Stev Posted September 5, 2012 Share Posted September 5, 2012 True, but on a scale, it takes more effort to detect bots than to break them, I would imagine.True. However, it depends. Jagex spends months and months designing the nuke, Optimus, and others to break them... And it's only temporarily. You could even go so far as to say that they've put forth just as much effort into breaking them as detecting them. And we can all agree that their detection systems are garbage to say the least. :P. And you're right; there is no permanent break. I believe that's why Jagex removed the quote, "which will permanently deal with," from the micortrasactions post. Link to comment Share on other sites More sharing options...
Sy_Accursed Posted September 5, 2012 Share Posted September 5, 2012 True, but on a scale, it takes more effort to detect bots than to break them, I would imagine.True. However, it depends. Jagex spends months and months designing the nuke, Optimus, and others to break them... And it's only temporarily. You could even go so far as to say that they've put forth just as much effort into breaking them as detecting them. And we can all agree that their detection systems are garbage to say the least. :P. And you're right; there is no permanent break. I believe that's why Jagex removed the quote, "which will permanently deal with," from the micortrasactions post. I don't think it's true that it takes more to detect a bot than to break it. I mean lets take an injection box for example.If you discover the injection, which is an anomaly a normal player would not cause, it seems to me like it'd take more work to find a way to block it than it does to make a script that notices that anomaly and applies a ban to the relevant account. After all breaking them requires noting how they are doing it then finding clever ways to make that no longer functional without breaking the game as a whole; detecting them for auto-bans simply requires noting how they are doing it and having a script dole out a ban to accounts doing it. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Arceus Posted September 5, 2012 Share Posted September 5, 2012 This has been officially added to the game now! Should I set it up or wait? :shock: "Fight for what you believe in, and believe in what you're fighting for." Can games be art? --- My blog here if you want to check out my Times articles and other writings! I always appreciate comments/feedback. Link to comment Share on other sites More sharing options...
Kaur Posted September 5, 2012 Share Posted September 5, 2012 This has been officially added to the game now! Should I set it up or wait? :shock:Does not work yet. Clicking 'enable' does nothing. Wondering what info they use for identifying the devices. IP? Do they store some file on our hd? mac address? Link to comment Share on other sites More sharing options...
Arceus Posted September 5, 2012 Share Posted September 5, 2012 It should work but the high load seems to be crashing it. "Fight for what you believe in, and believe in what you're fighting for." Can games be art? --- My blog here if you want to check out my Times articles and other writings! I always appreciate comments/feedback. Link to comment Share on other sites More sharing options...
Piu Posted September 5, 2012 Share Posted September 5, 2012 Chrisso said on RSOF that it's being slow right now due to the load. .. or Arceus just beat me to it. [hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Kaur Posted September 5, 2012 Share Posted September 5, 2012 No guardian for me :| Link to comment Share on other sites More sharing options...
Mercifull Posted September 5, 2012 Author Share Posted September 5, 2012 What a real shame. Considering MMG comes from a security background I expected a lot more. The Jagex Account Guardian uses a combination of email addresses and unchangeable security questions to enable devices/computers which means that accounts are STILL suseptible to remote attacks. Because they cannot be changed once set its a massive security hole if someone manages to find them out. It's an interesting addition and no doubt WILL make people's accounts more secure but I'm very dissapointed they didn't go down the route I wanted them to. Expect phishing and keylogging to boom. The thing that makes a 2-step authenticator so secure is because the code used for access changes every 30 seconds and because you need physical access to the device or mobile phone of the account holder. The system Jagex has implemented does not protect against phishing (as they will just make pages that claim cookies have expired or something so you need to read your computer) nor against much more serious keylogging software which can also compromise your banking details. So on that note if anyone here wants to activate the JAG then make sure your email provider DOES have 2-step authentication such as Gmail and activate that as well! Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Clan_Chat_Op Posted September 5, 2012 Share Posted September 5, 2012 I would highly recommend tip it users to not use the account guardian until it is updated down the road. Because you can't change the answers or look them up again, if you 1) get keylogged - the hacker will forever have access to your account 2) you will never beable to change your answers and you will be at their mercy. I skill. If you skill you should join. Link to comment Share on other sites More sharing options...
HunterDexter Posted September 5, 2012 Share Posted September 5, 2012 Uhm, what happens if you only choose this computer to log into your account, but due some overheating your computer is broken and unrepairable (happened to me twice :o), this means you cannot play on your account anymore? Or am I totally wrong here? :s Link to comment Share on other sites More sharing options...
Arceus Posted September 5, 2012 Share Posted September 5, 2012 HunterDexter, as long as you have access to your email, you would try accessing it from an "unauthorized" device and have to go through security checks (recovery questions and so forth) but then you could use it from another device. "Fight for what you believe in, and believe in what you're fighting for." Can games be art? --- My blog here if you want to check out my Times articles and other writings! I always appreciate comments/feedback. Link to comment Share on other sites More sharing options...
Demoli Posted September 5, 2012 Share Posted September 5, 2012 You can register on new devices, provided you answer the questions right. Link to comment Share on other sites More sharing options...
Kaur Posted September 5, 2012 Share Posted September 5, 2012 Oh boy this is going to be annoying. I change my IP way too often and it uses the IP for device recognition.Out of all the options they had to choose the worst! Link to comment Share on other sites More sharing options...
Sy_Accursed Posted September 5, 2012 Share Posted September 5, 2012 This does add some security for sure, but it does have flaws. Also I think the leylogger thing someone mention is going ott. Yes if you get keylogged and type in the answers you are screwed. BUT one would assume you are not keylogged most of the time and the golden rule applies of if you DO get keylogged you do scans etc. BEFORE password changes. Plus even if you got keylogged there's not much cause for you to be typing the answers in; it only asks for them from new devices so you shouldn't be using them all that frequently (unless via librarys etc often) and even then it involves an email link as well.It would seem to be a rather extreme cause of you effed up if they did manage to abuse you via the JAG using key logging as they'd require all 5 answers, access to your email and your rs log on data, plus one would imagine there is a way to block/ban a device if you get the email and are like wtf no thats not me. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Platinum_Myr Posted September 5, 2012 Share Posted September 5, 2012 Why the heck does it not just txt a verification code to a cellphone number... :c (and text a new random one each time so you can't keylog) Could even have it able to call a homephone and have automated voice read out numbers... This does add some security for sure, but it does have flaws. Also I think the leylogger thing someone mention is going ott. Yes if you get keylogged and type in the answers you are screwed. BUT one would assume you are not keylogged most of the time and the golden rule applies of if you DO get keylogged you do scans etc. BEFORE password changes. Plus even if you got keylogged there's not much cause for you to be typing the answers in; it only asks for them from new devices so you shouldn't be using them all that frequently (unless via librarys etc often) and even then it seems to suggest you'd need to click an email link to even hit the question stage. And I wouldn't bother even turning it on if I was using multiple new computers like at libraries all the time Maxed since Sunday, January 9th, 2014Completionist since Wednesday, June 4th, 2014 Link to comment Share on other sites More sharing options...
HunterDexter Posted September 5, 2012 Share Posted September 5, 2012 Oh boy this is going to be annoying. I change my IP way too often and it uses the IP for device recognition.Out of all the options they had to choose the worst! Are you sure it works with IP's? Because here in Belgium everyone has a dynamic IP. :s Link to comment Share on other sites More sharing options...
Sy_Accursed Posted September 5, 2012 Share Posted September 5, 2012 Oh boy this is going to be annoying. I change my IP way too often and it uses the IP for device recognition.Out of all the options they had to choose the worst! Are you sure it works with IP's? Because here in Belgium everyone has a dynamic IP. :s I don't think it does because pretty much every modern router uses dynamic ips and in account settings it calles it 'registration ip address' which to me implies "this is the ip it was registered from" opposed to "this is the ip that is allowed" especially since I had to register both my computers independently and they have the same ip. If it was using ip to identify I'd of only needed to do it for one of them for both to work. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Kaur Posted September 5, 2012 Share Posted September 5, 2012 Oh boy this is going to be annoying. I change my IP way too often and it uses the IP for device recognition.Out of all the options they had to choose the worst! Are you sure it works with IP's? Because here in Belgium everyone has a dynamic IP. :s I don't think it does because pretty much every modern router uses dynamic ips and in account settings it calles it 'registration ip address' which to me implies "this is the ip it was registered from" opposed to "this is the ip that is allowed" especially since I had to register both my computers independently and they have the same ip. If it was using ip to identify I'd of only needed to do it for one of them for both to work. It does, I tested. Link to comment Share on other sites More sharing options...
Platinum_Myr Posted September 5, 2012 Share Posted September 5, 2012 I assume it tests the same way it can tell whether you're on the same computer or not. You can't log in from two accounts on the same computer without spam loading them at the same time.. Maxed since Sunday, January 9th, 2014Completionist since Wednesday, June 4th, 2014 Link to comment Share on other sites More sharing options...
Mercifull Posted September 5, 2012 Author Share Posted September 5, 2012 Any by having it based on IP (which for many people might change fairly often) a phishing site could appear to be more legitimate as having to re-enter details fairly often would become the norm and not something to be alarmed about. As I said before I'm just disappinted really. Jagex missed a trick here by not providing something at full strength available. An authenticator device/app/sms/voicecode facility would mean that I could give you my RuneScape username & password, my email adddress username & password AND install a keylogger onto my computer and you still wouldn't be able to get into my account. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Platinum_Myr Posted September 5, 2012 Share Posted September 5, 2012 My guess is they register mac address, as this is unique per computer for sure, though that can be faked if you know what you are doing. Still it requires an attacker to know the mac address.... But it's still susceptible to remote attack.. Just use a two step verification process >.> 1 Maxed since Sunday, January 9th, 2014Completionist since Wednesday, June 4th, 2014 Link to comment Share on other sites More sharing options...
Sy_Accursed Posted September 5, 2012 Share Posted September 5, 2012 Sweet jesus only Jagex could take a brilliant concept (2 step verification) implement it in a slightly iffy way (using email and questions) AND make a primary component of device identification something that changes frequently for most of the internet users in the world seeing as dynamic ips are the norm these days thus rendering longterm verification utterly pointless. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Kaur Posted September 5, 2012 Share Posted September 5, 2012 Something obviously went wrong... Link to comment Share on other sites More sharing options...
Sy_Accursed Posted September 5, 2012 Share Posted September 5, 2012 Something obviously went wrong... Thank god its a [rooster] up and not intentional. Operation Gold Sparkles :: Chompy Kills :: Full Profound :: Champions :: Barbarian Notes :: Champions Tackle Box :: MA RewardsDragonkin Journals :: Ports Stories :: Elder Chronicles :: Boss Slayer :: Penance King :: Kal'gerion Titles :: Gold Statue Link to comment Share on other sites More sharing options...
Byzantus Posted September 5, 2012 Share Posted September 5, 2012 Something obviously went wrong...So in case you would ever forget your answers, you're basically screwed if your current PC breaks? :?I'd better write those answers down... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now