test content
  • Games
  • Social
  • Arc News
  • Support
  • Zen
What is the Arc Client?
Install Arc
Forums > Home Supergroup Recruitment Station

PSA: A Cautionary Tale from Another Cryptic Game

sistersiliconsistersilicon Posts: 1,687 Arc User
edited April 2013 in Supergroup Recruitment Station
Terilynn, Massively's regular STO writer, had her FED and KDF fleets stolen out from under her recently. The culprit appears to have hacked the account of a founding member who is rarely online anymore, then used that account to promote his own toon to leader and demote-kick everybody else.

She has some advice for managing supergroups/fleets/guilds in Cryptic's current system. This might be a good time for our SG leaders to do some spring cleaning.
Choose your enemies carefully, because they will define you / Make them interesting, because in some ways they will mind you
They're not there in the beginning, but when your story ends / Gonna last with you longer than your friends
Post edited by Unknown User on

Comments

  • sekimensekimen Posts: 306 Arc User
    edited April 2013
    Thank you for the link to the article. A real shame what happened to the author :/
    Real Soviet Damage PRIMUS Page | Soviet Might Build | Artwork of my Characters | I wrote a book called "The Ring of Void"
  • jennymachxjennymachx Posts: 3,000 Arc User
    edited April 2013
    Quoting a part from the article...
    Finally, one of our leaders was able to reach the aforementioned founder to speak with him. It was then that we realized that it was his account that had likely provided the opportunity for the seizure. While he steadfastly denies even having the game on his computer, he seemed to realize that an acquaintance of his (someone who had on frequent occasions boasted to him about his ability to hack everyone in the game) might have done something, but for what reasons, no one really knows.

    If I had an acquaintance who one day boasted to me that he or she could hack player accounts, I would keep far far away from the person and also change my account password for good measure.

    I seriously doubt that there was any "hacking" involved. I'm willing to bet that brute-forcing was done instead, and that the guy's account that got compromised was using a weak password that could easily be called up in a dictionary wordlist that brute-forcing programs use.

    Also, changing passwords regularly isn't enough. Using a strong password that includes an assortment of numbers and letters both small and capital is also important. It's even better to include special characters and mix everything up.

    Doesn't Cryptic use a security system that requires someone to input a a key via email verification when logging in from a different PC by the way? The only way I could see this layer of protection failing is from both letting the culprit know of the account's email address and that the password for the email account is exactly the same as the Cryptic one.
    My City of Heroes album of memories
  • sistersiliconsistersilicon Posts: 1,687 Arc User
    edited April 2013
    jennymachx wrote: »
    Also, changing passwords regularly isn't enough. Using a strong password that includes an assortment of numbers and letters both small and capital is also important. It's even better to include special characters and mix everything up.

    Relevant XKCD.

    The time necessary to brute-force a password increases far more quickly as you make it longer that it does by enlarging the domain of valid characters. It makes me cringe every time I see a password policy that limits length to, like, 15-20 characters.
    Choose your enemies carefully, because they will define you / Make them interesting, because in some ways they will mind you
    They're not there in the beginning, but when your story ends / Gonna last with you longer than your friends
Sign In or Register to comment.