So far I heard two chars getting their accounts hacked. I guess there are more such cases.
First thing a hacker tries is "guessing". So the more info you give out the better risk you are at. Unless you trust someone, don't give out much info.
AND TRY TO CHANGE YOUR PASSWORD AS OFTEN. AND TRY TO USE DIFFERENT PASSWORDS FOR DIFFERENT REGISTRATION THROUGH OUT THE WEB.
No reason to be afraid of. A li'l awareness is enough.
how old are you? vs Hacking factor
how old are you? vs Hacking factor
Last edited by iceslice on 04 Dec 2009, 13:31, edited 1 time in total.
Lets Chase MDGs...
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
Re: how old are you? vs Hacking factor
Most cases of account hacks in the past were because the account owners were using the same login and password on a different server.
We also had a series of successful social engineering attacks on Bjørn who gave passwords and accountnames to an unathorized person who posed as the owners of these accounts. But I am pretty sure Bjørn and everyone else with access to the account database is now much more careful after this embarrassing incident.
We also had a series of successful social engineering attacks on Bjørn who gave passwords and accountnames to an unathorized person who posed as the owners of these accounts. But I am pretty sure Bjørn and everyone else with access to the account database is now much more careful after this embarrassing incident.
- former Manasource Programmer
- former TMW Pixel artist
- NOT a game master
Please do not send me any inquiries regarding player accounts on TMW.
You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
Re: how old are you? vs Hacking factor
Amazing, how come passwords be left unencrypted...
Lets Chase MDGs...
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
Re: how old are you? vs Hacking factor
eAthena doesn'te ncrypt them on disk. even if it did, that could be hacked out, or coded added to put the valid username/password combinations in another file. The only way to stay safe is to use different username/password combinations on different servers.iceslice wrote:Amazing, how come passwords be left unencrypted...
Re: how old are you? vs Hacking factor
Don't blame us - blame the eAthena development team. Manaserv uses double SHA 256 hashing, by the way. First on the client side and then again on the server before storing in / comparing with the database.
But this still doesn't protect you from getting hacked when using the same password and username on a rogue server. A solution would be to use a different salt for every server when hashing on the client, but this would require a system for validating the identity of a server (a server should be able to change its name, hostname or IP without losing its players).
But this still doesn't protect you from getting hacked when using the same password and username on a rogue server. A solution would be to use a different salt for every server when hashing on the client, but this would require a system for validating the identity of a server (a server should be able to change its name, hostname or IP without losing its players).
- former Manasource Programmer
- former TMW Pixel artist
- NOT a game master
Please do not send me any inquiries regarding player accounts on TMW.
You might have heard a certain rumor about me. This rumor is completely false. You might also have heard the other rumor about me. This rumor is 100% accurate.
Re: how old are you? vs Hacking factor
@jaxad0127
In case one way encryption/hashing you cant regain passwords. Only the app system & the original user knows the password. In that case the only option left is renew password.
In case one way encryption/hashing you cant regain passwords. Only the app system & the original user knows the password. In that case the only option left is renew password.
Lets Chase MDGs...
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
ManaPortable (Vanilla Mana + ManaPlus) -- run 'em portably
http://manaportable.1sourceplus.com
http://manamac.1sourceplus.com
Game Server >> jadu.1sourceplus.org , jadu.1sourceplus.com
Re: how old are you? vs Hacking factor
eAthena sends password in plaintext.iceslice wrote:@jaxad0127
In case one way encryption/hashing you cant regain passwords. Only the app system & the original user knows the password. In that case the only option left is renew password.