Forum Settings
       
This Forum is Read Only

A Real Security Issue?Follow

#1 Sep 08 2010 at 4:17 PM Rating: Decent
Scholar
*
120 posts
Yes there is another "Security Flaw" topic, but this is unrelated and just coincidental that it happened just a few minutes ago :P

My account has been logged in all day, just sitting in a market and I was in the other room watching t.v.. BF was playing around with network (got a new cisco business router, loves tinkering w/e), and he reset the network. I was on macbook at the time, and yes the internet went out for about 5 minutes while he was ******** around.

Came back to the PC and had the "disconnected from server" pop up over my character in the market... to be expected. So I clicked OK, and it took me back to character selection... i clicked Kao and went right back in. Did NOT have to completely resign in with my SE account...

Every other MMO i have, takes you completely out when your internet goes out and you have to sign back in. For FFXIV not to do that makes me a bit nervous, I have the token on my account from XI but even with my internet out for a good 5 minutes, it bypassed that completely.

My AION account was hacked a while ago and the only AION site I ever went to aside from NC/official was Curse (deleted my account quickly after that and created a new one with a new email, no info etc.). Anyone know anything about internet security crap? Seems like an issue to me.
#2 Sep 08 2010 at 4:20 PM Rating: Decent
Edited by bsphil
******
21,739 posts
Wish they would've had this back during the alpha when you needed to attempt to log in for about an hour on average before you'd actually get in. Had to keep putting in my ID/password/security token number every time.

For the moment I don't really see it as that big of a security threat.
____________________________
His Excellency Aethien wrote:
Almalieque wrote:
If no one debated with me, then I wouldn't post here anymore.
Take the hint guys, please take the hint.
gbaji wrote:
I'm not getting my news from anywhere Joph.
#3 Sep 08 2010 at 4:26 PM Rating: Good
I typically don't think anything that requires access to the controls of a computer to exploit is really a security loophole.

However, no modern MMOs will let me save my password...
#4 Sep 08 2010 at 4:29 PM Rating: Excellent
Mistress of Gardening
Avatar
*****
14,661 posts
Doesn't POL let you save passwords?
#5 Sep 08 2010 at 4:41 PM Rating: Decent
Scholar
*
120 posts
POL does not let you save passwords. In fact it has that software keyboard for even more added security.

The thing is, how can I have no internet connection for 5 minutes, get disconnected from game, but still be logged in to my account?
#6 Sep 08 2010 at 4:43 PM Rating: Decent
Scholar
*
59 posts
kaorinite wrote:
The thing is, how can I have no internet connection for 5 minutes, get disconnected from game, but still be logged in to my account?


It stored your session so it could reconnect? It's the same way that you can disconnect for 10 seconds and not get kicked off.

You don't put your log-in information into the game client, you put it into the launcher. When the game client is run it stores some sort of session information so that it can communicate with the servers without requiring your user name and password again.

Edited, Sep 8th 2010 6:44pm by hints
#7 Sep 08 2010 at 4:51 PM Rating: Good
*
88 posts
I don't think it's a security issue.

The session you had open with the SE might still have been open sitting idle till you could reconnect.
If it's a TCP connection it would make sense that only you from your IP could re-establish the connection.
The client and the server most likely have idle timeout times for lost connections. This allows them to be re-established connection.

Chances are this connection is encrypted and only the client that was logged in can re-establish the connection because of the security token(if used) or without the session ID which should be unique for each connection.

TCP syn checking would come into play at that point to I'm sure.

I'm only guessing though. I do support for a firewall company named Watchguard so I know a bit about it.

This forum is read only
This Forum is Read Only!
Recent Visitors: 18 All times are in CST
Anonymous Guests (18)