User talk:Rawr

From Guild Wars Wiki
Jump to navigationJump to search
General   Talk page   Journal   Apostle of Faith   Other Characters  



 



test[edit]

s --rawrUser rawr Sig Image.png 03:45, 13 October 2009 (UTC)

Those redirects you've been putting in.[edit]

Thank you! I always get annoyed when the "u" spelling doesn't return the page. - Jon Will 16:56, 19 December 2009 (UTC)

Haha, I do too, its something I've meant to do for awhile, British English ftw :D rawrUser rawr Sig Image.png 17:19, 19 December 2009 (UTC)

Please stop. It was determined a long time ago Guild_Wars_Wiki_talk:Formatting/General/A2#British_vs_American that this wiki would use the American spelling. You are spamming RC for no purpose. -- Wyn User Wynthyst sig icon2.png talk 07:35, 20 December 2009 (UTC)
Also, please remove the formatting from this talk page that disables the use of the + to add a new topic. It is a violation of User page policy Thanks! Sorry, was me being stupid. But you do need to remove the __NOEDITSECTION__ tag that you have somewhere. -- Wyn User Wynthyst sig icon2.png talk 07:38, 20 December 2009 (UTC)

Redirects[edit]

Request like your redirects have been made on GWW:BOTS. Btw, I can help fix your NOEDIT problem, but would require a duplicate of your tabs. It's not a problem, but it would help the ease of others trying to edit in your talk page. -- User Ariyen sig icon.gifriyen 08:45, 20 December 2009 (UTC)


looks to work ok :) -- rawrUser rawr Sig Image.png 09:19, 20 December 2009 (UTC)

Oh you don't have to do anymore Armour redirects. You can let the bot take care of the rest. There are a lot to do. After all, I put it in the bot requests. -- User Ariyen sig icon.gifriyen 09:21, 20 December 2009 (UTC)
Ah, didn't see. Cool thing. I'll finish this profession and wait a few days then. -- rawrUser rawr Sig Image.png 09:38, 20 December 2009 (UTC)

Given this development in the hacked accounts....[edit]

How many people that were hacked and lost items had their accounts through PlayNC? For those that cba to read walls of text (tl;dr) in a nutshell, an alleged security loophole was found in the PlayNC website that unfortunately held a slight chance of inadvertently logging into other people's accounts. Simply put, after this occurance, someone can assume full control of your master account and change your passwords all from PlayNC.


If the worst is feared and NCsoft is responsible, then where does the accountability lie? Currently, NCsoft/anet assumes no responsibility for lost items upon hacking. Its one thing to enforce a policy of no renumeration on hacking (given most cases of hacking are on the user end. As paying customers, some investing well over 200 USD in money, we have every right to demand action as a consumer base. The notion of enforcing such policy if the problem is server/client end is appalling, and the onus then lies on NCsoft/Anet to A) fix the problem B) renumerate those who have lost accounts due to this mishap.


It is incredible that even with all the reports of hacks and vulnerabilities, that this information isn't filtering its way to the proper people. The good people at guru have compiled a list of security vulnerabilities, which I will reiterate here:


1. Wrong Account Bug. Sometimes simply logging into the NCSoft site takes you to someone else's account instead, with FULL CONTROL over that account. An attacker need only use a bot to log into their own account over and over until the bug occurs, then steal the account the bug gives them.

2. Advanced Vulnerabilities Reported by Mung on Aion Forums

  • "SQL injection is apparently NOT prevented very well. [Mung] was able to send a basic acknowledge request and instead of "page not found" or "incorrect login" [Mung] received an SQL ack!"
  • "The ENTIRE web domain is unprotected from file mirroring (process of copying all files housed at the web host)."
  • "[T]he majority of the process functions for each page under the "secure.ncsoft.com" domain are scripted in PERL but referencing Javascript multiple times for all sorts of verifying processes. This can easily be manipulated to a users intention."

3. Brute Force Vulnerabilities

  • Login failure gives different error message for real usernames and non-usernames. An attacker can generate a list of valid usernames by systematically running all character strings against the NCSoft site's username field.
  • Security questions for password reset have dangerously small search spaces that can be guessed quickly. The birthday question which is the default!) is particularly easy. So is the car color question.
  • Failed attempt at answering security questions that includes one correctly guessed question returns error message that tells user which question is correct. This vastly reduces search time for a brute force attack.
  • Password reset attempts are allowed too frequently. 5 attempts every 12 hours is too many given the small search spaces.
  • IP's attempting multiple failed logins or password reset attempts are not blocked, blacklisted, or greylisted.
  • Attacker can specify new NCSoft password immediately upon correctly guessing password reset questions. The system should create a random password sent in a confirmation e-mail it to the account's associated address.
  • The GW username is displayed from the NCSoft site. It should not be. This gives an attacker 1/3 of the GW login credentials.
  • Attacker can specify new GW password immediately upon accessing the NCSite. User should be required to enter old password and/or respond to confirmation e-mail to the account's associated address. [Edit: Apparently this was fixed a few hours ago. Old password is now required.]
  • No countermeasures at all against brute forcing NCSoft password.(Gaile states that she has been told there are, but forum members making repeated failed login attempts did not encounter lockout, blacklisting, or increasing delay. Suspect Gaile has been misinformed by NCSoft staff.)



For data purposes (and curiousity) I'd humbly like to ask people to sign or comment on this grave circumstance. I will create subsections for both signatures and comments. I feel its most important for NCsoft to know just how many people have been affected by this. If you were a victim of hacking and had a PlayNC account, please sign in the appropriate section below. If you wish to comment, feel free to express your views in the comment section. Most of all, we as a community really deserve action, and it must be swift, complete, and universal. If you really wish to sit around and not give input, fine, just ask those who want to comment/sign to do so. A better informed community is a more powerful community.

PS>> DO NOT put any account related information (email etc) with your signature, please simply use the standard signature format with four tildes ~~~~

PSS>> To be completely fair, I will also ask thos who don't have PlayNC accounts to sign as well. Maybe I'm being generous, but I think it would be fair to get both sides of the picture. After all it is a numbers game we are dealing with. --rawr User rawr Sig Image.png 02:16, 2 January 2010


Signatures of PlayNC hacked victims[edit]

1. Fred K 09:54, 2 January 2010 (UTC)

Signatures of hacked victims who do not have a PlayNC acct[edit]

1. Disappointed in NCSoft and Arena net if they dont figure this out within the week and claim responsibility for which we all know is due. personally will not be buying anymore games from NCSoft Was excited about Guild Wars 2 but after this.... Eagle --The preceding unsigned comment was added by 173.29.187.27 (talk).


Comments[edit]

75.253.75.18 01:09, 3 January 2010 (UTC)

This seems to be yet another instance of Anet wanting to claim ignorance on a situation that could be dire for many members of the community. I have not been hacked, but know many who have had their accounts basically obliterated by hackers. Would like to see this resolved prompty. - Emmy

  • For five years I've been an avid fan of Guild Wars, Arena Net, and all the efforts that have been put forth into the product. Whenever I'd tell someone about Guild Wars I'd make a point to mention that it's a secure game, hacking/cheating isn't possible, etc.

Hahaha... Today is a turning point for me. It seems like with every passing day I hear about some new bot, bug or exploit that is taking it's toll on the community. I'm not really going to drop my fan-status over some hard times, but this is some serious shit. People are randomly getting annihilated from Guild Wars and, well, the corporate machine isn't going to stop filling it's lard-ass to even take a glance at the issue. Please explain how you can code new content into a game without needing to do anything but code it for 3-4 years, but now suddenly we have to be drafted into the corporate agenda to get a simple storage tab placed onto our account. Tell me any reason beside avarice why the free storage pane needed to be a limited time offer. Why didn't we just get it? You can figure it out for yourself if you're intelligent enough to have made it to this page, I'm tired of stating the same arguments over and over again. Maybe now people will give a shit since we're all being arbitrarily victimized.

I logged into my master account the other day (after hearing the rumors of this incredible exploit) and to my horrid suprise my full name, address, etc. was there on the screen. Thanks, NCSoft, now my life and/or 5-year hobby of playing this game can be compromised because some half-brain waste of living tissue got smart and decided to exploit a random bug. Thank you digital micro transactions, how I love you so. I really really hate sketchy situations like this, I want to like Arena Net, they made/are making an awesome game and I know this isn't really their fault, yet we can't at all be sure since we don't know what's going on behind the curtains. So my skepticism just leads me to assume the worst, and when I go off in search of something to fix that assumption, things only get worse.

TL;DR your shit got hacked because crisco-caked lard asses wanted to milk you for all your worth through their awful, poorly maintained website. This is a QQ and you should QQ too because humans are way to damn compliant. /rage Ƹ̵̡Ӝ̵̨̄Ʒ аІiсә Assassin-tango-icon-20.png ѕνәи Ƹ̵̡Ӝ̵̨̄Ʒ 06:27, 5 January 2010 (UTC)

TOC[edit]

I think for this, I'd recommend {{tocright}} instead of _TOC_ that way it'd be less page length. Hope that helps. -- User Ariyen sig icon.gifriyen 06:42, 2 January 2010 (UTC)

Hmm I don't have that template... --rawr User rawr Sig Image.png 07:04, 2 January 2010

Hehe, copy it and replace _TOC_ with it, if you want. Do preview, see what you think and if you like it, save it. -- User Ariyen sig icon.gifriyen 07:05, 2 January 2010 (UTC)
I think i did it right i dunno :p --rawr User rawr Sig Image.png 07:15, 2 January 2010
You did, just had a reminder of something I had forgotten to remove, back when I fixed the tabs. It all works now. -- User Ariyen sig icon.gifriyen 07:17, 2 January 2010 (UTC)
damn ahmster makes it look real cluttered lol --rawr User rawr Sig Image.png 07:19, 2 January 2010
You can archive that. -- User Ariyen sig icon.gifriyen 07:37, 2 January 2010 (UTC)
We already have a Template:TOCright. There is no need for Template:Tocright, also, your usage notes are wrong, to use the version you created it would be {{tocright}} not {{TOCright}} (that's for the original). I have tagged the new one for deletion as a duplicate. -- Wyn User Wynthyst sig icon2.png talk 10:12, 2 January 2010 (UTC)
Sorry :p didn't realise I made a duplicate, was just happy to see it aligned properly lol --rawr User rawr Sig Image.png 10:19, 2 January 2010
No worries, I was just providing information. You might want to bookmark (or otherwise link) Category:Templates to check through when you are looking for stuff. After 3+ years, the vast majority of standard use templates are going to be there somewhere, though I'm not saying all. -- Wyn User Wynthyst sig icon2.png talk 10:45, 2 January 2010 (UTC)

Re: Warrior skill icons and armor sets therein[edit]

Though it may not be obvious in the low-def icons, there's really no question about which armor sets are portrayed when you look at them in hi-def. There are (possibly) some mistakes regarding elite/nonelite status among some of the more similar sets, but even on those, it's generally a matter of an editor's mistake rather than an ambiguity in the artwork. User Raine R.gif is for Raine, etc. 19:18, 2 January 2010 (UTC)

Splits, merges and deletions[edit]

Due to the GFDL's attribution clause, the source page for a split or merge should never be deleted until after full attribution has been provided elsewhere. -- User Gordon Ecker sig.png Gordon Ecker (talk) 03:44, 5 January 2010 (UTC)

Happy Birthday![edit]

Congratulations! *Rawr!* =3 -- Cyan User Cyan Light sig.jpg 09:59, 21 January 2010 (UTC)