PlanetCalypsoForum.com :: Entropia Universe Discussion and Resources
Page 1 of 4 1 2 3 4 LastLast
Results 1 to 10 of 34
  1. #1
    Old Alpha ktpsmf's Avatar
    Joined
    Mar 2011
    Gender | Ingame
    Male | Male
    Avatar
    not playing
    Society
    just a visitor
    Posts
    1,021
    Images
    48

    A Cheap ped Buyer ANd scammed avatars (explanation)

    Hello all,
    just entered calypso forum and checked how people is crying about stole accounts in eu.
    That is something new for me, because earlier was no people massively posting that they was hacked or something.
    After reading that posts i saw that all of "victims" in one or other way was connected with one "cheap ped" selling site.

    i checked out that site and really there found they say that sell ped 50% cheaper than it is . Well, all really know that it is impossible because since 1 usd = 10 ped why enyone would like to sell it cheaper.

    in quick buy selection you have to pay and enter your email and password as registration, and put your avatar name.

    so .
    At first i want to explain people : there is no cheaper or more expensive dollars. Dollar = dollar. And if 1Dollar = 10 PED, it cannot be 1USD = 20 PED. Because it has no sense.
    So basically if some People are Dump enough to believe that 1 USD = 2 USD, so seems they are dump enough to give away their usernames and passwords of eu in same request FORM.

    Second, and most important thing that not everyone understands, and mostly those people who believe that 1 usd can be equal to 2usd , who is that person who lost an avatar or money in it ??

    We all like to believe that people who lost his avatar or peds is an victim and we all fell sorry for him, believing that Mindark should trey to restore his account, to work on his avatar more than 1 hour to search how was possible that he lost his own password and how to prevent this to repeat in future.

    In all this posts where was talking about Hacked avatars. People feel sorry for that people , and mad at Mindark that they not return PED , or searching reasons how to blame Mindark for Lack of security and ect.

    So i want to explain how our Lawyers explained similar situation about this.

    1. Mindark offers additional security (golden card) , that makes people to choose what level of security he wants (free or more secured) . In all Europe banks there is 2 type of securities (static code card and code generator) both security types need to pay, if there was a free way to open bank account it would be an (user/password) type account.
    explanation : if DUMP ped buyer from site would be asked to enter 20 static code card numbers , it probably would wrote that down to get peds.

    2.What is person that bought peds from forbidden site, gave his secure data to 3rd party persons and got scammed?
    In this case, looking to all documentation and common sence - scammed person is nothing more than EULA violator that violated game rules like 3 times and writing to forum in person type like ( i bought a stolen car from a thief, and police arrested me and took away MY car.)
    (in this situation according to eula violation mindark should make actions to make judge punishment job , not saveguard)


    In this conclusion people still blames Mindark for not giving back their scammed money, even when Mindark :
    a) offered more security (gold card) for money
    b) made rules that clearly not let people give away passwords or buy PED from 3rd party


    in one of my support i asked for Mindark about their pricelist. For people who don’t know if that exists i can say that there is such.
    if you lost your item and dont remember where you put it , you can order Mindark support to find it for you, it costs 40 usd /h or 400ped/h.

    How many hours Mindark need to spend and pay for support employee, to find your >1000 ped worth stuff ?

    for people who will trey to deny my post trying to say that Mindakr need to make more free security options i only can add that Google security system implementation coasted about 5.6 Mil usd, and still they got gmail hacked and ect. Same with icloud. Not mentioning such games like wow and other who had been leacked even with "mobile authenticators" and ect.

    in all Eu history we never had any database leaks that made our secure data visable for 3rd persons.

    So in end , maybe my post will change some people minds, what is Victim here and who we have to blame here, or at least what suspect from company which has nothing to do with you foolish actions giving away your "bank account/wallet"
    Last edited by ktpsmf; 01-21-2015 at 18:08.
    <<<<<REMOVED>>>>>

  2. #2
    Prowler
    Joined
    Feb 2013
    Avatar
    Scurvy Sityl LaRoux
    Society
    Apocalyptic Uprising
    Posts
    1,454
    Images
    30
    This of course makes sense as a way of explaining how their account info was obtained, but it assumes that the hacked accounts actually did this, and I haven't seen any of them say they have.

  3. #3
    Old Alpha ktpsmf's Avatar
    Joined
    Mar 2011
    Gender | Ingame
    Male | Male
    Avatar
    not playing
    Society
    just a visitor
    Posts
    1,021
    Images
    48
    Quote Originally Posted by Scurvy Sityl View Post
    This quote is hidden because you are ignoring this member. Show Quote
    This of course makes sense as a way of explaining how their account info was obtained, but it assumes that the hacked accounts actually did this, and I haven't seen any of them say they have.
    Ofcourse i understand you but readling posts and collecting all to one place, it still seems that all account hacking and scam situations was made only when "cheap ped" sites started to advertise in chat and forums.

    And according to all (even 10 year) timeline of posts there was no quincidences of similar posts , so i dont even dare to think about other option to get user/password of eu account only this one.

    and scammed people who choose to deny for Mindark that they did not know how information was given away just makes more job to mindark resolving that same thruth which can be told in first support .(faithing that Mindark will own this problem as their and gives away items that was stoled)
    <<<<<REMOVED>>>>>

  4. #4
    Prowler
    Joined
    Feb 2013
    Avatar
    Scurvy Sityl LaRoux
    Society
    Apocalyptic Uprising
    Posts
    1,454
    Images
    30
    Quote Originally Posted by ktpsmf View Post
    This quote is hidden because you are ignoring this member. Show Quote
    Ofcourse i understand you but readling posts and collecting all to one place, it still seems that all account hacking and scam situations was made only when "cheap ped" sites started to advertise in chat and forums.

    And according to all (even 10 year) timeline of posts there was no quincidences of similar posts , so i dont even dare to think about other option to get user/password of eu account only this one.
    I agree those two coincidences are highly suspect.

  5. #5
    Stalker Falagor's Avatar
    Joined
    Feb 2008
    Gender | Ingame
    Male | Male
    Location
    Poland
    Avatar
    Falagor Falagor Frostmaster
    Society
    NBK Rangers
    Posts
    2,472
    Images
    82
    Quote Originally Posted by ktpsmf View Post
    This quote is hidden because you are ignoring this member. Show Quote
    (...)
    In all Europe banks there is 2 type of securities (static code card and code generator) both security types need to pay, if there was a free way to open bank account it would be an (user/password) type account.
    (...)
    This is not true... i have FREE account in my bank and they offer sms verification for EVERY transaction that is not between my sub accounts.
    Also i have small % on money that are hold on the account so i actually get paid for having cash there (not that it coutners inflation tbh).

    @topic:
    MA can't refund TT value of items victims have lost due to this simple reason:
    there is no way to distinguish actual victim of hackers attack or fake victim that could be a way to steal money from MA.

    To increase security MA should add those two (optional) security measures that can be and should be free:
    - sms notification similar to gold card verification (same security level but much cheaper and mroe convinient).
    - adding machines based on fingerprint, MAC or whatever they find suitable to safe list (verification is one time per machine through e-mail).

    Both options are very cheap to maintain and other games are already using them not without a reason. Gold card system is not convinient and pretty old security system.

    Falagor

  6. #6
    Old Alpha ktpsmf's Avatar
    Joined
    Mar 2011
    Gender | Ingame
    Male | Male
    Avatar
    not playing
    Society
    just a visitor
    Posts
    1,021
    Images
    48
    Quote Originally Posted by Falagor View Post
    This quote is hidden because you are ignoring this member. Show Quote
    This is not true... i have FREE account in my bank and they offer sms verification for EVERY transaction that is not between my sub accounts.
    Also i have small % on money that are hold on the account so i actually get paid for having cash there (not that it coutners inflation tbh).

    @topic:
    MA can't refund TT value of items victims have lost due to this simple reason:
    there is no way to distinguish actual victim of hackers attack or fake victim that could be a way to steal money from MA.

    To increase security MA should add those two (optional) security measures that can be and should be free:
    - sms notification similar to gold card verification (same security level but much cheaper and mroe convinient).
    - adding machines based on fingerprint, MAC or whatever they find suitable to safe list (verification is one time per machine through e-mail).

    Both options are very cheap to maintain and other games are already using them not without a reason. Gold card system is not convinient and pretty old security system.

    Falagor
    1. you are right - bank choose how to get peyd for its services, same as youi open account free but you need to pay for transactions and held some money ion accoun or even pay monthly fee for account holding.
    It costs to you but not dirreclty, mindark cannot do it because you can create asn many as you want accounts and ccount is not dirreclty connected to your identity, that is why 1 person can make 1000 of accounts on different emails, and that would make mindark to have wortless fees for unused avatar additional security.


    2. sms verification is free only for 1 country operator, that means if mindark has like 10000 users that connects 5 times a day, that (small fee) will grow to HUGE money and will not bring wanted result that happens only 1 time in a year.

    3. Mac/ machine / ip restictions - is not convinient for user.
    a) mac - every network card has different and even notebook has 2 nwtwork cards including 3/4g broadbands that has allmost same mac adresses
    b) mochine numbers- cpu serial number which was used as main pc identificator was removed byintel few ears ago that is why even Microsoft cant validate windows for unique user. (that is why started to add certificates to bios starting from windows vista os)
    c) ip adress - alot mobile broadbands, some low isp's still use dynamic ip adresses
    Last edited by ktpsmf; 01-21-2015 at 18:40.
    <<<<<REMOVED>>>>>

  7. #7
    how about?
    Some victims could have used the same username as one of the 3 avatar names..
    hackers use bruteforce for the password, then, script it all in order to use it on EU website?

  8. #8
    Old Alpha ktpsmf's Avatar
    Joined
    Mar 2011
    Gender | Ingame
    Male | Male
    Avatar
    not playing
    Society
    just a visitor
    Posts
    1,021
    Images
    48
    Quote Originally Posted by Sub warp View Post
    This quote is hidden because you are ignoring this member. Show Quote
    how about?
    Some victims could have used the same username as one of the 3 avatar names..
    hackers use bruteforce for the password, then, script it all in order to use it on EU website?

    Code:
    with speed of 1,000,000,000 Passwords/sec, cracking a 8 character password composed using 96 characters takes 83.5 days

    in entropia password reply with 100mb/s line and predictable reply speed it would be 400 years to solve 8 character (all low caps) password.

    so nearly impossible to believe it.



    p.s.

    there is some information about bruteforcing local passwords that is 1000 times faster than tcp or udp protocol reply from server :

    Possible? yes, but what brute force recovery duration is accepted as possible? Some numbers for 8 chars PW if randomly chosen from a 94 character set:

    WiFi (PBKDF2/SHA1:4096) using an 8 GPU recovery system: 98 year on average
    7ZIP (PBKDF2/SHA256:262144) using an 8 GPU recovery system: 26 centuries

    So it is 'possible' for certain cases for us, may be yes in all above cases for some agencies.
    Last edited by ktpsmf; 01-21-2015 at 18:54.
    <<<<<REMOVED>>>>>

  9. #9
    Prowler
    Joined
    Aug 2005
    Gender | Ingame
    Male | Male
    Location
    North West England
    Avatar
    Ulric Ironheart Ironheart
    Society
    Peaceful Torture
    Posts
    1,583
    Images
    69
    Quote Originally Posted by Falagor View Post
    This quote is hidden because you are ignoring this member. Show Quote
    ... Gold card system is not convinient and pretty old security system.
    Please explain this?

    IMO when it comes to security there is a sliding scale, on the one hand you have convenient but loose, on the other you have inconvenient but tight. Gold Card seems to be somewhere in the middle, about perfect if you ask me.

    AFAIK there is not a single case of the Gold Card security being breeched since they were implemented (around 2007?), if it works, the fact that its old is neither here nor there.
    PE Noob since Sep 2004
    All my unlocked skills here

  10. #10
    Prowler
    Joined
    Aug 2005
    Gender | Ingame
    Male | Male
    Location
    North West England
    Avatar
    Ulric Ironheart Ironheart
    Society
    Peaceful Torture
    Posts
    1,583
    Images
    69
    Quote Originally Posted by ktpsmf View Post
    This quote is hidden because you are ignoring this member. Show Quote
    Code:
    with speed of 1,000,000,000 Passwords/sec, cracking a 8 character password composed using 96 characters takes 83.5 days

    in entropia password reply with 100mb/s line and predictable reply speed it would be 400 years to solve 8 character (all low caps) password.

    so nearly impossible to believe it.



    p.s.

    there is some information about bruteforcing local passwords that is 1000 times faster than tcp or udp protocol reply from server :
    Yeah, but how strong are the passwords people are using? If you narrow down the bruteforce approach to, for example, dictionary words, you will often get a hit in a much quicker time.

    It should be obvious to people that if you dont have a GC you must have a strong password, but I guess its not. None of which is MindArk's fault.
    PE Noob since Sep 2004
    All my unlocked skills here

Page 1 of 4 1 2 3 4 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Follow Planet Calypso on Twitter  Follow Planet Calypso on Facebook