8f4a5f No.15479893
http://archive.is/QWZKR
Jagex employee has been found to:
>DDOS users during tournaments with cash prizes
>steal one letter names to sell them for money
>access recovery information, INCLUDING CREDIT CARD INFORMATION
>using this information to remove hundreds of billions of gold to sell for real money
Jagex is releasing the minimum information they have legally have to, but they're going to be completely silent until the police investigation is over.
a28382 No.15479902
Fuck yeah
They deserve it. RS used to be good, but it died a thousand slow deaths and deserves every moment of failure that comes with it.
Ultimately, they'll apologize, and say they'll be more diligent for making sure RS is a safe and diverse gaming experience, even though their problem has literally nothing to do with socjus
8f4a5f No.15479905
In unrelated news, our vidyascape was breached a month or two ago following an extended brute force attack no one noticed. Passwords, MAC addresses, IP addresses, were all stored in plaintext and compromised.
http://odelvidyascape.blogspot.com/2018/08/vscape-btfo-port-mortem.html
>/v/scape server was compromised
>Your passwords were in plain text
>On August 3 2018 at ~19:30 UTC our server was broken into.
>This was after a two week+ sustained attack.
> We were using a password login for the server with no alerts on failed login attempts
>Everything should be considered compromised at this point including, but not limited to, usernames, passwords, PINs, IPs, MACs, and email addresses from the Mantis.
a28382 No.15479906
>>15479905
>Your passwords were in plain text
I seriously hope nobody here needs a reminder to use different passwords for every site, in case of shit like this
0cc880 No.15479915
>Mods fuck around with their power yet again
>You will never be as pathetic as a hotpocket
Feels good.
a8454a No.15479925
>>15479905
>ever trusting anything from /v/
they couldnt even securely store their passwords. anyone with an ounce of opsec would have dodged them like a bullet
ef4687 No.15479929
>>15479925
Even the 8v FFXI server had passwords encrypted in the DB, and that was ran by some dude who really, really liked Mithra Asses.
28cfa7 No.15479935
>>15479929
>Mithra Asses
post 'em
c15b54 No.15479937
>>15479929
>you will never slather a mithra in coconut oil and wrestle her with your dick
ca2725 No.15479952
>>15479905
Do you guys really come up with different usernames and passwords for every account you make? How will people remember your posts and OC if you don't have an identity to attach them too?
>caring about your IP address
I'm sure NSA is watching you closely special snowflake. Grow up, no one is watching you, you paranoid fuck.
8f4a5f No.15479957
>>15479893
Some context: Users had been complaining about items, names, and billions of gold disappearing from their accounts for almost a year. Nearly every tournament with prize money is won by a PKing clan, ROT, who mod jed (the employee who just got buttfucked) was a member of. Mysteriously, their opponents would disconnect or have severe latency issues at the most important points. Non-tournament servers lagged like shit because they were hit too. This is an open secret.
fagex released an announcement on this, acknowledging moderator abuse, and also separately stated they couldn't talk about due to an active investigation. At the exact same time, as the announcement, Jed was fired. Following that, billions of coins have been returned to users. The really damning part is that a jagex moderator confirmed months ago that credit card information was given to confirm ownership of the amount. This is proof that Jed was the one who stole billions of gold, and had done so with credit card information, transaction IDs, and "a fair amount of other information".
8f4a5f No.15479960
>>15479959
>he said r*tten twice
don't say it again
ca2725 No.15479995
>>15479960
rottenhuman_
Calls the mods I don't give a fuck.
6d661b No.15480010
>pride in integrity
>hold to the highest standards
>fail to notice massive thefts and tournament fuckery for a year
8f4a5f No.15480012
>>15479893
While I'm sharing jagex fuckups, they nerfed pickpocketing a few months ago. You get pouches which have a set monetary value. Jagex, being fucking retarded, made the value of the pouch two billion by accident. Jagex took the game down for a few hours and managed to roll back items.
031849 No.15480017
GEscape is not real runescape
8f4a5f No.15480021
>>15480017
stop npc-posting, anon
031849 No.15480023
>>15480021
what is this, a 4chan meme?
6d661b No.15480030
>>15479925
Encrypted passwords are pointless when they can just login as root to the server and capture them there. They're really only of use if only the database gets compromised, which is extremely frequent due to shitty webdevs.
8f4a5f No.15480034
>>15480030
>Encrypted passwords are pointless when they can just login as root to the server and capture them there.
Who the fuck said anything about encrypted passwords? You hash them. You don't encrypt them like some sort of retard.
a28382 No.15480045
>>15480012
> made the value of the pouch two billion by accident
To be fair, the max value of a 32 bit signed int is 2,147,483,648, so it was probably an accidental overflow or default value
8f4a5f No.15480050
>>15480045
It was an overflow, like you said, but letting this make it onto the public server is sheer incompetence.
6d661b No.15480054
>>15480034
Hashed passwords are even worse, pure webdev tier, as they can't be checked without the server being handed the plain text password by the client.
8f4a5f No.15480062
>>15480054
If you're storing passwords in any reversible form, you should be locked up
d91db4 No.15480069
a37ac2 No.15480078
>>15480054
Are you retarded?
6d661b No.15480080
>>15480062
I store them on plain text on a secure server so I can use any authentication protocol without other servers ever being exposed to plain text passwords or having hashes that can be stolen. It's objectively superior, I've been doing this since the '90s on every project I've worked on, and none have ever had a breach of passwords. Fuck webdevs.
8f4a5f No.15480082
>>15480080
>I store them on plain text
You should be in jail.
a37ac2 No.15480096
>>15480080
So that’s a yes then.
2895c9 No.15480139
>>15479905
I'll be honest, the IP doesn't phase me because I've moved, switched providers and had a dynamic IP.
>Someone got a fishing account on a private server
oh no
Shame /v/idyascape is low pop
8f4a5f No.15480147
>>15480139
>Someone got a fishing account on a private server
The much bigger issue is all the other data being leaked simultaneously.
a28382 No.15480149
>>15480147
>>15480139
>Someone got a fishing account on a private server
Fish lvs?
2895c9 No.15480157
dc60e5 No.15480161
>>15480096
>you're so retarded for not exposing plain text passwords to a server run by webdevs
>you should be following established wisdom, like these other sites who got hacked and had their hashes cracked
eh heh heh
60b57b No.15480163
145951 No.15480167
>using this information to remove hundreds of billions of gold to sell for real money
Why can't he just give himself gold?
616a35 No.15480169
dc60e5 No.15480173
>>15480167
hotpockets probably require approval to magic things out of thin air but are allowed to deal with fixing botched trades, etc..
8f4a5f No.15480177
>>15480161
>you should be following established wisdom, like these other sites who got hacked and had their hashes cracked
How do you crack a SHA-256 hash?
8f4a5f No.15480185
>>15480173
Apparently hotpockets don't have access to admin tools, but can still access sensitive user information like recovery data.
dc60e5 No.15480189
>>15480177
At 2-3 billion sha256 hashes per second on a modern card, and most people using 8 character or less passwords, it doesn't take more than a couple weeks to crack even on a standard gaymer rig. If wiling to give Amazon a few bucks, you can have an admin account's password in a day.
a28382 No.15480205
>>15480177
>>15480189
Nah, the easiest way to crack a SHA-256 hash is the same as any other password cracking approach. You ask them nicely for their password
Humans are fucking stupid. They are, and will always be, the weakest element of a security system. The desire to be helpful and "unobstrusively" allow their superiors through allow for social engineering. Look at the current state of modern society: You made a product that datamines someone, like Chrome, an OS, or a website, and people happily give you so much information.
1c61eb No.15480206
after a breach like this, a company legally has to come out and say they were breached, and they'll get a fine for a lack of PCI compliance, etc etc
this is a HUGE deal, I haven't even played runescape in years, but I'm in infosec, and the consequences for this are very serious, not only for the players whose payment info has been compromised, but also for jagex, due to liability issues with handling payment information
8f4a5f No.15480210
>>15480189
What modern card can do billions of sha256 hashes a second?
1c61eb No.15480211
like seriously this could be the killing blow for OSRS, because they could lose a lot of money for this breach
67700b No.15480217
they're gonna lose thousands of dollars at the bare minimum lmao
dc60e5 No.15480218
>>15480210
My GTX 1080 does about 3 billion.
1c61eb No.15480225
on the plus side this is the most interesting thing to happen to runescape in a while
this sounds like a fucking shitty rejected James Bond X Ready Player One movie script
031849 No.15480237
>>15480211
>/v/scape will finally flourish because of this
1c61eb No.15480252
2f6427 No.15480311
>>15480189
>most people using 8 character or less passwords
Well, honestly with a password that small, as you say, what good is most forms of encryption or hashing going to do? But then why would you assume all of your users are that retarded unless you had a shitty website to begin with? They become orders of magnitude more difficult to crack the longer they get. You're just giving a middle finger to everyone who knows how to make a decent password.
1c61eb No.15480343
"The GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
You must also keep a record of any personal data breaches, regardless of whether you are required to notify."
they have 72 hours, if they don't make a statement about the credit card info (not just the stolen GP), then they are FUCKED
8f4a5f No.15480509
>>15480343
Is that shit actually enforced? This also coincides with Jagex's most profitable year in a long time
It couldn't have just been one low level hotpocket in on this
1c61eb No.15480534
>>15480509
>This also coincides with Jagex's most profitable year in a long time
GPDR fines scale with revenue. The higher the company's revenue, the higher the fines are.
a85b18 No.15480584
I told you niggers DMM was rigged, but no one listened.
PvPers are forever cucked.
8f4a5f No.15480587
>>15480534
good, fuck them in the ass
ebc44e No.15480598
Runescape is where I got my first real email handle. Sad to see them fall but, other than that, who cares?
1c61eb No.15480618
>>15480598
the people whose credit card information was breached, dingus
93ce34 No.15481107
>tournaments
>Runescape
>tournaments
huh? Are they duel arena tournaments or what? Do people really participate, watch and have prize pools for faggotry "honorabul" duels where the combat system is at it's absolute worse?
8f4a5f No.15481117
>>15481107
>he doesn't know
They host separate servers for the tournaments where everyone has a two(?) weeks to build a pvp-ready character with 5-10x experience rates. Virtually everywhere (outside of some safe towns) allows pvp regardless of level. If you kill someone, you also get to empty out most of their bank and steal some of their exp. There's some other general changes, but that's the most important part. At the end of 2 weeks, there's a mass genocide where everyone kills each other until there's only about 128 people left, and then it goes into faggy 1v1 PVP mode with whatever supplies you have left.
It's pretty fun, except for the fact that every tournament involves a shitload of DDoSing. As it turns out, this was almost certainly done by the mod they just fired.
a28382 No.15481127
>>15481117
That actually sounds really fun for a league play system
47c008 No.15481181
>>15479952
I use a different password for my emails + game accounts but for everything else I have to register for i use the same old password.
6a4232 No.15481279
>>15480587
>>15480597
Protesting the pride event was probably the most fun I've ever had with OSRS.
3661be No.15481337
>>15481279
Same though, a damn shame the developers cucked so hard. Literally *no one* wanted that stupid shit.
It was likely the most satisfying PKing I had ever witnessed when some of them took to the wild and literally fought it out only for the handful of gay pride faggots to get an ass whooping.
2895c9 No.15481762
>>15480237
Only if they shill it.
and knowing /v/ run projects most are afraid of redditors. Either scare em off or use em as good goy to keep the server afloat through pop and donations
8f4a5f No.15485455
>>15481762
just turn them into lampshades
eaf36b No.15488525
>>15480010
>a year
Several years actually. I think ROT has won almost every year and every year the 2007scape subreddit (who give the devs all of their shit ideas to ruin the game further) screeches about how there is DDOS bullshit going on and how it is obviously stupid that a dev is a member of the clan that wins every time. Clearly this is the one thing they were right about. But do the devs listen? No, they only listen to bad ideas.
>>15480587
>>15480597
The only worthwhile thing about the game since the introduction of the GE
>making jug swastikas 3-4 jugs deep with those jug packs at the general store
>fag supporters try to pick them up
>their inventory gets too full to pick them all up
85d092 No.15488580
>all this time they told us real runescape moderators would never ask for things like credit card information
>but it was them we had to look out for all along
3ced9f No.15489593
>>15479959
This isn't even that funny, it's just sad seeing an autist get bullied.
8f4a5f No.15489611
>>15489593
And yet he still comes here and repeatedly outs himself
a28382 No.15489613
>>15489593
>(1) and done defending Reddit
14388a No.15489626
>>15489593
>he keeps coming back
Why do you do it to yourself?
7ee4f2 No.15490745
>>15480189
>At 2-3 billion sha256 hashes per second on a modern card
Use Argon2/Lyra2 you stupid nigger
1755cb No.15499303
73a2ed No.15499877
>>15490745
I'll stick to just not exposing hashes to webservers at all, faggot.
8f4a5f No.15499905
>>15499877
>I'll just stick to exposing passwords to webservers
a28382 No.15499966
>>15499905
You create a hashed token from the hash, moron
fef048 No.15501914
>>15479902
tbh i think they were looking the other way
jed has been in rot for ages
and very sketchy
so unprofessional
275d2f No.15504474
>>15479906
>different passwords
Different usernames is smarter
>>15479905
I still need to get my account unlocked
Odell if you’re here somehow please unlock Philemon
9d7347 No.15504525
Jagex is both malicious and incompetent.
>you will never be such a shitty programmer that you cause items to turn into max cash stack on death
f442d7 No.15506522
7ee4f2 No.15507829
>>15499966
>You create a hashed token from the hash, moron
Now you're just spouting niggerbabble because you've lost the argument
1755cb No.15513869
>>15504525
They're British aren't they? Probably hire a ton of pakis for diversity points.
9568fb No.15520352
If Mod Jed got access to our account information, are we entitled to monetary compensation?
ce4d7b No.15527647
You have to feel sorry for Runescape, you really do. Small cosy mmo rose up from humble beginnings to become a sensation only to be abandoned by its parents and sold off to Jewish and Chinese merchants who slowly killed it with increasingly despirate attempts at maintaining public interest.
0ef280 No.15527859
Reminder that with Varrock dairy and Miscillenia you can afford to pay in game currency for membership, thus playing the full game without giving Jagex a cent even if you don't do pvm.
1611b8 No.15527917
>>15489593
I disagree, shills deserve to get BTFO like that and it's a shame it doesn't happen more often. I'm glad I was there to make it into the screencap.
>>15527859
How do you justify wasting more time playing Runescape?
0ef280 No.15527925
>>15527917
>wasting time
>/v/
C'mon now.
f30b68 No.15527932
>>15527647
It is on record for being the MMO with the most players logged in at once, that kind of fame doesn't disappear.
43ffcf No.15527970
>>15527917
>wasting time
>playing a video game
>>15527932
My brother in law plays it a lot on Iron Man, he says its a simple game that he can gap out on the weekdays after work. I tried it for two days and I get it, but just didn't do it for me.
eaf647 No.15528385
>>15480023
It's an 8/pol/ meme. IRL NPCs are those who can't conduct inner voice. https://archive.is/L7XlR
f703f5 No.15533053
I really miss Darkscape. I've recently gotten back into OSRS as well and about to go nuts with questing.
Is it something I should avoid?
03362b No.15533165
>>15480584
I really want to impregnate an asian and then abandon the child.
1755cb No.15533438
e191f5 No.15533473
>>15480584
It's not like Clanman Mode was ever interesting in its history. Boring to play, boring to watch. A handful of clans end up dominating and winning all the funds to continue funding their chink botnets to continue DDOSing competitors to continue winning money, meanwhile a bunch of Twitch whores go through the exact same motions every single tournament to the same boring effect. It's a problem with the game rather than the people, too: I once watched a streamer shitpost and mix it up a little, doing a shitton of farming, and even he was condemned to the same Slayer grind hell everyone else had been on for hours.
I love Runescape but it's fucking shit. DMM is just a culmination of everything wrong with the game.
031849 No.15533483
>>15533165
asians aren't known for liking blacks
051877 No.15536906
>seasonal play pvp
Pure fucking cancer.
Just give me a functioning persistent world with world pvp
dc67e1 No.15537030
>that Kourend rework
I wish it were live, makes me want to re-sub
03cad3 No.15537068
>>15479905
>Your passwords were in plain text
ayy lmao
1611b8 No.15537208
>>15533438
Did you ever play the game?
a79e3f No.15540839
>>15533438
It's real I actually did the quest again myself a couple of days ago
1b9466 No.15540877
>>15532358
>>15533438
That's cute, but he's painted as the antagonist in the quest line. Not a proud protagonist who's in the right.
http://runescape.wikia.com/wiki/Sigmund
http://runescape.wikia.com/wiki/H.A.M.
1611b8 No.15540929
>>15540877
Maybe if he had directed himself towards a species that was actually a threat to humans things would have been different.
>painted as the antagonist
He fights you on multiple occasions, is that not antagonistic?