253 réponses à ce sujet

[ultima03]

It's not a priority for Bioware to not look bad?

[NWN DM]

ultima03 wrote...

It's not a priority for Bioware to not look bad?

A 10 year old game made for a different publisher is probably a ways down the list.

[ultima03]

NWN DM wrote...

ultima03 wrote...

It's not a priority for Bioware to not look bad?

A 10 year old game made for a different publisher is probably a ways down the list.

10 years or not, as long as the service is running, the security must be top priority. i think

[NWN DM]

Personally I agree with the essence of your statement.

However, in practical terms, the game is 10 years old and the revenue stream isn't going to the current owner of BioWare, so I think we need to be realistic.

Whatever is being worked on is likely a side project or a personal interest in "spare time" type of endeavour for one person.

That we're still getting any support/acknowledgement at all is amazing frankly.

Anyone who is so worried that they create an account here to complain about it should probably stop playing until it's fixed (there is a Community solution posted btw).

[ultima03]

Not only we should all stop playing, but when Master Server Authentification is down, everything should be down. Until now ignorance was the only thing that prevented against 9 years of potential hack, vault wipes and other troubles stated previously, because MSA was down time to time also by then. The fix provided by funkyswerve and other people are just weak workarounds that will never replace MSA. And I'm being realistic when I'm saying that the Bioware name is engaged when the security of its old or newer community is compromised, and that's really worth time and cash investment. Not sure how much effort that would require, but it's necessary, or close entire nwn traffic : no more problems. (but even old diablo online is still running) Also i know 2-3 well known servers that got partially wiped just because a guy decided to write down players account and log into them, and they wait a good protection to launch server again.

Modifié par ultima03, 04 janvier 2012 - 04:05 .

[ehye_khandee]

ultima03 wrote...

I'm not sure for how long this thing is down but there is a security breach for all servers

1 - Anyone can enter any account without knowing the password
2 - Inside the account they can delete the character if the server offer the option
3 - They can delevel - relevel if the server offers the option
4 - They can impersonate
5 - They can mess with the purchased items (sell them) and also mess with quicklots

Some server offers the option to protect their character with an in-game password, and thats another security problem :

1 - We don't know if they encrypt password
2 - No notice to prevent people from using a password that's used for an email or other importants things.

Putting
a password in-game only protect against server options (delete/relvel)
if coded properly, it won't protect from selling all items,
impersonating, etc.

It is therefore critical that the master
server authentification comes back as fast as possible. It has been away
too long and that caused a lof of torouble, character wipes, and vault
wipes.

Please take this into serious consideration

Obviously, this is all new for you. For the rest of us and certainly for most of the server operators out there, we are and have been aware for some time (months and months and months). Some server operators have taken action to tighten security and prevent these very things (again months and months ago), some with the offered code, others with custom systems. While some few server operators have not done so, the risk is all theirs and their players'.

In later portions of this thread you suggest NWN should be 'disabled' this is an utterly foolish kneejerk response. Those of us who understand the situation have taken suitable action. It is as it has been ALL UP TO THE SERVER HOST to secure their systems as they see fit. There are still many of us who play this game, how would angering all of the remaining players help bioware's image? Your logic is lacking here.

If you are fearful of playing, do not play.

If you are fearful of hosting, do not host.

Insisting that the rest of us stop playing because you are afraid is a total non-starter.

Be well. Game on.
GM_ODA

24x7 we bring the game. 66.232.100.90  cep2.1 +
http://playnwn.com

[ultima03]

ehye_khandee wrote...

ultima03 wrote...

I'm not sure for how long this thing is down but there is a security breach for all servers

1 - Anyone can enter any account without knowing the password
2 - Inside the account they can delete the character if the server offer the option
3 - They can delevel - relevel if the server offers the option
4 - They can impersonate
5 - They can mess with the purchased items (sell them) and also mess with quicklots

Some server offers the option to protect their character with an in-game password, and thats another security problem :

1 - We don't know if they encrypt password
2 - No notice to prevent people from using a password that's used for an email or other importants things.

Putting
a password in-game only protect against server options (delete/relvel)
if coded properly, it won't protect from selling all items,
impersonating, etc.

It is therefore critical that the master
server authentification comes back as fast as possible. It has been away
too long and that caused a lof of torouble, character wipes, and vault
wipes.

Please take this into serious consideration

Obviously, this is all new for you. For the rest of us and certainly for most of the server operators out there, we are and have been aware for some time (months and months and months). Some server operators have taken action to tighten security and prevent these very things (again months and months ago), some with the offered code, others with custom systems. While some few server operators have not done so, the risk is all theirs and their players'.

In later portions of this thread you suggest NWN should be 'disabled' this is an utterly foolish kneejerk response. Those of us who understand the situation have taken suitable action. It is as it has been ALL UP TO THE SERVER HOST to secure their systems as they see fit. There are still many of us who play this game, how would angering all of the remaining players help bioware's image? Your logic is lacking here.

If you are fearful of playing, do not play.

If you are fearful of hosting, do not host.

Insisting that the rest of us stop playing because you are afraid is a total non-starter.

Be well. Game on.
GM_ODA

24x7 we bring the game. 66.232.100.90  cep2.1 +
http://playnwn.com

Your work-around, and funkyswerve workaround, and other workaround, are nothing but workarounds.  And the way you see things is not very professional nor responsible. Master Server Authentification is the responsibility of bioware, if its down, all consequences are their fault.

What's going on now? Passwords (what a joke) simply don't work.
Let's tell another company, maybe it will do their day.

Modifié par ultima03, 04 janvier 2012 - 06:46 .

[NWN_baba yaga]

I love nwn!

[wyldhunt1]

consequences?
I wonder what consequences you've endured which make shutting down all of NWN the best option.
Did someone manage to steal any of the following from you by bypassing MSA?
Real Name?
Credit Card Info?
Home Address?
Imaginary Pixel Sword +3?

For starters, it is possible to make a server secure without MSA. If a server is not completely secure, then their programmer needs to fix it. You can prevent hackers from deleting your character or dropping your items from the event scripts and/or the code they use to delete characters. Just set a var on login that tags the character as potentially hacked and don't allow them to do anything until that var is cleared.

Second, the worst info that they could steal would be your IP. That could only happen if the server admins were very inefficient, and it'd be much easier to grab your IP from a anywhere else on the internet anyway...
If you're afraid that hackers will somehow grab your personal info, they can't. Servers don't keep it. Even if they did, it would usually be easier to just Google peoples screen name to grab a load of info on them.

If you're saying that you'd rather shut down NWN rather than take a chance on someone stealing your Imaginary Pixel Sword +3, I disagree. Your sword is not worth that much.
And, it'll only happen if the server admin can't figure out how to

if (GetLocalInt(oPC, "HACKED")) return;

Modifié par wyldhunt1, 04 janvier 2012 - 07:46 .

[Himmelweiss]

It is not the job of the people who host the servers to secure any bioware accounts!

NWN1 Diamond edition is still being sold on Amazon and several other shops.
People who buy it today will notice that the game currently is broken due to no Master Server.

I do not care about any workarrounds, the current lack of an Master Server is a high risk for any consumer who buys the product and plays the game online.
Not everyone is going to read these forums, they will just install and play the game only to figure out sooner or later that someone logged in with his toons.

It is amazing how long it takes to setup a new Master Server.
Nobody would be pissed if the speed was a bit better at bioware. I seriously do not know what takes bioware so long to setup a new simple Master Server. And yes it is very simple to set one up. Takes you at MAX 1 week. And even 1 week would be a slow rate.

We wait since what... how many month? This is a joke and shows zero respect to the consumers.

[WhiZard]

Himmelweiss wrote...
We wait since what... how many month? This is a joke and shows zero respect to the consumers.

BioWare has many games, and this one is not priority.  Also due to the BioWare account hak, there may be several legal constraints needed to be met to allow MS authentification hosting to continue.

As for work-arounds, one simple one is to only allow a character to login to the IP address from which it was created.  Doesn't block other people impersonating the account or viewing the account's characters, nor does it help you login from many different computers, but it would block in-game control and impersonation of the character.

[wyldhunt1]

@WhiZard
Using IP's seems like a good way of doing it until one of your players has a power outage or has to re-boot their modem for some reason. Their IP will change and they'll be locked out.
The easiest way is actually very similar to the one stickied on these boards. Compare the Player Name with the CD key and make sure that they match (The sticky allows a player to register multiple cd keys). Mark them as HACKED to make sure that they can't take any actions at all and either boot/ban them by IP/CD Key as you see fit if they don't match.

@Himmelweiss 
We don't have to secure any of Biowares accounts. We don't even have access to your Bioware accounts. We can't protect them or create any vulnerabilities.
All we have access to, and can protect for you, are your server side NWN characters. My server is not a Bioware account. Neither are the toons in my server vault.
You keep acting like there is some risk of something important being stollen if a server admin fails to protect your toon for you.
Is there something I'm missing here?

Modifié par wyldhunt1, 04 janvier 2012 - 10:30 .

[henesua]

There is nothing that you are missing, wyldhunt1. Its merely hysteria about something that isn't all that important. People are being slaughtered in syria for demanding basic democratic processes in their country. And yet this is what upsets someone? Absurd.

[Himmelweiss]

WhiZard wrote...

Himmelweiss wrote...
We wait since what... how many month? This is a joke and shows zero respect to the consumers.

BioWare has many games, and this one is not priority.  Also due to the BioWare account hak, there may be several legal constraints needed to be met to allow MS authentification hosting to continue.

As for work-arounds, one simple one is to only allow a character to login to the IP address from which it was created.  Doesn't block other people impersonating the account or viewing the account's characters, nor does it help you login from many different computers, but it would block in-game control and impersonation of the character.

That is not an reason why it takes several month to set up a simple, secure server with an simple database that takes care of the simple bioware nwn accounts.
I'm a developer since 17 years and in our office we have several pros that can setup a super secure server in 1 or 2 days.

Many games is for sure not a reason why a company can't setup a server. You just need 1 dude to accomplish this.

Also, the IP workarround is absolutely stupid, what do you make with players who do not have a static IP?
A good example here is germany's telecom, reconnects every 24 hours, every 24 hours you do have a new dynamic IP!

[Himmelweiss]

@Himmelweiss 
We don't have to secure any of Biowares accounts. We don't even have access to your Bioware accounts. We can't protect them or create any vulnerabilities.
All we have access to, and can protect for you, are your server side NWN characters. My server is not a Bioware account. Neither are the toons in my server vault.
You keep acting like there is some risk of something important being stollen if a server admin fails to protect your toon for you.
Is there something I'm missing here?

Yes, you are missing something.
I know that a NWN server only stores the char name, account name and a simple version of the CD-KEYs, of course server admins can set this up however they want.

I was talking about newer players, and not mainly about NWN veterans who know how every backend works.
You can't expect from a new player that he knows what servers are secure or not secure. The new player most likely will think that all servers that are listed are secure.
What happens is that the new player, or even some veteran players simply get their chars, levels, items etc. stolen. This might be not important to you, but it is a big hit in security for the enire online modus of NWN1.

You simply can't argue that this isn't an security issue, everyone, you and me, everyone here in this thread who posted could just simply type in any username and just play with it.
Alot of people use the same username like they did on the forums here. Some serious bored people will make use of this simple method to get on different characters!

This needs now a fix, not 1, 2 or, 5 month or even years later!

[The Amethyst Dragon]

I see no reason to respond to someone trolling for controversy when there is absolutely no risk to personal security information by logging into a NWN game server.  But as a server host/admin, I'll post anyway so those newer to the game are not fooled into thinking there's anything wrong with playing this great game online.

You can safely play on any NWN server you desire.  The lack of a running master server for player authenticaion will not prevent you from playing, and it will not expose you to risk of loss of personal information.  At least one server-side security system has been generously provided to the community at large for many months now.  Any server admin should be able to easily adapt the code to any PW (or make up their own system), which means that after you log in with your character and get your CD key(s) saved in the server's database, nobody else will be able to steal your character or your character's stuff.

So, enjoy this game for all it's worth.  The best entertainment value (thousands of hours) you can get for a single $9.99.

[NWN_baba yaga]

i agree with everyone oldschool here. this issue is so old already and all of them here have offered great help and solutions. its nwn and not swtor so get over it or get lost! and realy, if you dont even try their "workarounds" and discredit them dont talk about them at all:bandit:

Modifié par NWN_baba yaga, 05 janvier 2012 - 01:36 .

[Lightfoot8]

The simple fact is that it may be fixed tomorow, or it may never be fixed. To me it really does not matter one way or the other.

The reason it does not matter to me, I will not even state here. Simply because the reason does not need to be spread to general knowladge any faster then it is already spreading. Just like the things you are complaining about do not really need to be spread, unless it is to people who are running servers. That way they can take the mesures needed to secure them.

The only thing you are doing here is advertising to the really board people on the forums just what they can do to have a little fun. You are not getting anything solved. You are not even asking for any kind of help, that anyone here can give you. Bioware rearly checks on the boards here. You would have better luck just waiting for the MS to get fixed, then griping about it here. If you want to file a complaint here is the Support  link for the game.

Good luck.
L8

Modifié par Lightfoot8, 05 janvier 2012 - 02:52 .

[NWN DM]

Everyone stop teh internetz Iz want teh get off.

Disable NWN indeed. Oh brother.

Perhaps generate a few more shadow accounts so it will look like more people agree with this silliness.

[ultima03]

So "the first to enters an account owns the account" ?

[Himmelweiss]

ultima03 wrote...

So "the first to enters an account owns the account" ?

I guess so


To the others:
In regards to oldschool, i own NWN1 since about 8 years.


It is amazing how some people think that security only has to do something with personal information.
If i can log in with your character and mess arround with it, then this is a lack of security as well.

Yes, a server stores the cd-key and links it with your account-name.
But i seriously miss the old days where i could simply log in from different computers with different IPs and different CD-KEYS with the same account.

Also, the guy a bit more above who thinks i'm trolling, you are so wrong you won't believe it.

Modifié par Himmelweiss, 05 janvier 2012 - 11:17 .

[NWN_baba yaga]

now i declare war upon you. it is neverwinternights in 2012 mate... you are just ignoring the fact it is indeed about business for atari! bioware did what they could. ask us cc makers why something havent been done huh?

for you 2 i create a special trollmodel!

a m. bachmann vs g. beck model?

Modifié par NWN_baba yaga, 05 janvier 2012 - 11:36 .

[ultima03]

Bringin back MSA is a good marketing move for both atari and bioware.

[NWN_baba yaga]

ultima03. i dont like you realy. but yes thats the mod. i mod you into a stanky fuzzyball troll

Modifié par NWN_baba yaga, 05 janvier 2012 - 11:47 .

[NWN DM]

ultima03 wrote...

Bringin back MSA is a good marketing move for both atari and bioware.

If people were paying monthly fees for on-line play, the MSA would be essential, but we aren't forking out $15/month (if we were, the revenue stream would be there to have fixed this a few days after it went down).

A MSA is no kind of "marketing tool" for a 10 year old game that sells for $5 on-line if you time your purchase right, or $10 if you don't.