Cantr II Discussion Forum

The 'Cantr down? Check here' thread is locked so I can't reply there.

If Cantr's security has been compromised by this hacker, myself and the rest of the community NEED to know ASAP if our passwords are also jeapordised. This is an extremely serious matter as some people use the same password everywhere and internet banking etc is at risk, so please advise the Cantr community as soon as possible.

returner wrote:The 'Cantr down? Check here' thread is locked so I can't reply there.

Because it's a strictly announcement topic.

From what I've heard passes are hashed, so the hacker was trying to fish them from players using support mail.

And, honestly, don't you think using same pass for some online game that gives you no real warranty of safety and for your bank account is... kind of... silly?

There is no way of knowing 100% what the hacker got or didn't get.

Using the same password on several places is a big no-no.

I obviously don't, that's why I said 'some people'. But passwords are still passwords and should not be visible to anyone. Good to hear they're hashed.

Thanks for the replies guys.

Probably inappropriate to put here, but has it been considered that a staff member or someone who got to view the code is the hacker? Joo, who created tick timings and may have had a sneak peak at the code, seemed strangely defensive of the hacker..

Miri wrote:And, honestly, don't you think using same pass for some online game that gives you no real warranty of safety and for your bank account is... kind of... silly?

Silly, yes, but he does have a point.
People are people, there will always be someone who pays 5000 dollars/euro's/pounds/whatever for a printed piece of paper saying they now own a piece of the moon.
There will always be someone who uses their name, a celebrity name, or a word easily found in the dictionary or that's in the news for their password in every place they need a password for.

I even know of a few examples where someone has the same password for everything from their router to their online banking to auction sites to games... so as silly and as no-no as it is, it happens.

Returner, even hashed data can be crunched into simple readable data but depending on which hashing is used, it can and should take long enough to take the wind out of the sails of any wanna-be hacker (scriptkiddies we called them in my days), though for a real hacker itr would just be another reason to do it - a real hacker would first of all have a few reasons to try and get into a system, whichever those reasons be, and then consider the needed effort and time as an additional reason for having a challenge.
A real hacker wouldn't be bothering with Cantr, unless he/she played the game and someone really pissed them off, but the scriptkiddy-category, they'd be pulling that sort of crap just for the heck of it alright.

returner wrote:I obviously don't, that's why I said 'some people'. But passwords are still passwords and should not be visible to anyone. Good to hear they're hashed.

Thanks for the replies guys.

Probably inappropriate to put here, but has it been considered that a staff member or someone who got to view the code is the hacker? Joo, who created tick timings and may have had a sneak peak at the code, seemed strangely defensive of the hacker..

I've never seen Cantr's code... but I'm glad to see my subtle troll worked.

Hehehe I know it was you Joo!!!

returner wrote:The 'Cantr down? Check here' thread is locked so I can't reply there.

If Cantr's security has been compromised by this hacker, myself and the rest of the community NEED to know ASAP if our passwords are also jeapordised. This is an extremely serious matter as some people use the same password everywhere and internet banking etc is at risk, so please advise the Cantr comunity as soon as possible.

I knew it.

Hustler0ne wrote:

returner wrote:The 'Cantr down? Check here' thread is locked so I can't reply there.

If Cantr's security has been compromised by this hacker, myself and the rest of the community NEED to know ASAP if our passwords are also jeapordised. This is an extremely serious matter as some people use the same password everywhere and internet banking etc is at risk, so please advise the Cantr comunity as soon as possible.

I knew it.

You knew what? There's nothing to 'know' there, it's a statement-question.

wtf is this hacker stuff, i'm reading this on the forum for a long time, what we did to this guy? Why is he attacking?

Ok, i know it was not him that made the green world sleep for a bit, but my curiosity is increasing.

Sorry about my bad english skills.

Illidan wrote:wtf is this hacker stuff, i'm reading this on the forum for a long time, what we did to this guy? Why is he attacking?

Ok, forgive the pun, but it must be said...
We were not prepared!
(WoW joke, for those who do not play it. Illidan's phrase when you encounter him as an end-boss)

Illidan wrote:what we did to this guy? Why is he attacking?

Possibly nothing. Lots of benevolent players have pointed out security flaws in Cantr, and this is one that was malevolent. He's probably just "playing." It's a relatively safe place to test his abilities.

If the GET string wasn't encrypted, it would be easier for regular users to play around and find exploits (and hopefully report them as well). Just because it's encrypted doesn't mean it couldn't be altered since it can be decrypted elsewhere. Also hidden data can be altered, as for example Wiro posted out earlier, so it is or was for example possible to start manufacturing items that aren't released in public because they wouldn't work as one would imagine. I think it would be better to stop sweeping things under the carpet and start thinking about how to fix the holes.

SekoETC wrote:I think it would be better to stop sweeping things under the carpet and start thinking about how to fix the holes.

Well said, Seko

Is there a chance of the world getting reset?