BioWare latest hack victim Electronic Arts, owner of BioWare, is asking users of the Neverwinter Nights forums to re-register on the site after hackers stole several thousand accounts. neverwinterscreenshot An email from BioWare GM and Electronic Arts veep Aaryn Flynn said no credit card or social security numbers had been pinched: "However, hackers …
I really hope they didn't mistake me legitimately logging into my account a few days ago (trying to download the latest patch to NWN which I was having trouble finding on my machine) with the idea of someone hacking the system.
I just followed the link in an email from when I bought stuff from the old bioware store (which unfortunately isn't there anymore, so I can't redownload the add on modules I had bought some years ago. Oh well hopefully I can find them somewhere on one of my disks). Plenty of broken links on the old forum server unfortunately.
Sure would be nice if they would keep all the patches around on their new support server, but apparently they don't care about older games they released anymore.
What do we the end users need to do to secure our data, passwords, credentials etc?
I can relate to both liquidphantom and b166er comments. I also had to laugh at b166er, because he's right. Which do you want.
None the less, what do we do? We can point fingers all day but one of the weakest points in security is ourselves and our crappy security. Studies find most people use the same password for both serious web use like banking and for recreational web use. If you do, all it takes is one of these breaches to gain the keys needed to access all your accounts.
Use complex pass phrases - Try the techniques near the end of this article for easy ways to create unique and strong pass phrases you can remember. http://wp.me/p1rE6R-4O
I also recommend using LastPass for multiple reasons. First off, its free! One of the other big advantages is its ability to help you easily create and manage strong, unique passwords for as many web accounts and services as you may need. You can see a review here http://wp.me/p1rE6R-dO
David
encryption don' mean shit . . . when the issue is man-in-the-BROWSER attacks. They even say in their own forums -- when forced to admit it -- that you should not use LastPass on an infected PC, that LastPass is not a security product, and that security is best left to the big players in that business.
It is a convenience, and that has long proven to be inversely proportional as security. You are insane to trust your passwords to such a --- ah, screw it. Convenience trumps all.
How long before we get some laws to make the storing of passwords in the clear (or encoded in such a way that they can be trivially recovered) illegal?
They need to start assuming that any perimeter security is going to be breached, so make sure there's nothing valuable to steal.
Ok, I agree with you on clear text passwords, but for passwords that can be trivially recovered?
What is securely encrypted today, is tomorrows trivially encrypted stuff. All it takes is time and power, and they are both growing exponentially to the home user.
And who would decide how securely encrypted something is....MPs? Don't make me laugh.
Trevor 3, "What is securely encrypted today, is tomorrows trivially encrypted stuff"
But it was you that assumed I said "encrypted".
ENcrypted implies they can be DEcrypted, which would be bad. That's why (properly salted etc) hashes are a much better strategy for password comparison. Please read what I write before going off on one.
And if there's no way to 'draw the line' at what's 'good enough', simply add transparency, so mandate that beside every password box there's a link to info about how it's stored - and let the market decide.
You said ENcoded. Which also suggests they can be DEcoded. Pedant.
Also wasn't getting at you directly (you are anon after all how could I?) I was just making the point that anything man can code, encrypt and lock, man can decode, decrypt and unlock. It's just a matter of time, no matter how salty you make it.
As for your mandate idea...are you suggesting that there are no rules? Just customer feedback?
Don't you think that users will go for shiny and usability instead of security?
I've got you a beer. this story is old anyway... :-)
they WILL have got the serial numbers for games we registered there - at Bioware's demand.
So now our serial numbers are out in the wild on warez sites as valid serials, we get banned from online servers, we paid for their games, now we can't use or install them. Thanks.
Hey Bioware.... I vowed to never buy Sony again after their cockup, guess who just joined the list?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
