ACCOUNT HACKED

Other > General Game Discussion

ACCOUNT HACKED

<< < (4/6) > >>

gordulan:
hm, not if you do not have an alt

Bartosz:
Well, there is not much we can do about it for now. Next time, the GM should be immediately contacted, cause only when such person is logged in, we can check the ip.

Also, if it happened only once, only to one player, then...then I'm sorry but we're bound to think the problem is on the player side.

BubbaBrown:
In the defense of the original poster... The passwords are NOT hashed and salted when transmitted across the network. So, one stray captured packet is all that is needed to gain access to someone's account. So, either someone located within either the sending or receiving subnet could ettercap and nab it. If it's someone within the server's subnet, all logins could theoretically be captured very trivially. Also, since the passwords are plaintext on transmission, they are probably plaintext in storage. Depending on the storage solution, this could be an issue. If a SQL database is in use... this probably would not bode well.

Sgt Hartman:

--- Quote from: BubbaBrown on February 19, 2010, 01:58:40 am ---In the defense of the original poster... The passwords are NOT hashed and salted when transmitted across the network. So, one stray captured packet is all that is needed to gain access to someone's account. So, either someone located within either the sending or receiving subnet could ettercap and nab it. If it's someone within the server's subnet, all logins could theoretically be captured very trivially. Also, since the passwords are plaintext on transmission, they are probably plaintext in storage. Depending on the storage solution, this could be an issue. If a SQL database is in use... this probably would not bode well.

--- End quote ---

Hashing the pass before transmission wouldn't be better, the dude sniffing the network could login aswell, even if it would be a bit harder.

Pozzo:

--- Quote ---Also, if it happened only once, only to one player, then...then I'm sorry but we're bound to think the problem is on the player side.
--- End quote ---

In fact, it arrived to 5 differents accounts in my team. 3 of them were playing and received a message "knock knock anybody here ?". And when we was in our base, we saw (twice) comon character loging in and when he saw all of us in the base he disconnected (5 seconds connection). So we asked on mumble who it was and....it was nobody from the team.

So my question is : if I play to FOnline, can someone easily introduce into my computer using the game ?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version