Before you read into this security measure, allow me to emphasize this first, ANYTHING YOU DO YOURSELF BEYOND THIS POINT (CLIENTSIDE) IS MOST LIKELY USELESS IN HELPING AGAINST HACKER THREATS. ALL HACKS ARE BASED ON SQL INJECTIONS INTO NEXON'S DATABASE (SERVERSIDE) MEANING IF NEXON DOES NOT PROTECT THEMSELVES, YOU ARE Screwdrivered.
(Clientside = YOU, Serverside = Nexon)
Now, in order to fully understand the situation here's how the hacking works.
There are two methods hackers are implementing into this system, Packet stealing, and SQL injections.
Packet Stealing: A user for ex. finishes a mission and gains 10,000exp. A packet of Information will be sent out to Nexon's database that collects ALL of the user's clientsided info. The 10,000exp will include Login info as well as personal information entered into the computer. This cannot be stopped.
SQL Injections: On the website for Vindictus.com, notice the http:// does not HAVE SSL or "shttp://". This allows hackers to use a hacking method calling SQL injections where they directly pump observer bugs into Nexon's website, where that observer will directly leak Injections of Personal information/login to the hacker. In other words, SQL injections function as a dog playing fetch. I send the dog into the server and he fetches me information. SQL injections CAN be stopped by SSL, but nexon is too cheap to afford such.
As this brings my speculation that 2ndary password will be most likely useless. Despite your 1000 firewalls, config changing, tertiary account logins, the hacker won't be hacking YOU, but will be hacking Nexon.
Nexon will hold all the 2ndary passwords in a separate server (hopefully Secure), or they can risk it like the cheap company they are and store it into a USB drive.
Old methods that can raise protection: (All of these methods have been proven to be Broken because once again, everything hacked is SERVERSIDE, NOT CLIENTSIDE)
However, if you're still paranoid, it won't hurt to take 5 minutes to implement these few security measures.
1. Go to your Nexon folder C:/Nexon/Vindictus/en-US/ and find a Config.txt file. Right click it, Properties, and set it to READ ONLY. Then click ok and exit.
(What this does is if you accidentally enter a hacking boat or random PVP map that hasn't been implemented, the Host that is hacking will not be able to mess up your settings and deem you as a hacker)
2. Avoid Buying websites. Although it's common sense to avoid Chinese vindictus selling gold/equips websites, there is one particular one made by the infamous guild leader of B**** Ra*** aka. Deaths***** that is literally an obvious risk. (Source by forums)
3. Make a 2ndary account to log into forums. Don't log into your main in the main website, use a secondary account to post forum messages. If you wish to purchase NX, go to the Charge NX page that has SSL.
4. Avoid logging and opening the game through Website. USE the EXE File in your folder! It's faster and safer!
In conclusion, most likely any method you try to protect yourself is useless. However, these can help against a few old hacking methods in the past.
My input. As I've been a customer of Nexon for over 8 years, I believe this hacking spree is an undercover assocation with Nexon and chinese gold workers. Nexon recently released that they were going IPO, but also released the same news that their database was comprised. However, their IPO status did not change, suspicious much? On the other hand, players getting hacked or buying Gold entice Nexon to make MORE revenue. Players who buy gold have the opportunity to get any items they want in the game. However, this is limited because enchants/enhancing at some point require the safe degree of using NX to buy runes.
Additionally, Nexon as a major worldwide gaming corporation sitting slightly behind Blizzard can EASILY, no NATURALLY afford extreme security measures. However, they opt to sit on junk servers, junk security, and junk staff. The 2ndary password, I believe, is being delayed for a REASON. Instead, Nexon tries to hide this news and give us 10 divine stones as "compensation".
No comments:
Post a Comment