RU_Insane

Yeah, but say if you entered that 4-digit PIN on the screen. If your computer were infected with screenshot malware, someone could take screenshots of the keys you pressed on the screen. It's not a bad idea, but how does it prevent people from stealing it? Plus, you'd write down the 10-digit PIN on a piece of paper, of course. Only if you had a very secure computer would I recommend you'd put your PIN there. So if you 'support in theory', can I add you to the list? :P

if you were any thing like the kids in my school, special brew. lol Don't worry, I didn't drink >.>

Cool :) When a classmate told me that houses came out on RuneScape, I didn't believe him at first because it seemed too modern for me. Then I learned of the massacre. .>_>

Well then, I can't change your mind about that particular experience. :P I haven't seen the infinity boots glitch, but it sounds cool. I've never glitched my boots, but I've seen people stretch their skin. I was 12 y/o at the time. Why would I drink :P

I knew this reaction would come, and no, I'm not trolling. I'm telling you, I have no idea how he did it either. All I know is that it happened, as absurd as it sounds. Aside from that, I listed three other events I've witnessed that can be explained. Why don't you comment on those, or at least add your own story to prevent from derailing the thread, hmm?

What's the strangest thing you've encountered in RuneScape? I've had quite a few, but one that bogs my mind to this day happened back in June 2006. No, it's not the Falador Massacre. I was in an F2P world (probably 153) and and my main was level 50 something combat. I was walking around Varrock, just admiring the place, and some guy with a monkey gree-gree (I didn't know what it was at the time) runs into Varrock Square. At first I thought it was odd by itself. I'm thinking, "what strange mask is that guy wearing?". But I wasn't prepared for what came next. Keep in mind this is an F2P world. This guy activated his gree-gree, (I think) and the entire Varrock area I was in turned into something that [cabbage] resembled Karamja. There were many other players with me at the time and they were freaking out, man. Monkeys appeared out of nowhere and they were hanging from the palm trees that just popped out of the ground! They were sitting in the market stalls and running around! I talked to a monkey and he went all "ook ook" right? I honestly do not know how he did this, especially on an F2P world. Monkey gree-gree is members. How did he do it? I don't know. Anyway, this entire event must have lasted a couple minutes at most, but it felt longer. People were following around the guy that did this, as was I. They kept asking him "How did you do that", "what did you do", and so forth. After what seemed like a few minutes, but was apparently only a couple dozen seconds, the Varrock Square area returned to normal. I didn't know how to take screenshots at the time, so I don't have any photos of this event, nor any video, unfortunately. The perpetrator teleported, but I managed to track him down and talk to him. Being the stupid 11/12 year old I was at the time, I told him I was the Dragon Lord of Darkness, lol. I thought I'd scare him doing this >_< We talked for a good while, and he seemed like a cool guy. He logged off shortly after. I added him to my friends list, but I took him off after a while. I regret doing that, because now I forget what the guy's name was. :( I don't have video, I don't have screen-shots, and I don't even have the guy's name. But I have my memory, and I know what I saw. I didn't get members till 2010, so this wasn't in a member's world. It wasn't a private sever, it was the actual game. I tried looking for this obvious glitch in RuneScape Wiki, thinking someone else who was there at the time would have documented it, and there was entry about a monkey gree-gree glitch which took place in June 2007, but on a members' world. The circumstances described were similar, though. He transformed a suburban/commercial area into a tropical one. Maybe it was the same guy? I looked again today, and I couldn't find any entry about that glitch. The only entry related to a monkey gree-gree glitch concerns stretching of one's character when an easter ring + monkey gree-gree is equipped shortly after. So there's my story. I seem to be the only one (besides the others who were at Varrock Square at the time) who can recall this event. It's a bit of an alienating experience, knowing you saw something unique, but no one else can corroborate the story for you, like those people who claim to have seen UFOs. (No pun intended). I've witnessed three other glitches that are notable, but not on the same level of what I saw on that day. I met a guy who turned himself invisible (he claimed he had no idea how he did it). I saw someone crawl around on the ground with their legs (ala-sled formation), and I took a screen-shot of that one: Taken 31st of July 2010. Sorry for the sucky cropping. >.> You can see her odd position though. I also saw someone's head bob around like crazy. It swung back and forth like a slingshot, very rapidly, it was like a bobble-head. I didn't take a screen-shot of that one. Heh, now I feel like I need to relieve all of my wacky RS memories! :P I'll add additional ones as I recall more. So what's the strangest thing (or, if you have a list, strangest things) you've seen in RuneScape?

Awesome <3: I'll add you to the list. ^_^ I added in a paragraph about e-mail confirmation for recovery attempts too, for extra security. :thumbsup:

Not gonna happen. Hell will break loose and soccer moms will form a crusade against Jagex, claiming that dicing taught little Joey how to gamble, do drugs and be a teenage "baby-daddy". I listed two options there. You only gave a good reason against one option. If it is infeasible for Jagex to offer a formal support system for dicing, I think they would be better off outright banning it. In fact, I have a suggestion for Jagex to implement a formal system for all games of chance, including dicing (flower game, for example). Jagex could introduce a casino-like area somewhere near Varrock West Bank. There will be several different sub-areas inside, each for a different game of chance, and populated by a specific NPC for that game. There will be an NPC at the dicing sub-area, who rolls dice for you after he takes your bet. The dice rolls appear on the player's screen. 55+ rolls are winners, rolls under 55 are losers. Players who lose, have their bet added to the pot. The 'pot' is the sum of all the players' losing bets + the NPC's starting cash (I'm thinking it can be 500M starting cash). If you win, you receive double your bet from the existing pot, so no money is created when you win; instead, it's recirculated. The pot total decreases by the amount of cash the player won, naturally. There will be a counter in the corner of the screen displaying the pot's current value. The pot value is capped at ten trillion. Items may be used in place of cash bets. The item's market value is equivalent to a cash bet. If you win, you get your item back + cash equal to your item's market value. If you lose, the item is converted into cash, according to its market value, by the casino and is subsequently transferred into the pot. Winners will always be paid out because the system is instructed to pay them out. This type of formal gaming destroys scamming and provides thrills with one blow. Plus, cash is recirculated, not generated out of thin air (save for the NPC's starting cash, but that has likely no noticeable economic effect). Thoughts? I think it's a decent replacement for the system we have now. It's so hard to find legitimate hosts, and this system can easily fill that role. I admit, legitimate dice hosts will be replaced, but they're currently outnumbered by scammers.

Glad to know someone read my post \o/

I agree. Let the players ban bots. That'd help a bit, even for a while. ^_^

To be honest I made a mistake it got leaked 20 hours ago made mistake with AM and PM. The original post of the leak on different forum got posted on 1:04AM GMT +1 So Jagex locked the account after 20 hours? O_O

Awesome. :D I'll add you to the list.

He's more than likely lying about it. Good question though.

Look at the post above you I even posted the password in this thread so you can look it up yourself. [/hide] But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently. You get password wrong message if you use other password. Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it. Ah, okay. So the perpetrators bruteforced to get the password. lol. I think it's sad that some of the JMods don't even follow their own procedures for account security. I mean, it doesn't matter in the end since the system prevents unauthorized logins. But really?

Yes, you can log-in to the account from Jagex HQ, but you get locked-out if you login anywhere else. This is what happened to me when I tried it. The .GIF animation posted in the OP is real, I've seen the same result myself. The question is, if there's no news about this (and a Google search confirms this objection), what's the panic for? If it took eight hours for Jagex to lock the account, I agree, someone would have had video or at least a few screen-shots glorifying their spoils. So I think it's been established that the .GIF is authentic insofar as that's what you should expect when you attempt to login outside of Jagex HQ. What's totally false is the claims that go along with it, except for the claim that the password was decrypted from RuneHQ (otherwise, how did they get the password?) And no, Sy_Accursed, the password does work. I got "Invalid username or password" when I tried to login with other passwords. I got "Your account has been locked" when I logged in with the password posted. The password is authentic, the .GIF posted is authentic, the only thing stopping anyone from logging-in and causing panic is that you can't login from outside of Jagex HQ.

To anyone who's interested, the password does in fact work, but like missingno said, the failure to breach past the point of lock-out is a sign of foresight in light of Jagex incompetence. I got the same result (locked-out) when I tried to log-in. So the account has technically been breached in that the correct password was retrieved, but no actual harm was done to it thanks to their security. As far as the "logging in and causing chaos" scenario though, that's [cabbage], don't worry about it.

It took them 8 hours to lock the account. Soo then is there a video of the ensuing chaos? Read my previous post you got instantly logged out when you tried to log in. But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere. [/hide] This. You said it took them eight hours to lock the account, then you said you got logged out when you tried to log in. Which is it? And if it's the first case, there must be video or even photos,so where are those? You couldn't even get in the lobby or get on the forums, when you tried to log in on the homepage it said Login Successful but then nothing happened. You couldn't do anything but its just about the fact that even their own mods make mistakes about their choice of passwords. The only thing that they changed now is that you get a locked account message when you try to log in (took them 8 hours to lock it). Mod Edit: Removed personal information imagine if it was found out on the day of RuneFest and someone logged in on it.... (Jagex mods can log in there). I'd be hard-pressed to believe that Jagex didn't at least change the password, after what was technically a major security breach (even if due to mod failure). But okay, if that's what the password is, I'll try logging in. >.> I'll doubt it'll work though, just saying. :P

Definitely. I know it's too late now, but it'd be interesting to see the consequences had the perpetrators been able to login to the account. Get some real [cabbage] started :P inb4rollback I did a Google search for "Mod Kelvin hacked" and the only result that came up was this one. I searched for "Jagex Mod hacked" and this thread came up, but the other results were junk. I'm calling shenanigans.

It took them 8 hours to lock the account. Soo then is there a video of the ensuing chaos? [/hide]Read my previous post you got instantly logged out when you tried to log in. But if people logged into it (and in 8 hours I'm sure someone did) then there must be a video of it somewhere. This. You said it took them eight hours to lock the account, then you said you got logged out when you tried to log in. Which is it? And if it's the first case, there must be video or even photos,so where are those?

This sounds good :P I changed the bit about 'first time redemption' to 'each time you redeem your PIN' so as to prevent key-loggers from stealing this info the second time. For, if we only changed the PIN once, what's going to stop them from getting it the second time? Yes, virus scans are always important, I agree. But shuffling things up just to be safe. ^_^

Recover Your Account Without The Hassle By: RU_Insane Introduction Often enough, if not every day, player accounts are recovered by the wrong people. They intend to use their ill-gotten goods for malicious purposes, or to personally profit. None of this is any news to the astute player. Indeed, if you've attempted to recover your own account, some of you would be surprised at how easy it is for one to retrieve a lost or forgotten password. Even then, at times, you had to wait a while before your appeal was accepted. I've waited for six days on one of my account recoveries. This is all well and good for legitimate players, in terms of easy account recovery. But how do we keep the baddies at bay? Unfortunately, we can't prevent them all from gaining access to your account. We can try to educate players about how to better secure their accounts, though. I have an idea that will help with this. The solution is simple, but effective. Recovery PINs. In a word, these PINs (Personal Identification Numbers) are unique 10-digit alphanumeric codes. On the surface, they are much like the redemption codes you can find on the back of a RuneScape game card. But in reality, they are much more. They are convenient security measures. When you register an account (existing accounts too), a unique PIN gets assigned to it. This PIN gets sent to your player inbox. You will be notified, and auto-directed to the new message. How Recovery PINs Work Upon being read, the message disclosing the PIN code will be deleted from the server, but the PIN itself remains intact. This is a great security feature because only you'll know what the PIN is. You will have a PIN on your account at any given time. The PIN can never be changed or removed, except by Jagex's password recovery system (see later). Players are instructed to write down the PIN code in a safe place. The steps taken so far in the process has an immediate advantage: no perpetrator looking for your personal info can find this PIN code, because it's deleted from Jagex's servers when the message is read. But the Recovery PIN has a second advantage more central to its concept. The PIN, when entered into an account recovery form, overrides any other info supplied in the form. All you have to do is type it in the appropriate box, and a confirmation e-mail is sent to your e-mail address. Confirm the recovery, and you get your account back instantly. The Recovery PIN is the most valuable piece of information your account can ever possess. It's more valuable than your first password and even more valuable than your subscription information. Why is the recovery PIN so valuable? Because it's predicated on the assumption that the only person who'd know this PIN is you. No one else can obtain this PIN because it's unique, it's flexible, and the message is deleted from Jagex's servers when you read it, so it's secure. Presumably, you're the only person who read that message, so who else could know? You'll notice I said the PIN is flexible. This is a necessary fail-safe feature. In the worst-case scenario, someone obtains your password, and changes it after they're done with your account. Clearly, this isn't something you want. The best alternative is that your account is compromised, but you can recover it instantly thanks to your PIN. Redeeming your PIN Each time you attempt a recovery, a confirmation e-mail is sent to your e-mail address. If an intruder tries to recover your account with the PIN, they need to have access to your e-mail to confirm the recovery. If someone tries to change or remove the e-mail address on your account, an e-mail will be sent to your current address informing you of the e-mail change/removal request. In this case, ensure that your e-mail password is different from your RuneScape password, and that your computer has an up-to-date anti-virus and firewall. When the recovery is confirmed, a new PIN is generated afterward for your account, and is sent to your inbox after you set your new password. If your account doesn't have an e-mail registered, the recovery attempt won't have to be confirmed. Take care to write down the PIN, as it will be deleted from the server afterwards. This whole process occurs over a secure, encrypted protocol, so no one can 'listen in' on the conversation between your computer and the server. In case the computer drops the connection, the inbox will wait to reveal the new PIN until the secure protocol with the server is re-established by the same computer that first launched the recovery sequence, at which point you will be redirected to your inbox. It's highly recommended that you scan your computer for viruses before you initiate the recovery sequence, so malicious programs like key-loggers can't record your info. Of course, always be careful with where you place your sensitive information, and ensure you have a computer with up-to-date virus protection software. If your account is broken into, Jagex can lock it, and you can supply the details you first registered with your account. Jagex will look at the address of the computer attempting the recovery in this case. It's very unlikely that your account will fall into someone else's hands. Limitations Of course, this feature won't stop all people who recover accounts for malicious purposes or profit, but it should stall a great majority of them, considering how unlikely it is for someone to obtain your Recovery PIN. In the end, only you can make your account the most secure it can be. This is why you need to educate yourself on how to best secure your account. Write down all your sensitive info on paper, or store it on a very secure computer. Keep that info in a safe place where people are least likely to look for it. Pros and Cons of PIN Recovery The benefits of the PIN can be summed up this way: Quicker -- Instant account recovery and access when recovery e-mail is confirmed (if you have e-mail) Flexible -- Your PIN is only changed when your account is compromised, after you recover your account. Unique -- The PIN is a ten-digit alphanumeric code. Chances of someone else getting the same PIN are very small. Secure -- No one else can obtain the PIN. The message disclosing it is deleted after you read it. Careful -- Confirmation e-mail is sent to your address when recovery attempt is logged by the system (if you have e-mail). The cons of the PIN are summed up here: If someone obtains the PIN, account can be infinitely recovered (highly unlikely now, unless intruder redeems PIN). Feedback Do you have any questions, concerns, or comments you'd like to voice here? I thought about including a "Disable PIN" feature where the owner could disable the PIN, but then the intruder could disable the PIN too. I don't want the PIN to be removed because when the account is compromised, how else can the owner recover it as quickly and easily? Comments/suggestions don't have to be exactly about this issue, but they would be appreciated. Thank you to Dev for his suggestions. :thumbsup: Thanks for reading. :D Support List <3: RU_Insane Kaida23 D_V_Devnull vivimancer Nash Log of Edits: October 10, 2011: Added a paragraph below "Redeeming Your PIN". Updated "Pros & Cons" section of post.

I'm not trolling, I pointed it out because I thought it was suspicious. Even if you told him to change his location, it wasn't obvious, because that wasn't posted anywhere in the thread. Now that I've been corrected, I'll drop the issue, but not because you told me to. @topic: When do you think someone will reach 200M in all skills? I know this has been asked before, but what are your thoughts now? I say 2015.

Sounds great. In theory. It's not all about having hands and patience, to be honest. 200M all skills is not something anyone can achieve, even if we get rid of the time-factor. It's dedication (even if it takes you 100 years) and motivation. Willpower is the big thing here, and believe it or not but must people don't even have the willpower to get 99 RC through ZMI, let alone 200M Cooking, let alone 200M all skills. Why has nobody achieved 200M all skills yet? Not because it couldn't happen in the time RS2 exists. Hundreds if not thousands of people had and probably still have this goal. And most of them will eventually quit because of boredom, which is understandable to me. Is boredom a lack of patience? Not sure, but if it is that means that patience is not something anyone can 'use' to achieve 200M all. If it is not, I can connect boredom to willpower and therefore also concluding that it's not all about 'just' having the patience and time. About the value of achievement. Let's say Drumgun gets 200M all on the same day as Suomi does, somewhere in '15. Drumgun mainly DIY'd his way and Suomi took donations. The result for both is the same obviously, but I would value Drumgun's achievement over Suomi's. Now this is of course fictitious but I'm trying to say that not every achievement is (IMO!!!) the same achievement, just because the numbers say so. One last thing. Everyone could be a professor in History, right? Only thing you need is a lot of patience and time to read all those books. There's probably some researching involved but hey, time is on your hands. -Noble I'm sorry if I misunderstood you in any way, my native language isn't English. I hope I was clear enough :). You were clear. :) You bring up a good point. Maybe I oversimplified by reducing skill to just two factors of patience and time. Motivation is indeed a large factor in continued game play. But I'd argue that if you have motivation, that you have patience to an extent too. I understand why you'd value Drumgun's achievement over Suomi's. I'm fine with that. You're justified to do so. I just think in the end, the difference between their respective achievements isn't as big as some are making it out to be. :P I think boredom is a lack of motivation. I'd say a lack of patience is frustration. I think the two can intersect though (e.g. bored and frustrated, patient and motivated). Twelve minutes ago, your location was in Brazil. Now it's in Lithuania. Your first post is also attacking someone for no reason, and you posted right after Osiris. Are you his alt? I know this is off topic, but seriously? Quit trolling.

i fakemaxed with 99 str just sayin I guess I was proven wrong on that one then :P