0.9.13m Patch Notes

"

Xendran wrote:

"

And usually account thefts in Onlinegames start with dmub fucks giving out account information

fixed

Come play races damn it :p

That's because some fanpages got incredible choices in admins and mods that got access to mailing lists and spam your e-mail.

And those people falling for such cheap scams also fall for "Inheritance from Nigerian King"
nothing to do with hacking.

"

Is overhanded hackery okay? Like, if I think I can exploit something, can I tell you I'm going to try it and let you know if it worked?

I highly doubt that GGG will catch any of the real hackers, those hackers hacked several games already and know what to expect.
As long there are no public hacks(code injection) there won't be real bans.

It's more likely they have to add pixelscan bot protection that run for example fellshrine ruins with cheap builds for 20hours and then play for 4h every day.

So most likely most bans that will happen will be players that abused a bug that heavily affects gameplay like duplicating items without a mirror.

Will and when GGG team introduce us with major skill and passive tree changes before OB? Many people would like to know what are you planning to change, balance.

"

hellzer wrote:

Will and when GGG team introduce us with major skill and passive tree changes before OB? Many people would like to know what are you planning to change, balance.

Chris did say that he might reveal the partial patch notes for 0.10.0 sometime this week, if it is ready tough.

"

Chris wrote:

"

"

tpapp157 wrote:

Yes. Chris flies into California tomorrow (Saturday, Jan 12) morning local time. He'll stay for a few days meeting with a lot of journalists and showing off the latest alpha build of 0.10.0.

Expect a lot of different articles and previews to start coming out in the lead up to Open Beta.

Oh so I guess he's not revealing the partial patch notes for 0.10.0 this week then?

Still probably going to when they're ready!

Just found the list of 0.10 alpha patch notes. So far I could say its ridiculous and stupid. Lightning strike untouched, Lightning Arrow even gets better damage with little nerfs that not even change mainly anything and yet Rain of Arrow, the skill not used by anyone gets even less damage effectiveness! Wtf? Who cares about 20% arrow speed and radius when the damage is crap like hell already.

If the final patch notes will be less or more the same - Failure.

LOL! I love everyone's "mmmm tasty salted hashes" comments :D I have a Masters in IT Information Security so I can really appreciate the humour. In any event, no security is 100% but having a good anti-virus/firewall that does heuristic checks against programs and vigilently guarding your usernames and passwords is a good start :)

@Hilbert:

"Still adding encryption in a small patch will only giving hackers the advantage to get the functions they need, without having invest much time to find the correct function.


And usually account thefts in Onlinegames start with infecting users,sql injection or an easily accessable database.

It would be better to use hardwareidentifiers or unique verficationcode from send from the server to protect unauthorized access."

Nah, SQL-Injection is so yesterday lmao!! More competent crackers (the proper term and not hackers; hacker means something different) will use Cross-Site Request Forgery (CSRF)if they want your gaming account badly enough. But fortunately today, 95% of the so-called crackers out there are nothing more than script-kiddies who wouldn't know the differce between a "hex code" and an "int" lmao!!

"CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application."

Also, the CSRF sploits are obfuscated on the web page so you don't know, nor won't see, that you're actually clicking this and compromising your information. The web is the wild, wild west folks - remember that :D

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

O.o is very good this would be a good upgrade if you build up new bosses for not fun? a difficulty or a type of boss so that's to kill a bunch of people: D would be great

I'd like to see a HMAC or encryption used for the S->C patch server packet which provides the directory list to the client. The client should verify that the directory sent is the same as it requested and that any file it downloads over HTTP have a matching hash. This is to prevent a man-in-the-middle where an attacker can provide it's own executables to download.

test

"

Chris wrote:

"

Dreggon wrote:

Encryption?

Can you tell us just what sort of underhanded hackery we're allowed to get up to in Closed/Open beta?

We're preparing the banhammer for people who engage in underhanded hackery in OB :P

Technically not an answer to the question. :P