| User | Post |
Chibi-Bar
Moderator
 
   
  
 
 
Since: 04-16-02
Rating: 10 (400 pts)
Since last post: 7865 days
Last activity: 7821 days
|
|
I am not familar who the packets are sent to each client..  I know that some games have account name with their account (like diablo II) but most MMORPG game does not send the account.. (as far I know) does RO do this?
(is it just rumors that people can steal your account via chatting and trade?)
--------------------
Chibi-Bar
Your Local Merchant on Chaos/Loki |
Sasami
Goddess in Training
 
Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)
Since last post: 7773 days
Last activity: 7773 days
|
|
They can see your account name by putting their cursor over you.
They have to bruteforce passwords though which takes way too long to be practical. What they do is, gather tens of thousands of accounts, then try common passwords on them. You'd be surprised how many accounts they get with passwords like "qwerty" "password" "user" "1234" "12345" "123456" "ragnarok" etc |
Chibi-Bar
Moderator
Since: 04-16-02
Rating: 10 (400 pts)
Since last post: 7865 days
Last activity: 7821 days
|
|
well.. then I have nothing to worry about 
hehe
thanks sasami
--------------------
Chibi-Bar
Your Local Merchant on Chaos/Loki |
Sabbath
 
Since: 05-18-02
From: Loki
Since last post: 8423 days
Last activity: 8413 days
|
|
Umm.. just a question, how do they see your account name by putting cursor over you? That only gives character name which is most likely not their account name. As for the brute force, just get a password like R4e7O9ppP, takes VERY long time to brute.
(edited by Sabbath on 05-18-02 01:49 AM) |
BakedBeans
 
Since: 05-03-02
From: Vancouver
Rating: 10 (400 pts)
Since last post: 8237 days
Last activity: 8166 days
|
|
well, back in alpha your account name was always displayed next to your character name. I assume the original intention was so you know that 2 characters were indeed the same player, but then I think it was taken out because of the security issue of making user ids public information 
Gravity, who seems to love doing client side stuff  , probably just removed the login id from being displayed, but never removed the login information being sent to users, so the haxorz probably just re-added that old functionality back into it  |
Sasami
Goddess in Training
Since: 02-18-02
From: Back in texas! YAY! college sucked!
Rating: 10 (1030 pts)
Since last post: 7773 days
Last activity: 7773 days
|
|
That's correct, go gravity!
as for the bruteforcing, they rarely go after just 1 account and try to brute force it, they go after tens of thousands of accounts at a time and try common passwords. |
Kyokushin-ka
 
Since: 05-02-02
Since last post: 8361 days
Last activity: 8394 days
|
|
| yep, and people don't usualy care about these passwords or change them every month. But it should be easier to do on their BBS, (they don't have SSL last I checked). |
Doomcraft
 
Since: 04-28-02
From: Portugal
Since last post: 8393 days
Last activity: 8382 days
|
|
Originally posted by Kyokushin-ka
yep, and people don't usualy care about these passwords or change them every month. But it should be easier to do on their BBS, (they don't have SSL last I checked).
I always had the idea that gravity's site was very "sensible" to hackers, thats why I havent changed my password yet. I keep hearing stories of people who got their password stolen from grav's site, or maybe im just being paranoid. 
--------------------
And once again our friend, and semi-hero posts again....
|
| 
