253 réponses à ce sujet

[wyldhunt1]

@WhiZard

ultima03 wrote...

I'm not sure for how long this thing is down but there is a security breach for all servers

1 - Anyone can enter any account without knowing the password
2 - Inside the account they can delete the character if the server offer the option
3 - They can delevel - relevel if the server offers the option
4 - They can impersonate
5 - They can mess with the purchased items (sell them) and also mess with quicklots

Some server offers the option to protect their character with an in-game password, and thats another security problem :

1 - We don't know if they encrypt password
2 - No notice to prevent people from using a password that's used for an email or other importants things.

Putting
a password in-game only protect against server options (delete/relvel)
if coded properly, it won't protect from selling all items,
impersonating, etc.

It is therefore critical that the master
server authentification comes back as fast as possible. It has been away
too long and that caused a lof of torouble, character wipes, and vault
wipes.

Please take this into serious consideration

This is what Ultima03 the concern troll has stated as his concern; none of which are possible on any server using halfway decent code.



1 - Anyone can enter any account without knowing the password
True
2 - Inside the account they can delete the character if the server offer the option
False. They would be KeyBanned the moment they logged in.
3 - They can delevel - relevel if the server offers the option
False. They would be KeyBanned the moment they logged in.
4 - They can impersonate
False. They would be KeyBanned the moment they logged in.
5 - They can mess with the purchased items (sell them) and also mess with quicklots
False. They would be KeyBanned the moment they logged in.

Some server offers the option to protect their character with an in-game password, and thats another security problem :

1 - We don't know if they encrypt password
You also don't know if they encrypt your password on most of the PW websites/forums. It is nearly impossible to extract anything from the PW's database without direct access to the database.
2 - No notice to prevent people from using a password that's used for an email or other importants things.
Most players likely use the same password that they use when logging in to the PW's forums/website, which may be the same as their e-mail. Stealing your password from a PW server would be considerably more difficult than stealing from/hacking the PW's forums. The PW admin already has direct access to all of that from their website, so there is not an increased risk from them having access to the PW database.
Putting
a password in-game only protect against server options (delete/relvel)
if coded properly, it won't protect from selling all items,
impersonating, etc.
False. They would be KeyBanned the moment they logged in.

Modifié par wyldhunt1, 07 janvier 2012 - 11:57 .

[NWN_baba yaga]

raising up this issue on and on again does not help "nwn" in the end. its a matter of listening to the people here who tried their best to help others. its just disrespect and you can brag 5 pages more and nothing will change for you.... and i know why! you dont want to enjoy nwn!

p.s. curse you:devil:

Modifié par NWN_baba yaga, 08 janvier 2012 - 12:29 .

[wyldhunt1]

If nothing else, we may get new troll models out of it.
I'd use them often. A dungeon full of Ultima03 concern troll's for the players to level up on could be fun.
I may even ask DMSelena to make some +3 pixel swords for them so the players can take them.

I'll have to come up with some inventive one liners for them to yell when they see players in their dungeon.

Modifié par wyldhunt1, 08 janvier 2012 - 12:49 .

[zunath]

wyldhunt1 wrote...

If nothing else, we may get new troll models out of it.
I'd use them often. A dungeon full of Ultima03 concern troll's for the players to level up on could be fun.
I may even ask DMSelena to make some +3 pixel swords for them so the players can take them.

I'll have to come up with some inventive one liners for them to yell when they see players in their dungeon.

Make sure you send me the IP for that server. I'd be down for some Ultima03 concern troll hunting.

[DMSelena]

Concern Troll
Race: Goblinoid
HD: 5
Habitat: Concern trolls prefer lurking on the edges of societies, especially niche interest groups.
Special abilities: pearl clutching, howl of despair, level drain, wall of text (AoE)
Racial abilities: natural +5 resistance to sonic attacks
Feats: entitlement
Weapons of choice: bulleted lists
Unique ability: familiar (sockpuppet)
-------------
STR: 12
DEX: 12
CON: 12
INT: 4
WIS: 4
CHA: 10

Modifié par DMSelena, 08 janvier 2012 - 01:37 .

[Rolo Kipp]

<rotf...>

DMSelena wrote...
Concern Troll
...

OMG! *Sooo* funny!

<...lmao>

[Pstemarie]

Cause we all need a suitable avatar...

Modifié par Pstemarie, 08 janvier 2012 - 02:47 .

[HipMaestro]

Pstemarie wrote...



Cause we all need a suitable avatar...

Suddenly, the loop has come full circle. *lol*

[The Amethyst Dragon]

wyldhunt1,

Your responses have lead to some custom content.

[wyldhunt1]

Amazing work as always, AD.
They shall be put to good use.

[ultima03]

I'm a troll because I ask for security and quality. And you are hysterical because I mentioned nwn traffic shut down.

[zunath]

ultima03 wrote...

I'm a troll

I stopped reading there.

[ultima03]

zunath wrote...

ultima03 wrote...

I'm a troll

I stopped reading there.

So what do you think about the latest Justin Bieber dvd ?

Modifié par ultima03, 08 janvier 2012 - 07:24 .

[UrkOfGreyhawk]

DMSelena wrote...

Concern Troll
Race: Goblinoid
HD: 5
Habitat: Concern trolls prefer lurking on the edges of societies, especially niche interest groups.
Special abilities: pearl clutching, howl of despair, level drain, wall of text (AoE)
Racial abilities: natural +5 resistance to sonic attacks
Feats: entitlement
Weapons of choice: bulleted lists
Unique ability: familiar (sockpuppet)
-------------
STR: 12
DEX: 12
CON: 12
INT: 4
WIS: 4
CHA: 10

OMFG I think I felt something pop while I was laughing.

[Pstemarie]

ultima03 wrote...

zunath wrote...

ultima03 wrote...

I'm a troll

I stopped reading there.

So what do you think about the latest Justin Bieber dvd ?

And the truth is finally revealed for all those patient enough to wait...

Justin aka ultima03, go peddle your dvd's elsewhere.

[NWN_baba yaga]

hey ya pstemarie, im a huge belieber.....

[ultima03]

And you are hysterical because I mentioned nwn traffic shut down. I wonder who cares the more for the pixel sword.

Modifié par ultima03, 09 janvier 2012 - 02:04 .

[SHOVA]

ultima03, all you have to do if you do not like what is here, is turn it off, log out of this site, and not return. That is not emotions, or hysterics, simple logic that you seem to not be able to grasp. Good luck with your future endeavors, may they be less frustrating for you, than you seem to demand.

[ultima03]

Now I'm frustrated.

[WebShaman]

Well, we are all frustrated, sure. Patience is a virtue.

[PlasmaJohn]

Patience for what?

The Master Server is dead and gone.  The only thing EA could have possibly been liable for was access to the Premium Modules and that seems to have been taken care of.  Priestly's notes have been extremely vague about what exactly they're working on.  My guess is making the content of the old forums available again.

If you're that desperate for a replacement put some resources into this: 
http://www.nwnx.org/...opic.php?t=1810

Modifié par PlasmaJohn, 17 janvier 2012 - 04:07 .

[Bhryaen]

I suppose I would be concerned about someone logging into my account and ruining things for me in my PW's... if there was anything to ruin. Perhaps if I were more involved in PW's I'd be more concerned. Besides the Funky fix that seems to have protected my +3 Pixel Sword on any server that employs it (employs the Funky fix, that is, not the +3 Pixel Sword), there just doesn't seem to be any imminent danger to worry about. Where is the mass impersonation, deleveling, etc., warned about? The opportunity for it has been present for quite a few months now without any such event on any noticeable scale. There is concern about what could happen, but not about what is happening. If every other time I logged in I found my account disrupted somehow and my PW involvement tampered with, I'd see the issue. But who is going to bother doing all that? Who is that invested in messing with other players' accounts? And they aren't... and in most cases can't anyway.

On the other hand, someone did bother disrupting NWN and NWN2's Master Server system, and I can't see what point there was in doing so. Was it a disgruntled hacker PKer who'd been outdone too many times on various NWN PW's and decided that the rest of us should suffer for it? My conspiracy theory might suspect some other online game developers hoping to cash in on defections from a crippled NWN- or a way for EA/Bioware to dishearten NWNers so as not to have their unprofitable concerns to address any longer... but I don't know.

It would be interesting to know just what Bioware is working on to restore the MS, however- i.e., why the delay. Perhaps there is good reason- like the hacker(s) did serious damage that is having to be sorted through piece by piece, line by line, to restore everyone's key authentication, or like the new MS under construction is being painstakingly protected against whatever deep exploit the hackers used to get in. That is, it would be good to know the delay isn't just a matter of sending the issue to the backburner indefinitely.

But if I'm annoyed at anyone it would be the one(s) that used hacking to disrupt online NWN, not Bioware for their lack of urgency to redress the online "security" of NWN (and NWN2 which isn't quite as old a game), particularly when one can indeed access servers online just as before and without any of the sky-is-falling fears we've seen articulated here... even though one must remain wary in online NWN of trolls "concernedly" lurking about there like a disconcerted Gollum, pleading that someone please stop them before they take advantage of others...

[PlasmaJohn]

Bhryaen wrote...

It would be interesting to know just what Bioware is working on ...

The fact that many people continue to gloss over is that Bioware is now part of EA.  NWN is a product of Atari.  Anything that a Bioware employee may do for NWN is likely done on personal time. 

Coding a replacement is not the issue, operating it is.  If EA upper management was aware that Bioware was still operating the MS, it was likely with the proviso that they could continue to do so as long as it didn't impact the rest of the business.

Every world established long enough has had remove players.  A few of those react poorly and come back to cause trouble.  And there will always be that set of disturbed individuals who like nothing more than to cause problems.  Run a servervault server long enough and you will realize that you need to protect your vault.

The idea that the attack on nwn.bioware.com was motivated to drive the tiny NWN playerbase to another game is ludicrous.  No, that was some script kiddies getting off on the media attention.

[Oclair Monanari]

This whole disappearance of the master server is absurd. Just turn it on....
You fracked our game Bioware, why should I trust you again?

[NWN DM]

Oclair Monanari wrote...

This whole disappearance of the master server is absurd. Just turn it on....
You fracked our game Bioware, why should I trust you again?