If you must know, its one of our newest members.Originally Posted by Fiel
He believes that this can't be at all accurate and all this other junk.
And he thinks the results will only bring more fear to people.
as if it can get worse, right?
If you must know, its one of our newest members.
He believes that this can't be at all accurate and all this other junk.
And he thinks the results will only bring more fear to people.
as if it can get worse, right?
People fear the dark and unknown more. You see? PICs have been proven worthy so far... Unless another database leak then!
However, I still think Nexon not giving players the right to change emails is a hole itself.
My account was compromised - partially
A fellow SP member PMed me to state that he had reset my PIC without needing access to my e-mail. Due to the reset, when I log into my account it now asks for my PIN. Cracking the PIN can already easily be automated, so it would be just a matter of time before my account would be compromised and the 50 million mesos stolen - though this has not happened yet. This is evidenced by the topic here that started it all when a user from BasilMarket gave his account name and password and was hacked in a matter of hours while still using the PIN system. When I entered my PIN and double-clicked on a character, it asked me to provide a completely new PIC.
The other SP member has reported this vulnerability to Nexon. I do not know the vulnerability that the other user took advantage of.
T__T
Here I was really hoping I could play without worrying about Spidey-locks, changing my password every day, or intentionally banning my account for 24 hours. Ah well.
Woah...without even accessing the mail.
That means if they had logged on right after confirming it, they could of set their own PIC. Not even a need to crack the PIN.
If im reading Fiel's post right, it required him to use his PIN to gain access over the account again. This bit actually makes more feel more safe, since now, even if my PIC gets reset somehow, I can still have hope that they are unable to get past the PIN.
The PIN system is very thin, though. The PIN system was hacked a crap load in the past, so there's nothing really stopping it.
Still better than nothing. Id be more happy if they brought a combo of PIC and Birthday for the character deletion.
Main point though, its better that there is something there instead of just letting people waltz onto the account and have their way after setting up a new PIC>
So I take it that this part was a false rumour, or else the mesos would already be gone.
Either way, I guess we are back to mainly relying on password strength.
I may as well reset my PIC to be something a bit easier to enter.
that's depressing :(
I was kinda hoping the PIC would make me feel better about some day returning back to my hacked account D:
Well at least the person able to find the exploit is helping to fix the hole by reporting it to Nexon.
Will only help if whoever processes the tickets actually reads it, understands it, believes it, cares enough, and thinks its important enough to pass on to the programmers, rather than just hitting the standard autoreply and moving on to the next ticket. To Nexon, the customer is (nearly) always wrong.
I think if they could just be better at keeping the passwords secure, we wouldn't have to deal with all this PIN/PIC nonsense.
I'm guessing it was "god." Seems to find a lot of loop holes :\
There go my hopes for the PIC system to put an end to the hacking era.
Maybe it will just reduce the number of the hacked accounts, but not make that completely impossible.
[Jr. Event Coordinator]
....are the PINS our old pins?
I find it weird Nexon still kept the logs of all of our old PINs.
I'm fairly certain that you do not normally need to use the old PIN when you change the PIC. Fiel's account must have been reset in such a way that it looked like the PIC had never been set before.
[Jr. Event Coordinator]
That is were you are wrong. When you want to change your pic nexon doesn't make an automated one for you. You have to put in a new one so in order to get on the account to set the pic you need your old pin to access the account.
Regardless of how weak PINs are, that's a pretty nice failsafe.
Does that mean that if I make a new account today that I will be asked to enter a PIN as well as a PIC?
I thought the regular PIC reset worked just like the old regular PIN reset where it clears it off your account after you confirm by clicking the link in the e-mail.
Posting Permissions
|
|
Reply With Quote
Bookmarks