Argonath RPG - A World of its own
Community => News and Announcements => Topic started by: Teddy on March 09, 2013, 08:57:24 am
-
Hello boys and girls,
It has come to recent attention that a seemingly undetected vulnerability where player passwords could has been exposed. We can not say for sure if this was ever used or exploited. This vulnerability existed in the SA:MP RPG scripts and has been resolved thanks to TeaM_MIB and we will begin to process over if the exploit was ever used.
We strongly advise you change your passwords in game, and anywhere else that you use that password. Keep in mind, this is only a security precaution and there is currently no indication that this was ever exploited before. If you have any questions, do not hesitate to ask.
- Teddy
-
If you are unable to change your forum password, please contact a Forum Administrator.
-
If you are unable to change your forum password, please contact a Forum Administrator.
Can you list down Forum Administrators ? (cant remember all them)
-
Can you list down Forum Administrators ? (cant remember all them)
Traser, Gandalf, Aragorn, Sauron.
Managers and above are sometimes able to help with smaller situations too, but I wouldn't recommend them for this.
-
Traser, Gandalf, Aragorn, Sauron.
Managers and above are sometimes able to help with smaller situations too, but I wouldn't recommend them for this.
Thank you SugarD
i am asking it for password change :rofl:
-
Thank you SugarD
i am asking it for password change :rofl:
You're welcome. :)
-
Is this the reason why FBI Forum is on maintenance?
-
So we had the proclaimed exposure by Columbus in 2011 and now this. Was/is at least any of these true?
-
Is this the reason why FBI Forum is on maintenance?
It could be. But we are also updating boards for agents and restructuring the application boards, so I believe this could be the main reason why as the FBI forums are separate to these.
-
Is this the reason why FBI Forum is on maintenance?
Indirectly another issue caused us to look for these kinds of possible exploits, that main core issue led us to find this and why the FBI forums are locked.
So we had the proclaimed exposure by Columbus in 2011 and now this. Was/is at least any of these true?
This is an entirely different case, in Kolumbus's case he exploited a venerability in the forums that has since been patched in this case it was a server specific script issue. There is no way to know for sure in both cases if any legitimate information was ever actually acquired.
-
So we had the proclaimed exposure by Columbus in 2011 and now this. Was/is at least any of these true?
Of course this is true.
-
Oh come on
I don't even know what password to put anymore
I had my name and some numbers, I had my girlfriend's name, had the name of my cat as password
-
Names/birthdates are so easy to guess.. :conf:
-
I doubt any person here can guess my real name
-
Oh come on
I don't even know what password to put anymore
I had my name and some numbers, I had my girlfriend's name, had the name of my cat as password
That was your mistake. You should NEVER use passwords with information about yourself.
This topic may be helpful to many of you:
http://www.argonathrpg.eu/index.php?topic=78308.0 (http://www.argonathrpg.eu/index.php?topic=78308.0)
-
That was your mistake. You should NEVER use passwords with information about yourself.
This topic may be helpful to many of you:
http://www.argonathrpg.eu/index.php?topic=78308.0 (http://www.argonathrpg.eu/index.php?topic=78308.0)
What mistake? That I don't know what to change the current passwords to?
-
What mistake? That I don't know what to change the current passwords to?
Make one up out of something random? The point of a password is so only you know it.
-
Remember when Miley Cyrus had all them photos leaked of her from her email account? Well it was because the hacker was able to find her date of birth and the name of one her dogs. The password just happened to be {dogsname}{year of birth} thus, the "hacker" got lucky, got in and found a glorious amount of... photos.
In short, the moral of this fun fact is the password should have no personal link, or anyway for someone to be able to guess it by knowing you... or in some cases what Google knows about you.
-
None will never be safe :|
-
You can never be 100% secure on the internet, that's a fact.
-
You can be secure enough to prevent these things, though. It takes everyone's help to keep things secure.
-
The follow is a list of affected accounts. As you can see, it mainly involves admins/developers, although there are some players as well.
3
[WS]Teddy_Rosso
[WS]Mike
Ale_Rivosecchi
TeaM_Boozman
[Rstar]Tandtrollet(
Trane_Kiedis
4
iMarkz
Conroy
Jonny OSullivan
[WS]Mash
Team_Edge
GregerseN
[TCL]Huskar
Servius
[WS]Reece
[Rstar]Jcstodds
5
KaylinBlaze
Cyril_Olaso
MadBoi_Seville
Leon_Arallian
GregerseN
caion
[MA]FlameMan
[Rstar]Jcstodds
Midget
[Rstar]Razor
Nick_Hansen
Witchking
[TCL]Huskar
[WS]Paco
[RI]Shaun_Patton
6
TeaM_MIB
Lile_Heartfield
[TCL]Dexter
KaylinBlaze
Makaveli
Sushi
Luke.
Matrixbob
Denis_Pro
8
Trane_Kiedis
Paul_Hernandez
9
John_Svennson
[WS]Reece
TeaM_Zaila
Kaylin
[Rstar]Gakgoss
TeaM_Edge
Paul_Hernandez
[TCL]Huskar
Mobius
[Rstar]Razor
Conroy
DeanBlaze
[Rstar]xcasio
To be updated.
-
My god, what are the numbers for?
-
That's a long list :o
-
date of march
-
John_Svennson
[WS]Reece
TeaM_Zaila
Kaylin
[Rstar]Gakgoss
TeaM_Edge
Paul_Hernandez
[TCL]Huskar
Mobius
[Rstar]Razor
Conroy
DeanBlaze
[Rstar]xcasio
Gimli
Sheep
demetri
TeaM_MIB
[WS]Teddy_Rosso
ZeroSforza
Possible exposed account passwords from last night.
You all are encouraged to change password ASAP.
-
Possible or exposed for sure ?
-
More confirmed exposures:
iMarkz 1
Conroy 1
Jonny OSullivan 1
[WS]Mash 1
Team_Edge 1
GregerseN 2
[TCL]Huskar 1
Servius 1
[WS]Reece 1
[Rstar]Jcstodds 1
Possible or exposed for sure ?
We are updating confirmed ones now. Please standby for updates.
-
I'm on list 5, what does that meah?? :conf:
-
I'm on list 5, what does that meah?? :conf:
5th March I think!
-
I'm on list 5, what does that meah?? :conf:
that you we're breached on the 5th of march
-
I'm on list 5, what does that meah?? :conf:
The numbers show how many times the exploit was used on your account, for my list and I think xcasios is the date.
-
I guess my forum account was hacked as someone sent message to Gandalf and Roske. (I didn't) So if you receive some strange msg from my forum account just contact me in-game and we'll discus it. I'll request password change asap. Thanks in advice.
-
More confirmed exposures:
iMarkz 1
Conroy 1
Jonny OSullivan 1
[WS]Mash 1
Team_Edge 1
GregerseN 2
[TCL]Huskar 1
Servius 1
[WS]Reece 1
[Rstar]Jcstodds 1
We are updating confirmed ones now. Please standby for updates.
Can you explain why there is a number two at my name, and only a number 1 at the others?
-
Can you explain why there is a number two at my name, and only a number 1 at the others?
You we're breached TWICE (2)
-
Thanks...
Will it work if I follow this steps:
1. /td
2. /invent
3. F8
4. Never delete that SS.
I mean if someone from Albania gets my password and he uses it and Albania has same IPs the guy can use my account and it will be hard, very hard to track him.. If in lost of any assets I can post the SS.
going IG to change my password, but currently im afraid to do it, if I log in and my password gets exposed. Should I go IG and change it ?
-
We have secured the issue now, the problem is no longer a threat.
You are safe to change your password.
-
We have secured the issue now, the problem is no longer a threat.
You are safe to change your password.
Should I change again? I changed it around 12:00 CET
-
Should I change again? I changed it around 12:00 CET
Make sure it was changed after this first post.
-
Oh my god
-
Oh my god
Don't worry. The entire community management is working to resolve the issue.
-
FBI-site style ;)
-
How long has this exploit existed?
-
How long has this exploit existed?
We are still working to determine this.
-
We are still working to determine this.
Bet the exploit came in with the /engine scripts. I knew it was a bad idea!
-
Bet the exploit came in with the /engine scripts. I knew it was a bad idea!
Trolling about this situation is not funny. Don't make jokes. This is a serious topic.
-
Trolling about this situation is not funny. Don't make jokes. This is a serious topic.
And the need for this community to use /engine when /me turns off the engine suffices is also a serious topic that has relevance to this thread as it is undoubtedly the introduction of useless scripts that has allowed a vulnrebility such as this to open up.
-
And the need for this community to use /engine when /me turns off the engine suffices is also a serious topic that has relevance to this thread as it is undoubtedly the introduction of useless scripts that has allowed a vulnrebility such as this to open up.
There is no way that you could know what has caused this vulnerability, so your statement is invalid and non-related to the issue regarding the possibility of passwords being exposed.
-
Oh come on
I don't even know what password to put anymore
Same, I can't even think of anymore passwords.
-
password changed thanks for letting me know :)
DeanBlaze
-
Same, I can't even think of anymore passwords.
Please make up another.
-
Trolling about this situation is not funny. Don't make jokes. This is a serious topic.
yuss, we're all srsbsns about this, because this is a serious threat for our lives.
-
Community Management is not tolerating jokes about this situation. As previously warned to everyone in this topic, keep your comments serious and relevant, or don't post.
-
We have secured the issue now, the problem is no longer a threat.
You are safe to change your password.
No longer a threat? And we are supposed to believe that how? This level of incompetence is unheard of. Leaving a backdoor in a gamemode and allow unauthorized access for almost a week without ANY alert? My god..
-
You can never predict every single solution to every single problem there may be.
-
No longer a threat? And we are supposed to believe that how? This level of incompetence is unheard of. Leaving a backdoor in a gamemode and allow unauthorized access for almost a week without ANY alert? My god..
If you are so competent, why you didn't notice that problem before ?
-
No longer a threat? And we are supposed to believe that how? This level of incompetence is unheard of. Leaving a backdoor in a gamemode and allow unauthorized access for almost a week without ANY alert? My god..
Calm down and take some Valium.
-
If you are so competent, why you didn't notice that problem before ?
If i had access to the scripts, then yes i would have been able to find a massive leak like this. I'll give you a hint: my work is Information Security.
This level of incompetence is unheard of, yet people responsible are acting like nothing happened. What's next? A database breach where our precious private data is stored in plain text?
Post Merge: March 09, 2013, 07:17:28 pm
Calm down and take some Valium.
Stick your smartass attitude where it belongs, a dark hole down under.
-
If i had access to the scripts, then yes i would have been able to find a massive leak like this. I'll give you a hint: my work is Information Security.
This level of incompetence is unheard of, yet people responsible are acting like nothing happened. What's next? A database breach where our precious private data is stored in plain text?
If you think our developpers are incompetent, what are you doing here ? Instead of shitting on them, maybe try to ask them if they need a hand and help them out ?
Your arrogance is disgusting.
-
Guys, chill.
-
There is absolutely no need for this kind of disrespectful manner of conversation over something like this.
You do not know what happened, nor do you know how the passwords were obtained, now please drop this discussion.
-
Wait, i didn't get this cant someone like elaborate and tell me?
-
Wait, i didn't get this cant someone like elaborate and tell me?
Due to a bug in the RPG script, there was a way to obtain passwords, due to this multiple admins/managers and even a CL got hacked, further information will hopefully be given soon.
(this is AFAIK)
-
Only necessary information will be given in this case, basically a need to know basis like who may have been breached and so on. ;)
-
Due to a bug in the RPG script, there was a way to obtain passwords, due to this multiple admins/managers and even a CL got hacked, further information will hopefully be given soon.
(this is AFAIK)
Thanks
-
There is barely any need for further information. The "bug" has been fixed.
-
If you think our developpers are incompetent, what are you doing here ? Instead of shitting on them, maybe try to ask them if they need a hand and help them out ?
Your arrogance is disgusting.
I am not shitting on anyone. I have voiced my concerns about security more than enough, yet no help was ever accepted. This breach will not be the last, yet every single person responsible does like nothing further needs to be done.
You know what disgusts me? People like you that judge my intentions without knowing horseshit. Also players have the RIGHT to know what happened. People fucked up the security of the personal data that was entrusted to them by thousands of players. I call for the utmost transparency.
-
The point of this topic is to advise users to change their passwords due to a possible breach, not for administration members to disrespect administration members.
If you want to help, do it in the correct manner, if not, keep your highly disrespectful wording to yourself.
-
I am not shitting on anyone. I have voiced my concerns about security more than enough, yet no help was ever accepted. This breach will not be the last, yet every single person responsible does like nothing further needs to be done.
You know what disgusts me? People like you that judge my intentions without knowing horseshit. Also players have the RIGHT to know what happened. People f**ked up the security of the personal data that was entrusted to them by thousands of players. I call for the utmost transparency.
Even Sony encounters breaching involving passwords leak, so what ? No one is invulnerable.
The guy didn't even do anything, he just accessed the account and no harm was done.
My account got breached, like almost all the administration team, are we crying over it ? No, we barely care since Managers+ have been fast in solving the issue. We changed our passwords and we get over it.
-
Due to a bug in the RPG script, there was a way to obtain passwords, due to this multiple admins/managers and even a CL got hacked, further information will hopefully be given soon.
(this is AFAIK)
not to mention an innocent player also got banned for it.
-
not to mention an innocent player also got banned for it.
Indeed
-
OMG I can't explain how relieved I feel after not finding my name in this list. :D
99% of the players in the list are from the same time zone I play in. I'm glad my inactivity this month has been useful. :DThe follow is a list of affected accounts. As you can see, it mainly involves admins/developers, although there are some players as well.
3
[WS]Teddy_Rosso
[WS]Mike
Ale_Rivosecchi
TeaM_Boozman
[Rstar]Tandtrollet(
Trane_Kiedis
4
iMarkz
Conroy
Jonny OSullivan
[WS]Mash
Team_Edge
GregerseN
[TCL]Huskar
Servius
[WS]Reece
[Rstar]Jcstodds
5
KaylinBlaze
Cyril_Olaso
MadBoi_Seville
Leon_Arallian
GregerseN
caion
[MA]FlameMan
[Rstar]Jcstodds
Midget
[Rstar]Razor
Nick_Hansen
Witchking
[TCL]Huskar
[WS]Paco
[RI]Shaun_Patton
6
TeaM_MIB
Lile_Heartfield
[TCL]Dexter
KaylinBlaze
Makaveli
Sushi
Luke.
Matrixbob
Denis_Pro
8
Trane_Kiedis
Paul_Hernandez
9
John_Svennson
[WS]Reece
TeaM_Zaila
Kaylin
[Rstar]Gakgoss
TeaM_Edge
Paul_Hernandez
[TCL]Huskar
Mobius
[Rstar]Razor
Conroy
DeanBlaze
[Rstar]xcasio
To be updated.
-
My Name is on the list, so what? Nothing to be afraid of
-
My name's on the list, so what? Nothing to be afraid of
Post Merge: March 09, 2013, 09:36:53 pm
My name is on the list, so what? Nothing to be afraid of
There is a need to be afraid, if you haven't changed your password so far.
-
I'm only afraid because I'm not able to change my password.
-
The issue has now been resolved. If your name is on the list, change your password.
Special thanks to those of you who helped identify us the source and perpetrators in a constructive way rather than being an "information security" expert simply shitting on us.