Why I Want to Raid Bryan

[clatra]

Bryan is a sack of shit.

Let me rewind. Back when Dragoon owned TW, Bryan used exploits to get into at least one of my bases (without chopping a single fence) and onto my island. He also stole upwards of 10 billion gold from my island. Dragoon could not figure out how he did "it" so he made a deal with Bryan: he would not ban Bryan if Bryan would tell him exactly how he did "it". According to Dragoon "it" was fixed. Also, Dragoon swore me to secrecy. Oops, my bad.

Fast forward to a few weeks ago. I had upwards of 20 billion worth of stuff stolen from my island. Did Dragoon fix the getting-onto-island exploit or did "it" refer to the getting-past-fences exploit, or are they the same exploit? Who knows cuz Dragoon ain't sayin'. According to one admin, the 20+-billion-gold-exploiter was not Bryan. The admin is confident about this but I am not. One [rebel] said Bryan was MIA. Another said he had stopped playing. According to Bryan the habitual liar he was in the hospital. Yeah right.

It is completely possible that Bryan taught someone else exploits (I am looking at you, [rebel]s) which were used to steal stuff from me. In any case, fuck Bryan the admitted liar, the admitted cheater, and the admitted exploiter. I warned everyone, multiple times, he could not be trusted -- those who chose to believe him over me need to have your heads examined. Anyone who gives him the time of day should be flogged.

Oh yeah, in addition to messing with me, Bryan admitted to hacking to find several players' hashes, which is essentially like having passwords, and used them to access their characters. Bryan blamed Dragoon for making it easy to find the hashes. An easy hack is still a hack, genius.

Now a story: many moons ago I raided and evicted Bryan from a couple continents. He begged me -- literally begged me -- to stop and said he would do anything to get me to stop. Another of his lies. Although he agreed to pay the billions of gold back to me, I have yet to see any of it while he continued to fund edicts and other shit. He fails so miserably at TW that he has to lie and resort to breaking rules, maybe even laws, to get back at me.

Join me in shunning him. In raiding him. In making him so unwelcome in TW that he begs us all in the forums to be his friend again. Then we can all laugh at the asshat.

As for the admins, they are doing everything in their power to bring the culprit(s) to justice. Whichever player(s) had any part in stealing from me or getting my stolen goods, I will raid those players into oblivion. Unless, of course, they tell an admin IMMEDIATELY what information they have regarding theft from my island. Items stolen include billions of gold in trade notes, dried poo, EBP, 3 grades of sliver, imp yarn, and imp cloth.

Did I mention Bryan is a borderline pedophile and sociopath? Ah, but those accusations are for another day.

[clatra]

Bryan is a sack of shit.

Let me rewind. Back when Dragoon owned TW, Bryan used exploits to get into at least one of my bases (without chopping a single fence) and onto my island. He also stole upwards of 10 billion gold from my island. Dragoon could not figure out how he did "it" so he made a deal with Bryan: he would not ban Bryan if Bryan would tell him exactly how he did "it". According to Dragoon "it" was fixed. Also, Dragoon swore me to secrecy. Oops, my bad.

Fast forward to a few weeks ago. I had upwards of 20 billion worth of stuff stolen from my island. Did Dragoon fix the getting-onto-island exploit or did "it" refer to the getting-past-fences exploit, or are they the same exploit? Who knows cuz Dragoon ain't sayin'. According to one admin, the 20+-billion-gold-exploiter was not Bryan. The admin is confident about this but I am not. One [rebel] said Bryan was MIA. Another said he had stopped playing. According to Bryan the habitual liar he was in the hospital. Yeah right.

It is completely possible that Bryan taught someone else exploits (I am looking at you, [rebel]s) which were used to steal stuff from me. In any case, fuck Bryan the admitted liar, the admitted cheater, and the admitted exploiter. I warned everyone, multiple times, he could not be trusted -- those who chose to believe him over me need to have your heads examined. Anyone who gives him the time of day should be flogged.

Oh yeah, in addition to messing with me, Bryan admitted to hacking to find several players' hashes, which is essentially like having passwords, and used them to access their characters. Bryan blamed Dragoon for making it easy to find the hashes. An easy hack is still a hack, genius.

Now a story: many moons ago I raided and evicted Bryan from a couple continents. He begged me -- literally begged me -- to stop and said he would do anything to get me to stop. Another of his lies. Although he agreed to pay the billions of gold back to me, I have yet to see any of it while he continued to fund edicts and other shit. He fails so miserably at TW that he has to lie and resort to breaking rules, maybe even laws, to get back at me.

Join me in shunning him. In raiding him. In making him so unwelcome in TW that he begs us all in the forums to be his friend again. Then we can all laugh at the asshat.

As for the admins, they are doing everything in their power to bring the culprit(s) to justice. Whichever player(s) had any part in stealing from me or getting my stolen goods, I will raid those players into oblivion. Unless, of course, they tell an admin IMMEDIATELY what information they have regarding theft from my island. Items stolen include billions of gold in trade notes, dried poo, EBP, 3 grades of sliver, imp yarn, and imp cloth.

Did I mention Bryan is a borderline pedophile and sociopath? Ah, but those accusations are for another day.

[Viceroy Twisti]

Readers beware: not all of the above statements are actually true.

[Viceroy Twisti]

Readers beware: not all of the above statements are actually true.

[Abyss Rose]

So basically you his G2 attacking Epik but since he is not there you won't mind hitting a few rebel's because we are guilty by association?

I'm not saying I completely believe Epik 100% in fact I know he lies about somethings. We 'all' do. I some time stretch the truth about how much of an Item I have, after all it gives me the advantage in the negotiation. and I can honestly say no one in toadwater actually knows how much gold I really have. (not even me for that mater the answer would involve to much math)

That being said can't you just bring up your assumptions to an admin rather then attacking a group of people?

[Abyss Rose]

So basically you his G2 attacking Epik but since he is not there you won't mind hitting a few rebel's because we are guilty by association?

I'm not saying I completely believe Epik 100% in fact I know he lies about somethings. We 'all' do. I some time stretch the truth about how much of an Item I have, after all it gives me the advantage in the negotiation. and I can honestly say no one in toadwater actually knows how much gold I really have. (not even me for that mater the answer would involve to much math)

That being said can't you just bring up your assumptions to an admin rather then attacking a group of people?

[Sgt Mayer]

This is to the Admins.

I personally hate it when people take a game to seriously.  But, There are many people who have invested a very large amount of time and for some, a considerable amount of money. 

So I ask, that you tell us whether or not this game can be exploited as clatra described and are our passwords safe.

I believe that he players deserve to know this information.

[Sgt Mayer]

This is to the Admins.

I personally hate it when people take a game to seriously.  But, There are many people who have invested a very large amount of time and for some, a considerable amount of money. 

So I ask, that you tell us whether or not this game can be exploited as clatra described and are our passwords safe.

I believe that he players deserve to know this information.

[Travis]

To reassure everyone, Currently there are only three people with access to the passwords: Matt, Twisti and myself.  If you want to be sure that your account is safe, change your password to something you have never used before and don't tell anyone.  Make sure you don't log on others people's computers and save the passwords there. 

There are not any exploits that I am aware of that makes islands/accounts/hoards unsafe.  If you know of any, let me know right away so I can fix it and prevent any situations from happening.

If you would like to know anything else, just let me know.

[Travis]

To reassure everyone, Currently there are only three people with access to the passwords: Matt, Twisti and myself.  If you want to be sure that your account is safe, change your password to something you have never used before and don't tell anyone.  Make sure you don't log on others people's computers and save the passwords there. 

There are not any exploits that I am aware of that makes islands/accounts/hoards unsafe.  If you know of any, let me know right away so I can fix it and prevent any situations from happening.

If you would like to know anything else, just let me know.

[Viceroy Twisti]

Yes, I think it needs to be pointed out that there is no evidence that someone used any sort of hack or exploit to steal from clatra. No foreign IPs showed on her account, the island coords didn't show up on any other char, the server was not compromised, etc. It is just as possible that she logged into TW with a computer that was infested with a Trojan, or that someone else with access to her account took it or let someone else have access to it. With the vague description "some items, I don't know exactly what or how many, disappeared some weeks or months ago", it's obviously very hard to track something like this down.

However, considering that there are many people with items far more valuable on their island, none of them of which got robbed, makes me confident to say that islands are still 100% secure - as long as your account is.

[Viceroy Twisti]

Yes, I think it needs to be pointed out that there is no evidence that someone used any sort of hack or exploit to steal from clatra. No foreign IPs showed on her account, the island coords didn't show up on any other char, the server was not compromised, etc. It is just as possible that she logged into TW with a computer that was infested with a Trojan, or that someone else with access to her account took it or let someone else have access to it. With the vague description "some items, I don't know exactly what or how many, disappeared some weeks or months ago", it's obviously very hard to track something like this down.

However, considering that there are many people with items far more valuable on their island, none of them of which got robbed, makes me confident to say that islands are still 100% secure - as long as your account is.

[Crazyman]

Bryan hasn't been active in quite a while and raiding G2 isn't really raiding Bryan. It's raiding the "rebels", and while Bryan was a "rebel" you can not really consider him an active player.
Sounds to me like you're coming up with past instances that may or not be true to try and justify your claiming of another continent.
Stick with the land you have.

[Crazyman]

Bryan hasn't been active in quite a while and raiding G2 isn't really raiding Bryan. It's raiding the "rebels", and while Bryan was a "rebel" you can not really consider him an active player.
Sounds to me like you're coming up with past instances that may or not be true to try and justify your claiming of another continent.
Stick with the land you have.

[Sgt Mayer]

To reassure everyone, Currently there are only three people with access to the passwords: Matt, Twisti and myself.  If you want to be sure that your account is safe, change your password to something you have never used before and don't tell anyone.  Make sure you don't log on others people's computers and save the passwords there. 

There are not any exploits that I am aware of that makes islands/accounts/hoards unsafe.  If you know of any, let me know right away so I can fix it and prevent any situations from happening.

If you would like to know anything else, just let me know.

Thank you.

[Sgt Mayer]

To reassure everyone, Currently there are only three people with access to the passwords: Matt, Twisti and myself.  If you want to be sure that your account is safe, change your password to something you have never used before and don't tell anyone.  Make sure you don't log on others people's computers and save the passwords there. 

There are not any exploits that I am aware of that makes islands/accounts/hoards unsafe.  If you know of any, let me know right away so I can fix it and prevent any situations from happening.

If you would like to know anything else, just let me know.

Thank you.

[Matt Siegman]

Also, to say we have access to the passwords isn't really true--the passwords are hashed before they are stored. Hashing is an irreversible process, so we can never retrieve your password from your hash. (Well, there are a few exploits, but they only matter if some gets the hashes and spends a LOT of computing time building rainbow tables. We have no evidence of this happening.)

[Matt Siegman]

Also, to say we have access to the passwords isn't really true--the passwords are hashed before they are stored. Hashing is an irreversible process, so we can never retrieve your password from your hash. (Well, there are a few exploits, but they only matter if some gets the hashes and spends a LOT of computing time building rainbow tables. We have no evidence of this happening.)

[clatra]

Regarding G2, I have had control of the noob world fencing for months. In no way is my fencing threatening anyone and my presence in G2 is completely negotiable but not until the issue of discovering the culprit(s) is resolved. I have not chopped a single fence in G2. But just for kicks I need to post this:

patrolling your land IS your responsibility from raiders, friends, and the government. It's only your land for as long as you can KEEP it.

As for guilt by association, you lie with dogs you get fleas. The only player who, I think, has that big a grudge against me is Bryan. Maybe other [rebel]s had nothing to do with any of this and, if that turns out to the the case, for Christ's sake be more careful about who you share accounts, information, and land with.

As for what was "disappeared", I know exactly what it was but I do not know how many of each item (was it 10,687,432 imperial cloth or 10,867,432?) or when it disappeared. Let me explain the when: I have 5 hoards on my island. My items in those hoards are sorted by frequency of use so in 1 step I get to the 1st hoard (the one with my most frequently used stuff), 2 steps 2nd hoard, etc. I rarely go into any hoards beside the 1st one -- one stack of items was, indeed, stolen from the 1st one and shame on me for not noticing exactly when my dried poo disappeared (would the average player notice dried poo missing?). But the 2 stacks of items in the 2nd hoard, and the many stacks of items from the 3rd hoard could go missing for months and I may never know. This is exactly why it took me so long to discover and why it makes it impossible for me to pinpoint when this happened.

In the past I used multiple computers to access TW. It has been about 9 months since I started playing exclusively on 2 computers, running off a USB drive, and I never type in my password. It is extremely unlikely that I fell victim to a trojan or keylogger. Add to this the specific items that disappeared and it is even less likely that some sort of bug or non-TW-related person (it was not my family) was responsible.

Note that when Dragoon and I were trying to figure out how Bryan got into my base, I had the exact timestamp of when he was there as he was stupid enough to wipe one of my statues. Dragoon checked the logs and even though the public logs showed that Bryan did it, Dragoon's logs showed that *I* wiped my statue at that exact moment. So the original exploits were doing stuff like that -- I have no idea if this helps but it could explain the lack of evidence that Twisti has found.

Twisti, is there anything else that needs explaining lest folks think you are calling me a liar? Be specific about what I am not telling the truth about.

Put yourself in my shoes, folks. You have 100% incontrovertible proof from an admin and Bryan himself that he stole from your island using exploits. Years later your are paranoidly careful about your password and all your gold, poo, and textile/weaving stuff disappears from your island in much the same way -- do you think "probably a bug that ONLY happened to me" or do you think "some asshole exploiter with a grudge stole from my island, again"?

Has ANYONE come into possession of large amounts of poo or textile/weaving stuff in the past few weeks? Admins, can you check Bryan's inventory, his mules' inventories, and his hoards for the items? I am 90% confident he did not have more than a few billion gold a couple months ago -- if he has over 10 billion now, I hope that is some evidence that can be used against him.

[clatra]

Regarding G2, I have had control of the noob world fencing for months. In no way is my fencing threatening anyone and my presence in G2 is completely negotiable but not until the issue of discovering the culprit(s) is resolved. I have not chopped a single fence in G2. But just for kicks I need to post this:

patrolling your land IS your responsibility from raiders, friends, and the government. It's only your land for as long as you can KEEP it.

As for guilt by association, you lie with dogs you get fleas. The only player who, I think, has that big a grudge against me is Bryan. Maybe other [rebel]s had nothing to do with any of this and, if that turns out to the the case, for Christ's sake be more careful about who you share accounts, information, and land with.

As for what was "disappeared", I know exactly what it was but I do not know how many of each item (was it 10,687,432 imperial cloth or 10,867,432?) or when it disappeared. Let me explain the when: I have 5 hoards on my island. My items in those hoards are sorted by frequency of use so in 1 step I get to the 1st hoard (the one with my most frequently used stuff), 2 steps 2nd hoard, etc. I rarely go into any hoards beside the 1st one -- one stack of items was, indeed, stolen from the 1st one and shame on me for not noticing exactly when my dried poo disappeared (would the average player notice dried poo missing?). But the 2 stacks of items in the 2nd hoard, and the many stacks of items from the 3rd hoard could go missing for months and I may never know. This is exactly why it took me so long to discover and why it makes it impossible for me to pinpoint when this happened.

In the past I used multiple computers to access TW. It has been about 9 months since I started playing exclusively on 2 computers, running off a USB drive, and I never type in my password. It is extremely unlikely that I fell victim to a trojan or keylogger. Add to this the specific items that disappeared and it is even less likely that some sort of bug or non-TW-related person (it was not my family) was responsible.

Note that when Dragoon and I were trying to figure out how Bryan got into my base, I had the exact timestamp of when he was there as he was stupid enough to wipe one of my statues. Dragoon checked the logs and even though the public logs showed that Bryan did it, Dragoon's logs showed that *I* wiped my statue at that exact moment. So the original exploits were doing stuff like that -- I have no idea if this helps but it could explain the lack of evidence that Twisti has found.

Twisti, is there anything else that needs explaining lest folks think you are calling me a liar? Be specific about what I am not telling the truth about.

Put yourself in my shoes, folks. You have 100% incontrovertible proof from an admin and Bryan himself that he stole from your island using exploits. Years later your are paranoidly careful about your password and all your gold, poo, and textile/weaving stuff disappears from your island in much the same way -- do you think "probably a bug that ONLY happened to me" or do you think "some asshole exploiter with a grudge stole from my island, again"?

Has ANYONE come into possession of large amounts of poo or textile/weaving stuff in the past few weeks? Admins, can you check Bryan's inventory, his mules' inventories, and his hoards for the items? I am 90% confident he did not have more than a few billion gold a couple months ago -- if he has over 10 billion now, I hope that is some evidence that can be used against him.

[Viceroy Twisti]

Naturally, we checked Bryan, even though there was no evidence for any wrongdoings on his part. And as your husband had access to your account, your personal security ends there rather suddenly. The only evidence that your password couldn't have been compromised is your promise to me that your husband promised to you that he never took anything - heck, he didn't even say where or how he logged in. I'm not calling you a liar (on that part), but I'm sure you can see how that's not exactly water tight proof that nobody could have gotten ahold of your account.

There has never ever been any sort of hack or exploit that let people get on other people's island (unless you count said people being dumb enough to drag them there). The single issue, and reason for your original theft years back, is Bryan getting ahold of your password hash, and being able to log onto your character. Nobody other than yourself has logged onto your account since, so I'm certain it wasn't that bug (which has been fixed since anyways, of course).

As for calling you a liar: yes, some things you claim as fact in your original post are outright lies. You probably know yourself which of your claims you made up and which you only think you know based on hearsay, or don't remember correctly, so I'll leave it up to you to clean your post up, if you want to.

[Viceroy Twisti]

Naturally, we checked Bryan, even though there was no evidence for any wrongdoings on his part. And as your husband had access to your account, your personal security ends there rather suddenly. The only evidence that your password couldn't have been compromised is your promise to me that your husband promised to you that he never took anything - heck, he didn't even say where or how he logged in. I'm not calling you a liar (on that part), but I'm sure you can see how that's not exactly water tight proof that nobody could have gotten ahold of your account.

There has never ever been any sort of hack or exploit that let people get on other people's island (unless you count said people being dumb enough to drag them there). The single issue, and reason for your original theft years back, is Bryan getting ahold of your password hash, and being able to log onto your character. Nobody other than yourself has logged onto your account since, so I'm certain it wasn't that bug (which has been fixed since anyways, of course).

As for calling you a liar: yes, some things you claim as fact in your original post are outright lies. You probably know yourself which of your claims you made up and which you only think you know based on hearsay, or don't remember correctly, so I'll leave it up to you to clean your post up, if you want to.

[Abyss Rose]

Dan seems to have liquidated and came into just over 10 bil, dose he count? ^_^

no really, I have looked in most (can't say every as there are LOTS) hoards in g2, and I have not hit pay dirt yet. I 'have' looked in ALL hoards on f1 and the only thing I have learned is Epik is very bad at organization, and. . . he may need a loan. as he has NO money or 'big ticket' items in any of those hoards. the most valuable thing is ore, and it's in amounts less then 100 per.

As for my quote by Clatra, I still stand by that statement! I however until just recently did NOT have access to that newbworld, Epik controls(ed) both newbworld fencing INTO f1-g2 newbworld so there was no way for me to know.

[Abyss Rose]

Dan seems to have liquidated and came into just over 10 bil, dose he count? ^_^

no really, I have looked in most (can't say every as there are LOTS) hoards in g2, and I have not hit pay dirt yet. I 'have' looked in ALL hoards on f1 and the only thing I have learned is Epik is very bad at organization, and. . . he may need a loan. as he has NO money or 'big ticket' items in any of those hoards. the most valuable thing is ore, and it's in amounts less then 100 per.

As for my quote by Clatra, I still stand by that statement! I however until just recently did NOT have access to that newbworld, Epik controls(ed) both newbworld fencing INTO f1-g2 newbworld so there was no way for me to know.

[clatra]

My truthiness is in ALL CAPS:

Bryan is a sack of shit.
DEBATABLE, I SUPPOSE.

Let me rewind. Back when Dragoon owned TW, Bryan used exploits to get into at least one of my bases (without chopping a single fence) and onto my island. He also stole upwards of 10 billion gold from my island. Dragoon could not figure out how he did "it" so he made a deal with Bryan: he would not ban Bryan if Bryan would tell him exactly how he did "it". According to Dragoon "it" was fixed. Also, Dragoon swore me to secrecy. Oops, my bad.
ALL TRUE, CONFIRMED TO ME BY DRAGOON AND BRYAN.

Fast forward to a few weeks ago. I had upwards of 20 billion worth of stuff stolen from my island. Did Dragoon fix the getting-onto-island exploit or did "it" refer to the getting-past-fences exploit, or are they the same exploit? Who knows cuz Dragoon ain't sayin'. According to one admin, the 20+-billion-gold-exploiter was not Bryan. The admin is confident about this but I am not. One [rebel] said Bryan was MIA. Another said he had stopped playing. According to Bryan the habitual liar he was in the hospital. Yeah right.
SPECIFIC STUFF DISAPPEARED FROM MY ISLAND, STOLEN IS THE BEST EXPLANATION SO FAR.

It is completely possible that Bryan taught someone else exploits (I am looking at you, [rebel]s) which were used to steal stuff from me. In any case, fuck Bryan the admitted liar, the admitted cheater, and the admitted exploiter. I warned everyone, multiple times, he could not be trusted -- those who chose to believe him over me need to have your heads examined. Anyone who gives him the time of day should be flogged.
BRYAN HAS ADMITTED TO LYING, CHEATING, AND EXPLOITING. I WARNED PEOPLE MULTIPLE TIMES ABOUT HIM.

Oh yeah, in addition to messing with me, Bryan admitted to hacking to find several players' hashes, which is essentially like having passwords, and used them to access their characters. Bryan blamed Dragoon for making it easy to find the hashes. An easy hack is still a hack, genius.
BRYAN ADMITTED TO THIS IN IRC IN FRONT OF MULTIPLE WITNESSES, INCLUDING TWISTI WITH WHOM I HAD A DISCUSSION ABOUT THE VERY ISSUE.

Now a story: many moons ago I raided and evicted Bryan from a couple continents. He begged me -- literally begged me -- to stop and said he would do anything to get me to stop. Another of his lies. Although he agreed to pay the billions of gold back to me, I have yet to see any of it while he continued to fund edicts and other shit. He fails so miserably at TW that he has to lie and resort to breaking rules, maybe even laws, to get back at me.
ALL TRUE.

Join me in shunning him. In raiding him. In making him so unwelcome in TW that he begs us all in the forums to be his friend again. Then we can all laugh at the asshat.

As for the admins, they are doing everything in their power to bring the culprit(s) to justice. Whichever player(s) had any part in stealing from me or getting my stolen goods, I will raid those players into oblivion. Unless, of course, they tell an admin IMMEDIATELY what information they have regarding theft from my island. Items stolen include billions of gold in trade notes, dried poo, EBP, 3 grades of sliver, imp yarn, and imp cloth.
AGAIN, STOLEN IS THE BEST EXPLANATION.

Did I mention Bryan is a borderline pedophile and sociopath? Ah, but those accusations are for another day.

So, Twisti, on two occasions I asserted that items were stolen. You have proposed a trojan (highly unlikely) or someone like my family had access to my account (while this is true, I assure you that no one in my family stole from me -- I have given mostphair tens of billions worth of stuff and would do it again in a heartbeat if he asked, and he knows it). So my assertions are more likely than your assertions, yes?

As for Bryan getting my hashes, he did hack to get them, yes? And using the hashes to access accounts (including mine) was against the rules and could be considered an exploit, yes? And Dragoon seeing in his logs that I wiped my statue while the public logs showed that Bryan wiped them indicated that Bryan was CLEARLY using an exploit, yes?

Again, where EXACTLY have I lied?

[clatra]

My truthiness is in ALL CAPS:

Bryan is a sack of shit.
DEBATABLE, I SUPPOSE.

Let me rewind. Back when Dragoon owned TW, Bryan used exploits to get into at least one of my bases (without chopping a single fence) and onto my island. He also stole upwards of 10 billion gold from my island. Dragoon could not figure out how he did "it" so he made a deal with Bryan: he would not ban Bryan if Bryan would tell him exactly how he did "it". According to Dragoon "it" was fixed. Also, Dragoon swore me to secrecy. Oops, my bad.
ALL TRUE, CONFIRMED TO ME BY DRAGOON AND BRYAN.

Fast forward to a few weeks ago. I had upwards of 20 billion worth of stuff stolen from my island. Did Dragoon fix the getting-onto-island exploit or did "it" refer to the getting-past-fences exploit, or are they the same exploit? Who knows cuz Dragoon ain't sayin'. According to one admin, the 20+-billion-gold-exploiter was not Bryan. The admin is confident about this but I am not. One [rebel] said Bryan was MIA. Another said he had stopped playing. According to Bryan the habitual liar he was in the hospital. Yeah right.
SPECIFIC STUFF DISAPPEARED FROM MY ISLAND, STOLEN IS THE BEST EXPLANATION SO FAR.

It is completely possible that Bryan taught someone else exploits (I am looking at you, [rebel]s) which were used to steal stuff from me. In any case, fuck Bryan the admitted liar, the admitted cheater, and the admitted exploiter. I warned everyone, multiple times, he could not be trusted -- those who chose to believe him over me need to have your heads examined. Anyone who gives him the time of day should be flogged.
BRYAN HAS ADMITTED TO LYING, CHEATING, AND EXPLOITING. I WARNED PEOPLE MULTIPLE TIMES ABOUT HIM.

Oh yeah, in addition to messing with me, Bryan admitted to hacking to find several players' hashes, which is essentially like having passwords, and used them to access their characters. Bryan blamed Dragoon for making it easy to find the hashes. An easy hack is still a hack, genius.
BRYAN ADMITTED TO THIS IN IRC IN FRONT OF MULTIPLE WITNESSES, INCLUDING TWISTI WITH WHOM I HAD A DISCUSSION ABOUT THE VERY ISSUE.

Now a story: many moons ago I raided and evicted Bryan from a couple continents. He begged me -- literally begged me -- to stop and said he would do anything to get me to stop. Another of his lies. Although he agreed to pay the billions of gold back to me, I have yet to see any of it while he continued to fund edicts and other shit. He fails so miserably at TW that he has to lie and resort to breaking rules, maybe even laws, to get back at me.
ALL TRUE.

Join me in shunning him. In raiding him. In making him so unwelcome in TW that he begs us all in the forums to be his friend again. Then we can all laugh at the asshat.

As for the admins, they are doing everything in their power to bring the culprit(s) to justice. Whichever player(s) had any part in stealing from me or getting my stolen goods, I will raid those players into oblivion. Unless, of course, they tell an admin IMMEDIATELY what information they have regarding theft from my island. Items stolen include billions of gold in trade notes, dried poo, EBP, 3 grades of sliver, imp yarn, and imp cloth.
AGAIN, STOLEN IS THE BEST EXPLANATION.

Did I mention Bryan is a borderline pedophile and sociopath? Ah, but those accusations are for another day.

So, Twisti, on two occasions I asserted that items were stolen. You have proposed a trojan (highly unlikely) or someone like my family had access to my account (while this is true, I assure you that no one in my family stole from me -- I have given mostphair tens of billions worth of stuff and would do it again in a heartbeat if he asked, and he knows it). So my assertions are more likely than your assertions, yes?

As for Bryan getting my hashes, he did hack to get them, yes? And using the hashes to access accounts (including mine) was against the rules and could be considered an exploit, yes? And Dragoon seeing in his logs that I wiped my statue while the public logs showed that Bryan wiped them indicated that Bryan was CLEARLY using an exploit, yes?

Again, where EXACTLY have I lied?

[Shinhan]

Also, to say we have access to the passwords isn't really true--the passwords are hashed before they are stored. Hashing is an irreversible process, so we can never retrieve your password from your hash. (Well, there are a few exploits, but they only matter if some gets the hashes and spends a LOT of computing time building rainbow tables. We have no evidence of this happening.)

Salted before hashing right?
If they are hashed without salt, then somebody could use precomputed rainbow tables.
With salt attacker would need to know the salt (which is found only in server side code, so hacking the client is not enough) in order to computer the rainbow tables.

[Shinhan]

Also, to say we have access to the passwords isn't really true--the passwords are hashed before they are stored. Hashing is an irreversible process, so we can never retrieve your password from your hash. (Well, there are a few exploits, but they only matter if some gets the hashes and spends a LOT of computing time building rainbow tables. We have no evidence of this happening.)

Salted before hashing right?
If they are hashed without salt, then somebody could use precomputed rainbow tables.
With salt attacker would need to know the salt (which is found only in server side code, so hacking the client is not enough) in order to computer the rainbow tables.

[Viceroy Twisti]

My truthiness is in ALL CAPS:
So, Twisti, on two occasions I asserted that items were stolen. You have proposed a trojan (highly unlikely) or someone like my family had access to my account (while this is true, I assure you that no one in my family stole from me -- I have given mostphair tens of billions worth of stuff and would do it again in a heartbeat if he asked, and he knows it). So my assertions are more likely than your assertions, yes?

As for Bryan getting my hashes, he did hack to get them, yes? And using the hashes to access accounts (including mine) was against the rules and could be considered an exploit, yes? And Dragoon seeing in his logs that I wiped my statue while the public logs showed that Bryan wiped them indicated that Bryan was CLEARLY using an exploit, yes?

Again, where EXACTLY have I lied?

I never said your husband stole from you, but it's entirely possible that he logged onto your account from an unsafe computer, or downloaded a Trojan, or let someone else use his computer with your login saved in the TW.ini.

What is more likely:

- That a password that it shared amongst multiple people with questionable computer skills got stolen and used to steal from that specific person, or

- That the entire Toadwater server, to which only two people with considerable computer knowledge have the password, got compromised and then this complete access to every game detail, including PayPal data, was abused solely to steal some items from you ? Mind you, with access like that, someone could just generate items out of nowhere, or introduce subtle code changes to make you have lower odds at finding rare items, higher odds of getting captchas, etc ?

As for some of your statements: no, Bryan did not hack to get the hashes. No, using someone elses login is not an exploit (although it is, of course, a ban reason, if done without permission). And Dragoon has never claimed such log inconsistencies before, although it's possible he just forgot to tell me about it.

And yes, of course our password hashes are salted.

[Viceroy Twisti]

My truthiness is in ALL CAPS:
So, Twisti, on two occasions I asserted that items were stolen. You have proposed a trojan (highly unlikely) or someone like my family had access to my account (while this is true, I assure you that no one in my family stole from me -- I have given mostphair tens of billions worth of stuff and would do it again in a heartbeat if he asked, and he knows it). So my assertions are more likely than your assertions, yes?

As for Bryan getting my hashes, he did hack to get them, yes? And using the hashes to access accounts (including mine) was against the rules and could be considered an exploit, yes? And Dragoon seeing in his logs that I wiped my statue while the public logs showed that Bryan wiped them indicated that Bryan was CLEARLY using an exploit, yes?

Again, where EXACTLY have I lied?

I never said your husband stole from you, but it's entirely possible that he logged onto your account from an unsafe computer, or downloaded a Trojan, or let someone else use his computer with your login saved in the TW.ini.

What is more likely:

- That a password that it shared amongst multiple people with questionable computer skills got stolen and used to steal from that specific person, or

- That the entire Toadwater server, to which only two people with considerable computer knowledge have the password, got compromised and then this complete access to every game detail, including PayPal data, was abused solely to steal some items from you ? Mind you, with access like that, someone could just generate items out of nowhere, or introduce subtle code changes to make you have lower odds at finding rare items, higher odds of getting captchas, etc ?

As for some of your statements: no, Bryan did not hack to get the hashes. No, using someone elses login is not an exploit (although it is, of course, a ban reason, if done without permission). And Dragoon has never claimed such log inconsistencies before, although it's possible he just forgot to tell me about it.

And yes, of course our password hashes are salted.

[clatra]

What is more likely:

- That a password ... got stolen ... or

- That the entire Toadwater server ... got compromised ...

Are those the ONLY two alternatives? SQL insertion attack was out of the question? XSS? XSRF? I have no clue what any of these are but my point is, Twisti, you frequently jump to conclusions and then set up false dichotomies. This means you present two alternatives when there are, in fact, many.

For the sake of argument say I typed in my password to mostphair's computer and there was a trojan on it. The trojan steals my password, then what? How, exactly, would my password land in the lap of somebody who knew the value of TW items? The probability of a TW player getting a trojan on mostphair's computer is remote.

As for some of your statements: no, Bryan did not hack to get the hashes. No, using someone elses login is not an exploit (although it is, of course, a ban reason, if done without permission).

Now we are just quibbling over semantics and does not mean I lied. Bryan found an unprotected (i.e. not protected by password) folder. If it was not "hacking" then what was it? Browsing? I am totally serious here -- educate me on what the proper computerese is because I do not mean to accuse somebody of hacking if they did not, in fact, hack.

Is using a password, obtained against the rules, an exploit? If not, what is it?

Is using a hash, obtained against the rules, an exploit? If not, what is it?

Bear in mind that the term exploit means different things depending on if you are using it in a gaming context or a computer security context.

I mean Dragoon used the terms hack and exploit, but maybe he was using the terms incorrectly. BTW Dragoon only told me about what happened once I started questioning him about missing items and statues getting wiped -- outside of Bryan no one (including Matt Siegman, I think) knew anything. I encourage you to seek Dragoon out, tell him that this shit happened to me again, and to give you all the details of what happened previously. I know he may be hard to reach but this seems important enough to try.

[clatra]

What is more likely:

- That a password ... got stolen ... or

- That the entire Toadwater server ... got compromised ...

Are those the ONLY two alternatives? SQL insertion attack was out of the question? XSS? XSRF? I have no clue what any of these are but my point is, Twisti, you frequently jump to conclusions and then set up false dichotomies. This means you present two alternatives when there are, in fact, many.

For the sake of argument say I typed in my password to mostphair's computer and there was a trojan on it. The trojan steals my password, then what? How, exactly, would my password land in the lap of somebody who knew the value of TW items? The probability of a TW player getting a trojan on mostphair's computer is remote.

As for some of your statements: no, Bryan did not hack to get the hashes. No, using someone elses login is not an exploit (although it is, of course, a ban reason, if done without permission).

Now we are just quibbling over semantics and does not mean I lied. Bryan found an unprotected (i.e. not protected by password) folder. If it was not "hacking" then what was it? Browsing? I am totally serious here -- educate me on what the proper computerese is because I do not mean to accuse somebody of hacking if they did not, in fact, hack.

Is using a password, obtained against the rules, an exploit? If not, what is it?

Is using a hash, obtained against the rules, an exploit? If not, what is it?

Bear in mind that the term exploit means different things depending on if you are using it in a gaming context or a computer security context.

I mean Dragoon used the terms hack and exploit, but maybe he was using the terms incorrectly. BTW Dragoon only told me about what happened once I started questioning him about missing items and statues getting wiped -- outside of Bryan no one (including Matt Siegman, I think) knew anything. I encourage you to seek Dragoon out, tell him that this shit happened to me again, and to give you all the details of what happened previously. I know he may be hard to reach but this seems important enough to try.

[Matt Siegman]

There is always a possibility of injection/XSS attacks, especially with PHP and its lack of proper database support. (Really, no placeholders? Wtf PHP?) The odds of those are very low and not really worth mentioning.

Technically, he was snooping if he just 'found' something--which I did tell him to stop.

I never knew about any of this stuff, and if I had I probably would have started rewriting a lot of code.

Oh, and yes they are salted; however, salts aren't the be all end all of security. There are ways around that, they just require even more computing power. It also doesn't help that we use an open source function for password generation. (SMF's) This means that any sort of salting we do can be figured out and overcome with a big enough computer.

[Matt Siegman]

There is always a possibility of injection/XSS attacks, especially with PHP and its lack of proper database support. (Really, no placeholders? Wtf PHP?) The odds of those are very low and not really worth mentioning.

Technically, he was snooping if he just 'found' something--which I did tell him to stop.

I never knew about any of this stuff, and if I had I probably would have started rewriting a lot of code.

Oh, and yes they are salted; however, salts aren't the be all end all of security. There are ways around that, they just require even more computing power. It also doesn't help that we use an open source function for password generation. (SMF's) This means that any sort of salting we do can be figured out and overcome with a big enough computer.