Dev blog: Security Update - February 2018


(CCP Falcon) #1

Check out this dev blog for the latest installment of regular information on security action from Team Security!

(Dyver Phycad) #2

Interesting blog and explanation about the advancement of restrictions for botting accounts.

(Blitz Hacker) #3

Regarding CCP communications: Why not just have CCP communications ticketed, so that VS someone posting information regarding a dev/ccp communications being taken out of context that they could (like an api) just be simply linked or referenced. The line 18 change of the EULA I can’t help but see as ‘shady’ as if I recall it was implemented shortly after the “T20/BoB” T2 Cheating / lotto rigging fiasco. Why not allow referenceable sources with official communication be allowed to be publicly reference-able ‘in context’ via a link. Then people could misquote CCP all they wanted to with said link it wouldn’t be taken out of context. It’s not like people don’t post it anyway, They usually just censor names/times anyhow. Which still if convincing (like a bad headline) still shines poorly on CCP. (in my opinion) Transparency is key.

(Blitz Hacker) #4 for example… mis quoted or original replies in this link? who knows? ccp still comes off looking poorly.

(Gorion Wassenar) #5

Wait, so this whole time until now when people were getting bans they could xfer characters to another account? :psyccp: :

(Rosewalker) #6

No. That was banned years ago. The new penalty is that they can’t use skill extractors.

(Rosewalker) #7

What is the definition of “bans related to account hijacking” ?

(Circumstantial Evidence) #8

‘hijacking’ could only be account hack / takeover.
E: And I’m stunned by the number… it implies an even larger number of affected accounts. When an email takeover is involved in a hijack, a bunch of eve accounts could be compromised at once. (Go 2FA!)

(Dark Engraver) #9

Fact of the matter is CCP still shows an afinity toward certain groups ingame and no matter how you spin it they have no internal security overlooking what their employees do or who they feed intel on future development or company plans.

(Gowa Hyasyoda) #10

I think that it is great that CCP is cracking down hard on those who break the rules in the most excessive ways. As a new player I have to admit I have never seen a game where scamming was such a common thing, which is allowed of course in Eve Online. Although, I have to admit this is probably a game that also carries a worrying amount of it’s player base who will probably do anything they can get away with even if it is blatantly against the rules or CCP’s interest to do so.

There will always be players who will cheat in any game and when it comes down to it a lot of what CCP takes action against also depends on player input and it must be hard for them to admit that many of these players who have made past offenses they have taken action against are probably laughing it off as little more then a slap of the wrist and a quick “account resculpt” if they didn’t receive a permanent ban or lose the accounts in question. So it can be said that it is more then fair for them to retroactively increase the penalties against these players, they should be lucky to be able to keep playing in the first place even with the new restriction and I wouldn’t consider it unfair if they decided to outright permanently ban them in the end.

These are no common breaches of the rules like lesser offenses that warnings or minor and temporary penalties can be considered fair as a punishment. Ultimately there will always be those who come to speak negatively against CCP for their own defense and to try and twist situations and outcomes to their advantage especially among those in question with today’s topic. CCP has a right to defend themselves and they shouldn’t give an inch, or take any “crap” from players who have no obvious honest intent. They owe it to the honest players and themselves as the hard working creators of this game.

I love this game for all it’s difficult challenges, vast content that scares the crap out of me from even beginning, adversity in the types of players you will encounter and what they do both honest and dishonest. There is a very satisfying feeling from growing as a player from nothing to something you can be satisfied and proud of. CCP shouldn’t let those who will break the rules belligerently and rub it in their face both in word or action to get away with it in the future.

Keep up the good work CCP!

(Nevyn Auscent) #11

Uh. There is literally a division of ccp called internal affairs. You can email them if you believe a ccp employee is showing bias.

(Lil Probist) #12

Really appreciate you taking that feedback on the skill injectors and putting it into practice. I remember when I saw it being brought up, and CCP (forgot who) said it was a great idea and try to get that done. That’s a sure way they would avoid the account strikes and ban that you are trying to stop the botting with.

(Mack Itinen) #13

as a normal player from China
i just know lots of players use bots
and other methods against EULA
but finnaly nothing happened…

(Mikkhi Kisht) #14

The expanded clarification to section 18 is appreciated, I’ve bumped into a couple R00kies that are so scared of it that they were afraid to link CCP employees’ Twitter handles in chat, thinking that would get them a ban hammer smak.

While hitting bots RMT’ers & account thieves is great & 2FA would help on accounts staying in the hands of their proper owners, I’m still holding out for a authorization codes fob like the Blizzard/BattleNet ones. I’d be willing to plunk down $10-20 bucks for one so my 2FA isn’t 100% tied to an email account to work. Half my accounts are on Yahoo emails, those are admitted to have been compromised in the Billion range now. A method outside repeated email checking for the 2FA blerb would be something I’d want!


(Cha'Tau) #15

I welcome the banning and other severe restrictions against bots. Not sure how somebody would let their account get hijacked - just don’t trust anybody enough to hand out your account creds. You might as well give them your credit card details, too…

(Cha'Tau) #16

you can get 2FA in a number of ways on a smart phone. RSA, SafeNet, Google Authenticator are just a few.

(Mauhur Rakkir) #17

I’m glad you guys are taking action against botters. They’re a plague in practically every well-known MMO. Coming from Runescape, I’m accustomed to harsh action being taken against bots and those who run them. But, Jagex’s Botwatch program isn’t perfect and it has permanently banned innocent people in the past.

Do you guys investigate every report of botting or do you have a system in place to monitor this sort of activity? What steps do you guys take to ensure no innocent person is accidentally banned for botting?

(Insidious) #18

Delayed local will stop botting!!!

(CCP Guard) #19

That’s not a bad idea. We’ll think about these things and maybe we’ll end up making some changes down the line. There’s a lot of factors to consider to make such a system safe, even just from accidents, as oftentimes tickets contain personal information that people divulge about themselves or others.

Complete lack of transparency isn’t great for anyone involved. If the information firewall has no holes in it it also means that anyone can make all kinds of wild claims about how they were treated by us and hide behind the fact they’re not allowed to share the communication. We reserve the right to call those people out and if anyone feels slighted by us, it’s fair they get to call us out as well. Any general rules surrounding this just need to be sensible and protect against unintended consequences.

An active conversation about these things is a good start :slight_smile:

(CCP Guard) #20

In almost all cases the “hacked account” is just accessed with valid credentials because someone lost access to their E mail address in a big data leak somewhere. And yes, there are easy steps to protect those E mail accounts like 2FA and general diligence.