Guild Wars 2

hi there please bare my Bad English

in my job , i test system security for small companies exploits ( wrong codes in sites softwares… that will “leak” information)

i stoped playing GW2 for about 20 days
and i come back to find this strange ip in my email trying to connect to my account
i have no virus thats 100 % sure
i know every way to hack an account , phishing (web site or mail) fake tools (gold giver ….)
i know all ways to Decompile a virus to get ip of hacker or email or the host of php code.
i know how a virus can run into a system (startup , exe bind , memory injection … )
and i check with "Process Hacker 2 " 2-5 times a day, all coming /going connections , Process ….service)
i know all types of Process ( all windows processes , driver processes , tools processes)

i have an ip monitor that check every ip that i connect to and every ip that connects to me 24/24 7/7.
i have not download any tools or programes, i have not connected to any web site
except guildwars2.com or forum-en.guildwars2.com.

so there’s a possible exploit in connection
here’s the full ip
Address: 126.15.121.102
City: Tokyo
Region: 40
Country: JP

and My question :
do the nature of my job . i’m security mad freak . if this random hackers that i came across me all this years. did not get anything from computer , even a man in the middle attack from my ISP , was unsuccessful
how did this Vulnerability allowed this randomly japan hacker , find my account and password .
is a guildwars2 side or my side ??

Just because you have ‘mad Skillz’ doesnt make you exempt from typical infections/spyware like keyloggers.

Since your a ‘security analyst’ I expect you to know what a browser buffer over flow exploit is. Any website that you visit has a chance to be exploited via that method to install a very small client to do whatever that hacker wants. And you would not know 99% of the time, as they almost always use a ZDI (Zero day Infection)

That’s the normal way Botnets are spread, but also typical spyware like keyloggers. And they can be hidden/disguised as any piece of software running on your system.

So just because you ‘know every windows’ process doesnt mean something didnt slip through as a mask of a known process/application.

the ONLY way anyone can get your login info for any application is to exploit your system, or you logging into an exploited system.

If there was a man in the middle attack, alot of users of GW2 would have that authentication attempt email showing IP addresses like you just got. But there have been no reports of such, and I can confirm I have not gotten the email myself. So, for right now anyway, its safe to assume the servers are secured and not exploitable currently.

An alternative way to get your Login Details is via a Span port on a switch between your PC and the authentication server. Otherwise known as Port Mirroring. But that would need to be done between your computer and your ISP, as the back bone and edge routers that run through the internet are all pretty much Locked down via physical security access. And if your in the US or a similarly controlled territory, physical access to any network equipment is pretty impossible unless you have LEC Clearance.

true words my friend Zero day Infection is very bad and silent
but that wont work with a java free system and sandboxed browser
i have coded a vb.net tool that logs all unauthorised copy extract… and connection…
if i don’t click authorise ip or program or even win service nothing will happen
maybe i’m missing something , maybe i was hacked …. i will check again
ps: My ISP is stealing gmail facebook and bank accounts …. but GW2 account is too looooooow
http://www.fastcompany.com/1715575/tunisian-government-allegedly-hacking-facebook-gmail-accounts-dissidents-and-journalists

hitmanxmx.1286:

true words my friend Zero day Infection is very bad and silent
but that wont work with a java free system and sandboxed browser
i have coded a vb.net tool that logs all unauthorised copy extract… and connection…
if i don’t click authorise ip or program or even win service nothing will happen
maybe i’m missing something , maybe i was hacked …. i will check again
ps: My ISP is stealing gmail facebook and bank accounts …. but GW2 account is too looooooow
http://www.fastcompany.com/1715575/tunisian-government-allegedly-hacking-facebook-gmail-accounts-dissidents-and-journalists

If your ISP is hacking accounts, that is YOUR issue. Its not an exploit at the GW2 servers. And, if your system is as secure as you say then its also not your system.

Time for a new ISP.

hitmanxmx.1286:

true words my friend Zero day Infection is very bad and silent
but that wont work with a java free system and sandboxed browser
i have coded a vb.net tool that logs all unauthorised copy extract… and connection…
if i don’t click authorise ip or program or even win service nothing will happen
maybe i’m missing something , maybe i was hacked …. i will check again
ps: My ISP is stealing gmail facebook and bank accounts …. but GW2 account is too looooooow
http://www.fastcompany.com/1715575/tunisian-government-allegedly-hacking-facebook-gmail-accounts-dissidents-and-journalists

Sandboxed Browsers get exploited all the time. But the Exploit has to be tailored for the sandbox (runs in Memory, when the sandbox closes injects into system using known exploits).

Java free doesn’t save you from buffer overflows. unless you are running Strict open source HTML (Not encoded) are you open to buffer overflows of your browser. Not just in Java, Flash, ASP, CGI based API’s.

sirsquishy.8531:

hitmanxmx.1286:

true words my friend Zero day Infection is very bad and silent
but that wont work with a java free system and sandboxed browser
i have coded a vb.net tool that logs all unauthorised copy extract… and connection…
if i don’t click authorise ip or program or even win service nothing will happen
maybe i’m missing something , maybe i was hacked …. i will check again
ps: My ISP is stealing gmail facebook and bank accounts …. but GW2 account is too looooooow
http://www.fastcompany.com/1715575/tunisian-government-allegedly-hacking-facebook-gmail-accounts-dissidents-and-journalists

Sandboxed Browsers get exploited all the time. But the Exploit has to be tailored for the sandbox (runs in Memory, when the sandbox closes injects into system using known exploits).

Java free doesn’t save you from buffer overflows. unless you are running Strict open source HTML (Not encoded) are you open to buffer overflows of your browser. Not just in Java, Flash, ASP, CGI based API’s.

This ^ It seems there is information about your actual knowledge you are leaving out, as some of this is rather… well…

i know every way to hack an account , phishing (web site or mail) fake tools (gold giver ….)

Every way to “hack” an account, but you mention phishing or an application requiring download? wut…. My years attending DefCon must have been a waste, I should have watched Youtube videos of people “hacking” by recording themselves attempting to have people download an infection-driven app :/

I wouldn’t consider “fake tools” or “phishing” hacking, neither white, gray, nor black hat. If an actual hacker wanted into your pc and you ran Windows, they would gain access rather quickly, that’s the way it is and if you attended such DefCon events you would see how easy it can be for those with actual experience and knowledge in the area.