It is currently Sat Apr 19, 2014 6:54 am

All times are UTC




Post new topic Reply to topic  [ 151 posts ]  Go to page 1, 2, 3, 4, 5 ... 11  Next
Author Message
PostPosted: Mon May 03, 2010 8:57 pm 
Offline

Joined: Mon May 15, 2006 10:02 pm
Posts: 2208
Location: Washougal, WA
In a discussion about the Bahro character "NotABeast" that has appeared in the game recently, Taghtahv made this revelation:

Tahgtahv wrote:
However, the fact that the other player on the account is OMGHaxxor is a bit more suspicious. (That character is also a bahro)

I asked how Tahg could know what other avatars were on the same account as NotABeast, and he answered in another message:

Tahgtahv wrote:
The source of that info is from a tool our team has made.

Maybe other people already knew about this, but it's news to me. I guess if you have alternate identities or avatars on the same Myst Online account, which you may have thought would be known only to yourself and Cyan - well, if you thought so (as I did), you're mistaken.

Though I appreciate that Tahg brought valuable information to light about NotABeast, I am disappointed to hear that some other players can find out the identities of alts.

_________________
Image
MOULa 26838 | Prologue Video Project: On Hold pending Minkata support
Visit rel.to to explore Myst, Uru, and D'ni communities!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 9:05 pm 
Offline

Joined: Sat Mar 27, 2010 8:20 pm
Posts: 112
Location: Portugal
Well I think this outrageous and would like cyan to do something about it. Some kind of encryption or something to the vault. I do not want people using tools to check my account. The whos online tool is no problem for me. But this one should not be alowed and i am here requesting someone from cyan to do something about this.

_________________
Image
  • Meesem hevtee d'nee? Mees!
  • Lena biv kenen erthbantee me Keelentee.


Top
 Profile  
Reply with quote  
PostPosted: Mon May 03, 2010 9:09 pm 
Offline

Joined: Tue May 09, 2006 2:00 am
Posts: 1666
Location: Lakewood, WA
Marten wrote:
I am disappointed to hear that some other players can find out the identities of alts.

I am more disappointed that a player has been out’d in public. :(

I really do appreciate the efforts and concerns here for Cyan’s shard but this needs to go to Cyan first and only after Cyan’s consent released for public consumption. :wink:


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 9:19 pm 
Offline

Joined: Sat May 13, 2006 4:55 am
Posts: 8
Location: Washington
OMG! OMG! A haxxor AND a Bahro mentioned in the same post? That must mean that it's "Have a Cow Time" here on the forum!!! Wheeee!!!!! :lol:

_________________
~ semplerette


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 9:51 pm 
Offline

Joined: Tue May 09, 2006 12:56 am
Posts: 251
Might I add (and some people are probably going to kill me for all this), that both players on that account were Bahro. Yes, I can see what avatars are related. No, I will not post the association of any legitimate avatars here.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 9:57 pm 
Offline

Joined: Sat Aug 12, 2006 5:46 am
Posts: 1617
Location: Here, there, you know. Around.
Well, if your hack works for one, why not try both?


Really, in part I'm surprised it's taken this long for everything to be done. I mean this sort of stuff must have been possible from the very start of prologue, and yet we only start seeing hacks like a person going as a bahro or a non-client online checker or a tool to dig up uids from the vault..

You guys *aren't* doing this for Cyan, right? You did it on your own and while you may have worked with them this was reverse-engineered right? Actually, I guess that's probably a non-topic for here, but oddly it'd make me feel better to find out it *was*.


Still, we haven't even seen the source and already we're digging into Pandora's box as far as doomsayers go for hacks and tricks. Go us! :D

(Next step is say finding a way to change our KI permissions and get custom python hacks to do things that persist or what have you. Just wait and see..)

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 10:04 pm 
Offline

Joined: Tue May 09, 2006 12:56 am
Posts: 251
While we are working with Cyan, it is in the loosest sense of the term. Basically they have just given us an unofficial, it's ok to do what we are doing and to report any holes to them. They haven't given us any code. We've been working on this since November 2003 if that gives you any idea of what we might know.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 10:40 pm 
Offline

Joined: Sat Aug 12, 2006 5:46 am
Posts: 1617
Location: Here, there, you know. Around.
Figured as such. It's good and bad in a way.. it's good that Cyan isn't the ones running around flinging out sourcecode to select groups and such, but bad that it's doable. Not like they secured this stuff I guess... it also means as I alluded to with a Pandora's Box bit that it's perfectly doable. The only thing you have over Joe Hacker is the fact that you've been doing it approaching a decade and have a head start.


Well, it's not like we could've kept the cat in the bag or something about what's possible. I'm just curious now how long before we see someone really fundamentally changing their MOULa client to allow stuff that we wouldn't otherwise... or hacking together a homebuilt equivelant.


But that's neither here nor there. While it is a bit worrisome that it's possible to dig up uids and find out by them who's whom, it's not like emails are stored with that and such, so all you know is if if the explorers belong to a given email.. so if you're so worried about people finding connections, use a handful of email addresses. Common net privacy, although if we're at the point you can find out by IP address connections all, without running the server itself or having access, then we have a problem.

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 10:49 pm 
Offline

Joined: Sat Mar 27, 2010 8:20 pm
Posts: 112
Location: Portugal
Gondar wrote:
Figured as such. It's good and bad in a way.. it's good that Cyan isn't the ones running around flinging out sourcecode to select groups and such, but bad that it's doable. Not like they secured this stuff I guess... it also means as I alluded to with a Pandora's Box bit that it's perfectly doable. The only thing you have over Joe Hacker is the fact that you've been doing it approaching a decade and have a head start.


Well, it's not like we could've kept the cat in the bag or something about what's possible. I'm just curious now how long before we see someone really fundamentally changing their MOULa client to allow stuff that we wouldn't otherwise... or hacking together a homebuilt equivelant.


But that's neither here nor there. While it is a bit worrisome that it's possible to dig up uids and find out by them who's whom, it's not like emails are stored with that and such, so all you know is if if the explorers belong to a given email.. so if you're so worried about people finding connections, use a handful of email addresses. Common net privacy, although if we're at the point you can find out by IP address connections all, without running the server itself or having access, then we have a problem.


The only problem i see here is for people that use IC and OOC characters and don't want people to know that its them. I actually created an IC character once but gave up on the idea. I'll ooc and ic with my main character depending on my mood. It's easyer. But it's bad for people who don't want to go and create more than one email and want several avies to be secret. I really think it's good they found out about this, but also think that if this was found then it should be fixed so it can't be access again.

_________________
Image
  • Meesem hevtee d'nee? Mees!
  • Lena biv kenen erthbantee me Keelentee.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon May 03, 2010 11:46 pm 
Offline

Joined: Sat Aug 12, 2006 5:46 am
Posts: 1617
Location: Here, there, you know. Around.
Oh, the only problem you might see.. but privacy here is a rather personal thing and views vary. Remember the furor about the simple fact that OHBot was programmed with the full list of KI numbers that was publicly available here on the forums? Even though anyone could look them up the fact that they were there in some bot's database freaked certain people out. (Personally I'm all for it and glad it was an added feature).

Something like this where people can look up alts? Batten the hatches and board up the doors and windows, it's the apocalypse again! :shock:

(Once more, the existence of bahro explorers adds to the signs of the four bahro of the apocalypse riding out spelling DOOM to the cavern! Horrors! :P)

_________________
You know, I wish we would learn Atrus loved the 1812 overture, and in turn we had a copy for our relto.
That's right, a canon canen cannon!

MOULa KI: #00027582
Welcome back all!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 04, 2010 12:04 am 
Offline

Joined: Thu May 11, 2006 5:22 pm
Posts: 1734
Location: California
Gondar wrote:
(Once more, the existence of bahro explorers adds to the signs of the four bahro of the apocalypse riding out spelling DOOM to the cavern! Horrors! )


You... you... you mean they will be doing skywriting in the cavern... :shock:

_________________
Nalates - GoC - 418 - MOULagain: Nal KI#00 083 543, Nalates 111451 - Second Life: Nalates Urriah
Guild of Cartographers Image


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 04, 2010 2:52 am 
Offline

Joined: Fri Jul 24, 2009 3:17 pm
Posts: 269
Awww I just started making alters... bummer. I'm not going to make more. If people want to ruin the magic they can. I feel bad for my fiance though we share an account so people might start trying to claim she's me....

_________________
Image

Thelonius "Prof" Higginsbottom

member of the Guild of Calamitous Intent

"I invented the term the Bevin Generation do I get a spot in Mystlore?"


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 04, 2010 3:17 am 
Offline

Joined: Tue May 09, 2006 12:56 am
Posts: 251
Well, I wont tell. (Unless you have something like a Bahro on your account and then all bets are off) I don't usually give out info on normal players unless they challenge me to or otherwise ask for that info.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 04, 2010 3:20 am 
Offline

Joined: Fri Jul 24, 2009 3:17 pm
Posts: 269
*Hurries to hide Bob the Bahro* No I have nothing of the sort Officer, no contriband

"What about-?"

Quiet Zeesha, Yeesha's twin sister!!!

_________________
Image

Thelonius "Prof" Higginsbottom

member of the Guild of Calamitous Intent

"I invented the term the Bevin Generation do I get a spot in Mystlore?"


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 04, 2010 3:24 am 
Offline

Joined: Tue Oct 03, 2006 3:25 am
Posts: 869
This sort of thing sure is... annoying. That's an acceptable word, though it falls short of my real feelings.

Close the hole, already! Don't just tell us that it's not being abused, how is that supposed to make me feel better? There's a gaping hole in security, but only nice people know about it?

_________________
"I visited Esher's lab and all I got was this lousy t-shirt."
VidRoth -- KI#50637


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 151 posts ]  Go to page 1, 2, 3, 4, 5 ... 11  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to: