Southperry.net
Any recent hacked accounts from Southperry users? - Printable Version

+- Southperry.net (https://www.southperry.net)
+-- Forum: Maplestory (https://www.southperry.net/forumdisplay.php?fid=15)
+--- Forum: Maplestory Discussion (https://www.southperry.net/forumdisplay.php?fid=31)
+--- Thread: Any recent hacked accounts from Southperry users? (/showthread.php?tid=20977)



Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

BombsAway Wrote:Oh god, it was on gdataonline. And so is the one I just changed it to yesterday.

Welcome to screwville. Population - everyone but that mysterious person named "Security"


Any recent hacked accounts from Southperry users? - Kawasari Mimoto - 2010-01-16

Eosian Wrote:You did it wrong, if that's exactly what you did.
You need to generate the hash of your password and look to see if the hash is in the reverse lookup, not just enter your plain text password there.

Oh, nope. I meant:

-Typed password on 1st link
-Obtained hash
-Typed hash on 2nd link
-Result?
-Not on file.


Any recent hacked accounts from Southperry users? - Chirdaki - 2010-01-16

Eosian Wrote:Welcome to screwville. Population - everyone but that mysterious person named "Security"

Whos Security? I asked my good buddy Bigfoot and he had no idea.


Any recent hacked accounts from Southperry users? - Cyadd - 2010-01-16

One of mine was on the first one, except to say that that one is a dictionary word, and one I only use to sign up for websites and services one time/ don't need a lot of protection on.


Any recent hacked accounts from Southperry users? - Kawasari Mimoto - 2010-01-16

I was messing around, and apparently, if you use 'digimon' names without capitalization, seems like all of their hashes cannot be found. Tried agumon, guilmon, etc so far.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

Kawasari Mimoto Wrote:I was messing around, and apparently, if you use 'digimon' names without capitalization, seems like all of their hashes cannot be found. Tried agumon, guilmon, etc so far.

Unfortunately the minute you say something like that on the internet it's no longer true.


Any recent hacked accounts from Southperry users? - Stereo - 2010-01-16

None of my 8+ character alphanumeric randomly generated passwords are on this list... probably cause there are around 3 trillion at 8 characters alone.

For account security I don't recommend thinking up your own password, use a secure local random number generator. I seed mine from IRC logs:f6:



Any recent hacked accounts from Southperry users? - GameMX - 2010-01-16

Stereo Wrote:None of my 8+ character alphanumeric randomly generated passwords are on this list... probably cause there are around 3 trillion at 8 characters alone.

For account security I don't recommend thinking up your own password, use a secure local random number generator. I seed mine from IRC logs:f6:

http://www.goodpassword.com/ ?


Any recent hacked accounts from Southperry users? - Duelman - 2010-01-16

ugghhhh I'm a little worried now...

my former password (the one I had for over 2years never changed till after the hacking) was on gdata online.

I looked up my newer pass it shows up on gdata, but the word is listed as "?????"

Also the joeswebtools does not save the hash correct?


Any recent hacked accounts from Southperry users? - Jellyflower - 2010-01-16

This is a good presumption. Except I would like to add that from the 'general feel' on the execution of the hackings.

It would be reasonable to say one would directly target the rich first, then the middle and so forth. I'm not saying such an attempt hasn't been tried, it might be used in conjunction on a smaller scale if success isn't imminent. The one that proves good result will probably be the more direct approach of generating hashes in order and compare each to the list of hashes of the database (if that's what the hacker is working with). The will explain the random targeting, rather than say alphatically order in terms of Nexon ID, or the chronological age of the account. (Which I assume is how the database is expanded, via account # index). From what I've read and gathered, doing reverse lookup for the entire list may seem reasonable at first for such a big target, you're bound to find a few matches of those that use weak passwords, and thus possibly stored somewhere in the vast sea of the internet, and the process isn't that intensive either since you're working with a finite list of accounts. Call it round 1.

Call 2 will be the ongoing generation of hashes that will compare to the database until one matches, hence the suggestion of daily random reported hackings. All of this is my personal take on the issue and should not be weighted seriously in any way. But one thing I suggest is using a really secure password to protect yourself right now. I believe Nexon allows up to 10 characters, so use 10 characters. 'Norma'l humans will probably go about generating hashes from smallest to largest bits from the root word. But backed by psychology, hackers may see through that and start with 10-letter passwords first since they believe the intellectual ones will fall in that category. So to compensate, you can try making all your password 9-character long. Of course, there is a lot of unsaid assumptions going on, such as uniformally distributed password in each subset of password-length, which itself is also uniformally distributed. If there are equal numbers of users whose password are of 4-10 letter length, starting with 4-letter combinations will yield you more chance per hit.

Again, I have no proof in regards to what's exactly happening. But given a reasonable scenario, this is what I can suggest in delaying the hacking. Cryptography is never 100% safe, but the time and resources to crack may not be worth to crack it in the end. The function is not 1-1 in most cases, meaning the hashes in this case do not necessary correspond to a unique password, so there's no easy way to work backwards and that's the basis of crytography. Without the given (starting point reference), traceback step by step is difficult and in cases impossible. There's also a small chance that a hash in MD5 can correspond to more than 1 root word. That is to say, more than 1 password may associate to the same hash so in an unlikely event that there's a 'simpler' version of your password and it's easily 'crackable', then you're doomed. (This is very rare collision, but it happens.)

Sorry for the long spew, just wanting to share what I've learned and provide answers to others who don't quite understand the mechanism behind crytography. I'm by no mean at expert nor have experience in cryptography except for basic RSA scheme and implementation of simple models. If this is what causing the hacking though, I do not blame Nexon, even though they can easily add in extra parameter such as salts if they haven't been using it already. With the advance of technology, it is a matter of time before transformation functions are broken, or even through a table of finite possibilities and outcomes. It is ironic that the infeasibility of cracking is what keeps us safe, yet as the day passes, technology allows more tedious task to be taken upon which renders infeasibility next to nothingness.


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

Duelman Wrote:I looked up my newer pass it shows up on gdata, but the word is listed as "?????"

Also the joeswebtools does not save the hash correct?

???? Means it wasn't found, but has been tried before.

And no, Joe's site doesn't save them, just a simple implementation of the MD5 itself.


Any recent hacked accounts from Southperry users? - TugboatWilly - 2010-01-16

Eosian Wrote:???? Means it wasn't found, but has been tried before.

And no, Joe's site doesn't save them, just a simple implementation of the MD5 itself.
so if you do get the "?????", you're still not safe? Frown


Any recent hacked accounts from Southperry users? - Eos - 2010-01-16

TugboatWilly Wrote:so if you do get the "?????", you're still not safe? Frown

More like "safe for now" - Someone tried to figure out what it was but wasn't successful. May or may not be at risk for future discovery.


Any recent hacked accounts from Southperry users? - TugboatWilly - 2010-01-16

mine showed up as "?????" for my accounts so i guess i'm screwed... eventually. Rolleyes


Any recent hacked accounts from Southperry users? - Sarah - 2010-01-16

Eosian Wrote:More like "safe for now" - Someone tried to figure out what it was but wasn't successful. May or may not be at risk for future discovery.

It seems like the standard result on gdata when there's no answer.


Any recent hacked accounts from Southperry users? - Lathan - 2010-01-16

yeah, on gdata everything I entered turned up as ????? and wasnt found on the other sites.


Any recent hacked accounts from Southperry users? - Fumni - 2010-01-16

with my old password I got...

MD5=hash not found
GData=????
hashcrack=hash not found

with my new password I got...

MD5=hash found
GData=????
hashcrack=hash not found

pineapple, I need to come up with a new password. But that doesn't explain how they got into my old account unless there is another leak.


Any recent hacked accounts from Southperry users? - Stereo - 2010-01-16

Jellyflower Wrote:This is a good presumption. Except I would like to add that from the 'general feel' on the execution of the hackings.

It would be reasonable to say one would directly target the rich first, then the middle and so forth. I'm not saying such an attempt hasn't been tried, it might be used in conjunction on a smaller scale if success isn't imminent. The one that proves good result will probably be the more direct approach of generating hashes in order and compare each to the list of hashes of the database (if that's what the hacker is working with). The will explain the random targeting, rather than say alphatically order in terms of Nexon ID, or the chronological age of the account. (Which I assume is how the database is expanded, via account # index)..

The exact order of hacking really depends what resources the hacker is exploiting.

Since the MS website shows the characters on the account, and all you need to provide is account name + password, they could be logging each cracked password in there, and targeting higher level characters first. It's probably faster to request logins that way than through the client, and easier to run multiple logins parallel. I'm not sure if the website even has safeguards against people attempting potentially thousands of different logins a day.

If they actually have access to the DB, they could be targeting characters based on other attributes - say they found how to request mesos or equips tables, and they're just filtering by the Zakum/Scarlion/Targa Helm id# to target richer players (almost everybody has one, unlike weapons or other equip slots). Or, since they seem to make a habit of Karma-Scissoring valuable items away, maybe they request NX-cash totals.



Any recent hacked accounts from Southperry users? - Raffy♥ - 2010-01-16

[SIZE="1"]Successfully obtained hash for two passwords, but they were not found anywhere.[/SIZE]


Any recent hacked accounts from Southperry users? - CrimsonJohnny - 2010-01-16

No finds on hashes, but I got the ????s on that one site.

Guess it's only a matter of time for my account, some friends got hacked this week too.