Security Update Discussion

First Riot Post
Comment below rating threshold, click here to show it.

Just Mid

Member

08-20-2013

I have some questions. Why were/are mods deleting all threads relating to this topic/the threads that the hacker posted on? Why are mods allowed to ban whomever they see fit without there being any real rules on this forum? Why aren't there rules on this forum?


Comment below rating threshold, click here to show it.

Rausdower

Senior Member

08-20-2013

So how long is it gonna be until you contact the users with CC info stolen by the hacking? I'd seriously quit this damn game if it made a damn difference. So much BS lately.


Comment below rating threshold, click here to show it.

Comonad

Senior Member

08-20-2013

Fairly important question for riot:

What hashing mechanism/how many rounds were used for passwords?


Comment below rating threshold, click here to show it.

Tyr Howl

Senior Member

08-20-2013

Ok I dont want to reset my password, A)
B) if you wanted to have more security, ummm make it so
your password isnt remembered when you log in.

Having us to change our passwords, wont do an damn thing.
other then piss off all the users that have had their password
for 3 years or more. And that havent had any problems what so ever.

You have made things more complicated now, Way to go


Comment below rating threshold, click here to show it.

VoodooSnake

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

Quote:
Originally Posted by Rausdower View Post
So how long is it gonna be until you contact the users with CC info stolen by the hacking? I'd seriously quit this damn game if it made a damn difference. So much BS lately.
from this thread.

"Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then. We are taking appropriate action to notify and safeguard affected players. We will be contacting these players via the email addresses currently associated with their accounts to alert them. Our investigation is ongoing and we will take all necessary steps to protect players."
it's a nominally small amount of CC info. and it will take time for them to sort this stuff out. Security records are not the easiest thing to drudge through. Patience friend.

Also to everyone who is upset with the forum mods deleting all related posts, it's called damage control. Having 1 single thread to inform people is far better than having over 9000 threads trying to scare people into financial lock down.

Quote:
Originally Posted by Tyr Howl View Post
Ok I dont want to reset my password, A)
B) if you wanted to have more security, ummm make it so
your password isnt remembered when you log in.

Having us to change our passwords, wont do an damn thing.
other then piss off all the users that have had their password
for 3 years or more. And that havent had any problems what so ever.

You have made things more complicated now, Way to go
Actually, if they have your password now, and you change it to something else, then they don't have your password anymore. so it does do something other than piss off... wait, changing your password is something that pisses you off? you need therapy.


Comment below rating threshold, click here to show it.

TornadoOfBees

Senior Member

08-20-2013

Why can we not use spaces in our new passwords? A passphrase is more secure than a random jumble of characters, and is significantly easier to remember. Something along the lines of "Teemo had 13 turtle mushroom babies mayonaise" is infinitely more secure than !Teemoturtlebabies1234!. Yet the first is an invalid password and the second is acceptable.


Comment below rating threshold, click here to show it.

Scythul

This user has referred a friend to League of Legends, click for more information

Recruiter

08-20-2013

You need to update your definition of a "strong" password.

Name:  password_strength.jpg
Views: 258
Size:  179.3 KB

http://xkcd.com/936/


Comment below rating threshold, click here to show it.

orghak 6

Member

08-20-2013

Bump for truth


Comment below rating threshold, click here to show it.

MobocracyPanda

Junior Member

08-20-2013

Quote:
Originally Posted by Chager View Post
@FrozenXylaphone - because the folks that crafted the message know best I'm going to quote this directly from the news post

"What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft."
I have a question here. Do you actually mean it's unreadable or are you just exaggerating a bit? I don't know how they obtained these things, in what way, ect. Is it readable if they have the right tools, or just unreadable no matter what is done?


Comment below rating threshold, click here to show it.

AnonTwo

This user has referred a friend to League of Legends, click for more information

Senior Member

08-20-2013

Quote:
Originally Posted by Misread View Post
I have some questions. Why were/are mods deleting all threads relating to this topic/the threads that the hacker posted on? Why are mods allowed to ban whomever they see fit without there being any real rules on this forum? Why aren't there rules on this forum?
it more than likely has to do with the people who instigated the hacker and actually had their accounts taken.

I remember frosthaven (FEK developer currently) said that most forum users really can't do anything about this, and it's better to just not make a target out of yourself.


The mod questions are good, but really shouldn't be tied to this case.