Accounts can no longer be locked
So in case other people haven't noticed yet - you can no longer use passwords which include special characters.
Doing so locks the account so that it could not be logged into until the password was reset via email (because the login script doesn't recognize special characters, so even if the hacker knew the whole password it was still useless).
AKA: Despite the MANY and MASSIVE security issues maple has had this year, leading to THOUSANDS of accounts being destroyed, it was the ONE THING that kept accounts safe, despite maple's failures.
Now, it's been "fixed" so that you can no longer create such passwords.
The only question left to ask: Why?
December 20, 2011
9 Comments • Newest first
[quote=myrdrex]The only time any passwords were even remotely plausibly 'given out' was when there was a SQL injection attack that caused Nexon to implement PICs (switched from PINs). Since then the silly rumors about websites given out passwords and such are inane rumors that have no basis in reality. They aren't even stored or retrieved fromt he database, much less sent to the client in any form. They are 1-way hashed and the hashed value is checked by the DB for a match. It's never retrieved.
Don't believe every silly rumor you read.[/quote]
My account was hacked, I didn't believe the silly rumors until I got hacked without compromising my account in any manner whatsoever.
The point is, whatever the method was, hackers were able to access accounts without the owners doing anything wrong.
@hotspot dude: Ok, I get it now. It uses the IP to get your account deactivated. So it basically is like the lock. <3 h8 having to download anything but atleast it got my boyfriend to stop freaking out. lav u hard right now. P:
[quote=KnightTale]Because Nexon wants you to get hacked so you have to spend more money to restart a new account! [/quote]
what he said^^^^^^^^^^^^^
[quote=ReesaMapler]
Edit: It wasn't "brute forcing", something in the coding was GIVING OUT passwords. It only required 1 try.
And frankly, I don't believe I can ever trust maple's security measures ever again.[/quote]
The only time any passwords were even remotely plausibly 'given out' was when there was a SQL injection attack that caused Nexon to implement PICs (switched from PINs). Since then the silly rumors about websites given out passwords and such are inane rumors that have no basis in reality. They aren't even stored or retrieved fromt he database, much less sent to the client in any form. They are 1-way hashed and the hashed value is checked by the DB for a match. It's never retrieved.
Don't believe every silly rumor you read.
[quote=ReesaMapler]If I understand correctly that method works by keeping your information locked via the hotspot server.
So technically, under your alternative, it's still possible to get hacked.
Man.. Why does maple have to mess everything up..
Edit: It wasn't "brute forcing", something in the coding was GIVING OUT passwords. It only required 1 try.
And frankly, I don't believe I can ever trust maple's security measures ever again.[/quote]
You can get hacked only if the one hacking you got access to your e-mail, the account can't go under any changes as long as it stays disactivated. Only way of accessing your account when it's been disactivated is to check your e-mail for reactivation link.
What the method does is something Nexon implanted a while ago which is an IP check and they have a list of suspicious IP's that will disactivate your account if you try to log in with any of them. Once it's locked you can't get on no matter what you do.
To people above there were many rumors about how people were able to hack accounts, however people are still getting hacked without having any info changed therefore locking your account is still a way to protect yourself against such threat.
[quote=fallingrain]Brute forcing isn't the way hackers got accounts. It's another way, that somehow also bypassed the PIC.[/quote]
Without a password, any PIC bypass doens't work.
Besides, mythical PIC bypass was a rumor a year+ ago- it's long dead. Without your password, they aren't getting in. That's why account locking was good if you had an absurdly stupid password and was worried about someone cracking it.
Now cracking is effectively impossible given the delay after X login attempts.
From product reviews, it sounds like that method works by keeping your information locked via the hotspot server.
From your own description, it sounds like hotspot only blocks YOU from accessing the account, because you have a banned IP. If that is the case, though, that would not prevent someone with an unbanned IP from accessing the account elsewhere...?
So technically, under your alternative, it's still possible to get hacked.
Man.. Why does maple have to mess everything up..
Edit: It wasn't "brute forcing", something in the coding was GIVING OUT passwords. It only required 1 try.
And frankly, I don't believe I can ever trust maple's security measures ever again.
There's no need. They implemented a wait period after so many invalid logins. That completely eliminates the need for account locking since brute forcing is no longer viable.
If someone has a keylogger on your machine, account locking was pointless anyways, since they could also get your email password when you went to unlock the account.
[url=http://www.basilmarket.com/forum/2288067]Right hur my friend.[/url]
There is another method using HotSpot I believe it was called? Just search it up there was a topic about it recently.