- May 31, 2005
- 171
- 0
- 62
Any online game could stop hackings really. I don't understand why none do.
This isn't something I'm suggesting to server owners (or something any of us could do) -- but it is on the subject of Mir, so I thought I'd post here.
There's two parts to it:
1) The Login Bit
Passwords that aren't lost through giving them away or typing them into a website etc (stuff you can't stop, but can avoid) are lost through keyloggers. These are the vast majority of hackings.
We could have an ID, a password, and a 4 digit pin that we click not type.
When the password field has been selected, also, the application could fire loads of random keypress events. It itself ignores any keypress events during the precise times that it's sending false keypress events. Very occasionally you might have to type one letter of ur pasword twice... not a big price to pay.
Then use encryption that encrypts packets based on the time of the event, the IP, or both, so even with a keysniffer replicating the exact packet flow, you couldn't get access.
This really wouldn't be hard to do. I could code a PHP version of this myself.
The Second Bit
Most people play on broadband. You should be able to set an option in your account to have access only for your IP (or PC serial code, or both).
Changing this option requires some additional varification that obviously you don't use on a day to day basis.
Maybe if we all emailed Mir/Wemade, they'd get something like this put in. Tired of pointless hackings.
This isn't something I'm suggesting to server owners (or something any of us could do) -- but it is on the subject of Mir, so I thought I'd post here.
There's two parts to it:
1) The Login Bit
Passwords that aren't lost through giving them away or typing them into a website etc (stuff you can't stop, but can avoid) are lost through keyloggers. These are the vast majority of hackings.
We could have an ID, a password, and a 4 digit pin that we click not type.
When the password field has been selected, also, the application could fire loads of random keypress events. It itself ignores any keypress events during the precise times that it's sending false keypress events. Very occasionally you might have to type one letter of ur pasword twice... not a big price to pay.
Then use encryption that encrypts packets based on the time of the event, the IP, or both, so even with a keysniffer replicating the exact packet flow, you couldn't get access.
This really wouldn't be hard to do. I could code a PHP version of this myself.
The Second Bit
Most people play on broadband. You should be able to set an option in your account to have access only for your IP (or PC serial code, or both).
Changing this option requires some additional varification that obviously you don't use on a day to day basis.
Maybe if we all emailed Mir/Wemade, they'd get something like this put in. Tired of pointless hackings.