Pretty terrible, I know what's it's like to start from scratch after having a great collection. But I sold mine, he had his taken from him. I'd probably be taking some time off from the game myself.
Hopefully he has a good time at the Pro Tour, maybe it'll give him the energy needed to start over and shrug this off.
thats too bad, but i mean i really dont feel bad. people get stuff stolen all the time and i dont feel bad for tehm so i dont feel bad now. everyone know taht hackers are prevelant and i think wizards should wt up for some kind of insurance for players who have massive collections such as felix
Private Mod Note
():
Rollback Post to RevisionRollBack
Im going to say stupid things in these forums so that maybe someday i will be mentioned on "The Magic Show" or in a UG Madness comic.... Please
we should organize sit in of sorts and just stop modoing for few days protest this crap if nobody really does anything wizards wont care but if they lose money they will
we should organize sit in of sorts and just stop modoing for few days protest this crap if nobody really does anything wizards wont care but if they lose money they will
that won't happen becuz then a group of people will just constantly make top 8 of each premier event with ease. also it is really hard to get that many people to stop playing
Another security measure could be to set it so that only a certain number of cards can be sold without setting off security flags. Set it so that you specify the number of cards possible. That number can be changed, but if changed, it will take three days or somesuch to take effect, and an email is sent to your email account each day notifying you of the change. That way, your 50K collection can only move 75 cards a day unless you give 3 days notice.
This isn't to say that WotC is lax or stupid or callous for not having enough security. It is to point that the system may be improved. If you know of a good security solution, maybe you should notify WotC and see if it's implemented.
The part that is inadequate is that your logon Username is the same as your display name. There are two pieces of information needed to log on to someones account. Their username and their password. Since mtgo uses a persons username as their display name half of the security is given away and doesn't need to be hacked. This needs to be fixed, as it can double the security and make it twice as hard on hackers.
If the person had bruted (or done the mentioned "dictionary attack", which I'll get to shortly), this would have mattered. However, if it was some form of keylogger, it wouldn't matter if he had 15 different pieces of secret info to type in, the keylogger would have caught all of it.
The chances are much more likely that the hacker accessed his password either by dictionary attack on the MODO server, or some kind of exploit attack directed to his personal computer. The chances that they hacked the WHOLE MODO server system is very slim.
You keep mentioning this dictionary attack. A dictionary attack is just taking a program or script, and a dictionary file, and running it at the log in for the account over and over and over, until one of the dictionary entries works. A "brute," which some of us have been referring to, is a more comprehensive name for the same thing. It includes dictionary attacks, but it also includes merely trying every possibility, from "a", "a1", to "aaaaaa", "a853kdfpvi3ws;djkg2", etc. I have never attempted something of this sort on the MTGO servers, but if someone wants to speak up about the WotC counter measures (time out, password retry limits, response times), that would further the discussion on this. I would assume that WotC has enough security set up to atleast make this exceedingly implausible, if not outright impossible. If nothing else, password retry limits are almost universal, and usually get flagged for system admins when they get triggered.
That doesn't seem to apply here. Keeping with the analogy, it would be unreasonable to expect the dealer to instantly replace my car; however, it is not unreasonable for the dealer to attempt to find out who broke into their garage and stole the car. It is also not unreasonable to do an investigation into whether or not security was insufficient.
From all of the analogies that people are throwing around about garages and security deposit boxes, they seem to be missing something. There is a difference between allowing someone to leave their property there, and saying that you will actually protect that property. Many people mistakenly assume that providing one (the convience of storage) also provides the other (protection while being stored). I would have to read through the terms of service agreement on MTGO, which I should have done already, but I doubt WotC has any sort of protection clause.
Hey, has anyone actually thought that this is his fault, or at least partially? The two accounts should of had different passwords, but his was easy, hitting both with one hack.
Again, it depends on how this was "hacked." If it was bruted through wizards (or genuinely hacked), then yes, the passwords that Felix chose may have indeed been insecure. If it was obtained through a keylogger, as has been mentioned before, it doesn't matter what his password was. It is logging what he is entering on his computer, one piece of information or twelve, 3 letters or 600.
I do place some blame on Wizards. As said before credit cards will replace stolen funds but also they will contact you to make sure your card is not stolen when there is strage activity.
Wouldn't Wizards think that trading a 200,000+ collection in a very short time for free strange? It would not be hard to set trade limits to your account. Included could be trade qualilty so no 10 rares for 1 basic land. Allowing players to set up their own preferance would keep hackers from taking over a whole account before Wizards could step in.
Where would you keep these preferences for limits on trade? Perhaps under "my settings"? So, basically, by logging in, you would be able to change those limits... making them completely redundant.
Also, I believe Credit Cards offer the fraud insurance policies at a premium, meaning you have to pay for it. If WotC was to offer this service, they would also undoubtedly offer it for a fee. WotC can do no right in this situation, because I know that there would be just as many posts in that announcement thread, nay-saying WotC for not providing this for free. They have to balance all things, and they're going to get bad PR either way, they need to choose the way that causes less of a headache for themselves.
I'm certaintly considering stoping playing after hearing this. Its not about compensation. Its about the way WoTC handles this, and the lack of security in the Magic: Online program. There isnt even a timemout...
Edit: Funny, Silver. WoW deals with 98% of the hacks just fine. Yes, some times it takes weeks to do, but they still deal with it.
Please, explain what you know of the security in MTGO. Any of it. I seriously doubt you know any of the security measures in the program, aside from needing a username and password to log in.
Also, WotC has opened a trade dispute claim on this. Does this not sound like they are dealing with it? They even said it may take 10-14 days, which is taking time. When they are finished with this, and explain their choices in the matter, then I have no quams about making judgements about their final actions on the matter. Because then, oddly enough, they will be their final actions, instead of initial inquiries that are just beginning.
Nate, All signs point to someone bruteforcing his account, not someone just knowing his password.
Ramenth, all signs point to someone obtaining his password. We have absolutely no indication, from WotC or Felix how this was done, aside from Felix claiming that he had never given out his password. If WotC wants to release their server logs for us to peruse, then we might be able to obtain information like if he just logged in through a strange IP (which has it's limitations) or if there were a large number of attempts with a bad password on his account.
Honnestly, I think there's a simple solution to this. Why doesnt WoTC give us the option of insureing our account? I know I've got insurance on my physical collection.
I also bet that insurance is not through WotC, but through another company. I don't see WotC entering the insurance business any time soon.
Wotc's server don't respond fast enough for true brute force attack.
Well, they don't seem to be too particularly fast for log-ins. I would think that itself would merely make it require more time to do such. I also suspect that WotC would have other countermeasures to prevent bruting.
ho k, so
i wonder what would happen if somone that worked at wizards account got hacked... like MARO or AA... prolly give THEM back there cards... why though? because he works there? is that the e only reason? he put nothing into gettintg all the cards and is fully compinsated.... felix put what? 3 YEARS OF HIS LIFE into that account... and he gets nothing... that's hate...
If I remember correctly, their staff accounts are non-transferable, meaning that they couldn't trade those cards if they wanted to. Unfortunately, this makes your point somewhat mute.
To those afraid of MTGO, I think it's very possible that Felix's biggest problem was using his name as his login. The fact that his email addresses attached to those accounts leads me to believe that someone got into his email accounts first, and from there did not brute force, but simply had MTGO email the password to "himself". There's an article in the latest issue of 2600 that details "hacking" Myspace which probably describes exactly what was done to Felix.
I suspect it didn't matter that his login was his real name. He could have an account names "shnooker doodle," but when you get interviewed and featured in a mtg.com article, it makes the disassociation pointless. It does seem possible that they got access to his email accounts first, and got a "forgot password" sent out, which is so far beyond WotC's problem I don't know where to start.
For those that don't know, 2600 is The Hacker Quarterly.
It's too late for him to do anything about what happened, but Felix should seriously consider getting some new accounts, and beefing up any security questions attached to his email addresses. Perhaps even getting an email address that doesn't display your real name.
But I really doubt that brute forcing had anything to do with this, I have to think that WotC would at least be secure against that... X failed password attempts should be an auto-locking of the account, period. No more than 10, to be sure, and even that is a high number.
I believe the general standard is 3. However, I don't feel like trying this on my own MTGO account, and it would be cruel to just randomly try maxing out someone's account with no warning.
Also, we have no idea how secure any of his settings were. Obviously there was a hole in his security somewhere, but for all we know, it was that someone hacked his email account, and needs a different email provider.
we should organize sit in of sorts and just stop modoing for few days protest this crap if nobody really does anything wizards wont care but if they lose money they will
How about we deal with that once wizards releases their final result. They have started an investigation, and I trust that they will look into it. They might not do the best job of looking into it, but I have no way of determining until they actually finish. Please, just wait for Wizards to finish, and then get angry.
I actually remember a long time ago a kid stole one of my Braids (when it was Type 2), and i made him give me his Mirari's wake for it, or i'd beat him up. He got all scared and did it. You can't do that online, which really sux, i sold my accound a long time ago for about $100, glad i did too because this is sad. Like i said, The overpriced singles for IPA, bad security, and adepts watching all the time make for a service that isn't good enough even for a world champ.
So rather than just force him to give you cards back, you used your size to intimidate him into giving you other cards for free? Quite frankly, that sounds like theft, and makes you seem no better than the child that stole your cards in the first place.
The same thing happened to me over the summer, though I probably 'only' lost 3-4K worth of cards. It's unfortunate, but, it's impossible to expect WotC to do anything about it. Also, saying that this is just 'some fault of MTGO' isn't really fair. If you have some binders in a backpack and it gets stolen, do you expect the store owner to compensate you? No, you don't. The thought doesn't even cross your mind. Do you fault that store owner? Most likely not, except in extreme circumstances. As such, it always makes me wonder when this happens on MTGO and people blame MTGO. Aside from which, if WotC was in the habit of replacing collections in this kind of circumstance, it would be extremely easy to fake your own collection getting hijacked and just rip them off on a continual basis.
The situation sucks, but, it's a risk of playingy Magic. You just suck it up and start again, you don't quit.
When you first sign-up for a MODO account, one of the frist thing that you agree to, is that WoTC OWNS the cards. WoTC should be accountible for all hacking that happens on their sererver. I would like to point out the following they own the cards, they are the one who give a "random" password out to there customers that can only be changed though an anther "random" password.
If a person steals your real cards than, it is your fault because you own the cards and are resopncible for there safe keeping.
If I was on MODO I would READ THE TERMS OF AGREEMENT that is provided. And go on from there, maybe going on sueing Hasbro for the lost "product".
Wow. That really sucks man. I hope the best for you and I really hope you get your cards back. Good job on making it so far in Magic. I hope that if you ever decide to come back you'll keep a better watch on your stuff. Really, the BEST of luck to you.
This is why i don't play Magic online. I had an account once. After I heard about two of my friends getting hacked I sold it all and stopped playing online. If it's that easy to steal cards and never get them back, then I want nothing of it. It's the internet, it's a program, it has a source code and can be manipulated by people who have nothing better to do with their time.
However, I have had real cards stolen from me too. So nothing is really perfict. But I feel that with my real cards, I can keep a better eye on them. And if they do get stolen then I can only blame myself and not some faulty program.
However, Fire. That's my worst fear when it comes to real cards. That and flooding. (I actually have made waterproof cases now for most my decks.)
But still, no system is safe. Everything has a fault.
In the MWS world, for many players, winning also makes you a noob.
The same applies to:
-Knowing the rules.
-Netdecking.
-Not netdecking.
-Using old versions of a card (yeah, it has hapenned to me: "Ugh... ugly pic noob")
-Knowing English.
-Using phases.
-Countering spells.
<@MarkRosewater> THis is a secret we've carefully guarded but for this chat I'm going to spill the beans.
<@MarkRosewater> Some cards in Magic are better than others.
<@MarkRosewater> Ssh, don't tell anyone.
Here's the thing....and please correct me if I'm wrong....
This is a possible scenerio:
I log onto my account....I have a very large collection of cards and I'm looking to cash in. I sell my enitre collection to a buyer...someone that I contacted over AIM or MSN and made the deal there. I then go into my account after receiving some cash and send all of my cards to a person. I then change my account password and close all screens and delete all history on my computer of everything I just did. I have that kind of knowledge because I spend a lot of time on the compter and have become proficient at it. I then go onto the largest Magic community and cry wolf. Because of my recent fame and status in the community people see me as trustworthy and believable. I can get away with this because of these facts.
Now....say someone did "hack" the account. They did it through the same process. It still looks like you were the one that was last logged on. The person on the other end of the transaction can always say......"I paid for these cards via a transaction over AIM/MSN. Online history of the exchange? I don't keep my history of conversations."
Wizards of the Coast already knows this is what could happen. Would you compensate someone a large worth of cards if there was a shadow of doubt like this looming over? Probably not.
Not saying this is what happened....but it certainly is a scenerio.
Private Mod Note
():
Rollback Post to RevisionRollBack
"Talkin outta turn....That's a paddlin'. Starin' at my sandals....That's a paddlin'. Paddlin' the school canoe....You better believe that's a paddlin'!" --Jasper
How would wizards feel if someone jacked an entire warehouse of theirs?
How would they feel? They would be upset of course and they wouldn't like it very much.
And the next day, they would file an insurance claim to cover the monetary value of what was stolen.
Now, that doesn't mean they wouldn't look into how the warehouse was secured, since that could have been a big problem in the theft and if necessary they would do something about that, but they would not rely on the warehouse company (assuming it was a different company) to replace the last merchandise, they have insurance for that sort of thing.
How hard would it be for WotC to allow him his cards back with like a strict contract of no trades with these cards or something along those lines? Maybe it's just a dream, but these things should be corrected and WotC should reimburse him in some sorts.
Felix Leong Bao Jie, if you read this, do not quit Magic.
This event has garnered a lot of attention and even more sympathy.
You're an excellent player, as attested by your recent victory at the online Worlds qualifier.
Do well at Worlds, and you might be able to get into Pro mailing lists. If you do, and I don't see this being much of a difficulty for you, you won't have to worry about cards. You'll be playing with the best in the world. If that happens, it's a life experience you'll never forget.
Maybe it's just a dream, but these things should be corrected and WotC should reimburse him in some sorts.
Problems like this should be corrected if the fault lies with WotC. There is currently no indication at this time that WotC is to blame for this. If a hacker got onto the guy's computer or into his email account or had a bad or easily guessed password, then WotC is not to blame.
I certainly would not mind if WotC reimbursed Felix for all the lost cards, but I also won't be surprised if they don't. That is why I would look into having insurance if my digital collection was that large.
Here's the thing....and please correct me if I'm wrong....
This is a possible scenerio:
I log onto my account....I have a very large collection of cards and I'm looking to cash in. I sell my enitre collection to a buyer...someone that I contacted over AIM or MSN and made the deal there. I then go into my account after receiving some cash and send all of my cards to a person. I then change my account password and close all screens and delete all history on my computer of everything I just did. I have that kind of knowledge because I spend a lot of time on the compter and have become proficient at it. I then go onto the largest Magic community and cry wolf. Because of my recent fame and status in the community people see me as trustworthy and believable. I can get away with this because of these facts.
Now....say someone did "hack" the account. They did it through the same process. It still looks like you were the one that was last logged on. The person on the other end of the transaction can always say......"I paid for these cards via a transaction over AIM/MSN. Online history of the exchange? I don't keep my history of conversations."
Wizards of the Coast already knows this is what could happen. Would you compensate someone a large worth of cards if there was a shadow of doubt like this looming over? Probably not.
Not saying this is what happened....but it certainly is a scenerio.
They can trace the IP of the fellow who logs into the account. If the IP traces back to an individual who presumably has no contact with the account holder, it can be verified that it isn't the same person, or two folks working in collusion.
From all of the analogies that people are throwing around about garages and security deposit boxes, they seem to be missing something. There is a difference between allowing someone to leave their property there, and saying that you will actually protect that property. Many people mistakenly assume that providing one (the convience of storage) also provides the other (protection while being stored). I would have to read through the terms of service agreement on MTGO, which I should have done already, but I doubt WotC has any sort of protection clause.
This is really the most important thing that anyone signing up with MODO should look at... or dealing with anything for that matter, always read the agreement/contract clearly, know what you are in for, know who is accountable for what and so on. Its the fine print that kills ya.
They can trace the IP of the fellow who logs into the account.
Not without subpoenaing the ISP who owns the IP block, they can't. And ISPs are pretty protective of their user's personal info. They don't want to risk accidentally revealing a customer's personal info to a stalker or a pedophile. This would take a great deal of effort and expense on the part of Wizards. Why would they bother, for a bunch of cards that never even really existed in the first place?
While that's by far the harshest, most crushing story of card theft that I have ever heard, at least you can think on the positive side; You are finally free of the most addictive, time-consuming, life-changing, expensive drug on the face of the Earth! (think about it)
I don't remember them mentioning World of Warcraft anywhere in that article
Why would they bother, for a bunch of cards that never even really existed in the first place?
Because something is in it for them. If they can rescue this guys cards. Thats a huge PR success for them. Most peoples faith in MTGO will be back and they get to be the hero. On the other hand, if they just dont do anything like I think they will. Less and less people will play MTGO, most importantly the big guns who buy ****loads of cards online, probably wont play, because they are the ones with the most to lose.
Not without subpoenaing the ISP who owns the IP block, they can't. And ISPs are pretty protective of their user's personal info. They don't want to risk accidentally revealing a customer's personal info to a stalker or a pedophile. This would take a great deal of effort and expense on the part of Wizards. Why would they bother, for a bunch of cards that never even really existed in the first place?
That's looking at it from the wrong perspective. If the terms of agreement state that WotC is not responsible if your account is hacked (which it probably does, or at least something like that), then it is not up to Wizard's to get your cards back, it would be up to a police investigation based on a claim filed by the victim of the theft.
WotC is not being mean or wrong if it tells Felix that he has to persue the hacker through the criminal justice system.
EDIT:
Quote from DarkRitual »
On the other hand, if they just dont do anything like I think they will.
You are assigning to WotC responsibilities that are not theirs. It is not their job to hunt down hackers and find your property. They don't do it in real life if your binder gets stolen at the local store and they likely won't do it in the online world and they don't have to. You cannot blame them or say they are doing something bad if they don't do something that they don't have to do.
They wouldn't stand in the way of a police investigation into this matter and that is the extent of what they have to do. They are not even ethically responsible for the stolen property so to assign blame or fault in their action is wrong.
Very likely they are looking into whether this was an attack on their side or Felix's side and if they find that it wasn't on their side, their responsibility ends.
Yes you generally can watch your cards in real life, and seemingly have more control over there security.
A buddy of mine has had his cards stolen a few times when trading with people. Trades can get chaotic, sometimes it is easy to lose track of cards. I have not noticed any of my cards get stolen this way mind you.
Back near Visions I got mugged on the way home from a tournament and lost most of my cards including some power.
Couple years ago a buddy of mine had a flood and lost thousands worth of cards.
These last too are really out of our control, the first is more under our own control.
MTGO prevents the stuff we would be able to control, and prevents random muggings or natural disasters such as floods or fires.
Yes people can hack your account, but it is not as common as people think. Think of how many people you see online compared to how many you see at your local store. Everyone I know in RL has had some level of card theft...big or small. MTGO is really much more secure.
Should Felix get his cards back? No. Not from WOTC anyways. It is not their responsibility.
However, most times when I have seen people get RL collections stolen I have seen friends help them rebuild. Rather than griping and whining, why not help Felix instead. It is an online "COMMUNITY" after all.
That's looking at it from the wrong perspective. If the terms of agreement state that WotC is not responsible if your account is hacked (which it probably does, or at least something like that), then it is not up to Wizard's to get your cards back, it would be up to a police investigation based on a claim filed by the victim of the theft.
Remember that a contract - at least here in the US, where the contract is based - cannot involve or permit criminal behavior. If WotC was neglectful, then the terms are considered nullified in that particular case.
You are assigning to WotC responsibilities that are not theirs. It is not their job to hunt down hackers and find your property. They don't do it in real life if your binder gets stolen at the local store and they likely won't do it in the online world and they don't have to. You cannot blame them or say they are doing something bad if they don't do something that they don't have to do.
They wouldn't stand in the way of a police investigation into this matter and that is the extent of what they have to do. They are not even ethically responsible for the stolen property so to assign blame or fault in their action is wrong.
If the binder was stolen from a local store, then WotC would not be responsible. However, if the binder was stolen from a WotC office with a security guard watching them, then they could be responsible. Then the question would be this: would it have been reasonable for the security guard to suspect that the person taking the binder was a thief?
Let's keep in mind that WotC is attempting to resolve this issue, and hopefully they will finally take measures to help prevent this in the future.
Private Mod Note
():
Rollback Post to RevisionRollBack
Guns don't kill people. Bullets kill people. Guns just make them move really, really fast.
To post a comment, please login or register a new account.
Hopefully he has a good time at the Pro Tour, maybe it'll give him the energy needed to start over and shrug this off.
Eladamri
that won't happen becuz then a group of people will just constantly make top 8 of each premier event with ease. also it is really hard to get that many people to stop playing
People who are'nt already in MODO would usually already be leery of the online games.
I am familar with IT and frankly, there are too many holes to plug =P
I usually keep my work and play machines separate.
play paper! =D relieves potential headaches
Reality is but a perception of your being --
Visit my blog!!! - http://huffalump-magic.blogspot.com/
"The brain is wider than the sky,
For, put them side by side,
The one the other will include
With ease, and you beside."
—Emily Dickinson
For sales or trade, visit my blog or visit my ebay blog for my listings :http://myworld.ebay.com/arcane7828
881
Oooh Dicey:
[dice=1]100[/dice]
This isn't to say that WotC is lax or stupid or callous for not having enough security. It is to point that the system may be improved. If you know of a good security solution, maybe you should notify WotC and see if it's implemented.
If the person had bruted (or done the mentioned "dictionary attack", which I'll get to shortly), this would have mattered. However, if it was some form of keylogger, it wouldn't matter if he had 15 different pieces of secret info to type in, the keylogger would have caught all of it.
You keep mentioning this dictionary attack. A dictionary attack is just taking a program or script, and a dictionary file, and running it at the log in for the account over and over and over, until one of the dictionary entries works. A "brute," which some of us have been referring to, is a more comprehensive name for the same thing. It includes dictionary attacks, but it also includes merely trying every possibility, from "a", "a1", to "aaaaaa", "a853kdfpvi3ws;djkg2", etc. I have never attempted something of this sort on the MTGO servers, but if someone wants to speak up about the WotC counter measures (time out, password retry limits, response times), that would further the discussion on this. I would assume that WotC has enough security set up to atleast make this exceedingly implausible, if not outright impossible. If nothing else, password retry limits are almost universal, and usually get flagged for system admins when they get triggered.
From all of the analogies that people are throwing around about garages and security deposit boxes, they seem to be missing something. There is a difference between allowing someone to leave their property there, and saying that you will actually protect that property. Many people mistakenly assume that providing one (the convience of storage) also provides the other (protection while being stored). I would have to read through the terms of service agreement on MTGO, which I should have done already, but I doubt WotC has any sort of protection clause.
Again, it depends on how this was "hacked." If it was bruted through wizards (or genuinely hacked), then yes, the passwords that Felix chose may have indeed been insecure. If it was obtained through a keylogger, as has been mentioned before, it doesn't matter what his password was. It is logging what he is entering on his computer, one piece of information or twelve, 3 letters or 600.
Where would you keep these preferences for limits on trade? Perhaps under "my settings"? So, basically, by logging in, you would be able to change those limits... making them completely redundant.
Also, I believe Credit Cards offer the fraud insurance policies at a premium, meaning you have to pay for it. If WotC was to offer this service, they would also undoubtedly offer it for a fee. WotC can do no right in this situation, because I know that there would be just as many posts in that announcement thread, nay-saying WotC for not providing this for free. They have to balance all things, and they're going to get bad PR either way, they need to choose the way that causes less of a headache for themselves.
Please, explain what you know of the security in MTGO. Any of it. I seriously doubt you know any of the security measures in the program, aside from needing a username and password to log in.
Also, WotC has opened a trade dispute claim on this. Does this not sound like they are dealing with it? They even said it may take 10-14 days, which is taking time. When they are finished with this, and explain their choices in the matter, then I have no quams about making judgements about their final actions on the matter. Because then, oddly enough, they will be their final actions, instead of initial inquiries that are just beginning.
Ramenth, all signs point to someone obtaining his password. We have absolutely no indication, from WotC or Felix how this was done, aside from Felix claiming that he had never given out his password. If WotC wants to release their server logs for us to peruse, then we might be able to obtain information like if he just logged in through a strange IP (which has it's limitations) or if there were a large number of attempts with a bad password on his account.
I also bet that insurance is not through WotC, but through another company. I don't see WotC entering the insurance business any time soon.
Well, they don't seem to be too particularly fast for log-ins. I would think that itself would merely make it require more time to do such. I also suspect that WotC would have other countermeasures to prevent bruting.
If I remember correctly, their staff accounts are non-transferable, meaning that they couldn't trade those cards if they wanted to. Unfortunately, this makes your point somewhat mute.
I suspect it didn't matter that his login was his real name. He could have an account names "shnooker doodle," but when you get interviewed and featured in a mtg.com article, it makes the disassociation pointless. It does seem possible that they got access to his email accounts first, and got a "forgot password" sent out, which is so far beyond WotC's problem I don't know where to start.
For those that don't know, 2600 is The Hacker Quarterly.
I believe the general standard is 3. However, I don't feel like trying this on my own MTGO account, and it would be cruel to just randomly try maxing out someone's account with no warning.
Also, we have no idea how secure any of his settings were. Obviously there was a hole in his security somewhere, but for all we know, it was that someone hacked his email account, and needs a different email provider.
How about we deal with that once wizards releases their final result. They have started an investigation, and I trust that they will look into it. They might not do the best job of looking into it, but I have no way of determining until they actually finish. Please, just wait for Wizards to finish, and then get angry.
EDIT:
So rather than just force him to give you cards back, you used your size to intimidate him into giving you other cards for free? Quite frankly, that sounds like theft, and makes you seem no better than the child that stole your cards in the first place.
Extendo
When you first sign-up for a MODO account, one of the frist thing that you agree to, is that WoTC OWNS the cards. WoTC should be accountible for all hacking that happens on their sererver. I would like to point out the following they own the cards, they are the one who give a "random" password out to there customers that can only be changed though an anther "random" password.
If a person steals your real cards than, it is your fault because you own the cards and are resopncible for there safe keeping.
If I was on MODO I would READ THE TERMS OF AGREEMENT that is provided. And go on from there, maybe going on sueing Hasbro for the lost "product".
This is why i don't play Magic online. I had an account once. After I heard about two of my friends getting hacked I sold it all and stopped playing online. If it's that easy to steal cards and never get them back, then I want nothing of it. It's the internet, it's a program, it has a source code and can be manipulated by people who have nothing better to do with their time.
However, I have had real cards stolen from me too. So nothing is really perfict. But I feel that with my real cards, I can keep a better eye on them. And if they do get stolen then I can only blame myself and not some faulty program.
However, Fire. That's my worst fear when it comes to real cards. That and flooding. (I actually have made waterproof cases now for most my decks.)
But still, no system is safe. Everything has a fault.
This is a possible scenerio:
I log onto my account....I have a very large collection of cards and I'm looking to cash in. I sell my enitre collection to a buyer...someone that I contacted over AIM or MSN and made the deal there. I then go into my account after receiving some cash and send all of my cards to a person. I then change my account password and close all screens and delete all history on my computer of everything I just did. I have that kind of knowledge because I spend a lot of time on the compter and have become proficient at it. I then go onto the largest Magic community and cry wolf. Because of my recent fame and status in the community people see me as trustworthy and believable. I can get away with this because of these facts.
Now....say someone did "hack" the account. They did it through the same process. It still looks like you were the one that was last logged on. The person on the other end of the transaction can always say......"I paid for these cards via a transaction over AIM/MSN. Online history of the exchange? I don't keep my history of conversations."
Wizards of the Coast already knows this is what could happen. Would you compensate someone a large worth of cards if there was a shadow of doubt like this looming over? Probably not.
Not saying this is what happened....but it certainly is a scenerio.
How would they feel? They would be upset of course and they wouldn't like it very much.
And the next day, they would file an insurance claim to cover the monetary value of what was stolen.
Now, that doesn't mean they wouldn't look into how the warehouse was secured, since that could have been a big problem in the theft and if necessary they would do something about that, but they would not rely on the warehouse company (assuming it was a different company) to replace the last merchandise, they have insurance for that sort of thing.
This event has garnered a lot of attention and even more sympathy.
You're an excellent player, as attested by your recent victory at the online Worlds qualifier.
Do well at Worlds, and you might be able to get into Pro mailing lists. If you do, and I don't see this being much of a difficulty for you, you won't have to worry about cards. You'll be playing with the best in the world. If that happens, it's a life experience you'll never forget.
So don't quit Magic.
Cheers and good health.
Problems like this should be corrected if the fault lies with WotC. There is currently no indication at this time that WotC is to blame for this. If a hacker got onto the guy's computer or into his email account or had a bad or easily guessed password, then WotC is not to blame.
I certainly would not mind if WotC reimbursed Felix for all the lost cards, but I also won't be surprised if they don't. That is why I would look into having insurance if my digital collection was that large.
They can trace the IP of the fellow who logs into the account. If the IP traces back to an individual who presumably has no contact with the account holder, it can be verified that it isn't the same person, or two folks working in collusion.
This is really the most important thing that anyone signing up with MODO should look at... or dealing with anything for that matter, always read the agreement/contract clearly, know what you are in for, know who is accountable for what and so on. Its the fine print that kills ya.
Reality is but a perception of your being --
Visit my blog!!! - http://huffalump-magic.blogspot.com/
"The brain is wider than the sky,
For, put them side by side,
The one the other will include
With ease, and you beside."
—Emily Dickinson
For sales or trade, visit my blog or visit my ebay blog for my listings :http://myworld.ebay.com/arcane7828
881
Oooh Dicey:
[dice=1]100[/dice]
Not without subpoenaing the ISP who owns the IP block, they can't. And ISPs are pretty protective of their user's personal info. They don't want to risk accidentally revealing a customer's personal info to a stalker or a pedophile. This would take a great deal of effort and expense on the part of Wizards. Why would they bother, for a bunch of cards that never even really existed in the first place?
I don't remember them mentioning World of Warcraft anywhere in that article
Because something is in it for them. If they can rescue this guys cards. Thats a huge PR success for them. Most peoples faith in MTGO will be back and they get to be the hero. On the other hand, if they just dont do anything like I think they will. Less and less people will play MTGO, most importantly the big guns who buy ****loads of cards online, probably wont play, because they are the ones with the most to lose.
That's looking at it from the wrong perspective. If the terms of agreement state that WotC is not responsible if your account is hacked (which it probably does, or at least something like that), then it is not up to Wizard's to get your cards back, it would be up to a police investigation based on a claim filed by the victim of the theft.
WotC is not being mean or wrong if it tells Felix that he has to persue the hacker through the criminal justice system.
EDIT:
You are assigning to WotC responsibilities that are not theirs. It is not their job to hunt down hackers and find your property. They don't do it in real life if your binder gets stolen at the local store and they likely won't do it in the online world and they don't have to. You cannot blame them or say they are doing something bad if they don't do something that they don't have to do.
They wouldn't stand in the way of a police investigation into this matter and that is the extent of what they have to do. They are not even ethically responsible for the stolen property so to assign blame or fault in their action is wrong.
Very likely they are looking into whether this was an attack on their side or Felix's side and if they find that it wasn't on their side, their responsibility ends.
A buddy of mine has had his cards stolen a few times when trading with people. Trades can get chaotic, sometimes it is easy to lose track of cards. I have not noticed any of my cards get stolen this way mind you.
Back near Visions I got mugged on the way home from a tournament and lost most of my cards including some power.
Couple years ago a buddy of mine had a flood and lost thousands worth of cards.
These last too are really out of our control, the first is more under our own control.
MTGO prevents the stuff we would be able to control, and prevents random muggings or natural disasters such as floods or fires.
Yes people can hack your account, but it is not as common as people think. Think of how many people you see online compared to how many you see at your local store. Everyone I know in RL has had some level of card theft...big or small. MTGO is really much more secure.
Should Felix get his cards back? No. Not from WOTC anyways. It is not their responsibility.
However, most times when I have seen people get RL collections stolen I have seen friends help them rebuild. Rather than griping and whining, why not help Felix instead. It is an online "COMMUNITY" after all.
Remember that a contract - at least here in the US, where the contract is based - cannot involve or permit criminal behavior. If WotC was neglectful, then the terms are considered nullified in that particular case.
If the binder was stolen from a local store, then WotC would not be responsible. However, if the binder was stolen from a WotC office with a security guard watching them, then they could be responsible. Then the question would be this: would it have been reasonable for the security guard to suspect that the person taking the binder was a thief?
Let's keep in mind that WotC is attempting to resolve this issue, and hopefully they will finally take measures to help prevent this in the future.