|
|
On February 22 2013 09:31 Mithhaike wrote:Show nested quote +On February 22 2013 01:46 crms wrote:
Same way people always get hacked.
they download 'cheats'
they click stupid links
they have the same pw for everything
they have keyloggers on their system
they join shady 'community' forums and use the same pw
There is nothing inherently broken in PoE that will make you get hacked. It's 100% user being careless, stupid or just unlucky. This is pretty much bullshit... i am a very careful guy on the internet. my gaming desktop is used for only 1 thing, gaming. I dont even watch shows on it. I have a laptop that is a throwaway that I use for surfing the web + download shows etc. Email etc is opened only on that throwaway laptop. My password are a mixture of alphabets+numbers...which has been rated High level of protection in pretty much all games. I dont ever open email from people i dont know,or click on links like a fool. Results? I've NEVER been hacked in ANY games. POE is the first time. I call shennigans on GGG. This is definitely their end.
It's completely irrelevant if your password is "dudehorseswimmingpool" or "N0q6rMlHIdRyJC3QXm" if they are actually brute forcing things.
Relevant xkcd: http://xkcd.com/936/
|
Then its still GGG end for allowing brute forcing. There's nothing the user can do against brute force. Only the server(GGG) can do anything about that.
|
On February 22 2013 09:43 Mithhaike wrote:
Then its still GGG end for allowing brute forcing. There's nothing the user can do against brute force. Only the server(GGG) can do anything about that.
Assuming you only use lower case letters and numbers 1-0, a 20 character password has 13367494538843734067838845976576 possible combinations.
If you can find a method to brute force that, please share it with the international community.
I found an even better quote, just to showcase that anyone who claims his 20 character password got "hacked by bruteforcing" is a plain idiot:
if you can get 10 passes tried for 5 minutes
13,367,494,538,843,734,067,838,845,976,576
It will take
6,683,747,269,421,867,033,919,422,988,288 minutes, or 111,395,787,823,697,783,898,657,049,804.8 hours
4,641,491,159,320,740,995,777,377,075.2 days
17,216,414,135,125,317,796,650,348 years
17,216,414,135,125,317,796,650 Milleniums
The earth has only been around for about 4,000,000,000 years, so that involves
3,179,103,533,781,329 of earths lifes
...to hack your personal path of exile account.
|
On February 22 2013 08:19 Spazer wrote:
What's stopping them from taking your quality gems? <_<
That's something I ask myself everyday since I got hacked yesterday. What actually stopped them from taking my quality gems too.
|
I did not claim I have 20letters, thats someone else. I only have a combination of letters & numbers which is randomised.
2ndly...your claim of 10passes tried for 5mins is pretty darn slow. Here's a better figure at the speeds involved.
http://www.lockdown.co.uk/?pg=combi#Classes
Go bottom. Classes of attacks. Your period of time is pretty much correct for 20 letters password though. However if you do not have 20letters(like most people. Mine has 10)...according to the 36letters(alphabets+numerals) section, it will take only 1.5hr to instantly to crack a 5letter password. Mine has 10, but it's not going to take long anyway.
+ Show Spoiler +A. 10,000 Passwords/sec
Typical for recovery of Microsoft Office passwords on a Pentium 100
B. 100,000 Passwords/sec
Typical for recovery of Windows Password Cache (.PWL Files) passwords on a Pentium 100
C. 1,000,000 Passwords/sec
Typical for recovery of ZIP or ARJ passwords on a Pentium 100
D. 10,000,000 Passwords/sec
Fast PC, Dual Processor PC.
E. 100,000,000 Passwords/sec
Workstation, or multiple PC's working together.
F. 1,000,000,000 Passwords/sec
Typical for medium to large scale distributed computing, Supercomputers.
Distributed.net's Project Bovine RC5-64 possibly the fastest computer on earth has recently reached a speed of 76.1 Billion passwords per second!
In other words, me as a end user has reasonably done his part. It should have been on GGG's part to disable the possibility of brute forcing via simply limiting number of tries on a account password.
There's limited of things we can do without compromising too much on the user end(good luck trying to remember a 20letter password, even worse if it's randomised with numerals involved).
yes i realise there's programs like the Passlock generator that generates passwords & save them in a file for you...but it isn't reasonable for people to use those because it's very inconvienent. I do not use those programs because i have no desire to be dependent on a single program to control all my passwords. Imagine if something went wrong, you do not have access to the program, or the program was corrupted. Your pretty much screwed to remember that long randomised password.
|
.......................
10 character password, 36 possible characters, not case sensitive: 3656158440062976 possible combinations.
Assuming your supercomputer who can solve 1000000000 possible passwords per second that means it will take said supercomputer...
42 days to crack your password. Just yours. No one elses.
Your password. Did not. Get bruteforced.
|
Canada8033 Posts
On February 22 2013 09:36 Pwere wrote:
@Spazer, if you can't afford a white ilvl 75+ ring, then you certainly can't afford to run around with an ilvl 100 ring. It just makes no sense to risk losing something that will be really valuable as soon as A4 hits. So, sure, you can obtain it in ~10 hours if you're good, but it's not smart to equip it.
I'm not saying to equip it. I'm saying low level/poor characters don't have access to high ilvl rings. Regardless of whether you use it or not, that coral ring has a higher intrinsic value than a ring you find in a monster level 15 area.
Edit:
On February 22 2013 10:19 Fawkes wrote:Show nested quote +On February 22 2013 08:19 Spazer wrote:
What's stopping them from taking your quality gems? <_< That's something I ask myself everyday since I got hacked yesterday. What actually stopped them from taking my quality gems too.
I actually wonder if it'd be worthwhile creating a throwaway character where you stash all your currency if you're really worried. After all, they might only check your stash and/or high level characters, lol.
|
|
|
|
|
I wonder how many days it would take to guess your email address.
|
It pretty much boils down to weak/not encrypted databases being stolen (it was Sony where this happened right?) or user failure. The latter is pretty hard to accept tho. =P
|
On February 22 2013 10:43 r.Evo wrote:
.......................
10 character password, 36 possible characters, not case sensitive: 3656158440062976 possible combinations.
Assuming your supercomputer who can solve 1000000000 possible passwords per second that means it will take said supercomputer...
42 days to crack your password. Just yours. No one elses.
Your password. Did not. Get bruteforced.
THey will never admit that it was something on their end. It's a sad truth that will lose plenty of players for GGG but maybe we're better off without having people who believe someone is out to get their personal PoE login and would waste months/years (lol game hasn't even been out for a year) to get a fucking account of a random person.
|
I could see a popular streamers account getting brute forced if they had a reasonably short password and typed it on stream (so you know # of characters)
mass brute forcing of passwords just isn't feasible though.
So its either User Error or GGG screwing up.
|
I just dl'd PoE again after a long, long hiatus (think waaay back in closed beta).
Me and sometimes a friend are going to start playing. My general love of D2 came from the fact that I could gear up a barbarian and just kill anything. I loved running around A5 killing stuff. I don't really like dying. I don't necessarily want an OP class (a la twinked out hammerdin), but what chars are capable of roaming solo and killing large swathes of enemies (or tough individuals) throughout most of the game (especially late-game)?
|
On February 22 2013 11:01 r.Evo wrote:
It pretty much boils down to weak/not encrypted databases being stolen (it was Sony where this happened right?) or user failure. The latter is pretty hard to accept tho. =P
I'm only pointing out that GGG should have prevented ANY Brute Forcing from happening via a simple step.
Luckily POE is a free game. My gear/gems are still there(quality gems not taken phew,valuable gems like Reduced Mana & chain still inside my stash), i've lost all my currency which is not a biggie(im a poor guy rofl) but its the fact i've gotten hacked for the first time ever that pissed me off. With my precautions, i've been safe while gaming for over 10years (started gaming when i was 13, im 26now).
It's pretty hard to accept that im the weak link i admit, seeing how i've been hack-free and safe for over 10years,it's only reasonable & fair to put the scrutiny on GGG instead.
|
On February 22 2013 11:18 KurtistheTurtle wrote:
I just dl'd PoE again after a long, long hiatus (think waaay back in closed beta).
Me and sometimes a friend are going to start playing. My general love of D2 came from the fact that I could gear up a barbarian and just kill anything. I loved running around A5 killing stuff. I don't really like dying. I don't necessarily want an OP class (a la twinked out hammerdin), but what chars are capable of roaming solo and killing large swathes of enemies (or tough individuals) throughout most of the game (especially late-game)?
LA/chain/lmp ranger or marauder.
I'm level 86 and have been capable of steam rolling maps since level 74
dual totems is pretty powerful as well whether it be freeze pulse, ice spear or spark
|
On February 22 2013 11:19 Mithhaike wrote:Show nested quote +On February 22 2013 11:01 r.Evo wrote:
It pretty much boils down to weak/not encrypted databases being stolen (it was Sony where this happened right?) or user failure. The latter is pretty hard to accept tho. =P I'm only pointing out that GGG should have prevented ANY Brute Forcing from happening via a simple step. Luckily POE is a free game. My gear/gems are still there(quality gems not taken phew,valuable gems like Reduced Mana & chain still inside my stash), i've lost all my currency which is not a biggie(im a poor guy rofl) but its the fact i've gotten hacked for the first time ever that pissed me off. With my precautions, i've been safe while gaming for over 10years (started gaming when i was 13, im 26now). It's pretty hard to accept that im the weak link i admit, seeing how i've been hack-free and safe for over 10years,it's only reasonable & fair to put the scrutiny on GGG instead.
Please tell us again, if they had people accounts why they would pick yours? If hackers had gotten into GGG's database and somehow stole logins, why you? Or anyone in this thread for that matter? Why would they waste their time bruteforcing yours, instead of say, krips? Or any other well known player or someone on the top of ladder? They have more gear, it'd make a bigger scene, so on and so forth. Something just isn't making sense to me.
|
On February 22 2013 11:29 Infernal_dream wrote:Show nested quote +On February 22 2013 11:19 Mithhaike wrote:On February 22 2013 11:01 r.Evo wrote:
It pretty much boils down to weak/not encrypted databases being stolen (it was Sony where this happened right?) or user failure. The latter is pretty hard to accept tho. =P I'm only pointing out that GGG should have prevented ANY Brute Forcing from happening via a simple step. Luckily POE is a free game. My gear/gems are still there(quality gems not taken phew,valuable gems like Reduced Mana & chain still inside my stash), i've lost all my currency which is not a biggie(im a poor guy rofl) but its the fact i've gotten hacked for the first time ever that pissed me off. With my precautions, i've been safe while gaming for over 10years (started gaming when i was 13, im 26now). It's pretty hard to accept that im the weak link i admit, seeing how i've been hack-free and safe for over 10years,it's only reasonable & fair to put the scrutiny on GGG instead. Please tell us again, if they had people accounts why they would pick yours? If hackers had gotten into GGG's database and somehow stole logins, why you? Or anyone in this thread for that matter? Why would they waste their time bruteforcing yours, instead of say, krips? Or any other well known player or someone on the top of ladder? They have more gear, it'd make a bigger scene, so on and so forth. Something just isn't making sense to me.
Wrong person to ask. I am not the hacker. What i can give you is assumptions on my end.
Assumption 1) They probably wont want to make a large scene. easier to carry on their work. "random player gets hacked? its definitely that guy who didnt take his precaution, he's a fool that clicked on phishing links/download stuff without any idea of what he's doing....a well known guy get hacked? SOMETHING IS WRONG HERE"
What im trying to say here is that if it's not brute forcing, then its something on GGG's end which they will never announce. I assume it's brute forcing because it's a smaller issue than GGG having a security breach(and its partly my fault in this case). But hell if you want me to take that stance im okay with it, after all i've already lost all my currencies. So lets take it as "GGG has a security breach! Look at all the people who got hacked!" instead if it makes you feel better
Oh incase you didnt notice, your basically posting no opinions except questions? That's a good way to incite flames btw? See what im doing here? I'm sure you dont though? Let's carry on talking with questions instead of statements/opinions? Your posting just isn't making sense to me?
|
Wonder how many of the "hacked" people tried to download the fake bot for poe.
|
On February 22 2013 12:01 Mithhaike wrote:Show nested quote +On February 22 2013 11:29 Infernal_dream wrote:On February 22 2013 11:19 Mithhaike wrote:On February 22 2013 11:01 r.Evo wrote:
It pretty much boils down to weak/not encrypted databases being stolen (it was Sony where this happened right?) or user failure. The latter is pretty hard to accept tho. =P I'm only pointing out that GGG should have prevented ANY Brute Forcing from happening via a simple step. Luckily POE is a free game. My gear/gems are still there(quality gems not taken phew,valuable gems like Reduced Mana & chain still inside my stash), i've lost all my currency which is not a biggie(im a poor guy rofl) but its the fact i've gotten hacked for the first time ever that pissed me off. With my precautions, i've been safe while gaming for over 10years (started gaming when i was 13, im 26now). It's pretty hard to accept that im the weak link i admit, seeing how i've been hack-free and safe for over 10years,it's only reasonable & fair to put the scrutiny on GGG instead. Please tell us again, if they had people accounts why they would pick yours? If hackers had gotten into GGG's database and somehow stole logins, why you? Or anyone in this thread for that matter? Why would they waste their time bruteforcing yours, instead of say, krips? Or any other well known player or someone on the top of ladder? They have more gear, it'd make a bigger scene, so on and so forth. Something just isn't making sense to me. Wrong person to ask. I am not the hacker. What i can give you is assumptions on my end. Assumption 1) They probably wont want to make a large scene. easier to carry on their work. "random player gets hacked? its definitely that guy who didnt take his precaution, he's a fool that clicked on phishing links/download stuff without any idea of what he's doing....a well known guy get hacked? SOMETHING IS WRONG HERE" What im trying to say here is that if it's not brute forcing, then its something on GGG's end which they will never announce. I assume it's brute forcing because it's a smaller issue than GGG having a security breach(and its partly my fault in this case). But hell if you want me to take that stance im okay with it, after all i've already lost all my currencies. So lets take it as "GGG has a security breach! Look at all the people who got hacked!" instead if it makes you feel better Oh incase you didnt notice, your basically posting no opinions except questions? That's a good way to incite flames btw? See what im doing here? I'm sure you dont though? Let's carry on talking with questions instead of statements/opinions? Your posting just isn't making sense to me?
I posted legitimate questions. Why would I post opinions? I asked you questions because your claims are bullshit and don't make sense. What you did in your last paragraph is a good way to incite flames. What you're claiming is a good way to incite flames. What I did was ask why in the fuck you think your particular account got hacked out of the thousands of people. I'm sorry that you got offended, but I'm still saying it's your fault. This is a forum, if I wish to ask questions in my post then I can, If I wish to answer them, then i can. Don't understand why you got so angry over the format of my post. Probably because you finally understand the absurdity of your claims.
|
|
|
|
|
|
EPT
