Please be aware that Private Topics are not to be used to contact a moderator for technical support or game hints. We do not have time to respond to these requests, nor are we in the business of running priority support (unless you want to pay us...). If you have a technical issue or are stuck in one of the games, please post it in the appropriate game forum. The Hangout is not for tech support or hint requests. Private Topics relating to technical issues, hint requests, or asking us to look at a thread related to these for the purposes of solving your problem will be ignored.

Thank you.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant

Please be aware that Private Topics are not to be used to contact a moderator for technical support or game hints. We do not have time to respond to these requests, nor are we in the business of running priority support (unless you want to pay us...). If you have a technical issue or are stuck in one of the games, please post it in the appropriate game forum. The Hangout is not for tech support or hint requests. Private Topics relating to technical issues, hint requests, or asking us to look at a thread related to these for the purposes of solving your problem will be ignored.

Thank you.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant

Besides, this mod is a technical klutz and is likely to do more harm than good.

__________________________________________________ _________
Stop laughing, this is serious.

How do you delete a privat topic? I read somewhere about it but I am not sure where. And as this is the Private topic thread I thought this would be a good spot to ask http://ubbxforums.ubi.com/images/smiley/16x16_smiley-tongue.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To the world you may be but one person but to one you may be the world.

I am going to keep some smilies here http://forums.ubi.com/i/smilies/16x16_smiley-indifferent.gif http://img.villagephotos.com/p/2004-1/601004/16x16_smiley-wink.gif http://img.villagephotos.com/p/2004-1/601004/16x16_smiley-tongue.gif http://img.villagephotos.com/p/2004-1/601004/16x16_smiley-happy.gif http://img.villagephotos.com/p/2004-1/601004/16x16_smiley-sad.gif

Open the private topic and go to the Tools pulldown. There should be a delete option there.

__________________________________________________ _________
Stop laughing, this is serious.

You should also be aware that private topics aren't private at all. I made a test one and didn't send it to anyone and yet in a few hours it had five hits from people reading it.
I have been doing some investigating over the past couple of days and it seems that there are a couple of mods who are grossly abusing their privaliges as well as abusing the people who use the boards. The MM incindent was just the tip of the iceburg of the rotteness that has pervaded these boards. Some people have had their computers hacked into and again it looks like a mod is behind it. The hacking has got MSN involved and MSN has got the FBI involved. Soon as I get all my info straightened out I'm turning it over to the FBI. DO NOT TRUST UBI or ANY OF THE URU MODS.

DO NOT ASK ME ANY QUESTIONS FURTHER FOR I WILL NOT ANSWER. THE ONLY REASON I'M TELLING YOU NOW IS BECAUSE YOU'RE MY FRIENDS AND I WANT YOU TO PROTECT YOURSELVES. i WILL SAY NO MORE ABOUT ON HERE.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

I just noticed something in a PT Joyous left me and I had replied to. There are 5 replies, Joyous, me, and so on to my last reply. But there are 16 Viewings. My last reply puts the total of replies to 6, so whose the person with the other 10? What IS going on here anyway? Something that shouldn't?

************************************************** **
Remember the important things.....as you turn on your computer. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

Homer, someone here has shared this with me: they've been involved in a PT converesation with someone, and like you about six messages have been sent back and forth. The number of views though is over 30 and still climbing.
Also, people who use Netscape can use a programming glitch to log into these boards as anyone, even if that person is already logged on. This also gives them access to your personal information. Ubi is aware of this but apparently feels that it isn't important for us to know that our personal info is not secure.

Those who know me know I joke around a lot about conspiracies, but all of this is no joke. The more I speak up about this the more people come to me and tell me their stories about what goes on these boards. I think we all owe MM for being a martyr. All of this stuff is coming to light because of the unproven accusations made against her.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

I have also noticed the large amounts of views on PERSONAL topics. George Orwell comes to mind.

Just FYI The big-wigs have been contacted regarding these issues and are currently looking into it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To the world you may be but one person but to one you may be the world.http://nzwwa.com/mirror/clipart/graphics/animated/icons/aniheart.gif

That's good to hear sky, because the count of the views on the PT I mentioned has gone up to 18, and it wasn't because I opened the thread.

************************************************** **
Remember the important things.....as you turn on your computer. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

From my point of view that's kinda like having the fox look into why the chickens are disappearing. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-happy.gif

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

http://www.dpwr.net/forums/html/emoticons/bored.gif

I really appreciate the way you guys have made out to utterly DEMONIZE the Uru mods. I don't even feel welcome here anymore.

Please also be advised that I have stated at least twice in the PT sending instructions that administrators are able to read the private topic "forum" to monitor for abuse of the system.

And just for you conspiracy theorists out there, I checked the security permissions for the PT forum, and the Uru moderator group is NOT capable of managing content on the PT forum, which means that they are NOT capable of reading someone else's PTs.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant
Please note: I do not respond to Private Topics dealing with technical support or hint requests for the Myst series

[This message was edited by Alahmnat on Sat February 28 2004 at 04:29 PM.]

Well , I personally don't consider myself aconspiracy Theorists , however , I have never trusted the PT thingies , Told a Uru Mod as much quite some time away .

Now Al , I have sent you a PT , checked it a couple of times , and it had been viewed 13 times when I finually deleted it . It only had the one post , you never answered it , nor was there any meed for you to . However , I don't think that it was that much of a pat on the back that you read it 10 times ??? Did you ? http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif And as it only had the one post , it seems strange to me that an adminisator would read it 10 times . So perhaps there is a security breach there some where ??

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://mysmilies.ipbfree.com/s/cwm/new3d/heresyoursign.gif
``````````````````````````````
I would rather soar with the eagles then bicker with harpies
``````````````````````````````
" And you will remember what it is to know the warmth of an animal's heart."
from an old tale told by an old people

I mentioned this to Jaunt on Friday. I've seen posts over at uru that purport to quote from PT conversations that the poster has not been privy too (as they were moderator PT discussions basically ****ging the person off and how the Mods could "put him in his place").

Jaunt said I should report it but as I saw these things in locked threads I saw no point. Firstly, like kreeden I've never trusted PT anyway, and secondly, as this was in a locked thread and accused the mods themselves, I reckon the mods obviously already knew about it.

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

Al, it's understandable abuse needs to be monitored, if suspected, and I see no problem with that. And I have yet to see anyone pointing fingers as to who may be doing what.

But when view counts are greater than the post counts, and that post hasn't been replied to for several days, something doesn't seem right. Why monitor a PT if it is several days old and hasn't been replied to by either party? If it's monitored after the last post, and that post doesn't change or is replied to, does that last post change?

I believe what we are saying is that something other than normal monitoring of PTs is going on here. That's all. Nothing more.

************************************************** **
Remember the important things.....as you turn on your computer. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

Greetings, pardon my footprints as I wander through. http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

Yes, the moderators are aware of the post count increasing in what does not appear to be a logical way. Often times it seems to increase exponentially.

First, to my knowledge no Uru moderator on these forums is capable of viewing anyones Private Topics. In fact our access to your private information is limited to no more information than what any normal user can view of another users. And our super powers *flies around with cape* extend no further than the Uru forums themselves. As far as I know we have only a few basic abilities. 1) Check the warnings log. 2) Edit posts. 3) Delete posts. 4) Close/Lock Threads. 5) Re-open threads. 6) Copy threads. 7) Move threads. 8) Copy replies between threads. and 9) Move replies between threads.

We can't even really merge threads without first copying all the replies in one thread into another, then deleting the original thread. But we can't even copy or move the original thread starting post into another existing thread. Talk about frustrating.

Moving along to the view count mechanism. From what I can tell all views/etc are retallied every 5 to 10 minutes across the boards, this includes most recent replies and reply counts. This makes some amount of sense since it reduces constant resource ussage and replaces it with a periodic short burst.

From what I can tell the view count on a thread is incremented by one every time the page is loaded. Some browsers behave badly with the javascript on these forums and other browsers just behave badly in general. One thing that some browsers do is literally load the same page 2 or 3 times simutaneously in order to speed up the download time -- this works sometimes. Usually the intention is that one thread skips several images and your system opens up more than one simutaneous download of images at the cost of loading the text more than once. Thus, those browsers will increment the view count by however many threads they open up to the whole page.

On the other hand there are people more like me. I actually read a thread two or three times before responding to it. Often when I receive a PT I will look at it, wander off, come back, read it again, wander off, and so on. Slowly pushing up the view count. I've had several people ask me just how many people had viewed the thread that was private between me and them -- just me, I just happen to look at it again a lot.

Then there are people who have problems loading a thread. Sometimes it will come up and just not render correctly or the pages javascript will mess up there browser. Or the reply buttons and such won't work because the javascript on these forums bloody SUCKS! So you hit refresh a dozen times until it finally works. Incrementing the view count by one each time.

Finally, there is the fact that when you look at a thread -- each time you look at it, the view count increments by one. I've verified this one quite a few times.

Here's an example count scenario that would be what a normal PT would receive: Persons are known as X and Y.

X sends PT to Y, system displays to X their post, view increments from 0 to 1.

Y views X's PT, view increments to 2.

Y responds to X, view increments to 3 as posting is displayed to Y.

X views Y's response, view increments to 4.

X responds, view increments to 5 -- same reason as Y above.

Lets say they keep flipping back and forth, so for each persons post the view is increased by two. At this point X and Y are at three posts and 5 views. Y responds makes 7 views. X responds makes 9 views. That's five to 9. You can see the trend here, view count is 2n+1. So after 30 posts there would be 61 views minimum.

Now, lets take in human nature and assume Y makes a lot of typo's and likes to edit what he posted. Each edit increments the view by one more. Lets say for every 5 postings of Y there is one edit by Y. That makes it 2.1n+1 (2.2 would be just counting Y's responses. X doesn't edit, making it 2.1, half as much).

Ok, now X likes to reread what has been said on the previous page or goes away and comes back and refreshes on average twice for each posting. That makes X's view count go up 3n+1 for every posting. Bringing our count average to 2.55n+1.

If we throw in that Y's browser opens three connection threads on each viewing of a thread we get 5.2n+1 for each of Y's postings. Or averaged 3.875n+1. For simplicity of math lets say it's 4n+1. That means after 4 postings there would be 17 views.

Now there's a ton of other reasons that the thread may get viewed more than once. I know I sometimes bookmark a thread I want to double check and just click on it not knowing if a response has came yet. Or if the last time someone responded was pretty quick after my initial posting I'll sometimes leave the window open and hit refresh every few minutes - since the forums don't update the count or EMail me until 5 minutes to 30 minutes after the posting actually happened.

Finally, I went ahead and started three PT's with myself. One I designated that I would NEVER view it -- I even stopped it before it loaded the thread after I created it. The second I did some occasional posting in to make sure the above formula was correct. The third I went ballistic in and hit refresh a lot and loaded it repeatedly. Respectively view counts are 0, 5, and 164.

It comes down to that not all people are as logical in their thread viewing as you may wish them to be -- and the counting mechanism is just an ugly hack that really doesn't keep an accurate record of how many times a person has viewed it specifically -- but rather how many times they have opened the page. That's why it's views not reads, I suppose.


----------------


Infopop hosts these forums, this is their software. They host and sell to large companies this forum software. If it's insecure that's a big issue to them. But anything can be insecure. Ubi has to contact Infopop and hope that Infopop will someday get around to taking care of it. That does not guarantee anything will ever happen because well Infopop is yet another company to go through.

I do know that if someone else logs into the forums as you, your previous session is disconnected -- at the very least you'll get some weird errors as you go around the forums. I know this from using two computers at once in the same room and using them at different times logging in with one or the other not always the same.. Ahk, makes for a mess sometimes.

I'm unsure of all the following, so take it with a ground of pepper.

To my knowledge there is no netscape exploit -- then again I haven't really looked into it. I mean someone could always steal your cookies, oh well.

As for someone hacking you. They'd have to get your IP address. Possible via IM and frankly IM is a very insecure tool. I seriously doubt it's any of the moderators and if it is I encourage you to present your proof to Ron ronm@ubisoft.com or Roac (via PT). They will take all necessary actions immediately if that is the case. As it is, moderators are not able to obtain your IP address via these forums.


Hope that answers one question or another,

Maztec

PS: Yah, I do read these forums. You guys give me a good chuckle from time to time. I just don't post much because I don't feel at home here. http://ubbxforums.ubi.com/infopop/emoticons/icon_frown.gif

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

I think it's most likely that whoever is getting to people's personal info is doing it secretly -- not with any of the powers bestowed upon them by Ubi. So whether it's a user, a mod, an administrator or whoever, they can accomplish damage without Ubi's permission.

As for the hackings, it's out of anyone's hands here. When someone's computer gets hacked into, standard procedure is to report it to their ISP, who (I believe) involve the FBI, so I don't see any point in reporting it to anyone at Ubi. It seems the best thing to do for now is to not trust anyone http://ubbxforums.ubi.com/images/smiley/16x16_smiley-sad.gif and keep our computers as secure as possible. It's more than a little disconcerting that registering for an online community can put people's personal information at such risk. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-sad.gif

_____________________
In a place where there are no men, it is your duty to be a man.

[This message was edited by PrincessXenobia on Sat February 28 2004 at 11:18 PM.]

For what it's worth (which isn't much) the FBI despite having a fairly large budget really does have limited resources for all of what they do. This means that they will almost never get involved with a small case. They leave that to local authorities. In fact, ISP's and individuals almost always have to report "hack attempts" to their local or state police before the FBI will think of getting involved. Generally the FBI does not get involved until at least $5,000 USD in damage has been done. Additionally the FBI is completely powerless if either you or the doer live outside of the United States of America -- although Canada and Mexico are somewhat under its influence but not nearly as strong.

I suggest if someone is getting your personal information via these forums and using it to "hack" you that you let the administrators know so they can remove that individual from the forums. By doing so they perform a civic duty and remove the potential threat from harming anyone else in the forums.

One thing you must keep in mind is that at any point in time there are hundreds if not hundreds of thousands of viruses, worms, and trojans actively taking their time wandering around the internet. You can receive these from any number of sources. Internet Messengers, Web Pages, ActiveX, Java, EMail, Direct File Transfers, and just being connected to the internet at all are some examples of where these attacks can come from.

Receiving attacks at any point in time do not necessarily imply they are caused by any particular service you are involved with. In fact, odds are it is someone completely unrelated to anyone or anything you know.

There are several steps you can take if you are receiving "hack" attempts of any type and believe them to be criminally malicious and/or intentionally directed at you:
1) Collect all of the information you can on these attacks. Who do you think they are from, IP address they are originating from to the best of your knowledge, when they are occurring, packet content, what type of attacks they are, how they were directed to you.
2) Send a complete report to your ISP. abuse@yourisp is a very common address that usually works for this.
3) Send a complete report to the ISP of the offending party. Keep in mind that many offending parties will most likely be using a redirect, proxy, or spoof of some form, which makes it quite likely that who you think you are getting it from is not really where it is from at all. It takes some serious investigation and knowledge in this area to really figure out where it is coming from. But go ahead and send a complete report to the ISP you think it is coming from.
4) Call your local authorities (police) and let them know, provide them with a report. Get a phone number you can call and potetially set up monitoring services so you can report at any time if anything is going on so they can look into it. They will get the FBI involved or whatever other three-letter agency they need to as appropriate.
5) If your country has a specific form of law enforcement for computerized attacks, contact them.
6) If fiscal damage has been done you can file a small claims lawsuit against an unknown second party and potentially get a judge to subpoena the records from all involved internet servers and potentially track the culprit down that way.


Keep in mind that if it is a false alarm you can be fined for the time that any law enforcement officials spent on the case. So be sure you know what is going on and have the facts straight before contacting them.

Finally, remember being on the Internet is a risk. Having broadband and always being connected is an even greater risk. You literally can't trust anyone, not even your own mother. Why? Because she might just have received the latest email/trojan and will accidently send it on to you.

So, protect yourself. Make sure you have all the latest virus updates for your antivirus software and all of the latest firewall updates for whatever you're using as a firewall. Hardware firewalls are recommended over software firewalls and provide a physical layer between you and them.

And in the end protection comes down to one thing and one thing only. Common sense. Be sure you understand what you're doing when you click on a link, check an anonymous email, or open that cool program your friend just sent you. Everything can be dangerous. But remember, it can also be a lot of fun.


Maztec -- I haven't had a virus, trojan, spyware, worm, or otherwise since 1995 when I trusted someone who lent me a copy of pkzip which unhappily had a virus they had written imbedded in it.

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

Having seen what happens to anyone who reports hack attacks to Ubisoft, I wouldn't recommend it.

For anyone interested in the FBI reaction to "hack attacks" you can read this article on the GRC.COM attacks: http://grc.com/dos/grcdos.htm

Additionally, straight from the FBI Press Room (http://www.fbi.gov/congress/congress00/gonza042100.htm):
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>One persistent problem is the need under current law to demonstrate at least $5,000 in damage for certain hacking offenses enumerated by 18 U.S.C. â§1030(a)(5). In some of the cases investigated by the FBI, damages in excess of $5,000 on a particular system are difficult to prove. In other cases, the risk of harm to individuals or to the public safety posed by breaking into numerous systems and obtaining root access, with the ability to destroy the confidentiality or accuracy of crucial -- perhaps lifesaving information -- is very real and very serious even if provable monetary damages never approach the $5,000 mark. In investigations involving the dissemination or importation of a virus or other malicious code, the $5,000 threshold could potentially delay or hinder early intervention by Federal law enforcement.<HR></BLOCKQUOTE>


Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

[This message was edited by maztec on Sun February 29 2004 at 01:27 AM.]

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Infopop hosts these forums, this is their software. They host and sell to large companies this forum software. If it's insecure that's a big issue to them. But anything can be insecure. Ubi has to contact Infopop and hope that Infopop will someday get around to taking care of it. That does not guarantee anything will ever happen because well Infopop is yet another company to go through.

I do know that if someone else logs into the forums as you, your previous session is disconnected -- at the very least you'll get some weird errors as you go around the forums. I know this from using two computers at once in the same room and using them at different times logging in with one or the other not always the same.. Ahk, makes for a mess sometimes.

I'm unsure of all the following, so take it with a ground of pepper.

To my knowledge there is no netscape exploit -- then again I haven't really looked into it. I mean someone could always steal your cookies, oh well.

As for someone hacking you. They'd have to get your IP address. Possible via IM and frankly IM is a very insecure tool. I seriously doubt it's any of the moderators and if it is I encourage you to present your proof to Ron ronm@ubisoft.com or Roac (via PT). They will take all necessary actions immediately if that is the case. As it is, moderators are not able to obtain your IP address via these forums.
<HR></BLOCKQUOTE>
I'll take the last point first. This is an outright lie. Of course the moderators can see the IPs of the members of their forums. I sure as heck could, IF I LOOKED IN THE RIGHT PLACE. I'm sure Maz is now going to tell us he meant he can't see IPs of members on THIS forum. But that is NOT what he said.
Infopop supplies this forum software for big companies. Of course they include methods for Big Brother to watch the employees. Same applies to the Private Topics here. It would just be nice to know which level of Big Brother is watching.
I don't use Netscape, and don't even pretend to understand Java, but I have been shown purported evidence of a problem with the security of Java used here when certain pages are viewed with Netscape, which meant the log in security could be bypassed, regardless of whether the member being impersonated was logged in or not.
I have no idea if this is still possible, but I did pass the info I was given up the line. I never heard a thing about it again from above.

As to the link about the FBI, it read to me like the victim was happy with their involvement, and it was a simple denial of service - not full identity theft.
I would still advise contacting the FBI - you may only have a nuisance value problem, but if enough have the problem, it will have a cumulative effect and add weight to any FBI investigations.
Good luck.

If it is a lie, then it is not intentionally a lie, and I do not appreciate your calling me a liar. I at the very least do not remember seeing peoples IP's anywhere on these forums. Doesn't mean it's not possible, I suppose if I went through every menu around I may be able to find them. If I can see the IPs on members of the Uru forums, I can most likely see the IPs of the members here. Why? Because all members are under the same title. Hmm, may be attached to the postings, haven't paid enough attention. Anyway, as you can tell from my disclaimer at the bottom of my posts it is possible for me to be wrong.

mystmum, when you were a moderator where you able to view peoples private topics? I know I can't, I assume other moderators can't, but I do know administrators can. In fact, Alahmnat stated that earlier in this thread.

Netscape really doesn't exist as a browser anymore anyway, the project is mostly dead. Mozilla is really what you mean. Also, to nitpick a bit more, it's not Java on these forums it's Javascript, there's a huge difference. If the javascript is exploitable in mozilla then it is exploitable in IE. But logging in actually requires you to log in. At the most you might be able to attempt to spoof an user ID by using a local version of the javascript. Even in that case the system should be checking that you are who you say you are periodically and without the appropriate cookies most secure systems will boot you. If you haven't noticed we actually log in via Ubi's site, not the infopop forums.

Full identity theft includes direct financial damages, that means someone actually assumes your identity and makes use of it to liberate you or someone else in your name of funds.

At this point all I can say is I'll bow out of this conversation and note just how paranoid people can be.


Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by maztec:
PS: Yah, I do read these forums. You guys give me a good chuckle from time to time. I just don't post much because I don't feel at home here. http://ubbxforums.ubi.com/infopop/emoticons/icon_frown.gif
<HR></BLOCKQUOTE>

ooh

1) oh, a lurker
2) oh i see, a PATRONISING lurker
3) given 1 and 2 I wonder why

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

Maztec:
1. If you have the same access as members, how is it they don't have access to the admin panels where you can see the IPs of members beside their posts?
2. No, I couldn't read Private topics. That's why I'd like to know who can, who IS and why they'd want to.
3. At to Netscape/Mozilla and Java/Javascript I already said I haven't a clue what that was about, I just passed on what I was given.
4. I have noticed we log in through the Ubi site. That is where the problem lies, and has lain for some considerable time.
5. I know what identity theft is. It has occurred with at least one (former) member of these forums. That is why I pointed it out. The link you provided pertained to a case of a hacker and an internet site. A somewhat different scenario.
6. Strange how whenever anyone mentions problems with the internet they are immediately reminded it is not a safe place, and then branded paranoid. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-indifferent.gif

And a final, personal question: How much are they paying you to be the first and most vehement defender of the Ubi faith?

KismetKat http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif Something wrong with lurking? Guess there's something wrong with me thinkin' you bunch can be a hoot and a hollar at times. I suppose I could speak up more. BTW, I would appreciate it if you point out how I am being condescending via PT -- as I am blissfully unaware of doing that. If I am, it is completely unintentional.

mystmum, hmm, you're right ok I see where you're referring to now. Hadn't noticed those. Anyway, then it's limited to only to the fourms you can moderate.

As I said and Alahmnat said only Admins can read Private Topics -- unless there are moderators in other forums outside of the Myst/Uru forums who can. Who IS? I personally doubt anyone is. I gave a fairly solid explanation as to why post counts can be so high.

Between my last post and here I gave a fairly thorough look through the javascript and sessioning between the Ubi.com site and here. As far as I can tell, sure, you could hijack someones account. If you had their password or their password hash. To get those you have to get to their system or between them and Ubi, so it's not entirely out of the question but I don't see how it's any more likely than most other sites that authenticate the same way.

Identity theft sucks, I believe we can all agree on that. And I was referring to the link and quote in the second half of that there post. Yes, I did add it a few minutes later. I realized that the take on the initial link wouldn't be positive so I took the time to pull up an fbi.gov link on it. I suppose I should have provided 18 U.S.C. S1030(a)(5) (http://www4.law.cornell.edu/uscode/18/1030.html) while I was at it. Of particular importance from that is:
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>(i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused) -
(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value;
(ii) the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of 1 or more individuals;
(iii) physical injury to any person;
(iv) a threat to public health or safety; or
(v) damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defense, or national security;
<HR></BLOCKQUOTE>


So much for my bowing out, hah. I'm horrible at that ain' I http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

But yah, the internet isn't a safe place. Then again it can be made safe. Paranoid? Sure a little paranoia is good. But there's a difference between general paranoia and fear of conspiracy, and paranoia that borders on libel or slander (for lack of being able to decide if written text in place of oral communication that is not exactly published would be libel or would it be slander...)


Vehement defender of Ubi? Wow, I've worked up one heck of a reputation http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif $0.00 is the answer to your question, albeit for the horrible amount of time I've spent here I should bill them! And to answer any other followups to that, no I haven't received any gimgaws geegees or whatever you want to call them.

BTW, I do believe I've lambasted Ubi quite a few times for being incompetent on these forums. Most of the time I'm not so much defending them as pointing out missing details or items from an argument.

Why do I bother posting? Gooood question. I think I'm just a glutton for punishment. I get nothing fiscal from it and often I find myself being whipped by a proverbial cane.

I suppose I'm just naive -- mind you I won't be purchasing another Ubi published title any time soon. Burnt me once (product late in mailing) shame on you. Burnt me twice (agreed to kill Live) shame on me. Burnt me thrice (Gigex), I must like the taste of my toes.

And remember, BMFE! http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif


Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

YOu wanna watch those anti Ubi sentiments, Maz. They might decide you're being "disloyal".

Something wrong with l urking? Well ya godda admit it's kinda creepy. But never mind Maz, as you seem a bit shy I gave you your own thread that you can respond to. Consider it an invitation http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

As for some of the other things you have said - well I am not a techo. But i DO wonder what BMFE stands for - the only thing that springs to mind is NOT "g" rated. But perhaps I have a dirty mind http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

Ok , just another point of view ...

First of , my would I report anything to the FBI ? Around here FBI stands for F****** Big Indian . ???? http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

On a more serious note , with my experience with spyware , I doult that anything posted anywhere on the net is anywhere close to being sercure . And I doubt if any hacker worth his salt would have to personally log in or manually roam around of site for info . However , I admit that I am talking about something that I have no real experience with . { don't even know the diffence betweem Java , Javascript ot Dark Roasted }

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://mysmilies.ipbfree.com/s/cwm/new3d/heresyoursign.gif
``````````````````````````````
I would rather soar with the eagles then bicker with harpies
``````````````````````````````
" And you will remember what it is to know the warmth of an animal's heart."
from an old tale told by an old people

First off, Al, as far as I know, no one here is mad or upset with you. Sorry if I've/we've made you feel bad.

Now, this is good. We got us a dialogue going where these problems are being openly discussed. This was my intention when I went public about it a few posts back. I love it when a plan comes together. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-happy.gif
But, there is one problem. And it's a big one. It's only maztec that is offering possible solutions. Why is that a problem? Well, it seems that everyone that talks to me about the problems they've been having on these boards lately always has to bring up maztec. It seems that everyone has some issue or complaint with maztec. Myself, personally, I haven't had any run ins with maztec and I don't go to the URU board much. So I really have no grounds to do a formal complaint. The ones that are complaining to me about maztec are hesitant to put in a formal complaint because of all the stuff going on recently no one knows who they can trust.

So maztec, appreciate the effort. But you should know that when your above posts are being read, the readers have in mind my above post about having the fox explain why the chickens are disappearing.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>mystmum: YOu wanna watch those anti Ubi sentiments, Maz. They might decide you're being "disloyal".<HR></BLOCKQUOTE>

They can call me disloyal all they want. They strip my moderation rights it's their loss -- and a lot more free time for me! http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif


<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by KismetKat:
Something wrong with l urking? Well ya godda admit it's kinda creepy. But never mind Maz, as you seem a bit shy I gave you your own thread that you can respond to. Consider it an invitation http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

As for some of the other things you have said - well I am not a techo. But i DO wonder what BMFE stands for - the only thing that springs to mind is NOT "g" rated. But perhaps I have a dirty mind http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"<HR></BLOCKQUOTE>

Hah http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif Ok first apologies for responding to more than one thing in here in a row. Slightly spammish, but I just got back to the boards since my last posting. Thanks for the invite -- I took you up on it http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif I think that looks like a party thread!

Oh, BMFE is actually from the Uru forums ... been explained there a few times. Stands for "Blame Maztec For Everything".

*creeps about*
---------------------------------

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>kreeden:
First of , my would I report anything to the FBI ? Around here FBI stands for F****** Big Indian . ????

On a more serious note , with my experience with spyware , I doult that anything posted anywhere on the net is anywhere close to being sercure . And I doubt if any hacker worth his salt would have to personally log in or manually roam around of site for info . However , I admit that I am talking about something that I have no real experience with . { don't even know the diffence betweem Java , Javascript ot Dark Roasted }<HR></BLOCKQUOTE>

kreeden, Well, if it is someone attacking your system and you strongly suspect you know who it is or where it is from -- and you want something legally done about it. Yah, reporting to the local authorities is good. FBI is only useful if you're in the US. I've actually always been for the social networking cure. Find the biggest friend you can where the culprit lives.......... I didn't say that http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

Dark Roasted is the best personally. And you're right, any hacker worth his salt would already have all of your information. In a lot of ways it's easier than you'd think but it can also be much more difficult.

-------------------

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>rwwllms: But, there is one problem. And it's a big one. It's only maztec that is offering possible solutions. Why is that a problem? Well, it seems that everyone that talks to me about the problems they've been having on these boards lately always has to bring up maztec. It seems that everyone has some issue or complaint with maztec. Myself, personally, I haven't had any run ins with maztec and I don't go to the URU board much. So I really have no grounds to do a formal complaint. The ones that are complaining to me about maztec are hesitant to put in a formal complaint because of all the stuff going on recently no one knows who they can trust.<HR></BLOCKQUOTE>

I keep hearing rumors about all these complaints and really do encourage people to send them on. In fact I like it if people send them to me. As a few people here can attest I sometimes don't come across as taking it the best at the very beginning, but I do come around eventually. Most of the problems, as far as I can tell, with me are my moderation tactics and pervasiveness. Lets be honest, I post one heck of a lot. Phew! That's not necessarily a bad thing, but it surely isn't a good thing.

I personally would like to really clear up some of these muddy waters and problems with me. You can even have a third party let me know whatever they are. It really does help. I often come across as having my word be the last word -- it's a problem in real life also. Not at all intentional, it's just the way I speak and was raised. I'm more than open to a little discourse on the subject.

But, I'm wonder if anyone who comes and says that they have talked to me and I'm not a completely bad guy is going to find themselves accosted for being dullwhitted or something. That seems to be the atmosphere that would be experienced. Since people are already set on disbelieving all that I say.

I should have taken advantage of when my account was locked out a while back and started a new one for a lower post count http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif But I didn't, that would have been dishonest.. And well, a high post count says something, something very scary. &lt;g&gt;


rwwllms, I'll see if I can get an admin in to discuss this. But most of them are unavailable until Monday. Weekends are traditionally a bad time to bring up hot issues with them. I believe Alahmnat is also trying to get a few over.

I was just trying to explain things as from a technical viewpoint. I'm not saying any of you are wrong, I just wish I had more of the facts at hand that you seem to, but nobody seems forthcoming.

And as mystmum more than pointed out, I can be wrong and fail to observe something sitting in front of my face -- I rarely go into the admin panels and the few times I have I never noticed IP addresses, guess they are there though, finally found them last not. Oh well. That's just one key in the repetoire for someone to "hack" someone else. I still recommend a solid firewall, antivirus software, etc. If you want recommendations or anything like that, just ask.


btw, rwllms, like the blues brothers?


Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

So , you are saying the big Indian dude would work ? http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://mysmilies.ipbfree.com/s/cwm/new3d/heresyoursign.gif
``````````````````````````````
I would rather soar with the eagles then bicker with harpies
``````````````````````````````
" And you will remember what it is to know the warmth of an animal's heart."
from an old tale told by an old people

Maztec,
I can understand your frustration at hearing about all this bad stuff being said about you. Just as I'm sure you can understand I can't be any more forthcoming with what has been said to me. One of the reasons that people are talking to me is that they trust me and I can't or won't belie that trust. Sorry.
One of the advantages to having all this info from others is that when I put it all together I can see and track patterns. And as I said you figure prominately (spelling i know) in this picture. I also understand that most of the info I've put together would be classed as 'hearsay' and not actual proof. That's why I got this discussion started to get this stuff out in the open. Let everyone see that they're not alone in the problems they have been having and to start working out solutions. So let's start working on how you're percieved by others. What can you do or not do to stop being percieved as the bad guy here? Anyone have any suggestions? Maybe everyone could post one thing that they like about maztec?

I also am a big proponent of personal computer security. Not a day goes by that I don't mention it somewhere here. Also in my 'Computer Lab' thread I started here, in the second post in that thread I have a list of 'Best Of' programs. In that list are security programs as well as links to them and free programs that you can download and use for FREE. So maybe this could be the thing I like about you - you push for using computer security measures also.

Yeah, I like the Blues Brothers

http://ubbxforums.ubi.com/infopop/emoticons/icon_cool.gif

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

ok this is just an offquip as I go past to do other things. Don't have time to respond to your post fully right now and well don't really have a response. Just a mental blurp, for some reason whenever I see the word hearsay my mind reads it as herasy first -- have to reread it to get it right! http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

Maz

PS: Yah, I'd like to know what "evil" things I've done or what I'm rumored as having done/etc. Why? I suppose no good reason other than I like to know when I didn't do something if I supposedly did it http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif



---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

I think we're going to have to unpin this thread and repost a new Private Topics notice -- true to form, we have gone WAAAAYYYYY off topic http://ubbxforums.ubi.com/images/smiley/16x16_smiley-very-happy.gif!!!

Something I like about Maz is that he tries hard. Ok, maybe a little TOO hard, but better that than not caring enough to try. Plus (if my memory serves me correctly), he's a Lindyhopper!

http://dancing.org/lhop-bw.gif

_____________________
In a place where there are no men, it is your duty to be a man.

Good memory http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif Lindy hop kicks *! http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

I'm also an Argentine Tango'er, Waltzer (Love vienesse waltz and probably spelled that wrong), Salsa, and East Coast Swing.

But Lindy and Tango are my favorites by far &lt;g&gt;

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

Ok, we finally figured out what the potential exploit is -- it is not limited to Netscape, it affects both IE and Mozilla. I have contacted Infopop regarding this and will be pestering the Admins here until it is fixed. Apologies for doubting anyone -- but this would have been a lot easier if you would have just told us.

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

http://ubbxforums.ubi.com/images/smiley/16x16_smiley-mad.gif I did, months ago when a forumite first told me.
I was ignored and she was belittled.

MM beat me to it. I was just going to post something similar.

You see maz (I can call you maz can't I?) this stuff has been going on for sometime. This is not something that just appeared overnight. It's all coming to a boil now because we're starting to compare notes with each other. Most companies work to earn our trust; Ubi has earned our distrust my not taking our concerns seriously.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

MM, interesting. I'm not even going to apologise for their behavior. If it was me or a fellow moderator, I would.

For what it is worth, I actually skipped telling the admins here -- they're gone for the weekend as usual -- and went straight to Infopop. It's Infopops software anyway, so letting them know directly will hopefully speed up the processed. Now, if they ignore it, this becomes a whole different issue.

The problem with Ubisoft is that they often get into an agreement ahead of time and have signed the paperwork regarding it -- before telling anyone about their decision. Then it turns out to be something the community really isn't happy about and it's too late for them to backout. Personally, somewhere along the line someone in upper management doesn't come across as being all that bright.

Yes you can call me maz if you want.

I realize that this didn't appear just overnight. In fact I've found record of it now for over 9 months. Over that 9 months Infopop has been notified of the problem at least 6 times. It will be interesting how yet another notification of the issue will be handled. I made myself a bit of a pest, so hopefully they do take the time to notice for once, heh.

The few people I do know at Ubi do take the communities concerns very seriously, unfortunately they really are towards the bottom of the totem poll and do get ignored. Wish that wasn't the case, but that's what I keep seeing happening from here.

Personally, my big beef with Ubi at this point is with their marketing group. Oooh well.


Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

Our forum has only been on Infopop for about 6 weeks, though. Our problems prior to that occurred on the old server.

_____________________
In a place where there are no men, it is your duty to be a man.

Before the buck gets passed to infopap, isn't it the case that the sign on IS via the ubi server - and THAT is where the problem is?

http://ubbxforums.ubi.com/infopop/emoticons/icon_confused.gif

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

drat, this now makes no sense unless I add - In reference to Princess's post:

ie Ubi, which, as Maztec is just finding out, is not all that good at paying attention.

[QUOTE]Originally posted by maztec:

Personally, my big beef with Ubi at this point is with their marketing group. Oooh well.


I kinda really don't trust any 'suit'.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

*Looks at Ron's avatar and begins chuckling.*

It's called role camelflouge (spelling, i know). As in 'Know Thy Enemy'.
Keep your friends close, but keep your enemies closer.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

Well then cute. We discovered a whole different exploit that is with the infopop software itself. So apparently you guys have one that you're all privvy too and the only people to have mentioned it to an administrator had a bad experience, so nobody is going to share it with anyone again? Anyway, I really do encourage someone to PT it to me and I will raise all the meager hell I can to get it fixed -- even if that results in me being demodded. And if it doesn't get fixed *sigh* Anyway... As for the other one, it's a bit more pervasive -- the one we found works across both IE and Mozilla.

mystmum, just finding out? http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif I've known for a while that they can be deaf -- especially on the weekend. But what I won't tolerate is attacking individuals within the corporation (although my previous post about upper management could be taken as such).

BTW, good to see you with an avatar again KismetKat http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by maztec:
So apparently you guys have one that you're all privvy too and the only people to have mentioned it to an administrator had a bad experience, so nobody is going to share it with anyone again?<HR></BLOCKQUOTE>

*sigh*

No, Maz -- we're working on it. Just not with you. No offense meant.

_____________________
In a place where there are no men, it is your duty to be a man.

Assuming anybody here still trusts me more than the Ubisoft employees, would you mind emailing me at alahmnat@dpwr.net with *exactly* what is involved in this security hole? Details are not just appreciated, but vitally important (and note I said email me, for those of you who don't trust the PT system).

On the subject of PTs btw, the only groups who have permission to manage PTs (in other words, read everyone's) are the administrators (which would be all UbiSoft community managers, myself, and Roac). Maz and I ran a couple of tests, and other members cannot gain access to your PTs if they are not invited to them, even if they somehow gain access to a PT's URL. Obviously the test was not extensive enough to encompass any possible URL hijacking that could be attempted (and for which I don't even know where to begin investigating), but under normal access circumstances, PTs are secure for member-to-member communication.

If anyone has encountered any possible holes or exploits in either Infopop's software OR Ubisoft's login system (which is on a secure server and authenticates using an Infopop protocol), PLEASE email me with exactly what this hack entails AND how to duplicate it. I know everyone puts security first, and because of that, it is VITAL that we have information to work from. It's simply not possible to get this fixed any other way, and I'm pretty sure the techs don't have time to spend spinning their wheels pouring over every line of code between Ubi and Infopop to find the problem when it's possible to narrow it down, often, to a single line in a particular function. To do that, though, one has to know what to look for, and right now, nobody seems willing to pony up the information so it can be passed on.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant
Please note: I do not respond to Private Topics dealing with technical support or hint requests for the Myst series

Al - i suggest you contact someone who has recently left these forums - as SHE (the cat's mother? http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif) was the one who originally pointed it out.

YOU know who I mean.

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

Or check your emails from November.
She says the same problem still exists.

Since I and you all know Alahmnat's babysitting his aunts dog or something like that. Can you guys just assume he deleted for whatever reason, accidental or not, the email from November and possibly talk whoever it is into re-mailing it to him?

-- I'm happy with anyone up the chain knowing, so long as they know http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

well i happen to know he's been emailed within the last week with the exact same information.

Personally I didn't understand it - but I'm not particularly computer literate, but i ASSUMED he knew what it meant.

Something to do with coffee cups as I recall.

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

Ok, I'll pester him to make sure he's read through all of his emails when he shows up again Tuesday.. Although sending it again with big bold topic of "DON'T DELETE THIS IS THE PT STUFF" may just grab his attention http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

Maz - I have it in hand.

Guys, I have just returned from a few days away and catching up with this stuff. A few things I think everyone ought to know.

First up - the hack attacks some folk have experienced - is most likely to be coming from outside sources. Some of the previous posts in this thread have already gone over that. It is impossible for a moderator, just by using their mod privileges alone, to identify a person's IP addy unless that person actually posts... and the reports I have received of folk with dynamic IP addys being hacked from the moment they log on to the net kind of rules moderators out as being the culprits, at least in those circumstances.

That it could be a malicious forum member (moderator or otherwise) hacking into the software is a possibility that cannot be ruled out, but more evidence needs to be collected about what is happening in order to help get to the bottom of the problem. And THIS is why I am posting.

I have received numerous and consistent complaints and concerns about hacking, security breaches, etc. but VERY LITTLE CAN BE DONE UNLESS ACTUAL PROOF OR EVIDENCE IS PROVIDED!!!

For example, a few months ago I received an email from an ex forum member here, saying she was seeing stuff on her netscape browser which raised her concerns about a security breach... since she was the only person that had experienced this, and nobody else was having problems, I needed evidence in the form of a screenshot, before I could forward it on. Otherwise no notice would have been taken of it at all. Who is going to listen to just one person and no evidence? The screenshot was never forthcoming, so I unfortunately I had to drop it. Yet now, in the light of everything that has happened, I have finally got a screenshot from this person! The screenie has been forwarded, taken notice of, and I now have a dialogue with Ubi. They are now asking for more information from this person, which I hope very much that she will oblige with providing.

Another forum member here had alerted me to the PT concerns prior to any of this conversation starting, but has not been able to point me to what is supposed to be a blatant example of a NON moderator, NON Admin hacking into other people's PT's. This is a terrible shame because it will be very difficult to get attention on that one, without proof.

But anyway, the main reason for me posting here is

As regards to the security issue, Maz is right, as far as the actual forum software is concerned, Ubi is a customer of Infopop. I cannot speak for Ubi, but I should imagine that if or when they go to Infopop with concerns about the security of the product, they will also need strong evidence supporting their concern. And they cannot do that unless the concerns that I or any of my Exile colleagues forward from you all, have some supporting evidence! Even if it is an issue with Ubi servers or software, details are vital if there is going to be any hope of getting this resolved.

So for this, or ANY complaint that you have, please please provide as much information, examples etc. as possible, that support your concern. The more you give, the more that can be done about it. So far, in the past couple of weeks the reps I have been dealing with have been attentive and receptive. I dont see any reason why anyone should decide not to forward a concern because of a belief that they will be ignored.

So I am OFFICIALLY asking everyone, to let the Exile moderators know of anything concerning the recent fears of security breaches on forum software or Ubi servers, hack attacks etc. IMMEDIATELY, if they have not done so already. As Al said, if there is anyone who feels uncomfortable using the PT in the light of recent concerns, you can still contact Alahmnat, Skylark, Gaberax or myself by email. It is preferred that all 4 of us are copied on the mail, because if anyone is unavailable the others can take over. (Al will be largely unavailable over the next few weeks)

(edits to add) And remember, to provide as much supporting information as possible - as Al mentioned in his last post above, it will help enormously with the investigations.

Thanks

'No problem can withstand the assault of sustained thinking' - Voltaire

[This message was edited by Jauntages on Mon March 01 2004 at 04:48 AM.]

Actually Jaunt, the screenshot was forthcoming, admittedly a couple of weeks after you asked for it, but by then you'd blocked her email.

And screenshots were sent again to you and Al last week.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trust no-one

Indeed they were. And as posted above, have been forwarded to Ubi, examined, and responses relayed back. I am now waiting for said forum member to provide more information as requested, to help further the investigation.

And since she made very public some allegations that I blocked her email, I will make this very public... Yes, I considered blocking her email address after an abusive email she sent me, when I asked her for the screenshot back in November. However I reconsidered because I knew it would not do, if she needed help with any other problems. I junked the email and in doing so managed to block the email addys of everyone who uses the same domain as her, lol! I only realised a day or two later and unblocked them all. So yes, I have received all the emails she sent containing insults flung at me, that were copied to me just to 'see if it is blocked' but I did not receive the screenie. I am not letting that, or her recent public flaming of me get in the way of me helping her. So if you dont mind, I'll get back to trying to help folks out.

Now back on topic, I can confirm that other peoples concerns are also being investigated at this time.

http://ubbxforums.ubi.com/images/smiley/16x16_smiley-happy.gif

'No problem can withstand the assault of sustained thinking' - Voltaire

Thank you, Jaunt and Al, for being vocal about what is happening to protect the people who use this service. It definitely helps the general atmosphere when we know for sure that concerns are being heard and solutions pursued. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-happy.gif

_____________________
In a place where there are no men, it is your duty to be a man.

Another PT-related note: it would appear that every time a person is sent a notification of a reply by email and reads it (once for application-based email clients, and probably *every* time for webmail access), the view count goes up by 1 more. So if everyone is reading invites and sending them back and forth and looking at notification repeatedly by webmail such as Hotmail or Yahoo, the count will go up seemingly for no reason whatsoever.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant
Please note: I do not respond to Private Topics dealing with technical support or hint requests for the Myst series

but that doesn't explain the number of views on dummy PT's that people like Ron set up.

http://www.stopstart.fsnet.co.uk/flags/oz.gif

Life's tuff when you are a "misunderstood ferret"

I do believe my posting also covers fairly well the remaining items to what causes increments in PT's. I've ran numerous tests now with several fictional accounts plus my main account -- and they consistently only increment if I've viewed them. Otherwise the PT count stays low at all times.

Plus I have over 2 pages of PT's on these forums and frankly don't see anything that makes the view counts as being all that high, plus many of them are just one for one.

People who are experiencing issues with their view count being much larger than you'd expect. Could you please share some numbers of just how many views are in those threads, number of participants, and how many posts/replies are in it? Additionally, what browser and its version are you using?

Thanks,

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

The only one that I really wondered about was the one I send Al , which had about 6 or 7 views I couldn't account for . But I deleted that one . And as you said Maztec , I do have some that remained at a few counts ... and I can't account for how many times others read them , so no big worries here as long as others don't have a large number .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://mysmilies.ipbfree.com/s/cwm/new3d/heresyoursign.gif
``````````````````````````````
I would rather soar with the eagles then bicker with harpies
``````````````````````````````
" And you will remember what it is to know the warmth of an animal's heart."
from an old tale told by an old people

I've noticed the regular threads rack up a lot of "views" rather quickly.

Grrr...

That's because word of how hip we all are here has spread far and wide. http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif

_____________________
In a place where there are no men, it is your duty to be a man.

Hip is not the word I would have used.
More like morbid curiosity. You know, like how people have to slow down and look at the car wreck beside the road hoping to see some dead bodies strewn about. Well, that's why people are coming here and looking around.

_____________________________

Men rise from one ambition to another; first they seek to secure themselves from attack, and then they attack others.
Machiavelli

The time I noticed a PT view count increase was, what two nights ago, I checked to see if Joy had replied to my last reply of a PT thread she had sent me. At the time I looked for a reply there were 16 views. When I looked again a short time later the view had risen to 18. Understand that I had not opened the PT thread, just the PT window. And when I got to counting the number of views that could be possible there should have been maybe 12 total. And, I noticed after I posted to this thread about what I found the view count never changed from that 18. Joy has since deleted that thread so I can't say if the count has again changed.

************************************************** **
Remember the important things.....as you turn on your computer. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

View counts are updated once every 10 minutes or so.

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

I have a PT to guinevere with one reply from her, and 10 viewings http://ubbxforums.ubi.com/images/smiley/16x16_smiley-indifferent.gif
But I have noticed none of the post counts has risen strangely since this was pointed out.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trust no-one

So are you saying that just opening the PT window caounts as a hit even if you don't open the thread, Maz? That isn't right -- I've noticed some post counts going up while others have not.

MM, I have noticed that, too.

_____________________
In a place where there are no men, it is your duty to be a man.

[This message was edited by PrincessXenobia on Mon March 01 2004 at 10:11 PM.]

Seems like the view count would increase every time the thread is opened, not just opening the PT window; much like the open forum. Scan the topics and the view counts don't change, open the thread and the view counts change.

Awfully strange to see a view count increase and know the two members are the ones increasing the count.

************************************************** **
Remember the important things.....as you turn on your computer. http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Jauntages:
Indeed they were. And as posted above, have been forwarded to Ubi, examined, and responses relayed back. I am now waiting for said forum member to provide more information as requested, to help further the investigation.

And since she made very public some allegations that I blocked her email, I will make this very public... Yes, I considered blocking her email address after an abusive email she sent me, when I asked her for the screenshot back in November. However I reconsidered because I knew it would not do, if she needed help with any other problems. I junked the email and in doing so managed to block the email addys of everyone who uses the same domain as her, lol! I only realised a day or two later and unblocked them all. So yes, I have received all the emails she sent containing insults flung at me, that were copied to me just to 'see if it is blocked' but I did not receive the screenie. I am not letting that, or her recent public flaming of me get in the way of me helping her. So if you dont mind, I'll get back to trying to help folks out.

Now back on topic, I can confirm that other peoples concerns are also being investigated at this time.

http://ubbxforums.ubi.com/images/smiley/16x16_smiley-happy.gif
<HR></BLOCKQUOTE>
http://ubbxforums.ubi.com/images/smiley/16x16_smiley-indifferent.gif
Funny how no one gave a damn back in November. Wonder what's changed?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trust no-one

Another thing is that many browsers -- particularly newer ones -- actually scan links and download their contents to speed up your browsing experience. A "read-ahead" type thing. If you have any connection optimization software your system probably does that also. So viewing the PT window may increase the view count on some if not all of the threads. It wont' necessarily open all of them for pre-fetching. Usually the first few are done and if there are too many it stops. Or if it's already seen them it doesn't hit them again.

So that should answer your question PX. This is part of why I asked what browser people use.

MM, I do know that Katie has a habbit of rereading past threads of her own. All of my PTs to her have more than 10 viewings with only a few replies.

MM, peoples schedules and peoples time. I have to ask, does it really matter that something has changed so much as that it finally has and that is good?

Maz

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by mystmum:
http://ubbxforums.ubi.com/images/smiley/16x16_smiley-indifferent.gif
Funny how no one gave a damn back in November. Wonder what's changed?<HR></BLOCKQUOTE>

Nothing at all, except for the presentation of a screen shot. And also when I mean nothing at all has changed, I also mean the abusive emails, of which I received another from this person last night, despite which, I am still attempting to help her the same as I am everyone else.

Will let the relevant folks know to look at this thread, there is some interesting and useful stuff about PT's being discussed here.

'No problem can withstand the assault of sustained thinking' - Voltaire

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by maztec:
If you have any connection optimization software your system probably does that also. So viewing the PT window may increase the view count on some if not all of the threads.<HR></BLOCKQUOTE>

I don't think so. Ron, do I http://ubbxforums.ubi.com/images/smiley/16x16_smiley-very-happy.gif? I'm sorry, Maz, but your explanations make no sense to me. And I don't mean technically. I'm not talking about pages and pages of PTs, here. I don't think i've ever had more than 3 or 4 going at once. I appreciate that you are trying to provide some explanations, but they simply don't wash. Especially since (as many people have noticed) the unusual view count climbing has seemed to stop ever since we started talking about it openly.

_____________________
In a place where there are no men, it is your duty to be a man.

View Count increments in summary:

Technical reasons for view count increase:

1) The view count is increased anytime the PT in question is retrieved from the server.
2) When someone views a PT it increases view count by one.
3) When someone replies to a PT it increases view count by one more.
4) Some browsers and some "net-speed optimization" software will open up more than one connection to download a page -- particularly so it will fetch any images (even small icons) "faster" by creating more than one connection thread. Each of these additional connection threads will increment the view count by one.
5) Each time "refresh" on a browser is pressed while in a PT, the view count is increased by one.
6) Several browsers and some "net-speed optimization" software do what can be called "read-ahead" where they follow links on a webpage and cache them, so when you go to the page you will display it faster. This is fetching the pages, even if you never view them, which in turn increments the view count by one.
7) Note, the view count is not updated immediately. My experience shows it is updated approximately every ten minutes. Which can account for sudden unexpected jumps. Sometimes I've noticed it will take upwards of 30 minutes before incrementing the view count. Odd behavior, but it saves time on the server side presumably. Either way it takes a bit for the view count to be displayed as incremented. Test it for yourself, create a PT, hit refresh a bunch, open it in a few new windows, repeat, then look at the PT's main window, what's the view count on that thread? Come back in 20 minutes, refresh main PT window, has the viewcount for the previously mentioned thread now increased?

Now social reasons:
1) Some people have developed a habit of refreshing a page if it doesn't look just right or they haven't viewed it in a while. This increments the view count by one.
2) If someone is expecting a response from someone else fairly soon, it is possible they may leave it open and hit refresh instead of waiting for the PT list to update -- which has been noted to take its dear time -- and thus incrementing the view count by one.
3) Someone may decide not to respond immediately, goes away, comes back a little while later and responds then, or does this several times, each time they come back and reread the view count increments by one.
4) People will sometimes refer back to old messages and threads, to review what was posted, or for purpose in later conversations. This increments the view count by one each time they view it again.

and

5) People have became aware of view counts going up "mysteriously" since the issue was brought up. As is human nature they are watching view counts more carefully. Additionally, they are making sure they don't increment it unless absolutely necessary. This results in most of the social reasons causing view count increment cease to exist. On the other hand, the technical reasons will still exist.

So, the question I ask is what happens to be the actual Cause and Effect and thus coincidence? That whoever was mysteriously reading your PT's for whatever nefarious reasons has suddenly stopped since it was brought up publicly -- knowing that only Administrators can read PT's. Or, social and technical awareness to increasing view count has caused more awareness in browsing habbits which has resulted in a lowered view count.

I'm not saying everyone here is wrong. I don't know everything tied up with the issues at hand and acknowledge it is not forthcoming either. It's entirely possible someone is abusing their abilities, but I really don't see why they would. I apologize for having insinuated anyone is paranoid past or present. But without any substantial information to go on all I can really do is offer my technical expertise in helping you understand.

Perhaps a good question question is a bit of why I poked my head into this particular thread and started posting? I've been reading these forums for a while and have really only popped in a few times. Well, to be honest, I felt offended, distrusted, and saddened at the implication that an Uru moderator or moderators are attempting to hack into someones computer -- let alone a forum members. Even though MYST Hangout is very much its own community seperate from Uru, it is still a part of the MYST family (and visa versa). We can't have a solid community without a certain amount of trust. That trust is something we need to work on in both directions. This is why I am trying, hoping to open up the paths of communication between us and you. I realize you have your own moderators here and frankly, I'm not coming here to moderate you. I am here as a fellow user, but someone who is a member of a group which apparently is a subject of contention. I hope that we can resolve our differences, whether it be a resolution to agree to disagree, agree to agree, or whatever. But we're here folks, many of us read these forums just to keep up, and well we want to feel welcome to the community and to return that welcome. Perhaps we haven't always handled things the best way others think we should have on the Uru forums, but we are learning our lessons. I again encourage everyone to let us know when we do something right or wrong via PT -- tell the person you feel has done ill or good. We will do our best to respond and hopefully come to understand each other. PX, you've had that experience with me recently -- an experience that didn't start out with the best response from me, but came out well in the end. Others in this forum have also had these same experiences with me and other moderators throughout all the forums here. Finally, if you are uncomfortable with talking directly to a particular moderator -- pick one you like. Let them know about the other, ask them to keep you anonymous but to pass on your message. Or send your comments to an administrator and ask them to pass it on anonymously. And yes, for what it's worth, the Myst and Uru moderators do communicate and have a budding community relationship. ....

Finally. Honestly, I don't think anyone is viewing anybodies PT's unless it is an administrator who has received a complaint about abuse via PT. Even then it is more likely for them to request a copy of the PT rather than to go to the PT directly themselves.


Thanks for taking the time to read my way too long post,

Maztec

---
If this is one of my postings and I have not said it's "official news", provided a quoted source for reference to the news, or directly indicated that I am moderating the thread. Then I am posting as a fellow user.

--------------------
Originally posted by mystmum:
Funny how no one gave a damn back in November. Wonder what's changed?
--------------------

The reason the problem was not investigated further in November is because 1) we had no screenshot to examine to see what could be causing the problem, and 2) I was unable to duplicate the scenario despite trying in several browsers. As far as I have seen, the Ubi staff have still been unable to duplicate the problem.

Please, don't let our efforts now stop you from being utterly vitrolic though. You are all doing such a marvelous job.

----------
Alahmnat
Guild of Archivists, DPWR.NET (http://www.dpwr.net)
Uru and Myst Forum Moderator / Community Assistant
Please note: I do not respond to Private Topics dealing with technical support or hint requests for the Myst series

I suggest everybody takes a little time out here. Over the past few weeks we've had uproar over forum politics, and concerns over conspiracy theories, hackings, security and gawd knows what else. No wonder tempers are getting a little frayed!

Under normal circumstances I would consider locking this thread, but it is being used for the very important purpose of posting concerns and experiences on private topic viewcounts and other security related issues, so I will instead ask that please can it be kept that way. From now on any future posts in this thread that are NOT constructive to helping the powers that be resolve concerns and issues about forum security, WILL BE EDITED OR DELETED.

The relevant folks are being asked to check this thread periodically, so lets keep it easy for them to see the issues we are reporting, and not have to wade through venomous and irrelevant posts.

Any and all complaints and concerns - whatever their nature - are taken seriously. The fact that I am seeing names of ubi employees I have never heard of before copied in on responses to the concerns I have forwarded from folk here is enough reassurance for me that Ubi is actively investigating. And as has already been noticed, some action is already being taken.

Please stay vigilant - and continue to post any concerns related to THIS issue here if you think it is appropriate. Otherwise, contact Gab, Sky, myself or Alahmnat (preferably all 4 at once to ensure a quick response) either by PT, or if you feel more comfortable, by email.

Thanks all for understanding, and thanks for all the good work so far.

'No problem can withstand the assault of sustained thinking' - Voltaire

<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Jauntages:
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by mystmum:
http://ubbxforums.ubi.com/images/smiley/16x16_smiley-indifferent.gif
Funny how no one gave a damn back in November. Wonder what's changed?<HR></BLOCKQUOTE>

Nothing at all, except for the presentation of a screen shot. And also when I mean nothing at all has changed, I also mean the abusive emails, of which I received another from this person last night, despite which, I am still attempting to help her the same as I am everyone else.

Will let the relevant folks know to look at this thread, there is some interesting and useful stuff about PT's being discussed here.

_'No problem can withstand the assault of sustained thinking' - Voltaire _<HR></BLOCKQUOTE>

Wow. I can't imagine anyone I've met here would do something like send abuisve emails. That really makes me sad. http://ubbxforums.ubi.com/infopop/emoticons/icon_frown.gif

Yeah, it made me very sad too. But *sigh* what can you do? http://ubbxforums.ubi.com/infopop/emoticons/icon_frown.gif

Actually, it no longer makes sense to have all these posts still pinned at the top of the forum. They have served their purpose in bringing the problem to the attention of the powers that be, and as a result it has now been fixed.

So I have unpinned this topic now, and have pinned a copy of Al's original message about the use of PT's in its place (along with a couple of posts on how to delete PT's).

Thanks to those who posted constructively in this thread, it really helped get things moving.

http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

'No problem can withstand the assault of sustained thinking' - Voltaire

[This message was edited by Jauntages on Mon March 08 2004 at 03:03 AM.]