View Single Post

Warwench's Avatar

04.11.2013 , 09:01 AM | #103
Quote: Originally Posted by CaptRavenous View Post
I am prompted for a OTP every single time I log into the website.
Of course I disallow cookies in my browser. The first thing hackers look for on your PC are Temp files and Cookies. You just admitted to doing something similar yourself, yet those of us who know PC security are being shafted?

So, I should TURN DOWN my internet browser security for your game?

Sorry, but its pretty obvious, these security measures were put into place for those who know next to nothing about internet security, with no thought given to those who might have more secure systems than even you guys at Bioware have.

These measures were implemented by someone fresh out of an IT Security Management Course, without any research done into applied IT security measures.

Or, this is a ploy by Bioware to frustrate players into buying a Security Key?

In over 10 years of MMO play, I have never had an account hacked, or even had a Keylogger or Trojan program on any of the PCs I administrate.

That's ok. Your security measures only chase away more people from your forums. They know they can go to other unofficial forums where the security isn't so amateur, like it is here.

Sorry to say it, Phillip_BW, but you don't know what you are doing, despite your prostrations to the contrary.

Do your due diligence, then come back.
So what i gather, is you expect to be able to take a security control like disabling cookies or disabling javascript (or disabling anything else that potentially adds risk while using rich experiences online) and get the same rich experience?

you sir have 2 problems, you don't know how security works and you dont know how the internet works.

You cannot blatantly apply a security control across something like the internet to disable the rich experience and then whine because it doesn't work. You've done none of YOUR due diligence to determine the risk of what the control works on for the site you are applying it against. You need to evaluate, are cookies on this site ok or not? Do i trust the site? Am I ok with the loss of functionality from disabling cookies? the same goes for anything else, java, javascript, flash etc etc.

There are a lot of place you absolutely DO want to disable all of it because the impact of untrusted code is high and the loss of functionality is something you don't care about. you have to evaluate the risk, the impact and the likelihood on a site by site basis.

You haven't done that though, you've just disabled things on all sites and said screw it, i don't care what loss of functionality I might suffer. Then you whine cos you lost functionality.

Website depend on good implementations of things like cookies/javascript to give their users a good experience. There is no way to examine who you are and determine that you don't need to be prompted without a little 2 way trust. If you wont trust SWTOR, they wont trust you. It's pretty simple and anyone with an OUNCE of actual security knowledge can see that.

Before you go off on tangents about cookie stealing and all that, be sure you REALLY understand how those things are done.

p.s. I do have quite a bit of security experience and can debate this and anything else around security all day if you like.