Still waiting

is that about accounts IDs?

saidin likes to troll with us

It's not exactly something to panic over. Your password is your security, not your username.

kjaogf5 wrote: »

they both are idiot

If the username was really intended to be secure and secret, it wouldn't display it at the top of the page every time you logged in on the website. It also wouldn't be easily accessible in local Crossfire files whenever you log into Crossfire if it were supposed to be secure.

'TryAgain wrote:

Oh;3639736']I think they will not announce, because many dont know about it, and if announced it may create even more panic.

We're still assessing the outreach.

There's a difference between discussing things here in the community, or posting to the website etc.

The loophole was most definitely closed, and it is a concern. However, if a player has a login ID and nothing else, then it is still impossible to actually gain access to the account unless additional information was shared.

We don't want to take an alarmist position here with this, as TryAgain has pointed out. However we do want to assure those who are concerned that their accounts remain safe.

Finding the best way to do this is what we're doing at the moment.

zealot3333 wrote: »

You are the one who doesn't know anything about computers. Nobody can "brute force" a password with a username. There is no secret program or "hack." If you lose your acc, its because you downloaded a program with a key logger or gave your details to someone,

You definitely have no clue of what this is even about,this was glitched(confirmed by a Mod) Saidin responded to the post about it. If you have a user name you can use that for the user name of the brute forcer and crack the password with a dictionary or brute force. You say brute force programs dont exist?You are 100 percent wrong, brute force programs exist,so stop acting like you even know anything about this side of computing. It is very much possible to lose an account by someone brute forcing,granted not all accounts will be stolen by brute force but it is still able to be done. I know some members of crossfire more than likely gave out their information,however never rule out the possibility that some accounts were brute forced.

Just to clarify so you will understand fully of how a brute force attack works,it works easier if you already have a user name(less work)and not only that most use simple passwords so they do not forget. You input there user name browse for a dictionary that if you are 1337 will have on your computer. There are many times of brute forcing,http,form,ftp,telnet,ect.
Still dont believe me? Then search Google more than enough information for you there,or find a forum that hacktivist regularly visit. Not mentioning any sites,do the research.

Also remember your log-in for the game is the same as your log-in into the forums see that http in the main search pane,you know what this means? It is possible to use http brute force,well enough for today,im sure you'll have some comment about how im wrong cause your Leet or Uber within the hacker/cracker world,I have my badge, do you?


Back on topic,there are a few people waiting on confirmation of the severity of this incident,is Z8games setup to either block the ip when multiple attempts are made to avoid or limit brute force attempts or do they simply time the connection out after a certain amount of log in attempts? If 30 attempts are allowed to be made then if said person does not succeed in gaining password access then they could simply remove those 30 that failed and move on down their list. What we were hoping for is a follow up on [Gm]Sadin saying he would have an announcement in 5 minutes.

[GM]Saidin wrote: »

We're still assessing the outreach.

There's a difference between discussing things here in the community, or posting to the website etc.

The loophole was most definitely closed, and it is a concern. However, if a player has a login ID and nothing else, then it is still impossible to actually gain access to the account unless additional information was shared.

We don't want to take an alarmist position here with this, as TryAgain has pointed out. However we do want to assure those who are concerned that their accounts remain safe.

Finding the best way to do this is what we're doing at the moment.

I was typing at the moment this was posted so I apologize for explaining to one of the posters about how brute forcing works, if you feel that my post may alarm members of the community then by all means remove it.