Heh ... I had the chance to read what you written before your edit. If this is true this must be stupidest error in an online game I've ever heard of. I can't believe Cryptic would make such an easily exploitable security hole.
Had this happen to me years ago while I was heavy into City of Heroes... the hacker had deleted all of my toons as well so I know your pain.... I know they've restored other peoples accounts in the past so good luck..
Since my own experience, I make unique emails for each of my online games. These emails are used only for their game. My login name is not the same as my global handle and none of my toons are named after my login name. I also use characters like %^&$# in my passwords, also mix them up with lowercase and uppercase letters randomly. Account guard helps, but as others mentioned its not 100% at the moment. Most of my passwords and user names are long and extensive. Some say the extent I go to is me being paranoid. But, I'd rather be called paranoid than lose my characters in another game I play.
this is why its always good to copy your character to tribble once a month at least. Tribble has a different database and people that steal accounts usually dont bother with the tribble server copy.
Devs simply look at tribble and can at least, theoretically, have proof that you were X level and had X reputation and X items on your character.
Didn't Tribble get a character wipe at the weekend though, for the last stage of LoR testing?
I have just tested it out: Account Guard is USELESS. USELESS. *snip*
edit: I edited my post, because it's not allowed to post these kind of bugs/loopholes. I submitted it through a ticket. Let's hope they fix it fast.
I didn't read your original post, but yes, the Account Guard is easily defeated by any key logger if the user accesses the STO-registered e-mail account from the compromised PC. This is why I recommended accessing the STO-registered e-mail account only from a smart phone or any other device that doesn't run flash or java.
In all the years I've been gaming, not once have I ever had a security breach due to simple security awareness.
I really wish Cryptic would invest in a real RSA-token based security system like WoW and SWTOR... it would stop many of these intrusions cold.
This thread is pointless on the forums, as nothing can be done at this point. Tough luck.
He/she's venting, let him/her vent. Why is this post any worse than any of the other pointless and tedious fecal matter people post all over the forums. Also if it's pointless, why did you bother to read 3 pages in?
[SIGPIC][/SIGPIC] "There's a reason you separate military and the police. One fights the enemies of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people."-Commander William Adama
Unless you get infected with a keylogger, or the server the password's stored on gets TRIBBLE.
keyloggers work by tracking keystrokes, right? well, i got around that by generating a password and copy-pasting it to a notepad file, which i then copy-paste every time i load the game up
even if my system is infected, the only thing it'll be recording is ctrl-c and ctrl-v, plus the usual chat stuff i do ingame and on here
not foolproof by any means, but combined with common sense and other preventative measures, it helps loads
A normie goes "Oh, what's this?"
An otaku goes "UwU, what's this?"
A furry goes "OwO, what's this?"
A werewolf goes "Awoo, what's this?"
"It's nothing personal, I just don't feel like I've gotten to know a person until I've sniffed their crotch." "We said 'no' to Mr. Curiosity. We're not home. Curiosity is not welcome, it is not to be invited in. Curiosity...is bad. It gets you in trouble, it gets you killed, and more importantly...it makes you poor!"
Passion and Serenity are one.
I gain power by understanding both.
In the chaos of their battle, I bring order.
I am a shadow, darkness born from light.
The Force is united within me.
Once the upgrade gets sent to the main server, Cryptic will also update their main game download. When a new season (or in this case expansion) is added, I download the full game right from this page. If I ever have to reinstall "Star Trek: Online", I will not have to wait for the launcher to download a seasonal (expansion) patch. I will only have to download the mini-weekly patches.
Now, since I do this ritual every season (upgrade), I take the opportunity to refresh the whole game. Sudden game stops, experienced throughout the year, can cause corrupt files. As a result of doing a full install, I can eliminate any potential problems.
I kill two birds with one stone.
...Or, you could just let it patch normally, and if you notice any problems, you simply verify file integrity. Much simpler and faster.
A normie goes "Oh, what's this?"
An otaku goes "UwU, what's this?"
A furry goes "OwO, what's this?"
A werewolf goes "Awoo, what's this?"
"It's nothing personal, I just don't feel like I've gotten to know a person until I've sniffed their crotch." "We said 'no' to Mr. Curiosity. We're not home. Curiosity is not welcome, it is not to be invited in. Curiosity...is bad. It gets you in trouble, it gets you killed, and more importantly...it makes you poor!"
Passion and Serenity are one.
I gain power by understanding both.
In the chaos of their battle, I bring order.
I am a shadow, darkness born from light.
The Force is united within me.
Ever been to a web site where you have to enter information into a popup window? A standard (as in required...) feature of Browsers is the ability of a script to read content, (and any update to content) in another window...
And this was how the malicious banner add that was planted on STOwiki last year worked...
And with Internet Explorer HTML libraries required for the STO Client to operate, what do you think this means...
I expect any competent keylogging software would also record the clipboard if it contains text or a variant thereof.
I go a few better, I open notepad and mash the keyboared and get stuff like k.wszl/svdklfvb and use that as my password then I right click and copy, then right click and paste. keylogers register nothing at all and it creates the best passwords. plus to make it even worse for hackers I put them in a random folder and name it readme.txt so if its a trojan where they can remote access they have hundreds of readme.txt to look at. But when it comes to my banking I do the same except write the password on paper and never save the .txt file so there is never a copy of it.
So all i have to worrry about is the site getting TRIBBLE since i wont use TRIBBLE like egpal.
*edit
I didnt quote that... Why is this quoting a reply to who i quoted?
Join Date: Nobody cares.
"I'm drunk, whats your excuse for being an idiot?" - Unknown drunk man. :eek:
Keyloggers are not the simple things they used to be of logging key strokes. They can and do monitor the copy and paste clipboard, we just use the generic term "keylogger" in much the same way people use "TRIBBLE" instead of compromised.
In the old days of keyloggers the copy and paste thing wasn't that bad an idea however nowerdays you are giving yourself a false sense of security if you do that.
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
THIS just restored my faith that the human beings working on STO actually care about STO players and don't just dismiss us as annoying fan boys and girls.
STO might not be perfect, but it's good to know the team at Cryptic will go the extra mile to help when it's really needed.
Thank you, Cryptic.
In the immortal words of Captain Sisko: "It may not be what you believe, but that doesn't make it wrong."
Don't believe the lies in this forum. I am NOT an ARC user. I play STO on Steam or not at all.
I came on and my hargh'peng very rare torpedo was gon i replaced it with 2 750ec blue ones and guess what they both disapeeared on 2MInutes time both poof gone , and my coordination protocol console poof gone and my borg universal console poof gone whats going on CRYPTIC are we being TRIBBLE or you taking items or is system that messed up for us seriou money game players ?? please fix game dont take or loose are item s when we log off and when we return are attitudes are shot .....
Comments
Since my own experience, I make unique emails for each of my online games. These emails are used only for their game. My login name is not the same as my global handle and none of my toons are named after my login name. I also use characters like %^&$# in my passwords, also mix them up with lowercase and uppercase letters randomly. Account guard helps, but as others mentioned its not 100% at the moment. Most of my passwords and user names are long and extensive. Some say the extent I go to is me being paranoid. But, I'd rather be called paranoid than lose my characters in another game I play.
I didn't read your original post, but yes, the Account Guard is easily defeated by any key logger if the user accesses the STO-registered e-mail account from the compromised PC. This is why I recommended accessing the STO-registered e-mail account only from a smart phone or any other device that doesn't run flash or java.
In all the years I've been gaming, not once have I ever had a security breach due to simple security awareness.
I really wish Cryptic would invest in a real RSA-token based security system like WoW and SWTOR... it would stop many of these intrusions cold.
for eample my current password is rated this
CONGRATULATIONS!
It would take about 2143250 years to crack your password.
here is the website
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
He/she's venting, let him/her vent. Why is this post any worse than any of the other pointless and tedious fecal matter people post all over the forums. Also if it's pointless, why did you bother to read 3 pages in?
even if my system is infected, the only thing it'll be recording is ctrl-c and ctrl-v, plus the usual chat stuff i do ingame and on here
not foolproof by any means, but combined with common sense and other preventative measures, it helps loads
#LegalizeAwoo
A normie goes "Oh, what's this?"
An otaku goes "UwU, what's this?"
A furry goes "OwO, what's this?"
A werewolf goes "Awoo, what's this?"
"It's nothing personal, I just don't feel like I've gotten to know a person until I've sniffed their crotch."
"We said 'no' to Mr. Curiosity. We're not home. Curiosity is not welcome, it is not to be invited in. Curiosity...is bad. It gets you in trouble, it gets you killed, and more importantly...it makes you poor!"
I expect any competent keylogging software would also record the clipboard if it contains text or a variant thereof.
...Or, you could just let it patch normally, and if you notice any problems, you simply verify file integrity. Much simpler and faster.
#LegalizeAwoo
A normie goes "Oh, what's this?"
An otaku goes "UwU, what's this?"
A furry goes "OwO, what's this?"
A werewolf goes "Awoo, what's this?"
"It's nothing personal, I just don't feel like I've gotten to know a person until I've sniffed their crotch."
"We said 'no' to Mr. Curiosity. We're not home. Curiosity is not welcome, it is not to be invited in. Curiosity...is bad. It gets you in trouble, it gets you killed, and more importantly...it makes you poor!"
And this was how the malicious banner add that was planted on STOwiki last year worked...
And with Internet Explorer HTML libraries required for the STO Client to operate, what do you think this means...
I go a few better, I open notepad and mash the keyboared and get stuff like k.wszl/svdklfvb and use that as my password then I right click and copy, then right click and paste. keylogers register nothing at all and it creates the best passwords. plus to make it even worse for hackers I put them in a random folder and name it readme.txt so if its a trojan where they can remote access they have hundreds of readme.txt to look at. But when it comes to my banking I do the same except write the password on paper and never save the .txt file so there is never a copy of it.
So all i have to worrry about is the site getting TRIBBLE since i wont use TRIBBLE like egpal.
*edit
I didnt quote that... Why is this quoting a reply to who i quoted?
"I'm drunk, whats your excuse for being an idiot?" - Unknown drunk man. :eek:
In the old days of keyloggers the copy and paste thing wasn't that bad an idea however nowerdays you are giving yourself a false sense of security if you do that.
I got my characters back, thanks to Cryptic.
Lost my ECs and dil, but I GOT MY CHARACTERS BACK
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
Thank you Cryptic!
THIS just restored my faith that the human beings working on STO actually care about STO players and don't just dismiss us as annoying fan boys and girls.
STO might not be perfect, but it's good to know the team at Cryptic will go the extra mile to help when it's really needed.
Thank you, Cryptic.
Don't believe the lies in this forum. I am NOT an ARC user. I play STO on Steam or not at all.
Happy for you!
I'm glad to hear that you got your characters back!