Page 1 of 1
how old are you? vs Hacking factor
Posted: 04 Dec 2009, 12:57
by iceslice
So far I heard two chars getting their accounts hacked. I guess there are more such cases.
First thing a hacker tries is "guessing". So the more info you give out the better risk you are at. Unless you trust someone, don't give out much info.
AND TRY TO CHANGE YOUR PASSWORD AS OFTEN. AND TRY TO USE DIFFERENT PASSWORDS FOR DIFFERENT REGISTRATION THROUGH OUT THE WEB.
No reason to be afraid of. A li'l awareness is enough.
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 13:09
by Crush
Most cases of account hacks in the past were because the account owners were using the same login and password on a different server.
We also had a series of successful social engineering attacks on Bjørn who gave passwords and accountnames to an unathorized person who posed as the owners of these accounts. But I am pretty sure Bjørn and everyone else with access to the account database is now much more careful after this embarrassing incident.
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 14:23
by iceslice
Amazing, how come passwords be left unencrypted...
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 15:09
by Jaxad0127
iceslice wrote:Amazing, how come passwords be left unencrypted...
eAthena doesn'te ncrypt them on disk. even if it did, that could be hacked out, or coded added to put the valid username/password combinations in another file. The only way to stay safe is to use different username/password combinations on different servers.
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 15:14
by Crush
Don't blame us - blame the eAthena development team. Manaserv uses double SHA 256 hashing, by the way. First on the client side and then again on the server before storing in / comparing with the database.
But this still doesn't protect you from getting hacked when using the same password and username on a rogue server. A solution would be to use a different salt for every server when hashing on the client, but this would require a system for validating the identity of a server (a server should be able to change its name, hostname or IP without losing its players).
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 15:45
by iceslice
@jaxad0127
In case one way encryption/hashing you cant regain passwords. Only the app system & the original user knows the password. In that case the only option left is renew password.
Re: how old are you? vs Hacking factor
Posted: 04 Dec 2009, 19:30
by Jaxad0127
iceslice wrote:@jaxad0127
In case one way encryption/hashing you cant regain passwords. Only the app system & the original user knows the password. In that case the only option left is renew password.
eAthena sends password in plaintext.