open All Channels
seplocked EVE General Discussion
blankseplocked WARNING!
 
This thread is older than 90 days and has been locked due to inactivity.


 
Author Topic

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 04:03:00 - [1]
 

recently wyld rose foundation was a victim of an acount hack via an excel document.

Today in my email i recieved an excel document claiming it would help me save minerals when manufacturing. this attachment was sent to an email address that my corporation buddies dont know, nameley the address i use with my website.

the sender must have got that by checking my signature, going to the site its hosted at and then looking around.

ITS THAT EASY TO BE A VICTIM.

if you where a victim of the person doing this, you would not have your characters, items, or isk refunded in game. the person doing this continues to do so unhindered and unthreatened by CCP.

CCP, please, you must take action against this person(s) or this acount hacking will get worse and start to be considered a "feature" so many people will be doing it.

at least make it harder for the hacker to get peoples login info for the game.

can we not have seperate usernames and passwords for this site to the one we use in the game? because we have to keep typing it in every five minutes, so a keylogger would pick it up in no time. maybe encrypt the password in the game client? i have heard it is stored in plain text somewhere (but havent confirmed myself)


And the butt head who tried this, hope you have good security on your box, because your gonna need it.

Ronyo Dae'Loki
4S Corporation
Posted - 2003.07.07 06:01:00 - [2]
 

Thanks for the heads up.

Ruulex DeMors
Caldari
HYDR4
Posted - 2003.07.07 07:18:00 - [3]
 

I hope ppl will look at whats attached to their e-mails. I trust nothing coming to my e-mail. I only open stuff that I have requested or mail from friends.

But yes, CCP does need to track down this individual(s) and make 'em pay.

Drefsab
Caldari
Apex Consortium
Posted - 2003.07.07 07:35:00 - [4]
 

I do regret that this happened to you, though I hope this will teach people to NEVER run macros contained in an excell script.. and for god sakes get some kind of protection / firewall on your system.

Edited by: Drefsab on 07/07/2003 07:35:00

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 07:51:00 - [5]
 

i wasnt a victim, it was an attempt. i run a decent router/firewall and dont run macros in excel. but someone could easy be a victim of this, just wanted to warn people.

The person who did it beter hope he spoofed his ip or has since changed it.

Gone2mars
Amarr
Viziam
Posted - 2003.07.07 08:12:00 - [6]
 

Christ... i've heard about this happening a couple of times...

And yes, the Password is stored inside the Prefs.ini in your Eve directory (or one of the sub folders, i forget where)

But don't worry yet, the password in your Prefs is encrypted and anyone getting that password will have a next to impossible task decrypting it, as i imagine (And Hope) that CCP took quite a while writing the encryption process....

As for the Keyloggers that everyone is so worried about, Why the hell arn't you guys all running ZoneAlarm or Norton internet security???

I ran my internet connection without any firewall for a week and got a Worm Virus on the fourth day... luckily it wasn't anything to do with Eve. As soon as i installed ZoneAlarm i could stop the program connecting to the Internet and effectivly stopped it doing what ever it was doing, until i could get it removed.

You guys seem to be forgetting that even if you have got a Keylogger on your computers... They still have to send your Usernam/password away by connecting to the net!

In all fairness, i know of one of my friends is about to get his Macro Proggy hosted by one of the bigger Eve sites... I know for a fact that they're making him send him source code with it aswell, lol.

But even so, once people know that there is no risk... How many people are going to be leaving there computers on Over night Auto-mining?

Drefsab
Caldari
Apex Consortium
Posted - 2003.07.07 08:15:00 - [7]
 

ZoneAlarm sucks, Sygate Firewall Pro offers a lot more protection :P as for the encrytion it wouldnt take 10 mins to break for half decent hacker.

Edited by: Drefsab on 07/07/2003 08:15:27

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 08:19:00 - [8]
 

Kerio is also very good.

probably partly to do with its popularity, new exploits are comming out for ZA all the time. it is a pain in the butt too and will block some port ranges even when turned off i once had a night mare trying to host games, it turned out to be ZA even when it was shut down.

www.kerio.com

same deal as ZA for home use, ie: FREE. it also has excellent networking features, its a pretty powerfull firewall for free.

beter still get yourself a hardware solution.


Drefsab
Caldari
Apex Consortium
Posted - 2003.07.07 08:26:00 - [9]
 

yep Kerio would be my 2nd choice good firewall and not bad ICS software (though lite version hangs if you make over 5000 connections in 10 mins)

Eldariel
Caldari
Infinite Improbability Inc
Posted - 2003.07.07 08:43:00 - [10]
 

<< because we have to keep typing it in every five minutes >>

Why so? Save password feature is working now and has been for weeks...

Macumba
Minmatar
Doomheim
Posted - 2003.07.07 08:50:00 - [11]
 

Not quite in the same league, but has anyone seen this site...

Cheating ****suckers.com

Even though these things pop up with every MMORPG that comes out, it never ceases to amaze me that people can get away with this sort of thing.

Edited by: Macumba on 07/07/2003 08:49:56

Tinwhistle
Minmatar
Ordos Humanitas
Posted - 2003.07.07 09:16:00 - [12]
 

<<Why so? Save password feature is working now and has been for weeks...>>

yes, and that way an attacker does only need to read out your browser cache to get your account password, since it is the same...

As for the password being encrypted:
An encryption where the decryption key is stored on the same system is useless. You might as well store it in plain text. If anything it creates a false sense of security.
In addition, an attacker wouldn't even have to decrypt it - just copy and paste the "encrypted" data into his own game client configuration.
The use of a keylogger would also be possible, but is not even neccessary...

And the morale of the tale: do NOT use unknown software. Never open attachments, especially if you use Microsoft Outlook. Enable macro protection in Microsoft Office - but even then do not feel safe, since there have been numerous exploits to get around the macro protection in the past and some might still work.
If you do not need Microsoft Office for any specific reason, simply use OpenOffice. It's completely free and usually offers all you need.

Thanks for the much needed warning, Tristan!

Eldariel
Caldari
Infinite Improbability Inc
Posted - 2003.07.07 09:19:00 - [13]
 

<< yes, and that way an attacker does only need to read out your browser cache to get your account password, since it is the same >>

I wasn't disputing the security implications - merely that he was typing the password every 5 minutes ... which isn't necessary

Edited by: Eldariel on 07/07/2003 09:20:21

slipshot
Posted - 2003.07.07 09:25:00 - [14]
 

I would also liek to reiterate the thanks for pointing this out..it should be made a sticky mods????

On another different but related line I run a linksys router - will this work as a firewall without extra software (it requires a password to get to the router)?

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 10:49:00 - [15]
 

eldariel, sure theres that, but i clear my cookies and temp internet files out quite often, the junk soon builds up in there and i like to keep my disk defragged often, no point defragging junk data ;)

Lexington Cabot
Minmatar
Brutor Tribe
Posted - 2003.07.07 10:51:00 - [16]
 

Tristan, a good way to help solve this problem in the future is using a web-based email service like Yahoo. It's free and you don't download any attachments unless you give permission to. :)

But then the scary part is you could get a virus or a trojan by simply going to a site. Too bad there wasn't a 1.0 security zone on the internet.

MaiLina KaTar
Posted - 2003.07.07 10:53:00 - [17]
 

Most easy way to prevent those a-holes to do any damage:

Have several E-Mail adresses. I have 4 E-Mail addresses, two private ones and two I use for my corporation. I ONLY accept files on one of the two private E-Mails and then only if I clearly know who the sender is. Evenything else that has afile attached get´s deleted immediately.
Combine that with a decent router and a built in firewall and you´re fairly safe against this form of hacking.

THE ONLY REAL SAFETY AGAINST HACKERS however are you yourself. Just be careful and don´t open all the crap you get. Move in safe areas and be careful where you surf around with normal security settings.

Rogue Noir
Amarr
Doomheim
Posted - 2003.07.07 12:50:00 - [18]
 

Bump, this almost slipped of the first page there.

CCP Pann

Posted - 2003.07.07 14:03:00 - [19]
 

When a petition about an issue like this is received, we can trace back to see where the stolen money has gone and ban the culprit.

However, the best way to protect yourself is to follow the rules and not use 3rd party programs. We cannot seem to stress this enough. If someone gets burned by a shady program that he was going to use to take a forbidden shortcut, he has himself to blame more than anyone else.

Klydor
Minmatar
Posted - 2003.07.07 14:30:00 - [20]
 

if you can trace the culprit and if indeed people are downloading these from 3rd party websites then it would be a good idea to report this to the users ISP, since in many countries modifying files or accessing information on a users computer when you do not have permission to do so is a criminal offence.

If people are placing programs on the net which contain trojens/keyloggers or anything else and you are a victim of this, let CCP know and hope that CCP also inform the culprits ISP.... Lets face it if this person has a character in the game then CCP have their billing address.

If CCP can pass all this information onto the ISP and the ISP can independantly validate whether the user is to blame or not, perhaps we will see more sever action been taking. All ccp would need to do is inform the ISP.

I'm not argueing that CCP should prosecute these people, just that they should inform the users ISP and perhaps the ISP will take further action.

After all these 3rd party programs are classified under the same laws that apply to virus' just because they're taking your username and password does not mean they are not also logging key strokes and waiting for the next time you use your credit card.

Barrack
Posted - 2003.07.07 16:46:00 - [21]
 

When I use OutLook I use this program before I answer any mail.

http://www.mailwasher.net/

What you get is a list of mail waiting to be answered. You can block or bounce any mail before answering. Very simple and easy to use. Best of all it's free, but you can tip any amount to register.

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 16:49:00 - [22]
 

the day i use hotsnail or yahoo as my mail is the day i put the antimatter round in my skull :)

and those web based mail system are so limited and lacking its not funny, and 1mb mail attachments. slow, full of spam. eeurghh no thanks!

i have run my own web based mail system before on my site that was much more functional, but took it down because it was only for staff use, and we all used pop3 to connect to the mail server anyway. so the web based stuff was just taking up space for no reason.

Barrack
Posted - 2003.07.07 17:03:00 - [23]
 

Mailwasher is not a web based mail service. It's a program that you run before you answer mail.

It's very simple, fast and not painful at all.

I only use OutLook and just run this program before answering mail.

Tristan
Minmatar
Vengeance of the Fallen
Curse Alliance
Posted - 2003.07.07 17:13:00 - [24]
 

no barrack i didnt mean mailwasher, im going to look at it. a buddy of mine has recomended it before and i think its time i gave it a spin, thanks for the good tip! :)

someone else said i should use yahoo earlier.

Petronius Gracchus
Amarr
Viziam
Posted - 2003.07.07 17:40:00 - [25]
 

To my knowledge this kind of thing happened twice to Praetorian Republic members. I feel very strongly that CCP should help a corporation out a bit when something like this happens. It is in thier best interests to help players not simply stand by and do nothing but elaborate some "policy".

Personally, I refuse to use Programs like ICQ because they can also be used to record keystrokes and gather information from you computer surrepticously. It is my understanding that this was the tactic used against the previously mentioned Praetorian Republic member. And from a User's point of view, something like this should not be excluded by some disclaimer. It isn't a program that really has anything to do with Eve per se.

CCP please consider the effect this has on your Customers. This ruins the game more than getting podded in a high security zone when you are a newbie. People from "outside" your Corporation should not be able to steal what you have worked hard for it doesn't matter what all the particulars may be. It simply crushes the comradery and trust that Corporations need to function as a group.


 

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only