Excellent info. I will begin work on a new application with this information you provided.
-
10-08-2013, 04:10 AMOne_Time
-
10-08-2013, 04:20 AMAlhanelemThat's just because the devs speak japanese, so it's much easier for them to communicate. That does NOT however mean that stuff doesn't get read on the NA forums nor does it mean that our excellent community reps don't communicate any of our concerns to them.Quote:
Ask Reinhart just how much more gets posted in the JP threads from the devs than the English ones, looking over everything he's translated we get about 1 post for every 3 they get even though we have the exact same topics over here(some of which are just as high profile to all countries and not just Japan).
-
10-08-2013, 04:35 AMEbon_Drake
Why hack anyone? Just look at your session ID and then using some common sense write an application that generates random session IDs and tests them against the server for validity reporting back which ones are good.
Seems apple got into trouble with this a while back and whomever discovered it got in a load of trouble if I recall.
SE Fix this please. -
10-08-2013, 04:39 AMTaranTatsuuchi
Wow, Yeah gotta agree, this needs fixed fast.
Was not expecting to see a link to my post in here... XDQuote:
Originally Posted by Eekiki
-
10-08-2013, 04:41 AMLadonBecause session IDs are 32 hex digit GUIDs with 2^128 possible combinations. Good luck finding an active one especially since the server isn't going to let you check them at any kind of reasonable rate.Quote:
Originally Posted by Ebon_Drake
-
10-08-2013, 04:51 AMEbon_Drakemy point is it's not impossible.Quote:
Originally Posted by Ladon
How long does it take 20 people, 50 people, 100 people trying this method from as many computers before hitting on 1 valid ID that doesn't belong to them. Are you suggesting that since it took so long to get one ID that it's ok? Is it fair to the person whose account they stole?
It shouldn't be possible at all. -
10-08-2013, 04:54 AMLadonHow long? Uh, many, many years. I don't think you realize the magnitude of the probability we are talking about here. Do you realize how many of the 2^128 GUIDs are actually active at the moment? What a million at the very very most? That's a .000000000000001% chance you are going to hit an active GUID.Quote:
Originally Posted by Ebon_Drake
Social engineering people into giving you their credentials is going to be far more successful then trying to brute force a 32 digit HEX GUID. -
10-08-2013, 05:00 AMEbon_DrakeWell I guess we're safe then, whew.. That's a load of my back.Quote:
Originally Posted by Ladon
-
10-08-2013, 05:01 AMFahzewnRift was bad for the first month or so. Same thing like this one...a player found it and explained it. They were bypassing the Log-In screen pretty much as well.Quote:
Originally Posted by Livilda
-
10-08-2013, 05:07 AMTsukki
wow....... yeah this is bad... very bad... This needs to be sorted out asap, like right now! *bump*