yourselves.

#279 Particle Man

    Member

  • PipPipPipPipPipPipPipPip
  • FP Veteran - Beta 1
  • FP Veteran - Beta 1
  • 1,029 posts
  • LocationPhoenix, AZ

Posted 17 December 2012 - 08:30 PM

View PostPaul BlackJack Cady, on 17 December 2012 - 12:28 AM, said:

Why are you trying to put me down, and make excuses for them on this subject??


i'm not putting you down, i'm calling you out for making up bullcrap to support your stupid stance.


Quote

It's not myou don't know how often I've updated it,


you said it's never been online. how do you update it when it's offline? and why would you have a "gaming computer" that doesnt go online, still uses winxp (ram limitations) claim to have 2 video cards (that dont work in crossfire/SLI, since winxp barely supports that), and have never used it for MWO until you heard a rumor about the website being compromised?

sounds fishy. Which is probably why you are so defensive, freaking outy, and now attacking me.


Quote

I can/could tell you volumes about this rig,


you could, but i prefer reading my fiction from people that are good at writing it.

Quote

but you would sit there in your underwear, eating chips&soda and just call me a liar anyway..


not a liar, a bullsh...crap artist.

Quote

XP is and always will be better than 7, you don't know what I'm running


its not better at modern games or network security, thats for sure. And i only know what you've told us, which doesnt add up to reality.


Quote

nor do I care to explain it to an ubr-loser like you.


aww that's cute! you go on a rant about how i'm picking on you, and then end it with a 4thgrader's insult. Way to ruin your own false outrage. Keep shoveling that bullcrap. I'm sure there's someone here that takes you seriously!

#280 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 18 December 2012 - 02:16 AM

Hmm XP. Must be awesome playing games with your 3.5 gig of supported RAM. Unless you're using the 64 bit version with no drivers for anything. Either way, enjoy!





13 user(s) are reading this topic

0 members, 13 guests, 0 anonymous users