The bitter Truth

[Zodiac]

Originally Posted by toolrocket

Max, how long to you "give" them to fix it? and what gives you the right to put Outspark in that position?

The Right to demand a safe secure game, and your right to make sure that it is.

[toolrocket]

Zodiac, you may have something there.

I just dont think hacking the login server and blindsiding Outspark by publicy exposing a potential flaw is the right way to go about doing it.

[Yosei]

I agree. I personally think Max shouldn't have posted all of the accounts he highjacked. I mean, maybe PM it to a GM, but here.. =/

[Zwivix]

idk i have mixed feeings onthis... it was somethig that had to be shown so they could fix it...but still that was probably nt the best way to do it...

i just hope they fix this and it never happens again...

[Amanda2_0]

He is merely making the public aware of the security vulnerabilities, as obviously Outspark is completely ignoring them. However, even if they fix the problems that will never make the game hack proof. Any security system can be tricked and in some cases completely bypassed. However, which I find funny about this is that most security system are intelligent enough to detect brute force techniques or prevent them all together. But considering this is not a login server for a bank... security is not a top priority.

[Zwivix]

i dont find any of this funny...we all have to take this every seriously because next time it could be any ofour accounts being taken.

[Airus]

I think Maxoff is doing the right thing, just as long as he know he was gotten the message to a good portion of the staff rather than just one guy who was ass and banned his account.

[Zodiac]

The going public was done to force them to do something and respond as the fact that he had messaged a gm and they did absolutely nothing, therfore forcing action by a public posting was a move that is logic and justified.

[Kathrynne]

Originally Posted by Yosei

I agree. I personally think Max shouldn't have posted all of the accounts he highjacked. I mean, maybe PM it to a GM, but here.. =/

Actually I'm kinda glad he did... I found Saints in Epith today and warned him to change his password, he had no clue about it. Hopefully we can make sure everyone on this list knows.

[MaxOff]

changing your pw wont do anything.

U can have the most secured name/pw combination ever existed, and u could still be hijacked. Its like when u drive a car, and someone forces u out of the car . A better/different car key would not help at all.

The only difference is that i dont have a gun in my hands when i hijack your session. Instead i send forged requests to the world servers, pretending that im someone else.