Page 1 of 5 12345 LastLast
Results 1 to 20 of 94
  1. #1
    Founder Gol's Avatar
    Join Date
    Feb 2006
    Posts
    6,122

    Exclamation Viewing the offer wall could lead to your DDO account being compromised

    Public Service Announcement

    When you view the "Offer Wall" (and no, I will NOT provide the link), Turbine sends the email address tied to your account as well as your DDO billing/launcher username over the Internet UNENCRYPTED.

    The following was captured using a HTTP debugger:

    Sent to content.turbine.com
    GET /sites/my.ddo.com/ultimatepay/TurbineProvider.php?accountname=(your_username_here)&email=(your_email_here)&userid=cmpncfdk4lttt3knpehqlt3ey&hash=752c9dea8cb ebedd14b69f5807b64941
    HTTP/1.1

    As long as you are using a standard browser (IE, Firefox, Chrome, Safari, etc), the offers do not have direct access to this information. However, that's by browser implementation. The data is still going out unencrypted.

    Here's what is actually sent to get offers when you view the page:

    Sent to www.ultimatepay.com (albeit over https)
    GET /app/api/live/?sn=TDDO&method=StartOrderFrontEnd&display=OfferPa nel&accountname=(your_username_here)&email=(your_email_here)&userid=cmpncfdk4lttt3knpehqlt3ey&hash=752c9dea8cb ebedd14b69f5807b64941
    HTTP/1.1

    At this point, Turbine has already given the offer provider your DDO account name and the corresponding email address. Expect to get spammed just for viewing the offer wall. Also, don't be surprised if your DDO account is hacked. Turbine just gave away half of the data (the username) as well as the email it's tied to.

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Update: Proof this information is being used maliciously:
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

    After viewing the Offer Wall, I personally received a World of Warcraft phishing scam email. Apparently there is enough market overlap between DDO and WoW to justify sending WoW phishing emails to DDO players. Note, I have never played WoW and do not even have an account with any of Blizzard's games.
    Quote Originally Posted by Spammer
    Greetings

    World of Warcraft -> Legal -> End User License Agreement
    and Section 8 of the Terms of Use:
    Blizzard Entertainment -> Legal -> Terms of Use
    A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.
    Thank you for respecting our position on this matter.
    ================================================== ================================================== ==============
    ** We request that you verify your legitimate ownership of the account here:
    <non-blizzard phishing link removed>

    Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.If you are unable to successfully verify your password . using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.

    Regards

    The World of Warcraft Support Team Blizzard Entertainment
    If you receive one of these emails, IT IS NOT LEGIT - IT IS A SCAM!


    Moral of the story:
    1) The "Offer Wall" is bad news to even VIEW, nevermind click.
    2) Turbine is willing to give away your email address and account login name to known scammers and fraudsters without asking you.
    3) Use strong passwords. Here's a password strength checker.

    This concludes your public service announcement.
    Last edited by Gol; 04-14-2010 at 07:44 AM.

  2. #2
    Community Member
    Join Date
    Oct 2009
    Posts
    13

    Default

    That also simplifies phishing attacks a lot. When they have your username and e-mail address, they can send you mail with following information:

    Hi Username,

    You account needs e-mail address verification due the bug in our system when you created you account. Please, login to the following address: ...ddo.com/xss_buggy.php?redirect_to_another_place=ad35rfwe35 6tygwweg48t5uecnguseuiyb4su34h780wtydbsegfngsefuio ytse

    Sincerly,

    Techsupport


    and how many wouldn't log in if the url looks like that when you click it? How many would notice that the traffic is not directed to DDO.COM but to some attacker's site? Quite a few I bet.

  3. #3
    Community Member Visty's Avatar
    Join Date
    Jun 2009
    Location
    Germany
    Posts
    8,971

    Default

    you should repost that in the free forums, just so those can respond too
    Love Life of an Ooze: One ooze. Idiot hits ooze. Two oozes.
    0
    *insert axe*
    o o

  4. #4
    Founder Gol's Avatar
    Join Date
    Feb 2006
    Posts
    6,122

    Default

    Quote Originally Posted by Visty View Post
    you should repost that in the free forums, just so those can respond too
    Good idea. Will do.

  5. #5
    Community Member
    Join Date
    Jul 2009
    Posts
    351

    Default

    This seems like a good place to extol the virtues of a strong password definition of a strong password.

    No security system is absolutely foolproof, but building and using a strong password is your best defense to keep your account from getting hacked.

  6. #6
    Community Member Newtons_Apple's Avatar
    Join Date
    Mar 2006
    Location
    Stalking Tab.
    Posts
    1,691

    Default

    Quote Originally Posted by Gol View Post
    Public Service Announcement

    When you view the "Offer Wall" (and no, I will NOT provide the link), Turbine sends the email address tied to your account as well as your DDO billing/launcher username over the Internet UNENCRYPTED.

    The following was captured using a HTTP debugger:

    Sent to content.turbine.com
    GET /sites/my.ddo.com/ultimatepay/TurbineProvider.php?accountname=(your_username_here)&email=(your_email_here)&userid=cmpncfdk4lttt3knpehqlt3ey&hash=752c9dea8cb ebedd14b69f5807b64941
    HTTP/1.1

    As long as you are using a standard browser (IE, Firefox, Chrome, Safari, etc), the offers do not have direct access to this information. However, that's by browser implementation. The data is still going out unencrypted.

    Here's what is actually sent to get offers when you view the page:

    Sent to www.ultimatepay.com (albeit over https)
    GET /app/api/live/?sn=TDDO&method=StartOrderFrontEnd&display=OfferPa nel&accountname=(your_username_here)&email=(your_email_here)&userid=cmpncfdk4lttt3knpehqlt3ey&hash=752c9dea8cb ebedd14b69f5807b64941
    HTTP/1.1

    At this point, Turbine has already given the offer provider your DDO account name and the corresponding email address. Expect to get spammed just for viewing the offer wall. Also, don't be surprised if your DDO account is hacked. Turbine just gave away half of the data (the username) as well as the email it's tied to.

    Moral of the story:
    1) The "Offer Wall" is bad news to even VIEW, nevermind click.
    2) Turbine is willing to give away your email address and account login name to known scammers and fraudsters without asking you.

    This concludes your public service announcement.
    Wow. Do Turbine devs use Telnet to remote into their workstations from home? Probably not. In fact I'd bet money they VPN over IPSec.

    When I get home I'm gonna vmware a dummy OS and wireshark myself from a dummy account- I need to see this to believe it.
    "Our character is what we do when we think no one is looking."
    Officer of Aces over Kings, Argonesson - Elmo, Marin, Ganelon, Sevollas, Seda, Camerone, Amdr, Ganelonn, Fozzie, Misspiggy

  7. #7
    Community Member Lorien_the_First_One's Avatar
    Join Date
    Dec 2006
    Posts
    17,767

    Default

    Well I've decided I no longer trust Turbine with my email address. I've just redirected my Turbine account to a hotmail account I never check that I use only for opening accounts from webpages that require one. Any future Turbine surveys or store offers will never be seen by me, oh well.

  8. #8
    Community Member Unreliable's Avatar
    Join Date
    Sep 2008
    Location
    www.youtube.com/DDOZonixx
    Posts
    1,256

    Default

    damn, too late for me i had to click the offer wall thing to see what it was...

    Is there any chance your in game characters, items, etc are compromised by this program?

  9. #9
    Founder Gol's Avatar
    Join Date
    Feb 2006
    Posts
    6,122

    Default

    Quote Originally Posted by Newtons_Apple View Post
    Wow. Do Turbine devs use Telnet to remote into their workstations from home? Probably not. In fact I'd bet money they VPN over IPSec.

    When I get home I'm gonna vmware a dummy OS and wireshark myself from a dummy account- I need to see this to believe it.
    Yeah, well, they obviously have mine, now. I had Fiddler2 installed already, so I just used that. It auto-decrypts SSL traffic.

  10. #10
    Founder Gol's Avatar
    Join Date
    Feb 2006
    Posts
    6,122

    Default

    Quote Originally Posted by Unreliable View Post
    damn, too late for me i had to click the offer wall thing to see what it was...

    Is there any chance your in game characters, items, etc are compromised by this program?
    Not those specifically, no. However, if you have a weak password and they try to brute force crack it, any of those things are implicitly vulnerable. If they do the same thing to your email password, then all bets are off at that point.

  11. #11
    Founder
    2015 DDO Players Council
    Lerincho's Avatar
    Join Date
    Jan 2006
    Location
    Lubbock, Tx
    Posts
    7,055

    Default

    So looks like Turbine decided that "hey you know Coca-Cola did well with new Coke". We need something to top that as the greatest marketing failure in US History.

    Way to go Turbine. You're the roxor
    The Great Gnome Conspiracy was here!

  12. #12
    Community Member Eladiun's Avatar
    Join Date
    Nov 2006
    Location
    Rhode Island
    Posts
    5,298

    Default

    I just posted this link on another thread but it really applies here...

    http://articles.techrepublic.com.com...1-5034877.html

    ...I have your email address, your username, now why don't you fill out a couple harmless surveys.
    “If at first you don't succeed, keep on sucking till you do succeed.”

  13. #13
    Community Member KingOfCheese's Avatar
    Join Date
    Nov 2007
    Posts
    2,529

    Default

    There's no need to worry here--I hear that the Offer Wall is being administered by a super-safe and reliable "company" from Nigeria.

    I trust them completely. In fact, I'm going to be traveling there later this week to pick up my billion dollars of inheritance I didn't previously know about. Not sure why they wanted to confirm that I had two kidneys--probably just health conscious--just like they are security conscious
    INFERUS SUS Sorcs (Socky, Sockie, Socklin), Rogues (Sockpuppet, Sockum), Clerics (Sockington, Sockase), FVS (Sockle), Intim (Tubesocks), Bards (Sockdolenger, Sockish), Rangers (Sockin, Sockel), Wizzy (Sockut), Kensai (Sockt), Monk (Sockfist), Arty (Sockficer, Sockcraft)

  14. #14

    Default

    This is both shameful that this is being sent in the first place, and TERRIBLE security policy. At least make people opt-in to sending their info, and let them know what info is going to be sent before-hand.

    We need privacy settings, and we need them yesterday.
    For the latest DDO info how, where, and when you want it...
    DDO Reports: DDO. News. Now.
    For instant updates (even on your mobile device), follow DDO Reports on Twitter.

  15. #15
    Community Member
    Join Date
    Feb 2008
    Location
    your moms house
    Posts
    1,252

    Default

    nice, turbine. epic fail. thanks for sending more good friends and players towards the door. you really should listen to the playerbase once in awhile. this is gonna hurt your income greatly. so what if you got a million new players. the vets are leaving, and the new players are leaving as well. after time, you wont have anyone to support you or your game. or your wallet. with this marketing failure, you prolly should have stayed with atari
    woundweaver 20 cl woundcleaver 20 barb woundbleeder 17 barb woundreaver 20 ftr woundheal 18 cl
    woundedsoul 20 fvs woundedfist 20 monk woundshadow 20 fvs woundtoaster 20 wiz woundtusk 15 monk

  16. #16
    Community Member
    Join Date
    Feb 2008
    Location
    your moms house
    Posts
    1,252

    Default

    Quote Originally Posted by Demonfire View Post
    And so far no Turbine P.R. came in to show the tip of there nose?
    because its brown. it has to be, to explain this screw up, and still have a job.
    ive been reading the posts in several threads, and the founders, vets, and newbies are ALL pi$$ed about this. it also explains why nobody from turbine has responded. turbine tends to be silent when they screw up, which is why they are silent about alot of things. its "super secret" as they like to say. those who have been here awhile know the motions to expect from turbine. its really no surprise.
    Last edited by woundweaver; 04-13-2010 at 10:09 AM.
    woundweaver 20 cl woundcleaver 20 barb woundbleeder 17 barb woundreaver 20 ftr woundheal 18 cl
    woundedsoul 20 fvs woundedfist 20 monk woundshadow 20 fvs woundtoaster 20 wiz woundtusk 15 monk

  17. #17
    Community Member Lorien_the_First_One's Avatar
    Join Date
    Dec 2006
    Posts
    17,767

    Default

    Quote Originally Posted by Demonfire View Post
    And so far no Turbine P.R. came in to show the tip of there nose?

    Well this is just Turbine as usual... bad PR (except when its non-important topic) and devs who obtained their degree in craquer jack box!
    Someone did in the original thread. They told us just not to trust the sites they were sending us to but that they did it because ppl wanted free TPs.

  18. #18
    Founder
    2015 DDO Players Council
    Lerincho's Avatar
    Join Date
    Jan 2006
    Location
    Lubbock, Tx
    Posts
    7,055

    Default

    Quote Originally Posted by Lorien_the_First_One View Post
    Someone did in the original thread. They told us just not to trust the sites they were sending us to but that they did it because ppl wanted free TPs.
    do not think trading personal information (SSN, CC, email, account log in information) for "free" Turbine points is a trade worth making. It's not free considering the costs that can be associated with it.
    The Great Gnome Conspiracy was here!

  19. #19
    Community Member
    Join Date
    Sep 2009
    Posts
    464

    Default

    You wouldn't by chance have a link to that thread? I think in all this insanity it would be a good read for some folks.
    Last edited by Tolero; 04-13-2010 at 10:40 AM.
    Sorentia d'Kil'ndar ~ Drow Paladin lvl 20 ~ Sarlona Server; Xercia Yokosuka ~ Human Fighter level 7 ~ Sarlona Server~ Sarlona Server; Xercia ~ Elf Fighter level 12 ~ Khyber Server

    When all else fails, blame the smurfs!

    They can make airships, towers floating in the air, but they never think of adding handrails in places like this (Exert from a Hound run from one of our party members)

  20. #20
    Community Member Krag's Avatar
    Join Date
    Sep 2009
    Posts
    2,432

    Default

    disgusting
    Osmand d'Medani, Stonebearer Eric, Wardreamer

Page 1 of 5 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload