Results -9 to 0 of 132

Threaded View

  1. 10-08-2013 02:46 AM #11
    Flarestar
    Player
    Flarestar's Avatar
    Join Date
    Aug 2013
    Posts
    70
    Character
    Flarestar Bladesinger
    World
    Malboro
    Main Class
    Warrior Lv 70
    Quote Originally Posted by Eekiki View Post
    The fix is simple. All SE needs to do is encrypt the session data. And don't give us the "memory limitations" or "server resources" excuse. Encrypting the session data generates a negligible amount of overhead.

    Am I the only one who thinks that some of the companies SE outsourced their programming to are in cahoots with RMT sites? There seem to be a TON of obvious backdoors. It's very strange that the RMTs were able to almost immediately take over the economy.
    Um. Encrypting the session data is fine but does nothing against MITM attacks.

    The second part of the fix is making the one-time use code expire properly. Those codes should NOT stay valid for more than a very, very brief time window. That's how you protect against MITM. It's still not foolproof if they're fast enough, but it drastically cuts down on your vulnerability.

    Edit - Also IP binding. That's spoofable, particularly if you already have a MITM situation, but it at least helps.
    (1)
    Last edited by Flarestar; 10-08-2013 at 02:48 AM. Reason: Correction.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »