How secure do you feel regnum is?

[DemonMonger]

I suggest that you use a new account for forums so people do not see your login name..... I said this when regnum was still in beta... but im saying it again, because someone I know got hacked... and lost their account..

[putkonen]

I dont really understand this question but i guess regnum is pretty secure

[amade]

Regnum is never secure as long as DM is running around in it

[ArcticWolf]

No secure at all... Packages aren't ciphered, for instance.

[DkySven]

Not secure I think, but why would somebody hack Regnum?

[Nikor]

Quote:

Originally Posted by Xephandor

No secure at all... Packages aren't ciphered, for instance.

What would be the use of that? As far as I can see, the client verifies the local installation every time you start. I guess it computes some kind of hash value for the every file and compares that to the values stored on the server. If there are differences, it downloads the files again, now problem here.

If you think about signing the installation package (windows only, linux users just download the launcher) with some kind of certificate, I never really understood why this would help. I mean, how many people really do think twice if windows says "This file is not signed, it may not be safe" or whatever the real text is, and click on "Run anyway"? And publishing hash values of the installer on the web site doesn't help because if you are able the redirect the download to a site of your own, you can surely adjust the values accordingly. And you wouldn't get past the check/download procedure mentioned above anyway.

Going back to the original question, I think think the only real security issue Regum has is the same that all account-based application/games/web sites have: social engineering. That means getting other people to tell you your account data including the password. This is why there is a bold red text every time you start the game that tells you not to give your password to anyone.

Edit: added a few more thoughts

[Nikor]

Quote:

Originally Posted by asdfghs

Not secure I think, but why would somebody hack Regnum?

For the same reasons people hack other stuff. To gain an advantage, to make money or just for the fun of it. The last reason is actually a very good one as those people tend to report what they found to the developers so they can fix them.

[DemonMonger]

Quote:

Originally Posted by amade

Regnum is never secure as long as DM is running around in it

wrong im your best friend..... I suggest that you use a new account for forums so people do not see yoru login name..... I said this when regnum was still in beta... but im saying it again, because someone I know got hacked... and lost their account..

[Drah]

DM, was their password a word that could be found in a dictionary list?

NGD, the forum has a 15 minute lockout if you fail the password 5 times - does the main website (and the game server) have anything to stop a dictionary-list or brute-force attack in a similar way to this?

I've tried SQL injection against my own account but couldn't force my way in through the main site or via the client app's login system.

To me, the biggest risk is with someone releasing a 0-day hack for vBulletin and for someone to leech all the passwords, converting the hash back to the original password using an MD5 string database (for example) - mainly because I've known sites that have had this happen to them.

[Stefan1200]

Quote:

Originally Posted by Nikor

I guess it computes some kind of hash value for the every file and compares that to the values stored on the server. If there are differences, it downloads the files again, now problem here.

Yes, Regnum find changed files very good. But if you write protect the changed file, Regnum shows an error message and start with the changed file without problem. So you can hack files and use them!