Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data
I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
Click the image to see my graphics suggestions, or here to play EE: Project M!
Offline
Minisaurus wrote:Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew dataI don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".
Offline
Crybaby wrote:Minisaurus wrote:Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew dataI don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".
proof that atilla is more pro than xeno on ee&eeu hoorah
LukeM wrote:Crybaby wrote:Minisaurus wrote:Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew dataI don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".proof that atilla is more pro than xeno on ee&eeu hoorah
werent you quitting
Offline
Nebula wrote:LukeM wrote:Crybaby wrote:Minisaurus wrote:Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew dataI don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".proof that atilla is more pro than xeno on ee&eeu hoorah
werent you quitting
weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.
TaskManager wrote:Nebula wrote:LukeM wrote:Crybaby wrote:Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew dataI don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".proof that atilla is more pro than xeno on ee&eeu hoorah
werent you quitting
weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.
Was this worth quoting the whole paragraph long posts from above just for the people reading this to suffer through?
Click the image to see my graphics suggestions, or here to play EE: Project M!
Offline
why would someone hack EE?
that person may be a really sad person...
i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?
thanks hg for making this much better and ty for my avatar aswell
Offline
Andymakeer wrote:why would someone hack EE?
that person may be a really sad person...i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?
Petty self satisfaction I'd imagine
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more)
The people that use same password on ee could use same password on minecraft or any game or site.
It's like this everywhere. The reason that combo list exist, and it's really scary how many too.
A combo list often contains email:password or username:password. People then run this against other sites.
Offline
hmmm till they dont get much data siince the player base si small alos apascha mod?
thanks hg for making this much better and ty for my avatar aswell
Offline
[ Started around 1732424213.7475 - Generated in 0.123 seconds, 12 queries executed - Memory usage: 1.63 MiB (Peak: 1.84 MiB) ]