Guild Wars Guru Security Notice

[Painbringer]

Bad thing is many have listed our character names so one less security block for them to worry about

As said before Crap happens

[milan]

Thanks for letting us know. Good job on the communication, much appreciated.

[Lycan Nibbler]

Inde, JR and team.. luv you guys <3

If only NCSoft would look and learn from your actions rather than more likely look and go "see"....

[JR]

Quote:

Originally Posted by Painbringer

Bad thing is many have listed our character names so one less security block for them to worry about

As said before Crap happens

Character names were wiped from the forum two months or so ago, when the change to remove them was first implemented.

If you are concerned about posts you made containing your character names, that can be resolved too. Simply do a search on the forum for your character name, and edit the posts that come up.

[EDIT: If you can't edit your post because the thread is closed (and only if the thread is closed) PM me with direct links to the posts and I will remove them.]

[tasha]

Quote:

Originally Posted by JR

If you are concerned about posts you made containing your character names, that can be resolved too. Simply do a search on the forum for your character name, and edit the posts that come up.

Not necessarily true if the thread is closed (eg if thread broke Ventari rules ). I tried earlier and there weren't any edit options on my post where the thread was locked.

OT:

Appreciate the speedy notification of this issue. Its the internet, stuff happens.

[Earth]

If you are really worried about your character names but you can no longer edit a post because the thread is closed, send a PM to JR with direct links to the posts concerned. Only do this if the thread is closed.

[nologic]

glad i changed my mail to a fake none that forwards my mail adress to the real one.. Same goes on another forum.

But I do think its good to keep the website up and running with newest builds released for the forums and wordpress in the future also inform wordpress about it so they wont make the same mistake in the future.

[lilDeath]

I applaud Guru for their open communications, working in the Internet business for 10 years now - I know it is not easy to be so brutally honest, with the potential of being ripped apart by your clients.

Luckily, I have practiced good security and none of passwords are the same, and I also deleted my char names on forums / posts / screens ever since the security breaches became known.
I will go ahead and change the passwords on Guru / Guru2 anyway - I am not worried about the e-mail address, since if it was used in a Spam attack there are ways to take this further and find out the source.

Also, people should not be fooled about 'just getting e-mail addresses' - SPAM is big business, for every 1 million (very small number) SPAM mails sent, even a 0.5-1% uptake is significant, especially if it is a phishing attempt, that is 5000-10000 people more that have been affected and potentially spreading the attack even wider themselves - yes, it is the ripple-effect.

I won't be as harsh as a previous poster about being late with security patches, it can easily get out of control... I know how things can happen and projects get stopped for whatever reason, and again shit does happen... that is true.

I myself (and my team ofc) am responsible for 250+ servers, which is our own and also our clients, and I am personally very diligent to view any security releases and I must assess what needs to be done and IF it needs to be done.
Luckily, we work on a steady release-cycle, and we patch our systems within 12-24 hours of release and the out-of-band (0-day) stuff is done ASAP.

So, I can certainly appreciate what it takes to keep your systems up to date and somehow... I am sure the Guru folks won't be waiting that long again and that they would have put 'something' in place to prevent this from reoccuring.

Thanks again, Guru guys and gals!

[Gigashadow]

FYI AionSource also had a trojan on it (confirmed by AionSource webmaster in the thread below) that nailed some people. Looks like fansites are under heavy attack these days.

http://www.aionsource.com/forum/aion...appen-you.html

[4thVariety]

Wartower got hacked as well, so it appears that somebody is trying all angles right now.

[Tullzinski]

Not suprising to see the increase in hacking attempts referenced above. Looks like the recent security improvements to NCsoft Master Hub and GW had an impact.

[Inde]

Can anyone get me the german translation of wartower's message please?

http://www.wartower.de/news/

And yes, I can google translate too We are debating a line in the google translation though. Thanks!

[Painbringer]

Just an FYI I got spooked after reading this and went on GW to change my password and I kept getting a code 11 error. It never said I changed anything, but now I can not log in at all. One of the passwords I tired worked for last night but today I am locked out. Not sure if many other people have had the same issue but Now I have no GW at all

[Inde]

Painbringer, you'll want to contact Support definitely, but I don't know if this is exactly related to the Guru issues. In your previous post you said you logged into Guild Wars and then couldn't change your password from that point. To log into Guild Wars you need your IGN (which is not stored on Guru). Then you stated that your Guild Wars had stopped responding and needed to force to close it. After that you stated "I can not sign into GW with old password but the intial one I tried that code 11 on me works".

This could be a technical issue or a simple case of mistyping since I haven't seen anyone have the exact problem you've described. But please let us know what support tells you and if you can get that resolved.

[glacialphoenix]

Quote:

Originally Posted by Painbringer

One of the passwords I tired worked for last night but today I am locked out

Have you tried logging in using the new password?

[Painbringer]

This is exactly what happened

I logged in to my GW account and got to character selection screen then I went to change password option. The screen came up (enter old password enter new password re enter new password). I did this and added a new password nothing happened and I got a-code 11 error. I backed out and re tried the new password again nothing happened-code 11. I then thought maybe I need to add some numbers so I tried a new password with numbers added and nothing happened again – code 11. I tired it a couple more times and I got fed up. I selected the Ncsoft link address on the code 11 message and went to there site. Could not log on (not totally sure what to log on with since I do not remember ever going here with my account.) After a couple attempts I gave up. Went back to the GW window it was locked on me. Closed it with task manager and reopened it tried to log on and my old password did not work. I then tried the first new password I tried that code 11 on me and it worked. I played last night then shut it down. I had a bad feeling something was screwy so I tried to log on again this morning and none of the passwords I used work. Old / new / new with numbers… nothing works.

Keep in mind I am only 5 % worried about a hacker getting me. I really think it was a mess up on GW site maybe too many people trying at once to change passwords. Remember the issues with the free storage pane-too much flow at once.

I sent a ticket this morning and will let you know, but I bet I miss the Redo winterfest

I should have sticked to my "If it aint broke Don’t Touch IT" motto when it comes to electronical things

[Earth]

Quote:

Originally Posted by Inde

Can anyone get me the german translation of wartower's message please?

http://www.wartower.de/news/

And yes, I can google translate too We are debating a line in the google translation though. Thanks!

Rough translation:

Currently a lot of game fansites are under attack from outside parties. After Guru was attacked, Wartower was also targeted.

We have closed the security hole. The attackers have managed to steal encrypted passwords of Wartower-Forum accounts. We suggest that you change your forum passwords immediately. It may be possible for the attackers to log on to your forum account under certain circumstances and abuse it. This also includes accounts on other websites, if you use the same account name and password on multiple sites.

Last part is just an explanation about how to change your password.


Hope this helps.

I guess you were debating the "It may be possible for the attackers to log on to your forum account under certain circumstances" line? I'm not too sure what they mean with that to be honest, so don't entirely trust my translation . What they probably mean is that the attackers are able to log in to the forum accounts.



EDIT: German isn't my first language, so I'm happy to see our translations are more or less the same Guess all those lessons are good for something

[Wheel of time]

I can give it a try (german is my first language so the english may not be perfect):

At the moment fansites are obviously under heavy attacks from the outside. After the attack of GWG the wartower has been targeted as well.

We closed the security gap. But the attackers managed to steal encyphered passwords of the wartower forum accounts. We therefore ask you to change your forumpasswords. The attackers may under these circumstances be able to log in with your accounts and abuse them. This includes accounts somewhere else where you used the same data.




My opinion: Im truly worried about all that bad attention gw forums seem to get recently and i sincerely hope for the consequences to be as few as possible.


E: hmmm i should translate faster i guess^^

still we seem to agree more or less on the translation

[Inde]

Thank you both so much!

[frinoh]

About the wartower.de incident:

I'm german and I skimmed through the thread on their forums, the admin mentioned that their passwords are md5/salt protected, so their message that passwords were stolen might be a bit over the top. It seems the attackers merely aquired the encrypted password file.

I'd still recomend changing your password of course.