Here, gone, here and gone again – the new EVE Forums

When CCP announced that they were replacing their old forums I must admit I cringed inside. It just seemed to be the type of thing CCP would get wrong.  While my insight is more pessimistic than prophetic, it turned out to be accurate.

The new forum had (at least) two very basic but huge security holes in it.  The first was that once you logged in, you could modify the forum browser cookie to assume the identity of any other user, including those with moderator functions.  The second was that you could imbed code in your signature – which opened any person viewing the forums to a myriad of possible attacks. **

There is already a history of hacking and unscrupulous activities perpetrated by EVE players and those who make shady profits from the game, and every other week there is an alliance forum dump made available for public consumption.  CCP should have known that some very smart people would be looking for exploits and put a lot of extra effort into their security.  Instead they made a fundamental mess of things, with amateur mistakes which took minimal effort to find and abuse.

I like EVE.  I like CCP for producing it.  I forgive them for messing up occasionally.  But I have to just shake my head in wonder at why they make it so easy for people to troll and flame them.

** CCP released a dev blog saying the second exploit was not actually available.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s