Logdotzip Posted September 11, 2011 Share Posted September 11, 2011 i wish old accounts had the option to change their login name to an email. if you kept that email secret from everyone, i literally think you would be unhackable. i doubt it would be too hard to implement. my youtube Link to comment Share on other sites More sharing options...
ForsakenMage Posted September 11, 2011 Share Posted September 11, 2011 i wish old accounts had the option to change their login name to an email. if you kept that email secret from everyone, i literally think you would be unhackable. i doubt it would be too hard to implement.Well I wouldn't say unhackable, just less likely. Wish the idea of of the dongle came through back then. :( I wouldn't mind shelling out $30 or so for double authentication log in. Adventurer's Log || YouTube || Facebook || Tip.it Times Work || Wanna Join the Editorial Panel?Maxed Out 01 October 2012 PDT Link to comment Share on other sites More sharing options...
Logdotzip Posted September 11, 2011 Share Posted September 11, 2011 well how would it be hackable? they would need the email to login, and if no one ever knew it other than you, poof problem solved. only risk is someone behind your back physically watching you enter it in. so long as you make sure you have no keyloggers, since recoveries suck for security my youtube Link to comment Share on other sites More sharing options...
SixFootOne Posted September 11, 2011 Share Posted September 11, 2011 well how would it be hackable? they would need the email to login, and if no one ever knew it other than you, poof problem solved. only risk is someone behind your back physically watching you enter it in. so long as you make sure you have no keyloggers, since recoveries suck for security Well for example if someone were to hack a fansite, see that you post pictures with your account and choose you as a target. Then use the email you use to log into the forum as a login name for rs. Obviously using that rs email for the fansite as well wouldn't be a very safe idea for said user, but typically people get hacked from slip ups just like that. There are plenty of people who use the same emails/passwords for everything. But yes it would increase account security a lot. The problem is most people are not very aware of account/internet security until it is too late. Especially when you look at how free rs is (all things considered you can sign up and play from just about anywhere at anytime and have a large "casual" userbase) i see only a minority taking security seriously. There would also be ways of luring people into emailing them. Now if you only used that email for rs you could be very safe. But i don't think that would be a very likely scenario for most rs users (or internet users). Link to comment Share on other sites More sharing options...
jasignhagj Posted September 11, 2011 Share Posted September 11, 2011 If you could switch your login to a new email, you could just make a throwaway that you would never use again. Then the only way you could be compromised is by a keylogger or Jagex recovering your account to someone else. Link to comment Share on other sites More sharing options...
deyan2 Posted September 11, 2011 Share Posted September 11, 2011 It's most likely Jagex helping the hackers. Nowadays most J-mods know less about the game and the players as the players know themself.Loads of old pro accounts are hacked nowadays while loads of players know the real history about the account and J-mods don't.Hackers just tell Jagex they haven't played on the account for ages so forgot what the passwords and such where. Examples of hacked persons (some of them even after the real accountowner died!) are:Longterm rank 1 F2p: Mendark 9Longterm rank 2 P2p: The Old NiteOne of the richest persons out there: Chessy018 (yes I really think the hackers couldn't hack her without help of Jagex) And these are just a few I know, most likely there are many many more. Link to comment Share on other sites More sharing options...
_YB_ Posted September 11, 2011 Share Posted September 11, 2011 It's most likely Jagex helping the hackers. Nowadays most J-mods know less about the game and the players as the players know themself.Loads of old pro accounts are hacked nowadays while loads of players know the real history about the account and J-mods don't.Hackers just tell Jagex they haven't played on the account for ages so forgot what the passwords and such where.Examples of hacked persons (some of them even after the real accountowner died!) are:Longterm rank 1 F2p: Mendark 9Longterm rank 2 P2p: The Old NiteOne of the richest persons out there: Chessy018 (yes I really think the hackers couldn't hack her without help of Jagex) And these are just a few I know, most likely there are many many more.Wrong, you need atleast one correct password to get it accepted. They get their passwords from forum databases. Link to comment Share on other sites More sharing options...
999134 Posted September 11, 2011 Share Posted September 11, 2011 I've been hacked twice, first one a monthish ago for bank cleaned (opver 3bil lost, had been making overloads from stewing so no pin :wall: :wall: )I'm still not sure how that happened, they had my password not recovered (they didn't even change it), and there was no way it could have guessed.Then more recently I got phished through an email that got past my spam filter, my phishing website blocker and was from noreply@jagex... , but pin + always banking items is your friend. I've had hundreds of phishing attempts on my youtube channel, nearly every day I have to clear/block people posting phishing links on my videos. 3hit how much did you lose? Check it out, huge amount of effort has gone into this massive mod![hide=old sig][/hide] Link to comment Share on other sites More sharing options...
pulli23 Posted September 11, 2011 Share Posted September 11, 2011 Yes MD5 is possible to "reverse": however you won't reverse the password, instead you reverse to something that will also be accepted as password. Using a salt like you mentioned (md5("string" + "salt_string")) would indeed reverse engineer to a workable password. However due to the nature of this, you won't be able to split the "salt" and the password parts. So you won't be able to use the reverse engineered "password" on any other site than the original site (as the salt would be random for each site). Furthermore, IPB uses a double-salted password: MD5("pass" + MD5(salt)) +MD5(salt), making it impossible to reverse engineer unless you knew the salt in advance. First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
DarkDude Posted September 11, 2011 Share Posted September 11, 2011 People seem to think that an authenticator would solve all problems. While it would greatly decrease the number of people getting phished and keylogged for their account compromised and that'd be great. You have to also consider what would happen if you lost the key? You'd need some way to recover your account and that way would most likely be identical to the system that's in place now for account recovery as there's not many better methods of account recovery out there in my opinion. 99% of companies use email recovery which is as secure as your email, although it seems Jagex are switching more and more towards that method of recovery. I know Blizzard ask you for things such as CD-keys for recovery but that'd be impossible for Jagex to do. So yeah, they'd either have to come up with an entirely new method or continue with the system they have even if they did introduce an authenticator. Link to comment Share on other sites More sharing options...
@Dan3HitU Posted September 11, 2011 Author Share Posted September 11, 2011 3hit how much did you lose?I'd say over a billion. Although this may sound biased...I do think accounts that are gotten into or any account that does "weird acts" such as drop all items/expensive items or are traded should have their account restored to before the acts. However, I do think this may not be possible due to further trades between accounts and such, but there should be something to prevent it happening. [-- DYNAMIC SIGNATURES FOR RUNESCAPE 3 & OLDSCHOOL 2007 RUNESCAPE --] Link to comment Share on other sites More sharing options...
Kimberly Posted September 11, 2011 Share Posted September 11, 2011 So yeah, they'd either have to come up with an entirely new method or continue with the system they have even if they did introduce an authenticator. I would be happy if they either made it so their current recovery system worked (far too many people attempting to recover accs with membership agreement pins, old passwords, etc and getting denied) Or a system that, so long as I keep the item safe, doubles my chances that I'll never have to deal with another automaton that doesn't read recovery forms again. Link to comment Share on other sites More sharing options...
pulli23 Posted September 11, 2011 Share Posted September 11, 2011 I wish there was a system that actually disabled recovery attempts. So I don't have to fear that corner, why does anyone actually "looses" a password? - Don't you store important ones? First they came to fishingand I didn't speak out because I wasn't fishing Then they came to the yewsand I didn't speak out because I didn't cut yews Then they came for the oresand I didn't speak out because I didn't collect ores Then they came for meand there was no one left to speak out for me. Link to comment Share on other sites More sharing options...
lordkafei Posted September 13, 2011 Share Posted September 13, 2011 Today's phish leads to a URL in the .cc TLD (Cocos Islands): http://whois.domaintools.com/co.cc It's registered in Gyeonggi-do Province, ROK. As usual, the full headers are too large to paste into Jagex puny 2000-character post window. X-Originating-IP: [218.104.72.98] - You guessed it - Beijing China (using the Hefei City ISP)The return path of the email, oddly enough, leads to an email account tied to this Facebook group: http://www.facebook.com/group.php?gid=116172681727280 Anyone know any Asking Alexandria fans? PvP is not for meIn the 3rd Year of the BoycottReal-world money saved since FT/W: Hundreds of DollarsReal-world time saved since FT/W: Thousands of Hours Link to comment Share on other sites More sharing options...
Mercifull Posted September 13, 2011 Share Posted September 13, 2011 co.cc isnt a proper tld. the actual tld is just .cc and the domain name is co. their business is mainly supplying bulk subdomains blah.co.cc to spammers which is why google dumped all 11 million domains *.co.cc from search results in july. Of more interest is where the email came from rather than the host of the phishing site. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Tres Posted September 13, 2011 Share Posted September 13, 2011 I dont think Jagex will listen anything anymore...there is been good suggestions to give players more security option but nothing is done. In example:-custom bank pin reset timer up to 365 days (7 days is just joke and cannot take longer breaks)-email or message box confirmation if account is tried to log in from different isp-recovery answers more inportant (heard that 1 correct one can result success recovery) I had to recover 2 of my own accounts once...i knew they had nothing stat or item wise but i just wanted them for use...i got both in first try basically with 0 info. Old accounts are in most danger because of lack of security options in past...im sure about all active oldschoolers know how many remarkable old accounts been stolen already (Tks, Zonghui, Ladykilljoy, L6vi..just to mention some known ones) Most common mistakes ppl does: they use their rs account username as forum username, they use same email for fansite forum registration, msn, facebook etc what they use with jagex. We all know jagex pretty much doesnt give a damn about account security anymore so i dont expect any changes in that section anytime soon. I would personally pay extra if having good security options there...I personally havent been hacked so far during my rs career but i dont see it being impossible at all i probably just been lucky so far. In 8th right before exp weekend i received genuine info email from jagex someone trying to reset one of my accounts password but it was related to account that i rarely play anymore...its easier to track those attempts since i use different registered email to different accounts. Link to comment Share on other sites More sharing options...
deyan2 Posted September 13, 2011 Share Posted September 13, 2011 First of all, give any account a trademute after beïng succesfull appealed so the only thing a account can do is trading along GE (no trades the normal way).This means:No stakingNo trading with the tradewindowNo wildyNo droptrade Also: Allow players to ask for a trademute.Loads of players never stake for money or trade the normal way after the Grand Exchange existed, so what's the point of risking your bank all the time? This is not the first time trademutes have been thought out, before GE came it seemed to be the greatest sollution against bots.It seemed to me like a lot of fun, 100ths of hours of botwork and then suddenly realise you can't trade any more so you can't sell your products for rl money anyway XD. Somehow Jagex never made it happening... I wouldn't even have problems with it if P-mods could give trademutes. Link to comment Share on other sites More sharing options...
The Dark Lord Posted September 13, 2011 Share Posted September 13, 2011 i advise you all to make an entirely separate gmail account to register to your rs account, tell no one about it, and make it only be recoverable through a text from your phone. makes things a lot safer. How do you do this? SWAG Mayn U wanna be like me but U can't be me cuz U ain't got ma swagga on. Link to comment Share on other sites More sharing options...
obfuscator Posted September 13, 2011 Share Posted September 13, 2011 i advise you all to make an entirely separate gmail account to register to your rs account, tell no one about it, and make it only be recoverable through a text from your phone. makes things a lot safer. How do you do this?I believe it's "Change recovery options" under "Account settings". "It's not a rest for me, it's a rest for the weights." - Dom Mazzetti Link to comment Share on other sites More sharing options...
Rampage RS Posted September 13, 2011 Share Posted September 13, 2011 I'm guessing it's possible too, if your account was registered with facebook, for someone to actually go to your page on fb and find out your information for recoverys and such. My Youtube Channel : http://www.youtube.com/channel/UC2s14WIxwRyU7L0N3FiUbiQMy Twitch Channel: http://www.twitch.tv/eocrampage Link to comment Share on other sites More sharing options...
totalpwnage Posted September 14, 2011 Share Posted September 14, 2011 One of the big reasons a lot of people got hacked is that the DI forums database got hacked and leaked. There is an entire team that is dedicated to recovering accounts. They can get your account with JUST ONE OLD PASSWORD. That's how bad the recovery system is now. Started free trade with 1.5m cash. 2 weeks later, have hit max cash 2x. PvP drops: 359 Brawling Gloves, 11 Vesta's Longswords, 41+ Zaros/Ancient Statues9 Dragon Full Helms, 3 Dragonfire Shields on the old PvP loot system Brawler guide is being finished! Link to comment Share on other sites More sharing options...
demby123 Posted September 14, 2011 Share Posted September 14, 2011 nobody wants to hack any of my accounts. :sad: Link to comment Share on other sites More sharing options...
fallout Posted September 14, 2011 Share Posted September 14, 2011 I wish I thought about 'No-items-returns' policy before starting to play RuneScape. Never again I will play a wealth based game with policy like that. Lost my wealth too after about a year of inactivity, but I think my laptop that I played with back in the time was just compromised. No virus scan detects anything on that laptop, but when using UnHackMe antirootkit tool, it cannot remove few suspicious files so I guess it's very well hidden malicious software. Link to comment Share on other sites More sharing options...
Yay0siris Posted September 18, 2011 Share Posted September 18, 2011 if you went into any sites before you left and went to a website outside of rs that can clearly give them your password or you traded with someone you traded with before you took the time off its just have you took the time off if you get a guy that wanted to trade you for stuff he wanted to get rid of basiscally someone who has alot of money can put a hacking virus on one of his items and trade you it which can lead to hacking and removal from items and other stuff it was probably your last trade before you left for a while. just make sure you trust the person you trade and you are friends with Link to comment Share on other sites More sharing options...
lordkafei Posted September 25, 2011 Share Posted September 25, 2011 Today’s phish takes a different approach: “RuneScape invited to join Senior Member” The URL mentions “loyalty points” - a particularly [wagon]ed approach, as I haven’t been P2P since that program started. The phishing URL is in the Tokelau TLD and resolves to http://www.ip2location.com/93.170.52.20 - Alfa Telecom in the NetherlandsOriginating IP: http://www.ip2location.com/98.139.91.248 - Yahoo Mail PvP is not for meIn the 3rd Year of the BoycottReal-world money saved since FT/W: Hundreds of DollarsReal-world time saved since FT/W: Thousands of Hours Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now