Welcome to Jester's Trek.
I'm your host, Jester. I've been an EVE Online player for about six years. One of my four mains is Ripard Teg, pictured at left. Sadly, I've succumbed to "bittervet" disease, but I'm wandering the New Eden landscape (and from time to time, the MMO landscape) in search of a cure.
You can follow along, if you want...

Friday, August 19, 2011

Hide yo kids, hide yo wife

Cripes.  The latest leak out of GoonSwarm features this charming little notation:

APIs


Garpa is developing a tool to analyse user APIs for information like whether a character has been sold. We’re only a matter of a couple of years behind PL, here, admittedly, but there does seem to be quite a bit of extra info obfuscated in there which Vio and the Auth team can use in snagging spies. What we need is a sample group and Solo “Ideological Purity” Drakban won’t let us use our library of your APIs :saddowns: In any case if GARPA’s ideas about what CCP are stupid enough to store in there turn out to be correct it would be primarily of use to us with neutrals and hostiles.
So we need a bunch of pubbie APIs to test out this theory. Fortunately, we have at hand the greatest concentration of API-farmers in Eve Online: our scammers. If you have valid USER IDs and full APIs from your scams then please bundle them up and send them to me as a forums PM, here, and you will potentially be doing the alliance a substantial favour.

This strikes me as a good time to remind people that it's probably a good idea to change your limited API a couple of times per year on general principles.  But if you haven't done so since the last time you gave it to someone, I'd go ahead and change it... oh... now.

Chances are -- after all -- pretty good that if you've given it to anyone, it was in turn picked up by someone in GIA since recruiting corps are none too secretive about such things.

Word to the wise.

2 comments:

  1. Over at the M. Corp offices, we've been having API trouble. Our former director of internal security (and like 80% of our PvP'ers) left due to some huge drama-bomb in January. It wasn't until a month ago that we removed the forum access of their alts (our CEO, Velios, develops the website, and he is super-AFK).

    Anyway, apart from our terrible security, we had problems with a certain Mr Coloredshirt leaking our forum posts and alliance mails on Kugu. We think we were able to remove the access of the account he was using, but just a week ago, Velios appeared out of nowhere and told us to change our Full API's. After I did so, Coloredshirt smugly informed me that he had been reading my mails (as he had access to the API registry that gave us forum access, being the director of security).

    tl;dr- Change your API's often, only give them out when necessary.

    ReplyDelete
  2. Or more importantly, don't do any vital strategery through anything involving the API system.

    Un-attached forums with no digital links to APIs or eve. Verbal account verification required to join etc...

    Problem? Solved.

    ReplyDelete

Note: Only a member of this blog may post a comment.