« Run and catch the game | Main | Game Politics »

Aug 28, 2012

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c022953ef017c3185e17c970b

Listed below are links to weblogs that reference "Not OK: 'GET THE FUCKING CAVERN SCUTTER ENERGIES YOU FUCKASSES.'":

Comments

1.

That subreddit is hilarious.

2.

This is why the most important customer service advice for new MUD developers back in the day was "log everything".

3.

On the side here's a report on how GW2 is doing for those who aren't already playing.

Seems like things are going out of hand on Anet's end. Despite the patching and server down maintenance:
1) world quests are bugged at least 1 in each map.
2) party system isn't working, cannot port party members into instances. icons of your party members on your minimap disappears when you're beyond vision range apart. its hard to give locations too as they can't link way points on your map into the chat box.
3) bot is quite often, mostly just auto-spam attack at a bugged area, more like an exploit abuse.
4) Auction house been down for 2 days already. everyone is running out of inventory spaces and dont know what to do with all the crafted gears. there is no private trade system, but just a mail attachment function to trade, which requires mutual trust from both parties.

aaaaand the ultimate problem:
5) it is clear now, that a significant amount of players got hacked. They first received a 72 hours suspension under the code 45: unacceptable behaviour, which the link on the above post refers to, and now they were lifted to a "Permanent ban".

I'm sure anet is already out of options but to leave things this messy. but whatever the cause was, how are they going to compensate to the pre-purchased customers for losing their 3 days head-start? And how vulnerable the security actually is? How many customer info has already been leaked? Was anet not prepared enough, or has MMO security reached its limit?

4.

I've seen some of the bugginess already, yeah, but that strikes me as garden-variety MMO launch problems.

The hacking on the other hand is interesting, and raises exactly the question that you raise, Rits: is the combination of technological ability for password cracking with financial incentive for password cracking in MMOs just at the point where something fundamental needs to change? One of the things that's now very clear looking at the retrospective history of design changes in World of Warcraft is that Blizzard has frequently been forced to change fundamental aspects of in-game play and the in-world economy to try and change the incentives for RMT and/or hacking. The entire structure of Diku-style play may simply create a system which is too vulnerable to fend off intensified parasitism, because that structure puts too much pressure on players to shortcut the labor time involved in accumulating resources and in-world power.

5.

something new from Anet's response on reddit:

"Sorry to hear your account was compromised, and it's great that you changed to a stronger password. Remember to choose one you use only for Guild Wars/Guild Wars 2 -- that's a great way to enhance your security."

I have heard that there might be some correlation going on between the battlenet major customer info leakage happened around 2 weeks earlier, and now players registering their email and password the same as they used in D3 and WoW.

Also, hacking into the system is just one way to cause this mess. It could also be an insider's job. No proof, but theoretically possible and reasonable. Imagine how much that one insider would earn from selling this?

7.

Rits: It could also be an insider's job. No proof, but theoretically possible and reasonable. Imagine how much that one insider would earn from selling this?

Properly administered and configured a player id database should be very hard for insiders to get access to and should be impossible to access without being logged. When the chance of getting caught is 100%, that tends to be a good disincentive.

Properly designed it should not store the plain text password or a reversible form of it. In fact, the plain password should not leave the user's machine at all. There are well known algorithms for accomplishing both. The data is still vulnerable to brute force attacks but those can be mitigated by the user if they don't choose a dumb password.

It's 2012. Assuming that the GW2 authentication system is properly designed, secured and administered shouldn't be naive assumptions :)

The comments to this entry are closed.