Final Fantasy XIV (Guide in first post)

  • Guest, it's time once again for the massively important and exciting FoH Asshat Tournament!



    Go here and give us your nominations!
    Who's been the biggest Asshat in the last year? Give us your worst ones!
A

Arkael

Lord Nagafen Raider
70
5
Stave_sl said:
wall of text
Click to expand...
What does yoshi's dick taste like?

This shit is not ok. People being this forgiving is the reason we keep getting handed crap like this and pay for it anyway. Stop defending this failure of a 2013 mmorpg. I really had fun with it (for a week or so) but if you're ok with the state this game was released in, and how long it's going to take (2 months is not ok) to get just SOME of it fixed, you need to get your head checked.

edit: play a paladin. broken animation lock on everything, horribly boring stun/silence mechanic on every damn fight, even though it's off GCD you can't be doing anything to use it when you need it, aoe with no scaling at all, 3 year remake and this is the best they could do? I'm annoyed with myself that I gave into the hype and handed money to yet another failure of an mmo developer
 
Alkorin

Chancellor Alkorin

Part-Time Sith
<Granularity Engineer>
6,051
6,036
Tenks_sl said:
This is a bit of mis-information. Their launcher uses HTML but still requires to client to actually work. It isn't like you can just go to login.ffxiv.com and get to the page. Next the session ID is a gigantic hash. So literally you need to grab someone else's session ID. Which is nearly impossible with the current security procedures in Windows. You'd need admin access to the machine. Basically you'd have to download a virus and let it run as admin.
Click to expand...
There is so much wrong with this post that I'm not even sure where to begin. But, here we go.

1. Yes, you can "just go" to their login server and get to "the page". HTTP is a query-response protocol. You provide the session ID within the proper request, you get a login ticket. That's generally how sessions authenticated via HTTP work. Granted, the ticket will be useless to you unless you're using it to provide the client with authentication, but that's the point, isn't it?

2. "Nearly impossible with the current security procedures in Windows"? Are you high? Let's dissect this one.

a. I'd bet my favourite hat that most gamers immediately turn UAC off, never looking back. I don't have a favourite hat. I'll go buy one if I'm wrong here, but I'm not wrong on this.

b. "You'd need admin access to the machine": Most of today's computer problems are solved by "run it as Administrator". Immediately. With no troubleshooting or thought process.

c. "You'd have to download a virus and let it run as admin": See a. and b. If you're running everything as an administrator, or you've disabled UAC, everything you download can "run as admin" if it chooses to do so. Not that we really "download" viruses anymore, as many of them are malicious content delivered by web, but anyway... yeah. You're probably running it as admin anyway.

d. Notwithstanding c., you don't even need to be an administrator to do various things. For example, you don't need to be an administrator to access the clipboard (for people that copy/paste their passwords because they figure that can't be keylogged).

I sincerely hope you're not in IT for a living.
 
Vandyn

Vandyn

Blackwing Lair Raider
3,656
1,382
I honestly think the only thing this game does unique and fun is crafting, which is sad in a lot of ways. I think the game looks good, but I don't think it's great (especially when compared to Mists in WoW or even Rift). I think a good number of the dungeons are boring, in terms of look/layout/mechanics. I think boss fights, especially early on are pretty one dimensional, with some exceptions. Questing is the same formula almost all these types of games follow and for the initial 1-50 story quest, it's very well done. The problem is when you get beyond that, either leveling alts or if you want to level up other than questing at all. The one thing WoW has going for it is you are not locked on only one path to level a character, it is completely viable to level by dungeon finder and the occasional quest (I did it on my tank during Cataclysm). You just don't have those options here.

People should stop trying to compare to a what a game launched within 2004.
 
Korrupt

Korrupt

Blackwing Lair Raider
4,832
1,228
Hotfix info for next week

Details on the Upcoming Hot Fix

Greetings!

As we mentioned recently, we will be performing a hot fix next week where we will be performing adjustments and addressing various things. While the specific details will be announced separately, I would like to give you an overview of what will be done ahead of time.
* The maintenance is scheduled to take place on Oct. 14, 2013 from 8:00 p.m. (PDT) / Oct. 15, 2013 from 3:00 (GMT). See the following for more details: NA / EU (Added on October 11th, 2013)

Changes will be made to the way equipment is bound.
Introducing additional servers and enhancements to act as a countermeasure against the congestion to enter "Amdapor Keep."
The difficulty for level 50 dungeons will be adjusted.
The number of areas where you can acquire Allagan Tomestones of Philosophy and Mythology will be increased as well as the amount you can acquire.
Implementation of a population cap for each field.
* The population cap is planned to be introduced separately. (Added on October 11th, 2013)
Adjustments to the spawn rate of monsters that drop diremite web and additional locations where Karakul can be found.
The amount of experience points that can be acquired on botanist and miner, as well the experience points that can be acquired from their fieldcraft leves, will be increased.
User interface elements related to materia and target information will be adjusted.
Click to expand...
 
T

Tol_sl

shitlord
759
0
I think it was some of the most fun I had in an MMO for about a month. I'm hoping they address and improve the game over time, because overall I had a lot of fun. I'm holding off on subbing for a few reasons.

-Security: I know like 3 people who had accounts jacked by gold sellers and were banned, and two were never given an explanation by SOE. One guy waited 3 weeks for a response. Don't really want to give them my CC
-Replay: with all the quests done, and dungeon queues taking forever on dps classes, fate grinding is pretty much how to do it, and I thought that was lame as hell.
-Endgame at this time: I'm not hardcore enough to be a coil raider due to work schedule, and running AK makes me want to gag. Needs more group content.
-I hated the gathering jobs, and doing tradeskills without them wasn't very fun (diremite and flax prices were just too high for me). I hated having to switch to a dedicated class as opposed to just gathering while I leveled or crafted on a whim.
 
T

Tenks

Bronze Knight of the Realm
14,163
607
Alkorin_sl said:
There is so much wrong with this post that I'm not even sure where to begin. But, here we go.

1. Yes, you can "just go" to their login server and get to "the page". HTTP is a query-response protocol. You provide the session ID within the proper request, you get a login ticket. That's generally how sessions authenticated via HTTP work. Granted, the ticket will be useless to you unless you're using it to provide the client with authentication, but that's the point, isn't it?

2. "Nearly impossible with the current security procedures in Windows"? Are you high? Let's dissect this one.

a. I'd bet my favourite hat that most gamers immediately turn UAC off, never looking back. I don't have a favourite hat. I'll go buy one if I'm wrong here, but I'm not wrong on this.

b. "You'd need admin access to the machine": Most of today's computer problems are solved by "run it as Administrator". Immediately. With no troubleshooting or thought process.

c. "You'd have to download a virus and let it run as admin": See a. and b. If you're running everything as an administrator, or you've disabled UAC, everything you download can "run as admin" if it chooses to do so. Not that we really "download" viruses anymore, as many of them are malicious content delivered by web, but anyway... yeah. You're probably running it as admin anyway.

d. Notwithstanding c., you don't even need to be an administrator to do various things. For example, you don't need to be an administrator to access the clipboard (for people that copy/paste their passwords because they figure that can't be keylogged).

I sincerely hope you're not in IT for a living.
Click to expand...
So basically your post is "If you run Windows with hardly any security and do dumb shit you can get fucked by viruses." No fucking shit Sherlock. I'm well, well aware of what HTTP is (and the login page uses HTTPS, but they'd be retarded not to) but many, many launchers use it in the way that FFXIV is using it. In fact basically every MMO on the market uses the same idea of assigning the user an SID and using it as an execution parameter while launching the game. The issue with FFXIV's is that the SIDs simply are not expiring. Either through design choices or a bug. Which then goes hand-in-hand that the two-step autho is worthless due to simply jacking the SID. Again the SID only being able to be hijacked if you've done some dumb shit on your computer. People are going around on forums acting like some masked man behind a computer is using FFXIV's evil HTML wrapped launcher that is no different than a webpage sending clear-text SIDs where a man in the middle is sitting there writing them to a database. Which is completely false. The people getting hijacked have something on their computers making them get hijacked.
 
Malakriss

Malakriss

Golden Baronet of the Realm
12,659
11,973
Tol_sl said:
-Security: I know like 3 people who had accounts jacked by gold sellers and were banned, and two were never given an explanation by SOE. One guy waited 3 weeks for a response. Don't really want to give them my CC
Click to expand...
Just wanted to say this is fucking stupid to complain about. Tell your dumbfuck friends they're responsible for keeping their information secure and no shit companies are going to not want such liabilities as customers/employees/whatever. Years and years later and all these types of fuckers do is whine after the fact.

P.S. It's also really sad many who quit are now posting it up in the SWTOR and other threads about "oh wow neato this looks so cool now" and a couple weeks later we'll get the "god damn this shit sucks, couldn't stand it any more"
 
spronk

spronk

FPS noob
23,360
27,218
how to hack the gibson

1. open cmd prompt (regular user no admin required)
2. wmic /output:%temp%\processinfo.txt path win32_process get Caption,Processid,Commandline
3. notepad %temp%\processinfo.txt
4. search for ffxiv.exe, copy and paste "DEV.TestSID=xxxxxxxxxxxxxxx" into a new reddit thread
5. profit
 
T

Tol_sl

shitlord
759
0
I really don't think it's anything on their end. One guy I've played most MMOs with since EQ, and he's never had an account hacked prior to this. He's certainly not a moron, uses keypass for most stuff, ran spybot and adaware without finding any trojans or malware. I don't know if he was using an authenticator or not, but that seems like every reasonable precaution I can possibly think of. Combined with the rampant cheating in game, I just get the vibe SE doesn't have any way of keeping their shit secure.
 
T

Tol_sl

shitlord
759
0
I don't know what to tell you, or why you seem to be taking so much umbrage at this. I'm just saying that my personal experience is that I've seen more account-jackings in this game by far than any other I've played. This seems to be a pretty common sentiment, and the fact that SE literally is taking weeks to respond to people who have the issue is something that I consider pretty shoddy service, and definitely a strike against them in my book. I'm not trying to shit on anyones parade or convince you not to play or whatever, but I don't think your solution of, "Good, they're liabilities and SE doesn't need those customers!" is really all that good of a business model.
 
Mures

Mures

Blackwing Lair Raider
4,014
511
Stave_sl said:
Lol wut? Source? I am pretty sure I read somewhere that some WoW fanboy's kid's mom's brother's uncle's dog's neighbor can type in some binary into chat and it will force your character to give them a virtual handjob and a moneyshot of all your gil to them. I'm all for calling a game on it's flaws but a lot of this shit is rumors and people have been called on it. Anyways, use paypal to sub. And it's the same system that FFXI has been using for many many years and never been hacked, so anyways...
Click to expand...
I'm of the same sentiment as this guy. I believe all this session spoofing shit about as much as I did during D3, not at all. The funny thing was even after Blizzard came out and said that no such thing occurred and that it was technically impossible to do people still refused to believe them and said they were lying.
 
Korrupt

Korrupt

Blackwing Lair Raider
4,832
1,228
The people getting hacked are either gold buyers or are up to something nefarious like visiting gold buying / bot websites. This shit happens in every single game from GW2, PoE to D3 and companies dont give a fuck. Its not that hard and its free to add a token and make your password something different than what you use for every game.
 
T

Tenks

Bronze Knight of the Realm
14,163
607
Two-step autho saves you from keyloggers but it wouldn't save you from session hijacking. I haven't actually verified myself if it is technically feasible but everything I've read about it makes sense.
 
Pyros

Pyros

<Silver Donator>
11,221
2,367
Tenks_sl said:
Two-step autho saves you from keyloggers but it wouldn't save you from session hijacking. I haven't actually verified myself if it is technically feasible but everything I've read about it makes sense.
Click to expand...
Most "hacks" aren't complicated shit. Hell most of them are just spamming logins with lists of logins/passes that were stolen from other places and getting a bunch of accounts from people who are really lax about account security. Then you have phishing, and sometimes keyloggers and co. Once you get to that realm though, it's hard not to get hacked. Granted it's even easier in FFXIV is what people said is true and the session IDs aren't being wiped for several days but if you have keyloggers/trojans/virus(ii) on your computer, you're gonna have a bad time, regardless.

As for modifying the database directly I'd like to see a video of it being done. The carpenter insta 50 shit looked close, but as far as we can tell it could be just a shitty exploit or a very fast bot using teleport and actually turning in leves(why he'd have leves though is another question, so still leaning toward exploit). The whole you can open trade and steal money from people seems weird as fuck, if you can do that why can't you just open your retainer and put any value you want, that'd be easier.
 
You must log in or register to reply here.