Well, I just started the threads on hidden-street and Mapletip.
[Jr. Event Coordinator]
Well, I just started the threads on hidden-street and Mapletip.
Are you sure anyone has gotten the birthdate yet? When I tried it just now the password was not changed. Anyone could easily get last name, first name + registered email address through 1 simple step. Birthday was easy to get before with a public birthday cracker but that method was patched a few weeks ago and since there is nothing public at the moment, it looks like the birthday might not be obtainable unless someone guesses it.Originally Posted by street
OH MY GOD you're shattered the interdimensional time rift!!!!!!!!!!!!!!!!!!
Was just gonna ask someone to do that. Also, send this to Maple News too. It should attract some attention there. Just e-mail the thread to the editor or something.
Anything new?
I thought you could get the email username through the maple website under paypal or something. Or did someone else already mention it (didn't read the whole thread) or did nexon remove it?
It's already been obtained.
I just hope hackers actually try to hack this and not intentionally ignore it to give our PICs a false sense of security.
We can never assume our PICs are secure, this should be thought of as a test to prove how insecure they are. If someone could break through it quickly it proves they're worthless. If nothing happens, we're back where we started. No one should accept that this not being hacked means that they're safe because it doesn't.
Can't... Stop... Laughing... Hahahaha.......
Fiel, I think you should have said that there was a random amount of loot on the account, rather than just saying straight out that there was 50m. I don't think a real hacker will go for only 50m; only lolbasil kiddies will go for that, but hey, it might work :P
Glad to see not much has changed!
[Jr. Event Coordinator]
More hackers would go after 50 mill than a "random amount of loot."
Why go after an account that has 50m though when you could try your luck at another account that could possibly have more? Most maplers now a days (except the inactive accounts that have been inactive for quite a long time) have much more than 50m, whether it be in equips or pure mesos.
Because it's pure luck. Some accounts don't have much more than 1 - 2m worth of stuff. This is a guaranteed 50m. If you had the chance of getting 50m or possible jack, would you take the 50m?
True...Hopefully a "real" hacker tries to go after this to help out the experimentation instead of some script kiddie who's just doin it for the lulz, so the experiment yields better results
Oh yeah, I made a character in Scania on it :D
*wishes she knew how to hack as it sounds fun* :(
Oh well, in 4th year of university there's heaps of courses to teach us how to hack :P (Yeah, I'm too lazy too teach myself)
I'm not sure if a "better results" option applies.
Either the account gets broken into or it doesn't. We won't know if it's at the hand of a script-kiddie or not and it would actually be more scary if it was. The only real way I can see this experiment failing is if the account gets compromised due to an e-mail breach. Which doesn't establish anything about the security of the PIC other than (like someone mentioned earlier) the hackers found the e-mail to be an easier way in than the PIC.
This entire thing just looks like a bad version of a guy who doesn't believe in hackers and goes "well if it's real then come get me ECKO!" then 3 posts down "well I haven't been hacked yet so you're a liar stop giving out info"
Obviously not exactly the same but just my own first impression.
Disclaimer: I know this has nothing to do with the past hackings, it is to test the security of the new PIC.
The difference in this situation and other hacking situations is email. Your email was easily obtainable. The fact that its gmail and both passwords dont match up (giraffe) makes it quite difficult to hack. You obviously don't but most other maplers use msn and a hotmail email adress. The problem with using a hotmail/msn email address as your maplestory email, is that these email adresses over time "expire." This allows anyone to recreate your exact email address and create their own password, therefore being able to send a pin/pic reset to that email.
Well, we can at least make a few observations based upon what has happened so far.
Argument 1:
Premise 1: The account First Name, Last Name, Secret Question (but not the answer), and e-mail are all known within 24 hours
Premise 2: The PIC/PIN number is not yet known and the birthday is not yet known
Therefore: The PIC/PIN and Birthday are harder to hack than the First Name, Last Name, Secret Question, and e-mail
Argument 2:
Premise 1: If a hacker wanted to gain access to bisubuild235, the easiest way would be through an account PIC reset which occurs through the e-mail account.
Premise 2: No PIC reset has occurred
Therefore: My e-mail account has not been compromised.
Argument 3:
Premise 1: Because Argument 1 is true, then hackers do not have access to the PIC/PIN.
Premise 2: Because Argument 2 is true, then hackers do not have direct access to my e-mail
Premise 3: There is no other way to gain access to PIC/PIN except by compromising the e-mail or a database breach
Therefore: Nexon's database was breached.
Argument 4:
Premise 1: Because Argument 1 is true, then accounts are more safe since the PIC is harder to crack.
Premise 2: Maplestory accounts use PIC universally
Premise 3: E-mail accounts are outside of Nexon's locus of control
Therefore: Nexon's new system is safer because it uses a PIC.
Posting Permissions
|
|
Reply With Quote
Bookmarks