Slashdot Mirror
Dark Age of Camelot European Server Compromised
Revz writes "The company in charge of the Dark Age of Camelot servers in Europe finally admitted they have been having security problems, after over a week of unusual happenings for the players of this PC MMORPG. Unknown people have been causing havoc with GM admin tools on live servers and have potentially gained access to account passwords. Sanya (the community relations manager from Mythic, who run the servers in the US) has commented on the whole thing in this thread on the DAoC Catacombs site, saying 'server security has never been compromised... there is an explanation for this that doesn't involve anybody breaking into databases or servers'. Pictures and videos of the situation on the European servers where multiple high level creatures were spawned can be found in this thread on an unofficial forum."
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.
Are you GAY ?
Are you a NIGGER ?
Are you a GAY NIGGER ?
If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!
Why not? It's quick and easy - only 3 simple steps!
First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE and watch it.
Second, you need to succeed in posting a GNAA "first post" on slashdot.org, a popular "news for trolls" website
Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
_ ________G_ ________A_ ________Y_ ________*I CA______N_ ________I_ ________G_ ________G_ ________E_ ________R_ ________S_ ________*_ ________A_ ________S_ ________S_ ________O_ ________C
Talk to one of the ops or any of the other members in the channel to sign up today!
If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here.
If you have mod points and would like to support GNAA, please moderate this post up.
This post brought to you by thedomina/hasek39, a proud member of the GNAA
G_____________________________________naann______
N_____________________________nnnaa__nanaaa______
A____________________aanana__nannaa_nna_an_______
A_____________annna_nnnnnan_aan_aa__na__aa_______
G____________nnaana_nnn__nn_aa__nn__na_anaann_MER
N___________ana__nn_an___an_aa_anaaannnanaa______
A___________aa__ana_nn___nn_nnnnaa___ana_________
A__________nna__an__na___nn__nnn___SSOCIATION_of_
G__________ana_naa__an___nnn_____________________
N__________ananan___nn___aan_IGGER_______________
A__________nnna____naa___________________________
A________nnaa_____anan___________________________
G________anaannana_______________________________
N________ananaannn_AY____________________________
A________ana____nn_________IRC-EFNET-#GNAA_______
A_______nn_____na________________________________
*_______aaaan____________________________________
um, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Cras sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulvinar ac, orci. Mauris at diam tempor ante ullamcorper molestie. Ut dapibus eleifend ipsum. Nam dignissim.
It was the god in the game, sending Behemoths to eliminate all the infidels!
Isn't Camelot in the UK, not Europe.
This is right out of .Hack where players in beginner areas are confronted with high-level creatures that shouldn't be there.
I wonder if there is someone who isn't "bound" by the game rules, is not sitting in front of a pc while playing, and is currently in a comatose state.
Of course, that last part could apply to a lot of people I know who play video games...
Maybe an employee of GOA (the company running the european side of DAOC) was disgruntled logged in and used his GM toolset to spawn mobs and cause a bit of a ruckus before they quit.
Seems the most plausible to me, since daoc has been the most stable and secure MMORPG release..(IMO) unlike a certain PVP centric one..
"I am a kernel in the linux army"
DAoC continues to be a piece of shit.
Some poor sop's FTP
Heh, I was smart, waited to post this AFTER I downloaded it.
Buy Steampunk Clothing Online!
I wonder if the security for the current crop of MMORPGs is that much more lax than the older generation or is it that more people are gunning for them? I suspect that its a little of both. I remember back when I was playing AC there were a few cases of people messing up the servers (someone actually worked out how to crash an entire server) but I seem to recall that these troubles were from exploits in the game itself and not the actual work of any hackers.
With these types of games becoming more and more popular, and the fact that we are getting closer and closer to the day that items in game will carry real legally recognized value (lawsuits over lost items, are already starting to appear and even if you find it absurd, it is what things are moving towards) It may become really expensive for companies to put out games that are not perfectly secure (and what is perfectly secure anyway?) How many years will i get for hacking in my own LongSword of Holocaust?
On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
This game is hopeless. Total compromitation, not only for the server, but also for the client developers. What a shame. I am sure everyone will agree with me.
What does this game have which is not already in Ultima? It is just a reinvention of a circle. Neet, but still a reinvention.
The deal here is that security is an end-to-end process. It's not a single lock that gets picked, or a server that gets hacked. It's a whole system, which may involve a large number of human factors. It doesn't matter how security was breached, but if the assets are compromised (in this case game integrity), then there has been a security failure. Even if this didn't involve a direct attack on the server, it's no less of a security failure.
I'm surprised that people not only keep playing these games, but that people keep signing up for them. Over the past couple of weeks, the security of MMORPG's has become somewhat of a joke. Ragnarok might as well be called Ragnahack because it's been compromised so many times. And now this. Even Microsoft does a better job of protecting their information.
What gets me is that people are still signing up for these games. I personally haven't because the only one I've liked was RO, but I didn't have time to join. Now, I'll probably never join, based only upon the fact that their system has been severely compromised many times. How can someone be willing to pay money, every month, to play on a system that is probably open to attack. Sure a lot of the hacks have come in game, but if the game can be hacked, what is to stop them from actually getting my Credit Card or personal information. For me, it's just to risky to even join one of these games.
Slashdot...it's like Fox news, but without the biased sl...or maybe not.
If you check out Barrysworld (http://forums.barrysworld.com/forumdisplay.php?s= b74713e616fe7316d4cbdc2f9963005d&forumid=160) you will notice that many users will never be able to retrieve their passwords, because they cannot update their e-mail addresses. After all, when RightNow (their customer support tool) will be up again they can't gain access to it, because the passwords have changed.
So to get their password, these people need to change their profile. To gain access to their profile, they need to know the password. But they don't know the password, because the password was changed.
So far there have been no serious security compromises on the US DAOC servers, mostly just the occasional dupe item bug, player radar, or 'speed hack', which are almost always dealt with quickly. And they have always said their European servers were almost completely outsourced, which may not have been the best idea and I'm sure they regret to some degree now. So much of DAOC is server-side that I don't see how this could've happened unless a rebellious GM (or their account) was involved.
"Not all who wander are lost" -- JRR Tolkien
In a further news article on the DAoC site :
Your billing information is not stocked on our servers. Everything related to your money is handled by a billing partner specialised in online transactions. Your billing information is totally safe and isolated from the platform targeted by the recent attacks.
Speed hacking is a nice parlor trick, but you can't actually use it to accomplish much in the game: the people you kill will rat you out to the in-game customer service reps, who will then hover invisibly and watch to see if you are cheating. If you are moving faster than you are supposed to it'll be pretty obvious and your account will be banned (effectively resulting in the permanent loss of all characters, gold and items in it, into which you can and usually will have invested hundreds of hours).
"Money machine"-type bugs are very rare and are squashed quickly. Mythic claims to have alarms that start ringing whenever in-game money totals rise too fast or exceed trigger amounts. I can remember two occasions when all servers were taken down on short notice to correct dupe bugs. Mythic can also confiscate the ill-gotten gains or ban the accounts of the most flagrant abusers, although this was apparently not necessary in the cases I remember.
The real problem is radar. Other than having the CSRs keep an eye on people accused of using it (ie, putting out nominally-invisible bait and seeing if they respond to it) there isn't much they can do. Server-side line-of-sight checks are computationally infeasible for servers that must support 4000 clients at once, and locking down the client software (to add encryption, say) is a hopeless arms race barring some future Palladium-like hardware horror.
Well, EQ was reputedly written based on the ubiquitous DIKU-family of MUDs (some say the original EQ engine was actually a DIKU.) DIKUs have been out there for a long time and a lot of the bugs have been quashed. Then again, maybe you're right.
Marxist evolution is just N generations away!