Results 1 to 10 of 17

Thread: Evony Security Features

Threaded View

  1. #8

    Default

    Without discussing the ability or inability for the Evony servers to be "hacked" and thus the account information obtained through that "hack", people should also bear in mind the following:

    1) If you use a wireless connection, if your wireless router allows people to sign onto your network anonymously, then they can get your password AND your security code by being on your network and just listening to the traffic. They will have to identify the password, and the password does get hashed (a type of encryption), but there are things to decode hashes called "Rainbow Tables". An unsecured connection simply gives the access to the data much easier than a secured wireless connection.

    2) If you use a wireless connection, if your wireless router is set up for WEP (Wired Equivalent Privacy), then WEP is easily crackable and you should consider upgrading the security of your router to at least WPA (Wi-fi Protected Access), but preferably WPA2. This may mean you need to buy a newer router.

    3) If you use a wireless connection, if your Wireless router is broadcasting its' SSID (Service Set Identifier), then people can find your network easier and attempt to crack its' encryption. Make sure to disable SSID broadcasting in the router's configuration management screen.

    4) Public Wi-Fi spots should be treated as unsecure.

    5) Use of proxy servers to make yourself "anonymous" may also be unsecure.

    *****

    All of the wireless-related comments are particularly pertinent, given that the majority of the player base will be teens and college-age adults. Houses in non-rural neighborhoods, apartment complexes, and dorm rooms are places where high concentrations of wireless routers are likely to exist.

    The reason all of this is important is because:

    6) Evony does not use the accepted web standard of encrypting the data channel with HTTPS (HyperText Transport Protocol Secure) when user passwords are involved.

    If Evony had HTTPS, a hacker on a totally unsecured wireless network (item #1 above) would still have to break through the HTTPS encryption to be able to see the raw data, which is not really feasible for hackers that would take a special interest in restarting Evony games, as most hackers that would attempt to break HTTPS would be more interested in getting into bank accounts / credit cards.
    Last edited by neko_lord; 08-07-2011 at 03:23 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •