2010-01-18, 08:15 PM
Jellyflower Wrote:Maple allows passwords up to 12 characters longI'm pretty sure it allows passwords up to 20 characters long.
|
Any recent hacked accounts from Southperry users?
|
|
2010-01-18, 08:15 PM
Jellyflower Wrote:Maple allows passwords up to 12 characters longI'm pretty sure it allows passwords up to 20 characters long.
2010-01-18, 08:34 PM
(This post was last modified: 2010-01-18, 09:23 PM by Hiepocrite.)
-accidentally posted somehow-
2010-01-18, 08:38 PM
y0y0y0y0shi0 Wrote:I'm pretty sure it allows passwords up to 20 characters long. I just changed my password last night. Trust me when i say it's 12 characters long.
2010-01-18, 10:55 PM
Jellyflower Wrote:Here's something I've been thinking about. I'm still in the process in gathering data. Right now we're suspecting someone is cracking MD5 hashes, but this also applies to any encryption employing hashes. What you want is a 'strong' password. This is sort of ironic since the whole epidemic might have been prevented (but not forever) if the so called exploit is via hash match-up. First off, as you said yourself: You're assuming MD5. And second, you're assuming unsalted MD5. If the MD5-keys are salted, then knowing the password would be even harder, unless these guys knows the way the salting works. And even then, it's going to take forever as lookups doesn't give the required password.
i logged on yesterday, and my pin was changed. After I changed my pin back, I got on Hippo, my 132 shadower. It was then that I noticed my 107/16 fan (+6 hammered), 10 att scg (+2 hammered), 2 att 1str 1 luk palette ( +1 5 slots), Bloody Rose chair, 6 str icarus cape (1 slot), Red Designer chair, and my 1m mesos. Lol. I found the hacker (rabbyyms) with my stuff in his/her shop around 2-3 hours after I got back on; Unfortunately I didn't have nx to tag my items. I did send in a ticket describing the same incident and I posted screenshots but I highly doubt I'm gonna get anything back. : \
oh yeah, no-one knew my account info. gg. i just noticed they stole my palm chair too. LOL how jew
2010-01-18, 11:08 PM
Takebacker Wrote:I just changed my password last night. Trust me when i say it's 12 characters long.Oh. Nevermind then. I was always under the impression that the username and ign are 12 characters, password 20 characters. That's what most games and forums use.
2010-01-19, 01:40 AM
![]() FREE PW AND IDS lax security Quote:Since GMS has decided to be complete asshats to us for the past couple of years, we have finally decided it is time to treat those as they treat us. As you all say, it's one large community. One cannot be responsible for himself, he represents his peers as well. So, here you have it. Why have so many people been getting hacked? This:
2010-01-19, 02:01 AM
That's why I'm suggesting 'strong' passwords because hey, it wouldn't hurt. Going from 10 to 12 letters offer just below 9000x the protection in layman terms. That's pretty substantial if say an average account is compromised every hour because of using 10 letter pass and with standard bruteforce, that's delaying the intrusion by 375 days with said 12 letter recommendation. End result is, there's nothing but gain and no harm in this clause, given that your comp is clean, data transfer is authentic, Nexon servers and sites aren't infected/hijacked.
Also, does anyone remember or know of the exact date from Wizet -> Nexon management switch? Or when Nexon decides to drop security questions from the sign up process altogether? Has there been accounts hacked that were created in 2006, like the really old ones? I know there are some in 2007 but they seem to be late 2007.
By the way, I'm pretty sure "Vent" is Ecko, for anyone who's wondering. He types almost exactly the same as Ecko, with that pseudo Gangstathug typing style, and uses the "Owns" thing ("Ecko Owns").
Thought it was fairly obvious, but felt like throwing that out there. [video=youtube;zkSeuLPSVNU]http://www.youtube.com/watch?v=zkSeuLPSVNU[/video] Video description Wrote:chyeaaa. i ownt that kid. why? cuz he talkin mad pomegranate. i don't give a fk how messed up that is. if you talk sht to me then you deserve it. learn from other's mistakes kthx
2010-01-19, 02:52 AM
Spideyjvc Wrote:By the way, I'm pretty sure "Vent" is Ecko, for anyone who's wondering. He types almost exactly has Ecko, with that pseudo Gangstathug typing stle, and uses the "Owns" thing ("EckoOwns"). Are you freaking serious? I already heard enough infamous stuff from him. He only hacks those that messed with him, now this outbreak? *Raaage* Also, wtp at that video. IllegallySane Wrote:Are you freaking serious? I already heard enough infamous stuff from him. He only hacks those that messed with him, now this outbreak? *Raaage* Meh, well it seems like him anyway. He did make Smega's a few days ago in Bera using an account he stole saying he was giving free items and how it "Sucks don't it? Karma's a bitch" Then again, Ecko pretty much does his own thing for his own personal revenge. Maybe it isn't him after all. They sure as hell do type like each other. By the way, video was back in 07 when 26m will pretty damn good, and Zhelms actually meant something.
2010-01-19, 04:56 AM
Sorry if this is old/known news, but MS Sea has faced similar hacking problems. So I think GMS is now getting hit... Seems very similar to what's happening here... Basically the summary of below, hackers were able to get into MapleStory SQL database and getting hold of people's info. Guys think it's happening here?
http://maple-news.com/2008/09/14/maplesea-vs-china/
2010-01-19, 05:00 AM
Kubi Wrote:Sorry if this is old/known news, but MS Sea has faced similar hacking problems. So I think GMS is now getting hit... Seems very similar to what's happening here... Basically the summary of below, hackers were able to get into MapleStory SQL database and getting hold of people's info. Guys think it's happening here? This is REALLY old news.
2010-01-19, 05:36 AM
Yeah, it may be old news. But if Nexon America here has done the same way of having the info of people's account stored with the low security of their database like MS sea has and left it unchanged, I think the chances of it happening here is pretty high; people that has done the commonly known things of not sharing info with anyone and that sort of stuff, the only way to get that info is from nexon's database. So Nexon is still going on their belief that it's still the players fault for whatever happens, refusing that there's a leak, poor security, or whatnot on their side...
2010-01-19, 06:55 AM
GameMX Wrote:Wrong. It's scattershot as hell. I've seen 3 month old accounts get hit. It's possible to bypass the login server completely - by using a custom client. Or even just sending packets manually, works. The channel server accepts a character ID in the 2nd packet sent to it (1st would be encryption init). Since it is hard to do a foolproof check on that (not sure if Nexon checks, but they could check via IP..), anyone who has a working packet logger and a working custom client can just connect, enter your character ID, and bam, they have access to your character as if they logged in normally. Note that creating a custom client that can move around is haaard. And the reason why I state to use a custom client is because the real MS client checks if the character is the correct one; else it disconnects. Unless someone managed to remove that check, they would have to use a custom client. P.S. Am I giving too much information here? If so, delete/edit my post, thanks
2010-01-19, 09:59 AM
I got hacked and my account was made before '07.
If this was Ecko, all my characters would most likely be deleted or have their untradeable items dropped. Not to mention that most of my other rare items on my mules were not gone either, and my other accounts, as well as my girlfriend's who shares with me, would be hacked too. This is too random.
2010-01-19, 11:03 AM
Spideyjvc Wrote:Meh, well it seems like him anyway. He did make Smega's a few days ago in Bera using an account he stole saying he was giving free items and how it "Sucks don't it? Karma's a bitch" I know Ecko actually. It probably was him He went to my High School. He was a huge jerk irl, he used to harass and beat up the nerdy kids and weaker kids for no real reason at all. He was also smart. One time this kid stepped on his soes in class, he got pissed beat him up and got suspended. When he came back he found the kids laptop and hacked it and got him kicked out of school. At lunch he was laughing about it with his friends. He was a huge jerk to everyone even the teachers. he had a ton of equally as annoying friends and was basically having sex with every semi hot-hot girl in school and then would brag about it. If you argued with him he'd just laugh and say "I'm banging <x> today, you're at home playing WoW you ugly nerd. I'm better than you so your opinion is void. Shut up"
2010-01-19, 11:39 AM
(This post was last modified: 2010-01-19, 05:09 PM by LittlePrincess.)
Eosian Wrote:If they've already been on the account once they know all the characters on it and who to DC if they want to retake it. It would be more practical to add a new character to the account and idle on it. They have not been on the accounts I'm leaving logged in. They account they were on has nothing on it (I removed what the hacker found unworthy the first time) and as there is nothing to take, I don't bother leaving it logged in. Also I don't leave a main character logged in, I leave someone on the account logged in. It's only a main character when I'm present. I'm still a little confused about the login info the hackers obtained. Did they obtain a list from a set point in time, or are they continusly retreving data from the nexon servers? So do they have all our old pw & pin, or are they able to obtain new ones as well? Or do they just make notes of valuable accounts and try to brute fource a pw later in case the person tries to recover? Eosian Wrote:No, it's rather neutral. If your hash isn't found it means you've got a password that can't immediately be looked up, which is positive, but it also implies that some other method was used to bypass your pass/pin, which is somewhat bad for us, but honestly if you've already been hacked zeroing in on the how isn't going to be good or bad - it's already too late. I looked up the hash for the old pw on the account that was broken into and checked the hash using the links you provided. Mine was not listed. So that means bad news for us? It's not too late for me, I have over 15 accounts, so far they got one that I valued at 500m. My accounts that have probably 10-20b in items or nx are now left logged in 24/7 to minimize the probablity of anyone being able to get in. But naturally I'm interested in futher security methods. Well, I hope the hackers get a GM account. That would be great (and nexon would finally notice). Though probably GM accounts are limited to log in only at nexon's ip, but since nexon doesn't do anything else right why would they bother to get this one right? |
|
« Next Oldest | Next Newest »
|