Pink Poogle Toy Forum

The official community of Pink Poogle Toy
Main Site
NeoDex
It is currently Thu Nov 14, 2024 11:50 am

All times are UTC




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4
Author Message
 Post subject:
PostPosted: Sun Feb 20, 2005 10:15 pm 
Administrator
Administrator
User avatar

Posts: 1140
Joined: Mon May 31, 2004 1:36 pm
The thing is almost entirely useless -- you can use IE to let the user log in (bypassing any log-in time security codes, however complicated), and then read its stored cookies to authentificate the ab session. It's more of a strain on the real users than on the people using some kind of program.


Image
Will you stop with the honour stuff?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 1:49 am 
Honorary Member
Honorary Member
User avatar

Posts: 497
Joined: Mon May 31, 2004 8:19 pm
Location: a state of perpetual shock
Hunter, I never thought that particular system was even meant to protect against autobuyers -- I always figured it was meant as a deterrent to brute-force password attacks.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 3:17 pm 
PPT Toddler
PPT Toddler

Posts: 104
Joined: Fri Feb 04, 2005 1:54 pm
Location: Somewhere between Tortall, Edoras, and Belisaire
Meh, I'm still feeling sort of vunerable without the code. I've seen first hand a program harvest passwords through brute force before, and it ain't pretty what a determined hacker can do with a little skill and time (my uncle is a computer programmer and he was demonstrating some safty software to me and my dad so this wasn't actually a real scenario). Until the code comes back or something replaces it, I'm going to be changing my password a lot.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 5:54 pm 
Administrator
Administrator
User avatar

Posts: 1140
Joined: Mon May 31, 2004 1:36 pm
iconoplast wrote:
Hunter, I never thought that particular system was even meant to protect against autobuyers -- I always figured it was meant as a deterrent to brute-force password attacks.

It also only allows 3 or 5 login attempts from the same IP during a 24 hour period anyway, and that is enough to stop brute-force attacks dead in their tracks.
Even assuming you could have a thousand different computers doing the attack, it would take you 11360047 days to brute-force a 6-letter alphanumeric password (or 61783 days for a 6-letter all-lowercase password) with this limitation.

Of course, if your password is password, none of that holds up.


Image
Will you stop with the honour stuff?


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 7:08 pm 
PPT Toddler
PPT Toddler

Posts: 104
Joined: Fri Feb 04, 2005 1:54 pm
Location: Somewhere between Tortall, Edoras, and Belisaire
Hunter Lupe wrote:
iconoplast wrote:
Hunter, I never thought that particular system was even meant to protect against autobuyers -- I always figured it was meant as a deterrent to brute-force password attacks.

It also only allows 3 or 5 login attempts from the same IP during a 24 hour period anyway, and that is enough to stop brute-force attacks dead in their tracks.
Even assuming you could have a thousand different computers doing the attack, it would take you 11360047 days to brute-force a 6-letter alphanumeric password (or 61783 days for a 6-letter all-lowercase password) with this limitation.

Of course, if your password is password, none of that holds up.


Good point, I should've remembered that before I started worrying. I'd forgotten that my uncle's demonstration didn't have any limitations since it was all hypothetical.


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 7:27 pm 
Honorary Member
Honorary Member
User avatar

Posts: 497
Joined: Mon May 31, 2004 8:19 pm
Location: a state of perpetual shock
Hunter Lupe wrote:
It also only allows 3 or 5 login attempts from the same IP during a 24 hour period anyway, and that is enough to stop brute-force attacks dead in their tracks.
Even assuming you could have a thousand different computers doing the attack, it would take you 11360047 days to brute-force a 6-letter alphanumeric password (or 61783 days for a 6-letter all-lowercase password) with this limitation.

Of course, if your password is password, none of that holds up.


Last I checked that limitation was 3 every hour, not every 24 -- but your point is still valid. Social engineering and poor passwords are still the weakest points, and probably always will be.

By the way, anyone who wants truly secure passwords should check out Diceware. Now that's good stuff.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 9:05 pm 
PPT God
PPT God
User avatar

Posts: 2294
Joined: Mon May 31, 2004 9:10 pm
Location: Adios City, Leftland
OK. I think that this was removed by accident as I just went to login, entered my username and then where it said password, I entered my correct password. The security code box wasn't there. So I clicked "Submit" and it took me to Pet Central. So then I went to castle battles and just as I was about to play it said I wasn't logged in. So I tried again. And again. And again. I can't log in. And my account isn't frozen. So I have come to the conclusion that they have suspended log-ins as that was a mistake.


ImageImage
Set - Sunnie
Blinkie - Chass
Left.
ALL HAIL XENU!!!


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 9:14 pm 
PPT Warrior
PPT Warrior
User avatar

Posts: 806
Joined: Wed Jun 02, 2004 2:23 am
Location: Land of the 1337
The security code proabably doesn't work anymore anyway. The programmers find ways around them in two weeks or less :x It would explain how autobuyers keep snagging all the MP's without anyone in the store getting so much as a haggle. It's horrid how quickly some of the items go. I saw 4 MP's stock yesterday, and got only a haggle on one of them. The rest disappeared instantly.


"If you're lucky, I might just settle with eating your firstborn."


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 9:37 pm 
PPT God
PPT God

Posts: 1422
Joined: Sat Dec 04, 2004 1:02 am
OmniIcyshelf wrote:
The security code proabably doesn't work anymore anyway. The programmers find ways around them in two weeks or less :x It would explain how autobuyers keep snagging all the MP's without anyone in the store getting so much as a haggle. It's horrid how quickly some of the items go. I saw 4 MP's stock yesterday, and got only a haggle on one of them. The rest disappeared instantly.


Isn't that the way it in the magic shop though? :( Noticed more AB'ers than usual in the last couple of days


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 10:37 pm 
PPT Warrior
PPT Warrior
User avatar

Posts: 806
Joined: Wed Jun 02, 2004 2:23 am
Location: Land of the 1337
Yeah- If they would just change the security code system every three days or so, we wouldn't have to worry about abers :K


"If you're lucky, I might just settle with eating your firstborn."


Top
 Profile  
 
 Post subject:
PostPosted: Mon Feb 21, 2005 10:43 pm 
PPT God
PPT God

Posts: 1422
Joined: Sat Dec 04, 2004 1:02 am
OmniIcyshelf wrote:
Yeah- If they would just change the security code system every three days or so, we wouldn't have to worry about abers :K



Ab'ers *sigh* no chance of EVER getting a good potion from the magic shop for me :( I dont even try anymore


Top
 Profile  
 
 Post subject:
PostPosted: Fri Feb 25, 2005 10:34 am 
Beyond Godly
Beyond Godly
User avatar

Posts: 3602
Joined: Sun Sep 05, 2004 1:23 am
Location: Set by Stampsyne. Thanks!
iconoplast wrote:
In Firefox, for example (along with, most certainly, Opera and Safari... don't know for sure if IE is vulnerable to it, but I'd assume it is), URLs can be spoofed disturbingly easily. There's an exploit that uses alternate character codes to force a false URL to display. You can also make it look very similar to the correct letters, which is enough to fool a casual glance.

Firefox developers read your post and updated their browser ;)

http://news.com.com/Mozilla+releases+Fi ... 89693.html


<img src="http://img.photobucket.com/albums/v379/qanda/qandalitsiggy.gif" alt="Image hosted by Photobucket.com">


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4

All times are UTC


Who is online

Users browsing this forum: No registered users and 120 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group