Crytek working on The Collectibles for iOS
The War Z renamed Infestation: Survivor Stories due to 'trademark issues'
![Microsoft reverses stance on 24-hour check-in, used games for Xbox One [update]](http://cf.shacknews.com/images/20130521/xbox_consle_sensr_controllr_f_transbg_rgb_2013_25774.npssd.png)
Microsoft reverses stance on 24-hour check-in, used games for Xbox One [update]
Mobile review: XCOM: Enemy Unknown
Sony apologizes for faulty PS3 update, investigating cause
Rift security hole plugged with hacker's help
by Alice O'Connor, Mar 21, 2011 2:45pm PDTAided by a friendly hacker, Rift developer Trion Worlds has plugged a large security hole in the MMORPG's login system (via Zam). The flaw would allow dastardly cheats to access a player's account without even knowing their username or password.
"I'm very happy to confirm that we did fix a login vulnerability, with significant assistance from an extremely clever user," executive producer Scott Hartsman wrote on the Rift forum. "The root cause was a very subtle bug in error checking of our login validations deep in the server code. No personal information or any such was leaked out, and no outside attacker penetrated our servers, networks, or databases."
Player 'ManWitDaPlan' discovered that he could log into a friend's account "without knowing his username or password, by bypassing the auth system entirely." He reached out on the forums to inform Trion, who then investigated and fixed the fault. Mr. Plan did not disclose publicly how the hack worked.
As is seemingly inevitable with MMORPGs, Rift accounts have been targeted by hackers looking to scrape together or sell in-game currency.
"All totalled up, under 1% of accounts with characters have had characters impacted," Hartsman said. "However, 1% of a surprisingly large number is still very noticeable."
Last week, Trion added a security feature named Coin Lock to prevent players from selling, trading or destroying items if they log in from a "significantly different" location or computer without authorisation.
Hartsman recommends that while this security is fixed and Coin Lock is in place, players should ensure their Rift account password is not one they use on other websites, in case those are ever compromised.
Comments
Thread Truncated. Click to see all 28 replies.
I had someone on Keenblade send me a /tell, APOLOGIZING for rolling need on something by accident. I had just gotten done joking with someone else about the event and could not believe that she actually tried to make it right. This was a rift event, so it wasn't even a formal group. She had not heard me complain to the other guy; she was long gone but realized that she rolled need and stepped up.
I don't want to sound like a snob, but there is certainly a core group of gamers out there who have been around long enough to know the rules of the road, and so far Keenblade is full of them.
You must be logged in to post.