Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Any recent hacked accounts from Southperry users?
Fumni Wrote:Lol, Blizzard actually has a dedicated customer service to help their players and game masters that don't just sign on every once in a blue moon to smega the servers with broken English and unleash a bunch of monsters to rob low level players of their experience. They get it.
Plus, keep in mind that the authenticator costs money, which I doubt Nexon would give to free to every yahoo that wants to play MapleStory. How much would Nexon charge players for this, if they even thought of doing this (which I can't see them doing ever)?
Nexon would have to fix a lot of their laundry list of problems, like having a decent customer service first and an actual police presence in the game before they could even think of using that authenticator.

No sure if it needs to go to the expense of having one of those personal authenticator, as Nexon only has $ in their mind. They could use some potion of a public key encryption to tighten up the account security, which would cut down on people sharing of accounts and also makes any simply keylogger useless. It would works something like this:

1. On a new account creation and the initial first login, Nexon will create a unique pair of public/private key and store the private key associate it to the account in the database. It sends the public key to the client and then discard it.
2. Once client received the public key it will store it on the client computer and use it on every login to encrypt the password and/or the pins then it send the end result to the server for login.
3. When the server received the login packet it will then lookup the account and use the private key associated to decrypt the password and/or the pins, then do the password hashing and compare against the stored password hash.
4. If the actual user wants to login using a different computer he/she will need to request a key reset from Nexon web site and Nexon will send an email with a random key phase which they need to type/copy paste into another location on Nexon's web site to basically reset their key state back to like when it is first created before any logins.
5. To handle multiple account on one computer, would need to have multiple copy of MS (in different directory), in order to store the multiple public keys needed.

This assume everyone has a valid/known email registered with Nexon, or Nexon can allow everyone to "re-register" their email on their existing account.
This also will move the most likely point of hacker attack from Nexon to various public email services and might also spawn a new form of hybrid virus/keylogger to capture the stored public key and the account info, but those are easier to defense, as it is within the user's control compare to what is happening now.

Critiques?
Reply


Messages In This Thread
Any recent hacked accounts from Southperry users? - by BDRyan - 2010-01-18, 01:09 AM
Any recent hacked accounts from Southperry users? - by ctblack - 2010-02-08, 01:56 PM

Forum Jump:


Users browsing this thread: 4 Guest(s)