October 8, 201114 yr I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked.Look at the post above you I even posted the password in this thread so you can look it up yourself. But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue
October 8, 201114 yr I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked. Yes, you can log-in to the account from Jagex HQ, but you get locked-out if you login anywhere else. This is what happened to me when I tried it. The .GIF animation posted in the OP is real, I've seen the same result myself. The question is, if there's no news about this (and a Google search confirms this objection), what's the panic for? If it took eight hours for Jagex to lock the account, I agree, someone would have had video or at least a few screen-shots glorifying their spoils. So I think it's been established that the .GIF is authentic insofar as that's what you should expect when you attempt to login outside of Jagex HQ. What's totally false is the claims that go along with it, except for the claim that the password was decrypted from RuneHQ (otherwise, how did they get the password?) And no, Sy_Accursed, the password does work. I got "Invalid username or password" when I tried to login with other passwords. I got "Your account has been locked" when I logged in with the password posted. The password is authentic, the .GIF posted is authentic, the only thing stopping anyone from logging-in and causing panic is that you can't login from outside of Jagex HQ. RIP RU_Insane. August 3rd, 2005 - November 11th, 2012. My Stats on Old School RuneScape: Reform Customer SupportCheck Out My Threads
October 8, 201114 yr Author I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked.Look at the post above you I even posted the password in this thread so you can look it up yourself. But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.You get password wrong message if you use other password. Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it.
October 8, 201114 yr [hide]I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked.Look at the post above you I even posted the password in this thread so you can look it up yourself.[/hide] But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.You get password wrong message if you use other password. Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it. Ah, okay. So the perpetrators bruteforced to get the password. lol. I think it's sad that some of the JMods don't even follow their own procedures for account security. I mean, it doesn't matter in the end since the system prevents unauthorized logins. But really? Edited October 9, 201114 yr by ForsakenMage Shrinking the quote blocks RIP RU_Insane. August 3rd, 2005 - November 11th, 2012. My Stats on Old School RuneScape: Reform Customer SupportCheck Out My Threads
October 8, 201114 yr [hide]I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked.Look at the post above you I even posted the password in this thread so you can look it up yourself. But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.Nope. Type in something random (like "klajflsdjh4w") and you get the "this is an invalid account or pass word, nov 26 email change, etc." message. Type in [the password] and you get the "this account is locked" message [/hide] Edit: put hide tags because it's already been mentioned trillions of times for easier reading management Edited October 9, 201114 yr by Kimberly Removed for Rule 1.7 - Volunteering Personal Information
October 8, 201114 yr [hide]I find this all quite unlikely.1) We know jmods accounts can only be logged into from jagex HQ2) Theres no videos of it3) There NOTHING anywhere about runeHQ getting hacked, or locking down due to an attempted hack in response to the way this password was supposedly gotten. All there is, is this forum post with 1 gif animation that could easily be faked.Look at the post above you I even posted the password in this thread so you can look it up yourself. But you can type any password in and get the account locked message once the account is locked, doesn't matter if its right or wrong; unless something got changed quite recently.[/hide]You get password wrong message if you use other password. Also the point is that the runehq db is leaked but its Decrypted in md5 which is one way encryption and only a bruteforce can decrypt it. MD5 is a one-way hash, not an encryption scheme. If the hash was unsalted (which isn't good in practice anyway), then a rainbow table could be used to match the hash with a phrase much faster than bruteforce. Anyway. JMods can only log in through the network that Jagex has. Unless you're on Jagex's internal network (like their VPN), knowing their login credentials is pretty useless. Edited October 9, 201114 yr by ForsakenMage Shrinking the quote blocks Linux User/Enthusiast | Full-Stack Software Engineer | Stack Overflow Member | GIMP User...Alright, the Elf City update lured me back to RS over a year ago.
October 8, 201114 yr Eh, so the JMOD was a bit foolish for using the same password at another place thats runescape related. But if their inbuilt security blocked anything from happening, whats the big problem? Because Jagex is stupid boohoo fart fart stink lines [spoiler=I LOVE MY STATION] 01001001001001110110110100100000010101000111011101100101011011000111011001100101001000000110000101101110011001000010000001110111011010000110000101110100001000000110100101110011001000000111010001101000011010010111001100111111
October 8, 201114 yr ... How would the OP know Jagex locked down the account after 8 hours? He's more than likely lying about it. Good question though. RIP RU_Insane. August 3rd, 2005 - November 11th, 2012. My Stats on Old School RuneScape: Reform Customer SupportCheck Out My Threads
October 8, 201114 yr You cannot login to staff accounts outside of Jagex HQ or even recover them. If you try to recover it you get the message 'You cannot recover staff accounts.' It is a big problem for the staff member in question because he let his guard down, however, overall nothing happened because Jagex's security worked.
October 8, 201114 yr The guy who knew the password should've traveled to Cambridge, hack their wi-fi and log-in there for massive lulz. Although hacking their wlan would be quite impossible, if their password isn't gaben. 40,919th person to access Turmoil. 21,559th person to access Overloads. Are there any hidden bonuses here? No bonuses
October 8, 201114 yr Author ... How would the OP know Jagex locked down the account after 8 hours?To be honest I made a mistake it got leaked 20 hours ago made mistake with AM and PM. The original post of the leak on different forum got posted on 1:04AM GMT +1
October 8, 201114 yr Jagex moderators are human too. If anything, hopefully it spurs them to change their account recovery process a bit more now that they know they're not completely immune.
October 8, 201114 yr ... How would the OP know Jagex locked down the account after 8 hours?To be honest I made a mistake it got leaked 20 hours ago made mistake with AM and PM. The original post of the leak on different forum got posted on 1:04AM GMT +1 So Jagex locked the account after 20 hours? O_O RIP RU_Insane. August 3rd, 2005 - November 11th, 2012. My Stats on Old School RuneScape: Reform Customer SupportCheck Out My Threads
October 8, 201114 yr I wish I had access to a JMod account, I would happily go and ban all the bots at my favourite haunts all across Runescape. Wouldn't make much of a difference as they would come back after a few hours but it would be still worth it to have a few bot free hours. I know this isn't exactly on topic but there is so little to discuss in this thread.
October 8, 201114 yr So let me get this straight.A J-mod got his pass leaked, people tried it but a Jagex lock prevented them from using the account and it was locked 20 hours later.They never got access to anything ingame with the account.What's the big deal about that? It's the same deal as if someone got a hold of a admin account here on tif but not actually using it. Also, are people certain that you can use ALL of the J-mod powers from any computer if there was no lock to begin with?What if the tools were only accessable from Jagex HQ?Either way a J-mod didn't think clearly and it bit him in the ass, but it lead to nothing, boring...
October 8, 201114 yr I wish I had access to a JMod account, I would happily go and ban all the bots at my favourite haunts all across Runescape. Wouldn't make much of a difference as they would come back after a few hours but it would be still worth it to have a few bot free hours. I know this isn't exactly on topic but there is so little to discuss in this thread. I agree. Let the players ban bots. That'd help a bit, even for a while. ^_^ RIP RU_Insane. August 3rd, 2005 - November 11th, 2012. My Stats on Old School RuneScape: Reform Customer SupportCheck Out My Threads
October 8, 201114 yr The guy who knew the password should've traveled to Cambridge, hack their wi-fi and log-in there for massive lulz. Although hacking their wlan would be quite impossible, if their password isn't gaben.http://www.youtube.com/watch?v=B9rrS32ctQk So apparently someone in Jagex had their Account password breached and all we have is this one GIF basically showing NOTHING and not a single video... :| Popoto.~<3
October 9, 201114 yr The only concern here is that runeHQ needs some plumming. Me and the wise old man go way back.... he was a foolish boy back then. My crystal armour idea.
October 9, 201114 yr The only concern here is that runeHQ needs some plumming. No, I don't think RuneHQ needs to find a place to put an air shaft. If it really is the case that RHQ's MD5 password table was compromised/leaked, they could do with a sweep of the server administrators. Linux User/Enthusiast | Full-Stack Software Engineer | Stack Overflow Member | GIMP User...Alright, the Elf City update lured me back to RS over a year ago.
October 9, 201114 yr I kind of chuckled when I saw Mod Kelvin's password as only being 6 characters long :P In real life MMO you don't get 99 smithing by making endless bronze daggers.
October 9, 201114 yr The only concern here is that runeHQ needs some plumming.Lol, as if tip.it, zybez.net, and a [cabbage]ton of other sites aren't hacked. My blog
October 9, 201114 yr ^ I remember that very well lol. Was 2006/2007 I believe? [hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12
October 9, 201114 yr The only concern here is that runeHQ needs some plumming.Lol, as if tip.it, zybez.net, and a [cabbage]ton of other sites aren't hacked. That is the past and I think that is not what we are discussing here.Right now (or yesterday) runehq was hacked and their password got decrypted by hackers, not on tip.it zybez.net or any other site. (according to op) What is runehq's next move/what did they do to prevent this in the future. Me and the wise old man go way back.... he was a foolish boy back then. My crystal armour idea.
October 9, 201114 yr The only concern here is that runeHQ needs some plumming.Lol, as if tip.it, zybez.net, and a [cabbage]ton of other sites aren't hacked. That is the past and I think that is not what we are discussing here.Right now (or yesterday) runehq was hacked and their password got decrypted by hackers, not on tip.it zybez.net or any other site. (according to op) What is runehq's next move/what did they do to prevent this in the future. They completely wiped their database and started fresh so that there's no longer any old code that can be used to compromise the site.
Create an account or sign in to comment