Hacked with a GoldCard .... !?

[jod]

Quote:

Originally Posted by Centech

Dont Necro Eighteen Month Old Posts!!!!!!!!!!!!!!!!!!!!!!!

The post was necro`d because the exact same issue appeared to be happening again..

A brand new thread would have just be met with a chorus of 'Search is your friend'

[Lykke]

ahhh old thread

Thanks for all concerned people - also the very nice pm's I got. I understand a lot of people have been experiencing the same and LUCKILY !!!! it's just another little glinse of the dynamic in this Universe

Nothing's been hacked here - VF's account is doing fine !

STILL remember to get that GC though

Thanks

[endermigne]

Quote:

Originally Posted by jod

The post was necro`d because the exact same issue appeared to be happening again..

A brand new thread would have just be met with a chorus of 'Search is your friend'

Brilliant!

[Ragnor]

I was visiting a friends house recently and we were playing EU on side by side computers. Another friend came to attend a barbecue and whilst he was there his character logged on and off. The log in and out of his character showed on the computer I was using but not on the one right next to us the other person was using. So, don't worry, its prolly some sort of ghosting bug.

[hojlund]

I know this is a old thread and all, but i have experiencing that my first goldcard code is being rejected as incorrect, even tho i am very carefull to write it correct and took notice that it was correct. Is this linked to some glitch in the system too, or has my computer been comprimised and people trying to break the code 1 try at the tiem... have experienced this 3-4 times now in a couple of days. all the times in periods were i have been logged of for a longer period.

[Raffaele Meiers]

Quote:

Originally Posted by Bear

Look at this, its from the manufatur of the GC (http://www.todos.se)

The GC "Generates" a one time password (the number you have to type in).
This number will be veryfied by a MA server, but how this works, i don´t know. But i will take a guess...

First, since Todos claims the OTP (one time password) is "Generated" there is no static list of OTP on the GC. Else, you could run out of new keys.
The OTP will depend on your GC-Number (on the back) and this number will set the algorithm for generation. The same is done on an MA server.
Now every time you login, the MA server will check if the number is valid. Since there are only 6 digits, this system would not be very secure. This is because any random number will be valid within time.
But the GC system and the keys depend also on the last key you used. This "last" key togther with the number on the back will have the biggest influence on the algorithm for the key generation.
It will not be very hard (with some extra hardware fx.) to "hack" the GC IF you know the cardnumber. BUT a hacker will have to know how many times you have allready used your card and he/she will only have 3 trys to find out or the card will be locked.
Together with the normal Login name/password i would say this system is very secure (but not bulletproof) unless the MA server gets hacked.

I would not worry too much about a GC hack...

Absolutely not true, if someone can place a keylogger onto your PC he also can place a fake entropia.exe on your computer which displays the login screen and ask for login, password and after that for your GC number then displays the Server Maintenance screen and sends the collected informations to the hacker.
He has now everything to log into EU without accessing your GC. He even could let his program repeat it to get a second number or use the first one to change account information on Entropia Website etc.

So with GC the security from script kiddies is improved but a real programmer will circumvent this GC security very quickly.

[jod]

Quote:

Originally Posted by Raffaele Meiers

So with GC the security from script kiddies is improved but a real programmer will circumvent this GC security very quickly.

They first have to know the exact logarithm(not sure if this is even the right word) being used by the GC company to generate the codes...

I`ll see if i can explain it....

In the GC reader is a set mathematical equation that gets applied to your unique gold card number each time you swipe it.

So lets say that a is a number unique to your card and b is the last number generated.Those numbers are then applied to the set equation inside the card reader.
So for simplicity sake lets say that equation is 10a+b and the last 6 digits in the result is your new code.

This way all codes generated will be unique to your card and dependant on the previous code generated.Now for you to know what the next generated code is going to be you need to know 3 things...


1.You`ll need to know the unique number pertaining to the card you wish to hack and exactly how it fits into the equation.

2. You will need the last generated number from that card if it has been used as it wont be at the default start number anymore.

3.Lastly and most importantly.....The security logarithm being used...Do a quick google on these if you think they are easy.It would take many millions of consecutively generated numbers being filtered through a super computer to reverse engineer the good ones.

i`m not saying it cant be cracked but with the effort and computing power needed to do it i dont think EU will be first target

[Hally]

Deus ex machina

Seriusly this bug has bugged me hard several times where i thought ppl where ignoring me (for a guy with attachment issues its downright cruel )

[Raffaele Meiers]

Quote:

Originally Posted by jod

They first have to know the exact logarithm(not sure if this is even the right word) being used by the GC company to generate the codes...

I`ll see if i can explain it....

In the GC reader is a set mathematical equation that gets applied to your unique gold card number each time you swipe it.

So lets say that a is a number unique to your card and b is the last number generated.Those numbers are then applied to the set equation inside the card reader.
So for simplicity sake lets say that equation is 10a+b and the last 6 digits in the result is your new code.

This way all codes generated will be unique to your card and dependant on the previous code generated.Now for you to know what the next generated code is going to be you need to know 3 things...


1.You`ll need to know the unique number pertaining to the card you wish to hack and exactly how it fits into the equation.

2. You will need the last generated number from that card if it has been used as it wont be at the default start number anymore.

3.Lastly and most importantly.....The security logarithm being used...Do a quick google on these if you think they are easy.It would take many millions of consecutively generated numbers being filtered through a super computer to reverse engineer the good ones.

i`m not saying it cant be cracked but with the effort and computing power needed to do it i dont think EU will be first target

Best is go back to read my post and then try to answer again, OK?

For your convenience here the relevant part:

if someone can place a keylogger onto your PC he also can place a fake entropia.exe on your computer which displays the login screen and ask for login, password and after that for your GC number then displays the Server Maintenance screen and sends the collected informations to the hacker



So no need to crack any algorithm, not logarithm

Are you a script kiddy? - LOL just jokeing

[Auktuma]

to "hack" you need just 3 consequtive codes? That could be possible to do with keylogger. Save your computer and save your GC - if you still have it that dont means that some1 used to get 3 codes from it.

"ghosts" are scarry if happen. Doesn't that mean that server "established" connection to some IP? That could be no fun to me if some guy overseas will reincarnate into Auktuma by accident choice of his IP .