Posting Freak
Posts: 1,064
Threads: 34
Joined: 2008-07
RoxStarz Wrote:Its real simple. If you kill the little slimes the come out of King Slime after kill the King Slime in Kerning PQ. You are going to get hacked (and get a bad prize). If you don't kill the little slimes you will get a good prize and you won't get hacked.
I lol'd.
This myth has been going around ever since maple started, and people still believe it.
Posting Freak
Posts: 6,070
Threads: 229
Joined: 2008-07
2009-01-27, 01:04 AM
(This post was last modified: 2009-01-27, 01:09 AM by KajitiSouls.)
bio9205 Wrote:In MSEA, some China hackers got hold of Asiasoft's database of passwords (Yes, every single account. Scary, eh?) and hacked into almost every account. Those who didnt change their passwords were doomed.
Another time, hackers would scroll a gawdleh item, decode the entire item, place a tracker inside, and sell it in the FM for a really cheap price like 1 mesarz. When someone buys it, all the hacker needs to do is track the item, and somehow (i have no idea how) get the password, and the account is hacked. Sweet, no?
These are TRUE. Not just speculations.
Damn, MSEA's pw hash function must really suck or something (if they didn't use a one-way function at all, MSEA needs to reconsider their security). A dictionary attack should really only be able to recover roughly 70% of the passwords at best.
The only way I can even remotely see the 2nd hack being deployed is if the hacker tracked the unique instance of that item via some ID number. Other than that, it's pretty much not possible.
I personally am a victim of social engineering. Nothing definitive can be made out of the incident unfortunately.
Senior Member
Posts: 745
Threads: 42
Joined: 2008-07
Gender: Male
Country Flag: Hawaii
IGN: Enstraynomic
Server: LoL US
Level: 30
Job: Jarvan IV
KajitiSouls Wrote:Damn, MSEA's pw hash function must really suck or something (if they didn't use a one-way function at all, MSEA needs to reconsider their security). A dictionary attack should really only be able to recover roughly 70% of the passwords at best.
I think they were able to obtain MSEA passwords because their rankings page was exploitable to display the characters log-in info or something. (That explains why their Rankings page is unavailable.)
Posting Freak
Posts: 6,070
Threads: 229
Joined: 2008-07
Judgment Wrote:I think they were able to obtain MSEA passwords because their rankings page was exploitable to display the characters log-in info or something. (That explains why their Rankings page is unavailable.) 
Even then, the passwords should really only be stored on a server in their (special) hash function product. They don't need to know the password itself; if the user can provide a password that hashes to the value keyed to the user's login ID, then they're good to go.
(technically there could be infinite values that can hash to any one hash, but the odds of this happening are pretty much nil for good hash functions)
Senior Member
Posts: 470
Threads: 36
Joined: 2008-07
KajitiSouls Wrote:The only way I can even remotely see the 2nd hack being deployed is if the hacker tracked the unique instance of that item via some ID number. Other than that, it's pretty much not possible.
Even with that it is not possible.
Won't Be Coming Back
Posts: 623
Threads: 46
Joined: 2008-09
Judgment Wrote:I think they were able to obtain MSEA passwords because their rankings page was exploitable to display the characters log-in info or something. (That explains why their Rankings page is unavailable.) 
they used an sql injection exploit through the rankings. im still shocked that such a big company didnt care to fix sql injections, which is the most basic method of hacking websites.
Member
Posts: 109
Threads: 11
Joined: 2008-08
haha01haha01 Wrote:they used an sql injection exploit through the rankings. im still shocked that such a big company didnt care to fix sql injections, which is the most basic method of hacking websites.
I am shocked that such a big company can't spell the names of simple items right and has a difficult time creating sentences that are grammatically correct (although they do seem to be getting better at it.)
To the person above that mentioned the Kerning PQ slime myth. I still remember people spazzing out for killing the slimes. "NOW WE'RE GONNA GET ORES. YOU #$!#&@@@."
Not to be outdone by the Kerning PQ myth though, is the mushmom spawn legend. If you start at the top and kill the fiery's one by one in a certain order when you get to the bottom a mushmom WILL SPAWN. How did my friend know this? "Because a lvl 70 told me."
Posting Freak
Posts: 6,052
Threads: 182
Joined: 2008-07
also, when 10 snails accumulate at the top of the Mano map, it spawns lol.
Member
Posts: 167
Threads: 1
Joined: 2008-11
I can't say I have any sympathy for people who have been hacked through Social Engineering. There is a reason why the game constantly reminds you to NOT give out your info.
But, nonetheless, such things as sharing accounts for fun, or for leeching purposes, or now, for the purpose of getting "helmed." I even had a player in my alliance offer to pay one of us 30m to level one of his noob characters from 24-30. And when I spoke out about it, I got laughed at. "Oh just move ur stuff to another account." That's all well and good, but I wouldn't want something to happen to my ACCOUNT, either.
Posting Freak
Posts: 1,235
Threads: 69
Joined: 2008-07
I got hacked through my email~
Someone hacked my email account and got my info-
I changed my pin-
That sucked so much...
And I don't give out my email info- nor know anyone who even plays maple IRL...
So-
There are many ways to get hacked.
Senior Member
Posts: 358
Threads: 25
Joined: 2008-10
I must agree I think it depends on the user. The ways that I think it's possible to get hacked are via giving out your info or a keylogger from a website or from an instant messanger. That is just my guess I don't know if I am right.
Senior Member
Posts: 686
Threads: 73
Joined: 2008-07
Chompy Wrote:I got hacked through my email~
Someone hacked my email account and got my info-
I changed my pin-
That sucked so much...
And I don't give out my email info- nor know anyone who even plays maple IRL...
So-
There are many ways to get hacked.
Lol...
There is only 2 ways to get your account hacked.
1.) Giving your information out.
2.) Getting keylogged, this can be easily avoided. And no matter how they send it through what input, it's still the same way.
If you're using Firefox, I recommend NoScript add-on, and also be wise about what you view... same with what files you accept from Instant Messengers. Don't accept anything *.exe obviously.
Won't Be Coming Back
Posts: 1,538
Threads: 68
Joined: 2008-07
2009-02-03, 06:10 PM
(This post was last modified: 2009-02-03, 06:13 PM by Greg22.)
Everyone that's ever been hacked got hacked because they were a dumbf(uck on the interbutts or gave their information to a "friend".
As long as you're not some retarded 13 year-old and download anything the internet tells you to, you'll be fine.
|