I still think you should not disconnect players who might be afk vending or trying to get titles which require them to remain online for long periods of time...

the timeframe was 2minutes, and the ticker was that the person logged into a server. So the chance being on that list is really low.

There was a security researcher, Antonio or someone whose name started with "A". He posts up all security related flawes on the internet. He emails the affected companies with the site, and tells them they need to correct it.

Otherwise the method is completely public. Perhaps a similar stance may help you?

Although many people here would yell at me for proposing such a thing, this security researcher proved it works.

Companies are a little more complaint when the method is out in the open, and your telling them to fix it.

Well if u're really considering to post it out in public.. ithink u should 1st wait and see if Outspark is planning to do anything about it..

have u worked out a way to stop this weakness?? have u told outspark wat they could possibly do? if u dont hv a solution for the problem u should wait longer

i personally dont recommend u (obviously) to post it in public coz that'll just ruin the whole thing for everyone... as it will be more than likely land in MANY bad hands...

a problem could probably be fixed without making it worst for everyone... it'll be very much appreciated if u dont take the dangerous approach.

just because one method "works" doesnt mean its the best way to deal with the problem.

Unfortunately, Hessah, thats not how companies think. If they believe its a localized problem, then from a corporate stand point its best just to brainwash your clientel, and give the appearance of no problems. In most cases you ignore the problem.

It's a business.

Companies respond to action. If everyone knows how to do it, they will be more pressed to fix it.

This security researcher Luigi Auriemma proved the concept works:

http://aluigi.altervista.org/

Furthermore, its not the job of a security researcher to fix the problem. Only point out the problem. None of us have the fiesta game code, the thing you need to be able to fix the problem.

SedaLia is in Goids_of_Guilds, and she just got married to HELLGUNDAM.

Best not be messing with her ^^

...

Wow... I was looking down thinking "hope my name isn't there" also...

But to be honest, although what you did was wrong, the fact remains that it CAN be done, and that is a disquieting thought. The reaction of Outspark to your PM was pretty much expected though :P. Maybe what would make them sit up and pay attention would be if you hacked a GM account ;). *Maybe* they would listen :P. Of course *DISCLAIMER* I don't condone any sort of hacking, that stuff is bad, very bad!

Either way, expect more expensive additions to the Cash Shop before they deal with this issue ^^.

~Aerythia

If its posted in public, it may fall into the hands of the botters who will probably hijack accounts to advertise or hack their gold...

Could you hijack a GMs account and use that account to tell them the security loopholes?

Yeah hack a GM account and they find you within mins.