|
http://www.reddit.com/r/HeroesofNewerth/comments/14zj2p/i_am_the_guy_who_hacked_hon/
Apparently according to him, he hacked the database on Friday and since S2 did nothing about it he starting hacking streamer accounts to get recognition. If this is true I will probably end up quitting hon since this is a pretty low blow for the company to only make a statement AFTER he started gloating about it.
He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess)
Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective)
|
S2, despite having the best (imo. obviously) Moba game out there have been complete retards when it comes to marketing and community management for the last 4 (5?) years. There's a reason why it's by far the weakest of "the big 3". So yeah, not surprised.
|
On December 17 2012 22:46 Monsen wrote: S2, despite having the best (imo. obviously) Moba game out there have been complete retards when it comes to marketing and community management for the last 4 (5?) years. There's a reason why it's by far the weakest of "the big 3". So yeah, not surprised. I know. I feel HoN is amazing compared to Dota 2 and LoL as well. The fact that they made the game cost money upon release just ruined all the hard work they did, can't blame them for that but considering gamers have a free choice of a similar game especially in areas like asia you cant blame the players for going to inferior games.
|
Not only that, but it took them like 4 years to realize and remedy their mistake. Also it has only been a few months ago that I saw some kind of advertisement for their game for the first time (on twitch). Talk about being your own worst enemy.
edit: oh yeah, and Soontour™
|
I had actually forgotten that HoN existed.
|
On December 17 2012 22:46 Monsen wrote: S2, despite having the best (imo. obviously) Moba game out there have been complete retards when it comes to marketing and community management for the last 4 (5?) years. There's a reason why it's by far the weakest of "the big 3". So yeah, not surprised. Couldn't have said it better myself.
|
|
Man, it's a mystery to me why people who do such a thing. Yeah, I get money, control yada yada yada - but this is such a blow to S2. How can you be so destructive towards other people...
|
I didnt know people were still playing HoN lol.It s HoN s fault to not have encrypted passwords.
|
Gratz to the hacker!
Pretty big achievement...
But thats all i gotta say to that, I really dont care what happens to HoN
|
On December 17 2012 23:10 zeru wrote:Show nested quote +On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link?
It's in the OP.
Edit: And this is hilarious. Except I was planning to play some and apparently S2 aren't very good at what they do (surprise surprise) so their servers are shut down for now.
|
The hacker seems like an idiot So suprising how bad s2 seems to be at security
|
S2 has done a lot of things right lately. Hontour, Dreamhon and Honcast are pretty big. This however is pretty embarassing.
|
I just wanted to show my support for those who, in their opinion, thought HoN is a superior moba game to their counterparts. Yes, I totally agree with you. It's too bad they didn't realize their marketing strategy wasn't working sooner..
|
On December 17 2012 23:27 Yoshi- wrote: The hacker seems like an idiot So suprising how bad s2 seems to be at security
Yup. Desperate attempt to get more attention.
|
Don't see more than the hacker succeeding in hacking one person. Or where is proff for more than breaky's account? Either way sad news, will hurt HoN, won't have that big of an impact tho. The battle with DotA2 and LoL won't ever go in HoN's favor. They lost it long time ago. ;<
|
They didn't even both to hash the passwords? What a joke.
|
On December 17 2012 23:39 CCow wrote: Or where is proff for more than breaky's account? < Hon being in maintenance, the offical statement in game.
|
Nobody seems very impressed with this guy. It's just an attention-whore who broke a shitty security system.
|
On December 17 2012 23:40 dapierow wrote:Show nested quote +On December 17 2012 23:39 CCow wrote: Or where is proff for more than breaky's account? < Hon being in maintenance, the offical statement in game.
Thanks, didn't see it in OP. That just sucks hard then. :o
|
To those of you who think HoN is the best, why do you think so? Character design? Items?
|
On December 17 2012 23:40 TheRPGAddict wrote: They didn't even both to hash the passwords? What a joke. That wouldn't make them that much more secure, given the power of gpgpu the only secure way to store passwords and data is to break it up and store it in 2 or more locations with the encryption, all encrypting it does is delay a guy from reading the data he got off a dump or w.e
Givens hons past problems with server loads and database problems in the past i doubt they wanted to spare a few cycles into doing that work.
|
On December 17 2012 23:10 zeru wrote:Show nested quote +On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link?
Because there's surely no databases that allow you to do reverse md5 look-ups :/
Edit: So I've never played HoN, but I still bought it for you know supporting competitive gaming etc. I've managed to figure out what my password was on there and I'll have to see if I'm actually using it elsewhere. My concern right now though is that even if I change my password on HoN, I have 0 confidence it'll stay secure.. So now what?
|
Netherlands45349 Posts
I don't know which side is more sad here.
|
|
What is the link to the list ? I wanna know if my name is there
|
Well it's about time I changed some of my passwords anyway...
|
On December 17 2012 23:47 zeru wrote:Show nested quote +On December 17 2012 23:21 HellRoxYa wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? It's in the OP. Edit: And this is hilarious. Except I was planning to play some and apparently S2 aren't very good at what they do (surprise surprise) so their servers are shut down for now. Was already deleted when i tried to check back when i posted. guess i was too slow. anyway, no hashing would be an unbelievable failure. Show nested quote +On December 17 2012 23:46 Martijn wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Kidding me? why would anyone in the world still use md5?
Swing and a miss on the point made there. Point was, for every hash there's a reverse look-up table. Apparently they went to the trouble of salts and that wasn't enough either. So arguing about unencrypted vs encrypted password has little to no relevance seeming as shown encrypted passwords can be broken all the same, it's just a matter of time.
On December 17 2012 23:48 noD wrote: What is the link to the list ? I wanna know if my name is there
Please don't be part of the problem and make the list accessible to more people. If people really want them, they can go to the effort of finding it themselves. If you have a HoN account, assume your name is on there -_-
|
On December 17 2012 23:46 Martijn wrote:Show nested quote +On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Edit: So I've never played HoN, but I still bought it for you know supporting competitive gaming etc. I've managed to figure out what my password was on there and I'll have to see if I'm actually using it elsewhere. My concern right now though is that even if I change my password on HoN, I have 0 confidence it'll stay secure.. So now what?
Don't change your Hon password right now... Change your pw on every other site where you use a similar pw. After S2 officially fixed it change your hon password to something that is not related to any other pw you have.
|
On December 17 2012 23:54 AntiGrav1ty wrote:Show nested quote +On December 17 2012 23:46 Martijn wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Edit: So I've never played HoN, but I still bought it for you know supporting competitive gaming etc. I've managed to figure out what my password was on there and I'll have to see if I'm actually using it elsewhere. My concern right now though is that even if I change my password on HoN, I have 0 confidence it'll stay secure.. So now what? Don't change your Hon password right now... Change your pw on every other site where you use a similar pw. After S2 officially fixed it change your hon password to something that is not related to any other pw you have.
That's what I figured, what a hassle though. I've never even played the game >_>
|
On December 17 2012 23:45 Thienan567 wrote: To those of you who think HoN is the best, why do you think so? Character design? Items? LoL and Dota look awful and are slower.
|
On December 17 2012 23:45 Thienan567 wrote: To those of you who think HoN is the best, why do you think so? Character design? Items? Not saying I think HoN is better, but the main argument is usually; the faster pace of the game and the smooth engine. HoN does have other distinguishing factors, but it say the above mentioned ones are the most significant ones. It's quite a shame for HoN-fans that S2 has proven to be incompetent in certain areas.
|
|
Please don't be part of the problem and make the list accessible to more people. If people really want them, they can go to the effort of finding it themselves. If you have a HoN account, assume your name is on there -_-
well I just want to know if my password is the same of the other games (for email and main accounts I use other ... Do you have the list so you could check if my name is there ?
|
On December 17 2012 23:45 Thienan567 wrote: To those of you who think HoN is the best, why do you think so? Character design? Items?
Non existence of unit-response delay
Faster action and movment of heroes (faster turnrate and speed) :
The HoN engine encourages speed. While the speed at which things happen can be difficult to follow at first, experienced players and viewers can easily decipher the action and comprehend what’s happening in almost any scenario. Furthermore, a player with exceptional reflexes can often correct a gameplay mistake the moment it occurs thanks to the fast paced HoN engine.
for example you can use shift to queue abilities ie if you push q + Shift-W + Shift+E all three abilities will happen almost instantaniously.
Taunting Opponents
The non-forgiving nature, if you fuck up expect to pay for it.
|
:/ more bad news for S2, I see alot of potential in their Moba, honestly the real problem is the presentation. They didn't need this.
|
On December 17 2012 22:43 dapierow wrote:http://www.reddit.com/r/HeroesofNewerth/comments/14zj2p/i_am_the_guy_who_hacked_hon/Apparently according to him, he hacked the database on Friday and since S2 did nothing about it he starting hacking streamer accounts to get recognition. If this is true I will probably end up quitting hon since this is a pretty low blow for the company to only make a statement AFTER he started gloating about it. He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) To be honest, I'm kinda split on the entire company making statement-thing. On one hand, the company should always let its userbase know when major security breaches happens. On the other, the guy was obviously partly motivated by attention and e-fame - statements without a fix would only feed into this purpose. I dunno - as long as no critical information (credit cards, personal info) was aquired, no real harm has been done, so I don't mind S2 not giving much statement. At the same time, I like transparency, but I also hate giving trolls the attention that they want.
Shame it happened, really I can't help but feel this was done by some LOL or DOTA-favoring troll in an attempt at further hurting HON as a competitor to the two. I imagine they're actually enjoying this news, which actually reflects really bad on their communities.
Then again, all T-BAG-style games have always had terrible communities.
|
Excuse me, but what is this HoN ? never heard of it before, if its moba, seems like it got overshadowed by lol and dota 2 pretty bad.
|
Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
|
It was said on the reddit that S2 used salts in addition to other measures, but only used short and shitty salts. Now that´s what I call half assed.
|
Even when the salts are short, it is highly unlikely that any moderately good password could be cracked in a reasonable time
|
On December 18 2012 00:05 inermis wrote: Excuse me, but what is this HoN ? never heard of it before, if its moba, seems like it got overshadowed by lol and dota 2 pretty bad.
Its a surprisingly good game compared to how many plays it... fastest speed moba out of the big 3
|
On December 18 2012 00:00 noD wrote:Show nested quote +
Please don't be part of the problem and make the list accessible to more people. If people really want them, they can go to the effort of finding it themselves. If you have a HoN account, assume your name is on there -_-
well I just want to know if my password is the same of the other games (for email and main accounts I use other ... Do you have the list so you could check if my name is there ?
Just try to log in on the HoN site. Whatever password works is the one you used and the one compromised.
Also, when discussing the impact this'll have on S2, we should keep in mind that the same thing has happened with LoL and required people to reset their passwords. Only problem might be that S2 has some of the shittiest community managers of any studio out there (at least used to, I won't pretend to have kept up to date).
|
Most consider HoN a superior game to other MOBA's out there, so unfortunate it has such a toxic community.
|
well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off.
|
On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. I think they're actually doing that now with hontour.
|
On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off.
They have hontour which is like matchmaking in sc2 except its with teams, got divisions like bronze, silver, gold, diamond. And all leagues can win money. The problem is that only hon players know about these lol
|
On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
This is wrong on so many levels... Sure, you can have a hard carry that will eventually be able to take on several enemy heroes but 1v5 is not really doable in higher levels of play because the supports usually come with disabling abilities and tend to get disabling items, effectively shutting you down. Another thing is that for a hard carry to be effective you need extensive effort by entire team to get him there. Carry has to be babysat, protected, the jungle has to be stacked for him so he can get more farm when the lanes get pushed too far, the enemy carry has to be ganked to slow his progress and so on and on. Then you get to the entire team composition thingie, problems with initiation, counter-initiation and what not. "Individual-based" is as far from the truth for games like HoN and DotA as it gets.
On December 18 2012 00:09 sertas wrote:Show nested quote +On December 18 2012 00:05 inermis wrote: Excuse me, but what is this HoN ? never heard of it before, if its moba, seems like it got overshadowed by lol and dota 2 pretty bad. Its a surprisingly good game compared to how many plays it... fastest speed moba out of the big 3
What do you mean by "compared to how many plays it"? There's ~100k people on-line at all times in HoN.
Also, I don't know why people are crying so much about this entire hacking... It's not like S2 is storing any vital information (can't save your CC data for example). Sure, it might hurt some more famous people in the scene if someone suddenly starts to mess with their accounts, but for your average joe the impact is practically nil. 1200mmr people going batshit crazy about someone getting their login and password? Please...
|
On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off.
Because that would require something S2 hasn't shown up until now: A clue how to market their product.
Edit: Oh yeah, the question why HoN is considered the best moba by some has already been answered but I would like to add that in contrast to Icefrog and the LoL creators S2 has recognised the need to shorten/speed up games and (besides an arguably faster engine) implemented quite a few features and balance changes that help make most games a bit faster. (can't really speak for LoL but in Dota2 60+ minutes is quite common while in HoN that would qualify for "epic length")
|
Wonder if this is the same guy that keeps ddos'ing streamers whenever there's a big toury.
"In HoN, one champion can solo a team of 5 given the right items." In both Hon and Dota2, even if you run bootless with 6 full slots you will still die in a hellflower\orchid if 4-5 heroes go on you.
|
United States47024 Posts
On December 18 2012 00:22 Monsen wrote: Edit: Oh yeah, the question why HoN is considered the best moba by some has already been answered but I would like to add that in contrast to Icefrog and the LoL creators S2 has recognised the need to shorten/speed up games and (besides an arguably faster engine) implemented quite a few features and balance changes that help make most games a bit faster. (can't really speak for LoL but in Dota2 60+ minutes is quite common while in HoN that would qualify for "epic length") Er, this has been a regular trend in DotA development as well.
Icefrog's been shooting for shorter game lengths for a long time, and has actually been quite successful with it as of recently.
|
My opinion of course, but I think the HoN mechanics are the best out of the 3 (LoL, DotA 2, HoN)...the heroes I'd have to give to DotA because they are so fun to play. Never played LoL long enough to give a valid opinion, but the few times I played there was no denying
Sucks this happened, luckily I haven't been around the weekend due to personal reasons to see this all go down. Hope it gets fixed asap
|
On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off.
Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things.
The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now.
|
On December 18 2012 00:31 TheYango wrote:Show nested quote +On December 18 2012 00:22 Monsen wrote: Edit: Oh yeah, the question why HoN is considered the best moba by some has already been answered but I would like to add that in contrast to Icefrog and the LoL creators S2 has recognised the need to shorten/speed up games and (besides an arguably faster engine) implemented quite a few features and balance changes that help make most games a bit faster. (can't really speak for LoL but in Dota2 60+ minutes is quite common while in HoN that would qualify for "epic length") Er, this has been a regular trend in DotA development as well. Icefrog's been shooting for shorter game lengths for a long time, and has actually been quite successful with it as of recently.
Fair enough. I have only played the old Dota myself and lately watched Dota2 streamed games that tended to go on for quite a while. Can you point out some of the changes Icefrog made to speed things up?
|
SQL injection? Short salts? Have the HoN developers ever even remotely glanced at internet security measures? This is crazy for professional devs.
I can understand people things getting hacked, hackers are dedicated and sometimes smart people, but those kinds of vulnerabilities are inexcusable.
|
On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes.
The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much.
Also goddammit, that's my password to everything ><
|
On December 18 2012 00:44 deth2munkies wrote:Show nested quote +On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< That's mostly a fallacy short of a few instances just flat out broken heroes don't really come around, but yes there are tiers in pro scene some are easier and more useful to some game strategies then others, but flat out broken items heroes is a complaint usually given by noobs or people who played dota but stuck of hon and complain. Hon does have a bit more pub stomping star heroes though, but usually those heroes are just mediocre in pro scene,(which I shouldn't complain about abusing pub stomping heroes like CD and zepher is how I got up out of the 1600MMR bracket in solo que, just gotta play above the trash XD)
Also sorry about the password but just using a password manager or writing is down(if it's like at home) is far better security policy then same password for a bunch of things, means the weakest link gets hacked all they have to do is plug and chug it into various web sites or games and see what they can hit.
|
United Kingdom24425 Posts
On December 18 2012 00:11 Mortal wrote: Most consider HoN a superior game to other MOBA's out there, so unfortunate it has such a toxic community. Most? Everyone who switched from Dota 1 to HoN didn't all the sudden go back to Dota 2 because of the 'toxic community'.
And people who are whining about engine's quite frankly don't know what they're talking about. There was inbuilt delay for about 3 months and after that all tests have shown that it's no different than HoN. It really all comes down to turn-rates / cast-points, which there's no definitive 'good or bad' answer to, it's a question of balance.
|
On December 18 2012 00:11 Mortal wrote: Most consider HoN a superior game to other MOBA's out there, so unfortunate it has such a toxic community.
most? who are these most you speak of? People moved to HoN because dota was archaic in terms of graphic and player control. HoN offered a new and improved way to play dota. Once HoN took most of the western market of Dota, they shit the bed. They started making and releasing a ton of their own heroes that were broken, retarded or just a waste of space. As soon as Dota2 cameout, HoN effectively died. If HoN was so great that most people thought it was the best (it is pretty good game, I enjoyed it and do like some aspects) dota2 being in beta (think about that a beta game killed it for good) wouldn't have made such an impact.
|
On December 18 2012 00:52 semantics wrote:Show nested quote +On December 18 2012 00:44 deth2munkies wrote:On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< That's mostly a fallacy short of a few instances just flat out broken heroes don't really come around, but yes there are tiers in pro scene some are easier and more useful to some game strategies then others, but flat out broken items heroes is a complaint usually given by noobs or people who played dota but stuck of hon and complain. Hon does have a bit more pub stomping star heroes though, but usually those heroes are just mediocre in pro scene,(which I shouldn't complain about abusing pub stomping heroes like CD and zepher is how I got up out of the 1600MMR bracket in solo que, just gotta play above the trash XD) Also sorry about the password but just using a password manager or writing is down(if it's like at home) is far better security policy then same password for a bunch of things, means the weakest link gets hacked all they have to do is plug and chug it into various web sites or games and see what they can hit.
I think my peak was around 1780 or so and I was consistently 1650-1750. I'm talking about shit like PM's ulti that could 1 shot people for over a month before they fixed it (feature my ass), Nomad's true damage strike thing doing unavoidable ~250-300 damage at lvl 5 while stealthing him no less, and Silhouette's initial incarnation of her passive.
All those were nerfed, but it took them forever to do so when it was a glaring issue both in the pro scene and in ladder play. All but PM's nerf survived multiple patches. Don't get into details with me because this is all I remember, I quit playing over a year ago.
In spite of them not being overpowered, a game which has so many full combo heroes is annoying as well. Fayde, Bomb, Pyro, Midas, Deadwood, WS, Pebbles, Drunken Master, etc can all 1 shot any support hero with no farm or non-fed hero with a bit of farm about halfway through the game and all of them have some sort of long range initiation with either PK or invis. And this is just by hitting 2-3 of their abilities in unison. Compare that to DotA where you have basically Tiny, NA, and maybe TA; and LoL where you have Viegar and Lux as the only 2 that can do it when NOT fed out the ass (albeit there are more that can do it when fed in LoL than in either game due to the focus on abilities). It makes solo MM a nightmare.
EDIT: I forgot Gauntlet and Monkey King...and a lot more probably.
|
Is ... this ... youtube.com? *checkin url* No, ... it is TL. Why does it feel so much like youtube comment section?
Good intentions, bad execution. Leaking passwords is never good, at least when its public. Should have been enough to send them a mirror DB with encrpyted pw's.
|
I enjoyed hon until the release of those boots that gave +150 MS for like 800 gold. Hero goes missing for 2 seconds and it's like they have a "pseudo-haste" rune to get around the map.
|
tbh im surprised the game is alive so I guess theyve started doing some things right. I know one of my WoW friends is a friend with one of their developers and he basically told me that they rode on their early success and didn't really do shit for a long time. You can really tell it feels that exact way, if they had done a few things sooner they'd probably be pretty big. I miss some of the heroes too. They have really fun game design even though it's extremely imbalanced and shit.
|
On December 18 2012 01:15 KingDime wrote: I enjoyed hon until the release of those boots that gave +150 MS for like 800 gold. Hero goes missing for 2 seconds and it's like they have a "pseudo-haste" rune to get around the map.
Why spread wrong information about the game? Its 6 seconds and + another 2 to get the 150 ms
here it is for you Striders: When out of combat for 6 seconds, increases movespeed by 100 over the next 2 seconds, for a total of +150 movement speed (including the base). - Bonus movespeed is removed when the owner takes damage, casts a spell, attacks, or uses an item. * Using Non-combat items such as Wards, Bottle, Mana, or Health Potions will not remove the bonus speed
|
On December 18 2012 00:22 Manit0u wrote: Also, I don't know why people are crying so much about this entire hacking... It's not like S2 is storing any vital information (can't save your CC data for example). Sure, it might hurt some more famous people in the scene if someone suddenly starts to mess with their accounts, but for your average joe the impact is practically nil. 1200mmr people going batshit crazy about someone getting their login and password? Please...
The issue is not (well, mostly not) with the HoN accounts themselves. The problem is that almost everyone uses the same e-mail address, username and password for most accounts they have, often including e-mail accounts having the same password and perhaps even online banking accounts.
[EDIT] On another note, it feels like it took the better part of only two pages for this to degenerate into a LoL vs DotA 2 vs HoN topic, instead of the topic at hand.
|
Maybe this will be good for HoN because I think as far as most people were concerned, that game didnt even exist anymore.
|
On December 18 2012 01:18 Shenghi wrote:Show nested quote +On December 18 2012 00:22 Manit0u wrote: Also, I don't know why people are crying so much about this entire hacking... It's not like S2 is storing any vital information (can't save your CC data for example). Sure, it might hurt some more famous people in the scene if someone suddenly starts to mess with their accounts, but for your average joe the impact is practically nil. 1200mmr people going batshit crazy about someone getting their login and password? Please... The issue is not (well, mostly not) with the HoN accounts themselves. The problem is that almost everyone uses the same e-mail address, username and password for most accounts they have, often including e-mail accounts having the same password and perhaps even online banking accounts. Not to mention that I bought that game for 20 bucks back then. If some guy has access to something I bought and maybe I don't have any longer access to it then I am not happy
|
On December 18 2012 00:44 deth2munkies wrote:Show nested quote +On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything ><
Despite this perception most of the best heroes in HoN are DotA heroes or nearly-ported DotA ones. Tundra (Beastmaster), Bubbles (Puck), Tempest (Enigma), Pebbles (Tiny), Glacius (CM), Ophelia (Chen), Magmus (Sand King) and (for a period of time) Magebane (Antimage) were all amazing and must pick/ban. The current must-ban hero is Wildsoul-a.k.a. Lone Druid and the Omniknight equivalent is perceived as the cheesiest out there.
Then you have the almost-similar-but-not-quite heroes like Fayde -> a much better Nyx Assassin and Keeper of the Forest -> Treant that isn't incredibly awful and Aluna -> Windrunner that is a better pure support.
The only pure S2 heroes that are always pick/ban off the top of my head are Parasite and then the carries.
|
On December 18 2012 00:39 thragar wrote: SQL injection? Short salts? Have the HoN developers ever even remotely glanced at internet security measures? This is crazy for professional devs.
I can understand people things getting hacked, hackers are dedicated and sometimes smart people, but those kinds of vulnerabilities are inexcusable.
they started out extremely small, basically indie level and SQL injection is still really new school.
|
On December 18 2012 01:20 TheTenthDoc wrote:Show nested quote +On December 18 2012 00:44 deth2munkies wrote:On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< Despite this perception most of the best heroes in HoN are DotA heroes or nearly-ported DotA ones. Tundra (Beastmaster), Bubbles (Puck), Tempest (Enigma), Pebbles (Tiny), Glacius (CM), Ophelia (Chen), Magmus (Sand King) and (for a period of time) Magebane (Antimage) were all amazing and must pick/ban. The current must-ban hero is Wildsoul-a.k.a. Lone Druid and the Omniknight equivalent is perceived as the cheesiest out there. Then you have the almost-similar-but-not-quite heroes like Fayde -> a much better Nyx Assassin and Keeper of the Forest -> Treant that isn't incredibly awful and Aluna -> Windrunner that is a better pure support. The only pure S2 heroes that are always pick/ban off the top of my head are Parasite and then the carries.
Parasite, Engineer, Silhouette, The Dark Lady, Zephyr, Balphagore(cheese strat) are all usually banned
Does suck that hon doesnt have drums or pipe
|
On December 18 2012 01:21 Exempt. wrote:Show nested quote +On December 18 2012 00:39 thragar wrote: SQL injection? Short salts? Have the HoN developers ever even remotely glanced at internet security measures? This is crazy for professional devs.
I can understand people things getting hacked, hackers are dedicated and sometimes smart people, but those kinds of vulnerabilities are inexcusable. they started out extremely small, basically indie level and SQL injection is still really new school. Everyone starts out really small...
SQL injections have been around forever. They got extra famous last year when Sony got hacked some 10 times in a row. It simply amazes me that this company did not fix their shit in the 18 months that have passed.
On December 17 2012 22:43 dapierow wrote:Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) Huh? This comment doesn't make any sense. You don't need to use long salts and you don't need to keep them secret.
|
Hackers are some of the lowest scum that exists on the internet. Nothing but waste of life virgins sitting in their moms basement. Sad to S2 but come on, who doesn't encrypt their passwords anno 2012 soon to be 2013?
|
On December 18 2012 01:27 dapierow wrote:Show nested quote +On December 18 2012 01:20 TheTenthDoc wrote:On December 18 2012 00:44 deth2munkies wrote:On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< Despite this perception most of the best heroes in HoN are DotA heroes or nearly-ported DotA ones. Tundra (Beastmaster), Bubbles (Puck), Tempest (Enigma), Pebbles (Tiny), Glacius (CM), Ophelia (Chen), Magmus (Sand King) and (for a period of time) Magebane (Antimage) were all amazing and must pick/ban. The current must-ban hero is Wildsoul-a.k.a. Lone Druid and the Omniknight equivalent is perceived as the cheesiest out there. Then you have the almost-similar-but-not-quite heroes like Fayde -> a much better Nyx Assassin and Keeper of the Forest -> Treant that isn't incredibly awful and Aluna -> Windrunner that is a better pure support. The only pure S2 heroes that are always pick/ban off the top of my head are Parasite and then the carries. Parasite, Engineer, Silhouette, The Dark Lady, Zephyr, Balphagore(cheese strat) are all usually banned Does suck that hon doesnt have drums or pipe Parasite is actually not banned or picked often, he is usually picked when some team gets sick of being owned by Ophelia. Engineer seems to be top tier but rarely banned atm. It is probably because he is the only support who remains really useful even in late game. TDL/Sil/dragon ok Zeph and Balph are used for push strats and are only banned if you know that the ennemy team likes to run this kind of line up.
|
On December 18 2012 01:20 bluQ wrote:Show nested quote +On December 18 2012 01:18 Shenghi wrote:On December 18 2012 00:22 Manit0u wrote: Also, I don't know why people are crying so much about this entire hacking... It's not like S2 is storing any vital information (can't save your CC data for example). Sure, it might hurt some more famous people in the scene if someone suddenly starts to mess with their accounts, but for your average joe the impact is practically nil. 1200mmr people going batshit crazy about someone getting their login and password? Please... The issue is not (well, mostly not) with the HoN accounts themselves. The problem is that almost everyone uses the same e-mail address, username and password for most accounts they have, often including e-mail accounts having the same password and perhaps even online banking accounts. Not to mention that I bought that game for 20 bucks back then. If some guy has access to something I bought and maybe I don't have any longer access to it then I am not happy I'll give you that one. The good news there is that changing your HoN password requires a confirmation through your e-mail address. So as long as the two passwords aren't identical it should not be possible to lock you out.
|
On December 18 2012 01:30 TheSwedishFan wrote: Hackers are some of the lowest scum that exists on the internet. Nothing but waste of life virgins sitting in their moms basement. Sad to S2 but come on, who doesn't encrypt their passwords anno 2012 soon to be 2013?
Who doesn't read the OP anno 2012 soon to be 2013? They did encrypt the passwords...
|
so he just hacked to prove that he can?
|
On December 18 2012 01:10 deth2munkies wrote:Show nested quote +On December 18 2012 00:52 semantics wrote:On December 18 2012 00:44 deth2munkies wrote:On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< That's mostly a fallacy short of a few instances just flat out broken heroes don't really come around, but yes there are tiers in pro scene some are easier and more useful to some game strategies then others, but flat out broken items heroes is a complaint usually given by noobs or people who played dota but stuck of hon and complain. Hon does have a bit more pub stomping star heroes though, but usually those heroes are just mediocre in pro scene,(which I shouldn't complain about abusing pub stomping heroes like CD and zepher is how I got up out of the 1600MMR bracket in solo que, just gotta play above the trash XD) Also sorry about the password but just using a password manager or writing is down(if it's like at home) is far better security policy then same password for a bunch of things, means the weakest link gets hacked all they have to do is plug and chug it into various web sites or games and see what they can hit. I think my peak was around 1780 or so and I was consistently 1650-1750. I'm talking about shit like PM's ulti that could 1 shot people for over a month before they fixed it (feature my ass), Nomad's true damage strike thing doing unavoidable ~250-300 damage at lvl 5 while stealthing him no less, and Silhouette's initial incarnation of her passive. All those were nerfed, but it took them forever to do so when it was a glaring issue both in the pro scene and in ladder play. All but PM's nerf survived multiple patches. Don't get into details with me because this is all I remember, I quit playing over a year ago. In spite of them not being overpowered, a game which has so many full combo heroes is annoying as well. Fayde, Bomb, Pyro, Midas, Deadwood, WS, Pebbles, Drunken Master, etc can all 1 shot any support hero with no farm or non-fed hero with a bit of farm about halfway through the game and all of them have some sort of long range initiation with either PK or invis. And this is just by hitting 2-3 of their abilities in unison. Compare that to DotA where you have basically Tiny, NA, and maybe TA; and LoL where you have Viegar and Lux as the only 2 that can do it when NOT fed out the ass (albeit there are more that can do it when fed in LoL than in either game due to the focus on abilities). It makes solo MM a nightmare. EDIT: I forgot Gauntlet and Monkey King...and a lot more probably.
And? Using your primary ganker/initiator to one-shot enemy ward bitch during mid game seems like quite a waste. Basically any hero can kill them by just looking in their general direction. If you're a dedicated ward bitch, being 5 levels below the average, having inventory consisting of 2 wards, tp and boots (if you're lucky) you shouldn't really be surprised that you drop fast. It is your job to maintain good vision and have good map awareness so that you don't get caught out with your pants down and don't feed enemy team.
On December 18 2012 01:27 dapierow wrote: Does suck that hon doesnt have drums or pipe
Drum is Energizer (more or less)
Pipe is Barrier Idol
|
On December 17 2012 22:43 dapierow wrote: Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) The salts really should not be enough, you're not supposed to use reversible encryption with passwords.
On December 18 2012 01:21 Exempt. wrote: they started out extremely small, basically indie level and SQL injection is still really new school. Not being vulnerable to injections not new. For over a decade we've been coding with measures against it, it's lots easier now every language allows you to easily parameterise SQL queries.
|
On December 18 2012 01:21 Exempt. wrote: they started out extremely small, basically indie level and SQL injection is still really new school.
SQL injection attack (SQLIA) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project.
That's from Wikipedia, even it states it's not new and something to be considered when making a database for any type of online services.
|
On December 17 2012 23:45 Thienan567 wrote: To those of you who think HoN is the best, why do you think so? Character design? Items? It's faster, has deny, the overall strength/power of the heroes is higher than in Dota, so i'd say it's more challenging to play. That being said i quit playing hon and started dota2 a while ago because: a) shitty security and server stability b) tons of new patches, and bunch of forced new heroes which are trash/op c) awful, almost non-existent report/punish system which only makes the otherwise shitty community even worse
|
On December 18 2012 01:52 Manit0u wrote:Show nested quote +On December 18 2012 01:10 deth2munkies wrote:On December 18 2012 00:52 semantics wrote:On December 18 2012 00:44 deth2munkies wrote:On December 18 2012 00:06 azLaR wrote: Well compared to DotA2, HoN's graphics are sharper and the engine is smoother (the delay is noticeable in DotA2).
Comparing it to League is a little different. League is a completely different game in the same genre. League is more 'team-based' and HoN is more 'individual-based'. Of course, both respective games have both incorporated but that's what I feel is dominant.
For example in League, team-based play is very important because one champion, no matter how buff, can not take out a whole team. League is very action oriented because of how the heroes work (more skills can be spammed, less to do during laning phase (no denies).
In HoN, one champion can solo a team of 5 given the right items. There tends to be more farming because items are extremely vital in this game. There is more emphasis during laning phase (creep kill/denies) and 'generally' less action among heroes. Town Portals (I think they're called that; TPs) are what make this game extremely fast pace. At anytime, when you're ganking a champion by a town, they can receive backup as quick as in 3 seconds.
The main issue with HoN is that most heroes that aren't ripped straight from the original DotA (which is most of the original lineup) are pretty broken for significant amounts of time. When I played, there were serious balance issues with both items and heroes. The good points about HoN are, as you stated, that it's exactly the same gameplay of DotA (albeit minus the secret shop) with an engine that doesn't suck, which is the main reason I don't play DotA 2 very much. Also goddammit, that's my password to everything >< That's mostly a fallacy short of a few instances just flat out broken heroes don't really come around, but yes there are tiers in pro scene some are easier and more useful to some game strategies then others, but flat out broken items heroes is a complaint usually given by noobs or people who played dota but stuck of hon and complain. Hon does have a bit more pub stomping star heroes though, but usually those heroes are just mediocre in pro scene,(which I shouldn't complain about abusing pub stomping heroes like CD and zepher is how I got up out of the 1600MMR bracket in solo que, just gotta play above the trash XD) Also sorry about the password but just using a password manager or writing is down(if it's like at home) is far better security policy then same password for a bunch of things, means the weakest link gets hacked all they have to do is plug and chug it into various web sites or games and see what they can hit. I think my peak was around 1780 or so and I was consistently 1650-1750. I'm talking about shit like PM's ulti that could 1 shot people for over a month before they fixed it (feature my ass), Nomad's true damage strike thing doing unavoidable ~250-300 damage at lvl 5 while stealthing him no less, and Silhouette's initial incarnation of her passive. All those were nerfed, but it took them forever to do so when it was a glaring issue both in the pro scene and in ladder play. All but PM's nerf survived multiple patches. Don't get into details with me because this is all I remember, I quit playing over a year ago. In spite of them not being overpowered, a game which has so many full combo heroes is annoying as well. Fayde, Bomb, Pyro, Midas, Deadwood, WS, Pebbles, Drunken Master, etc can all 1 shot any support hero with no farm or non-fed hero with a bit of farm about halfway through the game and all of them have some sort of long range initiation with either PK or invis. And this is just by hitting 2-3 of their abilities in unison. Compare that to DotA where you have basically Tiny, NA, and maybe TA; and LoL where you have Viegar and Lux as the only 2 that can do it when NOT fed out the ass (albeit there are more that can do it when fed in LoL than in either game due to the focus on abilities). It makes solo MM a nightmare. EDIT: I forgot Gauntlet and Monkey King...and a lot more probably. And? Using your primary ganker/initiator to one-shot enemy ward bitch during mid game seems like quite a waste. Basically any hero can kill them by just looking in their general direction. If you're a dedicated ward bitch, being 5 levels below the average, having inventory consisting of 2 wards, tp and boots (if you're lucky) you shouldn't really be surprised that you drop fast. It is your job to maintain good vision and have good map awareness so that you don't get caught out with your pants down and don't feed enemy team. Show nested quote +On December 18 2012 01:27 dapierow wrote: Does suck that hon doesnt have drums or pipe
Drum is Energizer (more or less) Pipe is Barrier Idol
I'm just saying, that doesn't happen often in DotA or LoL, and it makes it extremely frustrating when playing in a non-team environment. Most randoms will rage at you for getting caught by a PK Deadwood while you're warding despite the fact they FORCED you to ward because you were last pick, etc. It's annoying because of the community and the design, though not necessarily overpowered. The sheer amount of pubstomp available is just crazy.
|
On December 18 2012 01:52 mostevil wrote:Show nested quote +On December 17 2012 22:43 dapierow wrote: Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) The salts really should not be enough, you're not supposed to use reversible encryption with passwords. Show nested quote +On December 18 2012 01:21 Exempt. wrote: they started out extremely small, basically indie level and SQL injection is still really new school. Not being vulnerable to injections not new. For over a decade we've been coding with measures against it, it's lots easier now every language allows you to easily parameterise SQL queries.
They properly did. My guess without any information is they used md5crypt which got broken earlier this year. They properly didn't go away from it either by stupidity or didn't notice the algorithm was broken.
|
Without the hacker releasing the method of crack, there is no reason to panic for now. Change your passwords (all of them, don't be a lazy ass) and if you have suspicions, contact S2Games to inform them.
Also don't be so harsh on S2, they certainly have troubles in the marketing department but Sony also got hacked last year and SOE is a much bigger company. Human failure is more common than you think, especially in the programming field where the high demand makes it easier for incompetent to get jobs.
|
damn poor s2, this isn't gonna help with their sales :/... I also think HoN is the best out of the 3 games, but S2 is definitely a weaker company in terms of community management
|
I don't think HoN is the best but it provides a legitimate alternative gameplay choice for those who want what it offers. I had a lot of fun with it in the past. I see it as the SC2 equivalent of Dota, a lot of the difficulty removed and replaced with an increase in raw speed/pace of the game
|
On December 18 2012 00:33 Archers_bane wrote:My opinion of course, but I think the HoN mechanics are the best out of the 3 (LoL, DotA 2, HoN)...the heroes I'd have to give to DotA because they are so fun to play. Never played LoL long enough to give a valid opinion, but the few times I played there was no denying Sucks this happened, luckily I haven't been around the weekend due to personal reasons to see this all go down. Hope it gets fixed asap
Totally agree with this, there are so many features/mechanics in Dota 2 that annoy me because they are smarter/better in HoN but hero design is just so much better in Dota. (f***ing Monkey king and Deadwood)
The passwords leaking doesn't affect me, but it is another in a long line of disappointments from S2.
|
I like HoN because I personally find its art direction vastly superior to the other games, but the terrible flaming and lack of English speaking players really doesn't make me want to play much anymore. This security breach even less so.
|
Tbh I'm pretty suprised it was LoL and not HoN that got popular in Korea, I thought they played DotA Chaos before due it being faster than Allstars.
|
Hopefully this gives the HoN scene some much needed attention lol
|
United States47024 Posts
On December 18 2012 00:37 Monsen wrote:Show nested quote +On December 18 2012 00:31 TheYango wrote:On December 18 2012 00:22 Monsen wrote: Edit: Oh yeah, the question why HoN is considered the best moba by some has already been answered but I would like to add that in contrast to Icefrog and the LoL creators S2 has recognised the need to shorten/speed up games and (besides an arguably faster engine) implemented quite a few features and balance changes that help make most games a bit faster. (can't really speak for LoL but in Dota2 60+ minutes is quite common while in HoN that would qualify for "epic length") Er, this has been a regular trend in DotA development as well. Icefrog's been shooting for shorter game lengths for a long time, and has actually been quite successful with it as of recently. Fair enough. I have only played the old Dota myself and lately watched Dota2 streamed games that tended to go on for quite a while. Can you point out some of the changes Icefrog made to speed things up? From recent versions: - Resurrect with full HP/mana - Increased assist gold to encourage ganking - Tranquil Boots speeding up the development of heroes that would typically have to commit to far more expensive regen items for their farming (e.g. Tranquils instead of HotD or Vanguard on Luna or Phantom Lancer) - General push in strength for making carries come to fights earlier, and emphasizing the strength of carries with high midgame teamfight effectiveness (buffs to Sven, Luna, etc., nerfs to Anti-mage)
|
sigh... I really need to start deactivating all of my old accounts on the internet. I think I logged into HoN like once or twice a few years ago, and now I have to worry about what passwords might be the same.
|
On December 18 2012 02:51 windzor wrote:Show nested quote +On December 18 2012 01:52 mostevil wrote:On December 17 2012 22:43 dapierow wrote: Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) The salts really should not be enough, you're not supposed to use reversible encryption with passwords. On December 18 2012 01:21 Exempt. wrote: they started out extremely small, basically indie level and SQL injection is still really new school. Not being vulnerable to injections not new. For over a decade we've been coding with measures against it, it's lots easier now every language allows you to easily parameterise SQL queries. They properly did. My guess without any information is they used md5crypt which got broken earlier this year. They properly didn't go away from it either by stupidity or didn't notice the algorithm was broken. AFAIK md5crypt isn't broken so much as brute forcing it is now viable due to processing power increases. Given the number of accounts affected I can't see it being a case of this guy bruting all the accounts.
|
On December 18 2012 04:14 mostevil wrote:Show nested quote +On December 18 2012 02:51 windzor wrote:On December 18 2012 01:52 mostevil wrote:On December 17 2012 22:43 dapierow wrote: Edit: Yes S2 Did hash the passwords but the hacker got the individual Salts as well(which quoted by himself were short and ineffective) The salts really should not be enough, you're not supposed to use reversible encryption with passwords. On December 18 2012 01:21 Exempt. wrote: they started out extremely small, basically indie level and SQL injection is still really new school. Not being vulnerable to injections not new. For over a decade we've been coding with measures against it, it's lots easier now every language allows you to easily parameterise SQL queries. They properly did. My guess without any information is they used md5crypt which got broken earlier this year. They properly didn't go away from it either by stupidity or didn't notice the algorithm was broken. AFAIK md5crypt isn't broken so much as brute forcing it is now viable due to processing power increases. Given the number of accounts affected I can't see it being a case of this guy bruting all the accounts. It's always going to be a matter of processing power, for the practical breaking of any cryptographic function. However, MD5 is very broken, and has been for a number of years, as it offers far less security than the 128 bits imply. md5crypt is a program that uses MD5, and cannot be said to be broken in itself. Still stupid to use.
|
On December 17 2012 23:53 Martijn wrote:Show nested quote +On December 17 2012 23:47 zeru wrote:On December 17 2012 23:21 HellRoxYa wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? It's in the OP. Edit: And this is hilarious. Except I was planning to play some and apparently S2 aren't very good at what they do (surprise surprise) so their servers are shut down for now. Was already deleted when i tried to check back when i posted. guess i was too slow. anyway, no hashing would be an unbelievable failure. On December 17 2012 23:46 Martijn wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Kidding me? why would anyone in the world still use md5? Swing and a miss on the point made there. Point was, for every hash there's a reverse look-up table. Apparently they went to the trouble of salts and that wasn't enough either. So arguing about unencrypted vs encrypted password has little to no relevance seeming as shown encrypted passwords can be broken all the same, it's just a matter of time. What you've just said is that salts were no help against lookup tables. Salting renders lookup tables ineffective by their very nature. If S2 were properly salting and applying a relatively strong hash this guy would still be working on the first password.
zeru is seems to know what he's talking about, so try not to be a jerk about it. S2 obviously messed up big time in basic password security.
And hashing is not the same as encrypting.
|
On December 18 2012 05:36 urashimakt wrote:Show nested quote +On December 17 2012 23:53 Martijn wrote:On December 17 2012 23:47 zeru wrote:On December 17 2012 23:21 HellRoxYa wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? It's in the OP. Edit: And this is hilarious. Except I was planning to play some and apparently S2 aren't very good at what they do (surprise surprise) so their servers are shut down for now. Was already deleted when i tried to check back when i posted. guess i was too slow. anyway, no hashing would be an unbelievable failure. On December 17 2012 23:46 Martijn wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Kidding me? why would anyone in the world still use md5? Swing and a miss on the point made there. Point was, for every hash there's a reverse look-up table. Apparently they went to the trouble of salts and that wasn't enough either. So arguing about unencrypted vs encrypted password has little to no relevance seeming as shown encrypted passwords can be broken all the same, it's just a matter of time. What you've just said is that salts were no help against lookup tables. Salting renders lookup tables ineffective by their very nature. If S2 were properly salting and applying a relatively strong hash this guy would still be working on the first password. zeru is seems to know what he's talking about, so try not to be a jerk about it. S2 obviously messed up big time in basic password security. And hashing is not the same as encrypting.
How many passwords did he actually get? Probably only the simple ones based on single dictionary words or something. If you use passwords of at least 8 characters, not based on dictionary words and with non-letter characters in the mix your password should be pretty much proof against hash lookup tables even without salting. Even something like tliquid7e should be pretty strong.
|
uffff lets se, what was my HoN password again ? qq
|
good thing my hon password was a throwaway one :D
|
On December 18 2012 00:36 AntiGrav1ty wrote:Show nested quote +On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 (Graph of concurrent DotA2 players) and S2's security/ddos issues.
|
man, im running out of password ideas at this rate. Sony hack, Riot hack, now this.
I guess lesson learned, when i leave a game i need to make the comapny delete my data.
|
This actually reminded me to uninstall HoN. As for my password and account info, I already forgot it rofl.
|
I have to say having played all MOBA games quite alot I like HoN the best. Its more fast paced then Dota 2 and I feel there is more skill elements then LoL.
|
Oh look, thread turning into game vs game arguments. Quelle surprise.
|
Did they get credit card info stolen as well? If so i am seriously scared...
|
|
On December 18 2012 09:34 mrRoflpwn wrote: Did they get credit card info stolen as well? If so i am seriously scared... Pretty sure hon doesn't store credit card data just off the fact they don't bind your CC to your account, although they may keep some of the info, ofc I could be wrong but I just assume.
|
On December 18 2012 09:40 semantics wrote:Show nested quote +On December 18 2012 09:34 mrRoflpwn wrote: Did they get credit card info stolen as well? If so i am seriously scared... Pretty sure hon doesn't store credit card data just off the fact they don't bind your CC to your account, although they may keep some of the info, ofc I could be wrong but I just assume.
Pretty sure about it too. You can't even "make this card default" or get other "store my data for convenience please" buttons when doing purchases from S2. I think that it even goes through ssh or other secure protocol to reduce the chance of data leakage (don't take my word on it though).
|
On December 18 2012 09:31 ShaLLoW[baY] wrote: Oh look, thread turning into game vs game arguments. Quelle surprise.
Indeed... lets not unite under the banner of E-Sports and Gamers to get universally acceptance in the "real world". Lets eat each other alive in petty conflicts, gg.
|
I don't know why there are so many posts about how much better/much worse HoN is than any other game. No one cares.
It's pretty sad S2 has acted like they don't care very much about this right away. Is it that hard to realize that their servers are being hacked? The fact that it took more than two days of thousands of accounts being compromised for them to do anything is just embarrassing.
|
On December 18 2012 08:54 Alur wrote:Show nested quote +On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues.
They also removed the counter of the number of people from each region when you hovered over the "players online" part, because the NA/EU servers were still only getting like 25k max, while a vast majority was from Garena.
|
On December 18 2012 08:54 Alur wrote:Show nested quote +On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues. ? Same data with that dota 2 graph i don't get why to make that point all it does is point out dota2 has twice as many players pretty much vs hon, though out the day both go up and down, dota2 pretty consistently double of what hon is, which is pretty easy to attribute by brand recognition of dota plus the marketing by steam.
|
On December 18 2012 11:49 semantics wrote:Show nested quote +On December 18 2012 08:54 Alur wrote:On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues. ? Same data with that dota 2 graph i don't get why to make that point all it does is point out dota2 has twice as many players pretty much vs hon, though out the day both go up and down, dota2 pretty consistently double of what hon is, which is pretty easy to attribute by brand recognition of dota plus the marketing by steam.
The amount of players in Dota2 barely have an Asian players in it ... because they only gave out a minimum of keys to that region , its pretty much only US/EU so its alot more then HoN.
Anyway, i dont trust any company that allows to have my account details stolen that easily... so no more HoN for me...
|
Lalalaland34456 Posts
Or you could just change your HoN password to a complete throwaway password used for HoN and nothing else, and carry on as normal...
|
Haven't touched my hon account in ages. Should really delete that shit. I've noticed S2 has multiple security leaks again and again and im unlikely to ever touch it.
|
Why should I trust a company again , that apparently doesnt take a good care about my private details?
|
On December 18 2012 09:31 ShaLLoW[baY] wrote: Oh look, thread turning into game vs game arguments. Quelle surprise. The first post saying HoN was the best didn't help lol
|
On December 18 2012 12:08 Onioncookie wrote:Show nested quote +On December 18 2012 11:49 semantics wrote:On December 18 2012 08:54 Alur wrote:On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues. ? Same data with that dota 2 graph i don't get why to make that point all it does is point out dota2 has twice as many players pretty much vs hon, though out the day both go up and down, dota2 pretty consistently double of what hon is, which is pretty easy to attribute by brand recognition of dota plus the marketing by steam. The amount of players in Dota2 barely have an Asian players in it ... because they only gave out a minimum of keys to that region , its pretty much only US/EU so its alot more then HoN. Anyway, i dont trust any company that allows to have my account details stolen that easily... so no more HoN for me... You're just making excuses to hype up dota2 more then it needs to be, first off you can flat out buy dota2 beta keys from steam, secondly it's hardly difficult to get a hold of one they give them out like hot cakes hell my steam account gave out 6 so far.
You probably should never touch sony, microsoft, nintendo(yes someone actually hacked them awhile back) blizzard, steam all of them have been hacked some more then once over the year and some with confirmed worse results such as credit card info included etc. Pretty much every gaming company has had problems over the years ever once and awhile.
|
On December 18 2012 12:41 semantics wrote:Show nested quote +On December 18 2012 12:08 Onioncookie wrote:On December 18 2012 11:49 semantics wrote:On December 18 2012 08:54 Alur wrote:On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues. ? Same data with that dota 2 graph i don't get why to make that point all it does is point out dota2 has twice as many players pretty much vs hon, though out the day both go up and down, dota2 pretty consistently double of what hon is, which is pretty easy to attribute by brand recognition of dota plus the marketing by steam. The amount of players in Dota2 barely have an Asian players in it ... because they only gave out a minimum of keys to that region , its pretty much only US/EU so its alot more then HoN. Anyway, i dont trust any company that allows to have my account details stolen that easily... so no more HoN for me... You're just making excuses to hype up dota2 more then it needs to be, first off you can flat out buy dota2 beta keys from steam, secondly it's hardly difficult to get a hold of one they give them out like hot cakes hell my steam account gave out 6 so far.
Except he's right, though. Millions of people are still playing Dota 1 in China. They only just recently started allowing signups to a future beta coming up for Dota 2 in China this month, distributed by the Chinese company Perfect World. Steam isn't popular there so you don't have many people switching over yet because of that.
|
SHA-2 has an output size of 512 bits, so finding a collision would take O(2^256) time. Given there are no clever attacks on the algorithm itself (currently none are known for the SHA-2 hash family) this is what it takes to break the algorithm. To get a feeling for what 2^256 actually means: currently it is believed that the number of atoms in the (entire!!!) universe is roughly 10^80 which is roughly 2^266. Assuming 32 byte input (which is reasonable for your case - 20 bytes salt + 12 bytes password) my machine takes ~0,22s (~2^-2s) for 65536 (=2^16) computations. So 2^256 computations would be done in 2^240 * 2^16 computations which would take 2^240 * 2^-2 = 2^238 ~ 10^72s ~ 3,17 * 10^64 years Even calling this millions of years is ridiculous. And it doesn't get much better with the fastest hardware on the planet computing thousands of hashes in parallel. No human technology will be able to crunch this number into something acceptable. Link This assumes a dumb brute-force attack which you are almost never going to use (or at least you shouldn't). There are more intelligent (and orders of magnitude faster by using parrallel computing hardware, eg: GPUs) methods of brute force, but it's far more likely that you are going to use dictionary attacks which means 90%+ of the passwords will be cracked within a few days (or possibly within a few hours depending on the encryption used).
SHA hashes are designed for real-time encryption (and they not realistically crackable when used for that purpose, although weaknesses have been discovered in SHA-2, though they haven't been exploited AFAIK in the real world).
If they are at rest they are incredibly vulnerable to intelligent attacks (as you point out dumb attacks don't work). That's why things like the incredibly slow bcrypt are becoming more and more popular. What might have taken 16 hours could take them 16 years if you used bcrypt to encrypt your passwords.
You can achieive a similar result with progressive passes (tens of thousands) of SHA-2, but because of the way bcrypt works vs the way most hashing functions work, bcrypt may be inherently more resistant to attacks (the algorithms are better understood and have no discovered weaknesses).
EDIT: Also, the math above seems old, 220ms for only 65536 guesses is mad slow for SHA (but the same amount of guesses might take 10 minutes or more with bcrypt).
EDIT2: It's probably also worth mentioning scrypt (google it), which has a lot in common with bcrypt, but is even more impossible to crack (and once it is better studied will likely become the default resting password encryption).
|
On December 18 2012 14:44 althaz wrote:Show nested quote +SHA-2 has an output size of 512 bits, so finding a collision would take O(2^256) time. Given there are no clever attacks on the algorithm itself (currently none are known for the SHA-2 hash family) this is what it takes to break the algorithm. To get a feeling for what 2^256 actually means: currently it is believed that the number of atoms in the (entire!!!) universe is roughly 10^80 which is roughly 2^266. Assuming 32 byte input (which is reasonable for your case - 20 bytes salt + 12 bytes password) my machine takes ~0,22s (~2^-2s) for 65536 (=2^16) computations. So 2^256 computations would be done in 2^240 * 2^16 computations which would take 2^240 * 2^-2 = 2^238 ~ 10^72s ~ 3,17 * 10^64 years Even calling this millions of years is ridiculous. And it doesn't get much better with the fastest hardware on the planet computing thousands of hashes in parallel. No human technology will be able to crunch this number into something acceptable. Link This assumes a dumb brute-force attack which you are almost never going to use (or at least you shouldn't). There are more intelligent (and orders of magnitude faster by using parrallel computing hardware, eg: GPUs) methods of brute force, but it's far more likely that you are going to use dictionary attacks which means 90%+ of the passwords will be cracked within a few days (or possibly within a few hours depending on the encryption used). SHA hashes are designed for real-time encryption (and they not realistically crackable when used for that purpose, although weaknesses have been discovered in SHA-2, though they haven't been exploited AFAIK in the real world). If they are at rest they are incredibly vulnerable to intelligent attacks (as you point out dumb attacks don't work). That's why things like the incredibly slow bcrypt are becoming more and more popular. What might have taken 16 hours could take them 16 years if you used bcrypt to encrypt your passwords. You can achieive a similar result with progressive passes (tens of thousands) of SHA-2, but because of the way bcrypt works vs the way most hashing functions work, bcrypt may be inherently more resistant to attacks (the algorithms are better understood and have no discovered weaknesses). EDIT: Also, the math above seems old, 220ms for only 65536 guesses is mad slow for SHA (but the same amount of guesses might take 10 minutes or more with bcrypt). EDIT2: It's probably also worth mentioning scrypt (google it), which has a lot in common with bcrypt, but is even more impossible to crack (and once it is better studied will likely become the default resting password encryption).
Best encryption is first closing the gaps in the system. Something like remote SQL code execution by random user should not be happening in this day and age. Pity to see S2 take such a huge blow, seeing how I've been supporting them for all those years. They're not the first and won't be last though, like it was mentioned previously a lot of other companies had problems with hackers which were much more severe (more crucial data/valuable goods stolen).
|
|
On December 18 2012 15:30 Manit0u wrote:Show nested quote +On December 18 2012 14:44 althaz wrote:SHA-2 has an output size of 512 bits, so finding a collision would take O(2^256) time. Given there are no clever attacks on the algorithm itself (currently none are known for the SHA-2 hash family) this is what it takes to break the algorithm. To get a feeling for what 2^256 actually means: currently it is believed that the number of atoms in the (entire!!!) universe is roughly 10^80 which is roughly 2^266. Assuming 32 byte input (which is reasonable for your case - 20 bytes salt + 12 bytes password) my machine takes ~0,22s (~2^-2s) for 65536 (=2^16) computations. So 2^256 computations would be done in 2^240 * 2^16 computations which would take 2^240 * 2^-2 = 2^238 ~ 10^72s ~ 3,17 * 10^64 years Even calling this millions of years is ridiculous. And it doesn't get much better with the fastest hardware on the planet computing thousands of hashes in parallel. No human technology will be able to crunch this number into something acceptable. LinkThis assumes a dumb brute-force attack which you are almost never going to use (or at least you shouldn't). There are more intelligent (and orders of magnitude faster by using parrallel computing hardware, eg: GPUs) methods of brute force, but it's far more likely that you are going to use dictionary attacks which means 90%+ of the passwords will be cracked within a few days (or possibly within a few hours depending on the encryption used). SHA hashes are designed for real-time encryption (and they not realistically crackable when used for that purpose, although weaknesses have been discovered in SHA-2, though they haven't been exploited AFAIK in the real world). If they are at rest they are incredibly vulnerable to intelligent attacks (as you point out dumb attacks don't work). That's why things like the incredibly slow bcrypt are becoming more and more popular. What might have taken 16 hours could take them 16 years if you used bcrypt to encrypt your passwords. You can achieive a similar result with progressive passes (tens of thousands) of SHA-2, but because of the way bcrypt works vs the way most hashing functions work, bcrypt may be inherently more resistant to attacks (the algorithms are better understood and have no discovered weaknesses). EDIT: Also, the math above seems old, 220ms for only 65536 guesses is mad slow for SHA (but the same amount of guesses might take 10 minutes or more with bcrypt). EDIT2: It's probably also worth mentioning scrypt (google it), which has a lot in common with bcrypt, but is even more impossible to crack (and once it is better studied will likely become the default resting password encryption). Best encryption is first closing the gaps in the system. Something like remote SQL code execution by random user should not be happening in this day and age. Pity to see S2 take such a huge blow, seeing how I've been supporting them for all those years. They're not the first and won't be last though, like it was mentioned previously a lot of other companies had problems with hackers which were much more severe (more crucial data/valuable goods stolen). The word encryption is being repeatedly used here and it should be noted that these stored passwords have nothing to do with encryption. They are hashes.
Encryption is the transformation of information into unintelligible gibberish with the use of a key. The same key can then be used to turn that gibberish back into useful information. It's useful if you're sending information out into the wild and you don't want it to be read except by intended individuals (an encryption key is agreed upon during a handshake and all subsequent communication is encrypted and decrypted using the key). Digital games often use encryption to allow preloading without accessing by withholding the key until launch.
Encryption is not used for storing sensitive data that is never intended to be read. If you encrypted passwords, you'd have to store both the encrypted data and the encryption key in order to check the encryption against the password when necessary. That's no good, whoever breaks into your server finds the encrypted data and the key and instantly has all the passwords.
Hashing is not encryption. Hashing takes the data you give it and mutilates it beyond all recognition into something that is not guaranteed to be a result unique to the input and therefore cannot be simply reversed. Even if you have both the hash output and the salt you cannot pull the original input out of your hashing function like you'd be able to with an encryption function. This is great for storing passwords because the effective methods of finding the input for a well-executed hash depend on the user having a weak password.
But the main point is hash and encrypt are not interchangeable verbs.
|
On December 18 2012 05:36 urashimakt wrote:Show nested quote +On December 17 2012 23:53 Martijn wrote:On December 17 2012 23:47 zeru wrote:On December 17 2012 23:21 HellRoxYa wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? It's in the OP. Edit: And this is hilarious. Except I was planning to play some and apparently S2 aren't very good at what they do (surprise surprise) so their servers are shut down for now. Was already deleted when i tried to check back when i posted. guess i was too slow. anyway, no hashing would be an unbelievable failure. On December 17 2012 23:46 Martijn wrote:On December 17 2012 23:10 zeru wrote:On December 17 2012 22:43 dapierow wrote: He verified it by posting his name on the Main S2 caster's Twitter (he had the same passwrod for his twitter and Hon I guess) I have a hard time believing that S2 doesn't hash passwords. link? Because there's surely no databases that allow you to do reverse md5 look-ups :/ Kidding me? why would anyone in the world still use md5? Swing and a miss on the point made there. Point was, for every hash there's a reverse look-up table. Apparently they went to the trouble of salts and that wasn't enough either. So arguing about unencrypted vs encrypted password has little to no relevance seeming as shown encrypted passwords can be broken all the same, it's just a matter of time. What you've just said is that salts were no help against lookup tables. Salting renders lookup tables ineffective by their very nature. If S2 were properly salting and applying a relatively strong hash this guy would still be working on the first password. zeru is seems to know what he's talking about, so try not to be a jerk about it. S2 obviously messed up big time in basic password security. And hashing is not the same as encrypting.
Considering the low amount of accounts that have actually gotten hacked (3 so far that I actually know of) it wouldn't surprise me at all if it is taking him a few days getting individual passwords. Not to mention we have no idea how long he has had access to the database to begin with.. Sure, they could've made it even harder. Sure, there's no way for S2 to come out looking ok from all this. But if you read through this thread the common perception is that they didn't encrypt the passwords at all and they're being accused of way more gross negligence than they're actually guilty of.
Obviously it wasn't secure, but it's not fair to sell S2 short. It doesn't seem to be any worse than what happened to Sony or Riot, if anything they seemed to have done a slightly better job.
Edit: mind you the 3 accounts are the only ones I've seen compromised. Obviously the guy claims to have many more, but I'm not sure we should take his claims at face value to begin with.
|
SHA hashes are designed for real-time encryption (and they not realistically crackable when used for that purpose, although weaknesses have been discovered in SHA-2, though they haven't been exploited AFAIK in the real world).
If they are at rest they are incredibly vulnerable to intelligent attacks (as you point out dumb attacks don't work). That's why things like the incredibly slow bcrypt are becoming more and more popular. What might have taken 16 hours could take them 16 years if you used bcrypt to encrypt your passwords.
You can achieive a similar result with progressive passes (tens of thousands) of SHA-2, but because of the way bcrypt works vs the way most hashing functions work, bcrypt may be inherently more resistant to attacks (the algorithms are better understood and have no discovered weaknesses). Yeah you're supposed to use thousands (or millions lol) of iterations if you wanted to use SHA-2 for this.
Using just 1 iteration is terrible - this is why PBKDF2 (the standard you would use SHA-2 with) required minimum 1000 iterations and that was like 10+ years ago. The number of actual iterations should be scaled with computing power, with any performance requirements, and what the user can tolerate. If performance isn't particularly important, or if the system is really powerful, and the key is really important, can use 10^7 iterations or more.
PBKDF2-HMAC-SHA-* weakness, in comparison to bcrypt/scrypt, is that it requires very little memory, making parallel attacks cheap if done in hardware. Doesn't mean SHA-2 in conjunction with PBKDF2 is bad; in fact I'd argue that it's fine.
|
On December 18 2012 11:49 semantics wrote:Show nested quote +On December 18 2012 08:54 Alur wrote:On December 18 2012 00:36 AntiGrav1ty wrote:On December 18 2012 00:15 inermis wrote: well if it is good, and company that made it wants to make more money out of it, why not advertise it ALOT more, throw some 100k usd tournament, then another one, where money is, progamers show up and progamers wannabe's, if it really is good, they could pull that off. Well they did exactly that with Hontour and Dreamhon. Both are very big tournaments with a decent prize pool and good coverage. The player numbers and viewer numbers have gone up a lot in the last couple of months. Honcast has about 6-12k viewers 3 times a week depending on the matchup and player numbers at peak times have gone up to 100k players online at the same time from about 40k a year ago. S2 is expanding and they are doing the right things. The problem is just that everything came too late. LoL had taken off already and Dota2 was getting big with the international before that as well. Catching up now is pretty much impossible because even with prize money and advertisement it's gonna be hard to entice players to switch games at this point. Dota and especially LoL are just too far ahead now. Just a comment on your statement about player numbers. A couple of months ago, S2 started counting the Garena HoN players (south east asia) towards the total amount of players, resulting in a drastic burst from 40k'ish to 100k'ish players. This however does not reflect the status of the game with it's western audience. While the Int client might had 40k players a year ago, that number looks more like 30k currently, probably helped by the rise of DotA 2 ( Graph of concurrent DotA2 players) and S2's security/ddos issues. ? Same data with that dota 2 graph i don't get why to make that point all it does is point out dota2 has twice as many players pretty much vs hon, though out the day both go up and down, dota2 pretty consistently double of what hon is, which is pretty easy to attribute by brand recognition of dota plus the marketing by steam. I'm merely trying to shine some light on why HoNs popularity is declining in the west, my point being that there is some form of correlation between the player activity fluctuations in the two games. The fact that dota has more players is immaterial to what I'm trying to say.
|
http://forums.heroesofnewerth.com/showthread.php?469777-Security-Issues-Response
On Sunday afternoon we became aware of a Heroes of Newerth password security breach. We immediately took steps to limit the risk to our players by directly advising the community to change the passwords for any linked accounts.
We’ve been working around the clock with our internal expert security staff to analyze what happened, and it is our mission to be completely transparent. We know that only passwords were stolen. No credit card or billing information was compromised, as we do not store this information. The security breach occurred when a third-party software that interacts with our account database was hacked. Contrary to some outside reports, the game client was not hacked.
We took immediate action to eliminate any future password storage issues by removing the third-parties ability to access sensitive information.
Additionally, while the game was down we upgraded all security systems. The game is back up and all HoN accounts will be prompted to create a new password. All passwords will be expired upon next login. However, we do want to reiterate that those who used the same password for HoN to access anything else to change their passwords.
We take security very seriously. Players must know their sensitive information is secure and S2 will ensure this is the case, no matter the effort or cost.
If you have any questions do not hesitate to ask our Community Manager @s2xanderK.
Sincerely, Marc "Maliken" DeForest
|
Who lets another company have full access to their user database? oO
|
On December 19 2012 21:09 LaNague wrote: Who lets another company have full access to their user database? oO
A third party application could mean anything from their mailserver, webserver, to their hosting provider, to their billing system. Not necessarily another company.
|
This is a riot/Valve plot.
Srsly, I am sad, because I really love hon, but they never managed fixing their community. Also they are a very small company, which means it is easier to attack them, I think.
|
Eh having issue with passwords is not as horrible as having issues with storing CC data, probably a smart approach by them not storing that data, else people would have problems trusting them, ofc people still trust valve and they had security issues with CC data.
|
On December 17 2012 22:47 dapierow wrote:Show nested quote +On December 17 2012 22:46 Monsen wrote: S2, despite having the best (imo. obviously) Moba game out there have been complete retards when it comes to marketing and community management for the last 4 (5?) years. There's a reason why it's by far the weakest of "the big 3". So yeah, not surprised. I know. I feel HoN is amazing compared to Dota 2 and LoL as well. The fact that they made the game cost money upon release just ruined all the hard work they did, can't blame them for that but considering gamers have a free choice of a similar game especially in areas like asia you cant blame the players for going to inferior games.
Have to agree here: Its astonishing how a game that is in so many ways better than the competition does much worse, has fewer/smaller tournaments, less players and a much smaller community that produces way less content than LoL and Dota2.
The game is faster, more complex, more responsive and more innovative than the other two mobas, still they get their ass handed to them by the other two.
This latest incident just shows that they are simply doing certain things wrong, even though the do a whole lot of other things correctly, but in the MOBA-sector and generally with games, it's not just about the game, but marketing as well and this incident surely didn't do any good in that department.
|
|
|
|