[<a href='5477.html'>Next Message in Time</a>] | 
[<a href='5475.html'>Previous Message in Time</a>] | 
[<a href='5482.html'>Next Message in Topic</a>] | 
[<a href='5474.html'>Previous Message in Topic</a>] <br/><br/>
<b>Message ID:</b> 5476 <br/>
<b>Date:</b> Tue Aug 24 15:37:36 BST 1999 <br/>
<b>Author:</b> Talies the Wanderer <br/>
<b>Subject:</b> Re: Everquest account security <br/>
<br/><br/>
<div id="ygrps-yiv-97896576">At 03:59 PM 8/23/99 -0700, you wrote:<br/>
<blockquote><span title="ireply"> &gt;<br/>
&gt;I would say if the events you related above are true, then your account<br/>
&gt;has been compromised. From what I can see, your cd key is only used when<br/>
&gt;you create your eq account so all someone would need would be your user<br/>
&gt;id and password for your station account to access your account. <br/>
<br/>
 </span></blockquote>True.  I regularly log on to a friends account to bail him out of whatever<br/>
he&#39;s gotten himself into - all I have to do is change station names and<br/>
passwords.<br/>
<br/>
<blockquote><span title="ireply"> &gt;The first thing I would do if I were you is get an up to date virus<br/>
&gt;checker that can find things like back oriface or the other windows hack<br/>
&gt;utilities out there running on your computer. This is the only way I<br/>
&gt;could see someone getting your password, unless someone has written a<br/>
&gt;password cracking utility for everquest, which could probably be done by<br/>
&gt;anyone with a clue about network programming and a sniffer. This would<br/>
&gt;require that the person running the cracker program knew your station<br/>
&gt;account name, but I&#39;d be willing to bet most people&#39;s is the same as at<br/>
&gt;least one of their character names. Unless Verant were smart enough to<br/>
&gt;write some detection into the station login routine, it&#39;s probably wide<br/>
&gt;open to brute force cracking attempts.<br/>
<br/>
 </span></blockquote>Hrm - I think if there were a brute-force technique Verant would have<br/>
caught on to it, just from the extra login attempts.  Certainly not<br/>
impossible, but highly unlikely.<br/>
<br/>
<br/>
<blockquote><span title="ireply"> &gt;A third possibility is that eq actually stores your password in some<br/>
&gt;file, dispite the fact that you aren&#39;t given a &quot;save my password&quot;<br/>
&gt;option. If this were the case, then there&#39;s lots of web browser<br/>
&gt;exploits, icq expoits, etc, out there that allow people to read files<br/>
&gt;off your hard drive if you install to the default path when you install<br/>
&gt;your games. This crap goes on all the time in Ultima Online. I&#39;ll be<br/>
&gt;interested to see how Verant deals with your case, as OSI was rarely<br/>
&gt;helpful when it happened to users there.<br/>
<br/>
 </span></blockquote>I can verify that this is not the case - as I said, I log into a friends<br/>
account, and were there a password stored, I&#39;d&#39;ve seen it during one of my<br/>
numerous &quot;snoopings&quot; into the EQ directory ;)  What *is* stored is your<br/>
station name, so this is very likely how the name was retrieved.  My bet is<br/>
BO or BO2000, both courtesy of Cult of the Dead Cow.  Back Orifice is<br/>
really really nasty when implemented properly.  As always, abstinence is<br/>
the best protection: never download anything you don&#39;t know for certain<br/>
what it is.<br/>
<br/>
Talies the Wanderer</div>