Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[SirPeebles]

Isotropic has a good security track record, as far as I know. The only hole I know of was the lack of server-side checking of affordability that allowed a Platinum/Platinum opening, and Goko had a similar problem but worse. I'm not aware of it ever having an XSS exploit or leaking expansion info, both problems that Goko has had.

Isotropic leaked Dark Ages what, two weeks ago?

[blueblimp]

Isotropic has a good security track record, as far as I know. The only hole I know of was the lack of server-side checking of affordability that allowed a Platinum/Platinum opening, and Goko had a similar problem but worse. I'm not aware of it ever having an XSS exploit or leaking expansion info, both problems that Goko has had.

Isotropic leaked Dark Ages what, two weeks ago?

By "expansion info" I meant information about the expansion. Everyone knows what the Dark Ages cards are now. I agree it was a slip-up but IMO not on the same scale as leaking cards before they are officially unveiled.

[werothegreat]

Isotropic has a good security track record, as far as I know. The only hole I know of was the lack of server-side checking of affordability that allowed a Platinum/Platinum opening, and Goko had a similar problem but worse. I'm not aware of it ever having an XSS exploit or leaking expansion info, both problems that Goko has had.

Isotropic leaked Dark Ages what, two weeks ago?

By "expansion info" I meant information about the expansion. Everyone knows what the Dark Ages cards are now. I agree it was a slip-up but IMO not on the same scale as leaking cards before they are officially unveiled.

Oh, I quite enjoyed that, actually.  Especially with a such a large expansion - it was like Christmas.

[greatexpectations]

Isotropic leaked Dark Ages what, two weeks ago?

this was not a site design issue though, it was a simple mistake by dougz. and fwiw, he commented that he hadn't updated the isotropic site at all since july. it has been (to my knowledge) almost entirely bug free in that span and has not had any known security issues.

[Polk5440]

I just tried to buy in.
Tried the ToS link and got 404 error!
http://play.goko.com/games/terms_of_service
So I think I will not a paying yet.

I reported this on getsatisfaction for you.

[dondon151]

Is there a running list of the Top 50/100 or so and whether they've made the switch?  I mean, WW has a lot of sway in the Dominion world (like Stef, Marin, Geronimoo, theory, etc., just to name a few off the top of my head) as far as Dominion celebs go, so it may be nice to see which celebrities have endorsed Goko and which haven't.

My impression is that a topic containing such a list would be locked in short order due to complaining. And in any case, if the top 100 decide not to make the switch, then that doesn't matter in the long run because there will be another 100 to replace them. I can't say for sure if the overall quality of the player base is going to keep improving or stagnate now that there are so many veterans leaving, but I'm almost certain that no one cares about that. At worst, it just means that Goko is going to make slightly less money.

[Polk5440]

Is there a running list of the Top 50/100 or so and whether they've made the switch?  I mean, WW has a lot of sway in the Dominion world (like Stef, Marin, Geronimoo, theory, etc., just to name a few off the top of my head) as far as Dominion celebs go, so it may be nice to see which celebrities have endorsed Goko and which haven't.

My impression is that a topic containing such a list would be locked in short order due to complaining. And in any case, if the top 100 decide not to make the switch, then that doesn't matter in the long run because there will be another 100 to replace them. I can't say for sure if the overall quality of the player base is going to keep improving or stagnate now that there are so many veterans leaving, but I'm almost certain that no one cares about that. At worst, it just means that Goko is going to make slightly less money.

You can check the top 100 on the Goko Pro Leaderboard here. It doesn't say who pays or their records, though. There are some recognizable f.ds names.

I am waiting for the day Council Room starts pulling Goko basic stats. I for one want to know my stats against Andrew Iannaccone and Jonathan Shepherd. I have played them each quite a bit, and they are both friendly and very good.

[Watno]

I have the feeling like I'm playing all my games against Andrew^^

[LastFootnote]

Bear in mind that it's currently quite easy to cheat your way up to the top 100 by quitting games you're going to lose. (I'm not accusing anyone here of doing that, but I know that there are those who do on the Goko leaderboard.)

EDIT: WanderingWinder, it's pretty clear that you want to be convinced that Goko is a relatively secure site. But in the end, you're going to have to convince yourself. Nothing we say is going to mean much. If I'd had the presence of mind when you first posted this thread, "Convince me that Goko is a good site, security-wise", I would have simply responded with, "No."

[jsh357]

Bear in mind that it's currently quite easy to cheat your way up to the top 100 by quitting games you're going to lose. (I'm not accusing anyone here of doing that, but I know that there are those who do on the Goko leaderboard.)

EDIT: WanderingWinder, it's pretty clear that you want to be convinced that Goko is a relatively secure site. In the end, you're going to have to convince yourself. Nothing we say is going to mean anything. If I'd had the presence of mind when you first posted the thread, "Convince me that Goko is a good site, security-wise", I would have simply responded with, "No."

It hasn't been that hard for me to climb lately.  (made it in the top 20 in a couple of days)   There are several known cheaters perched near the top, though.  Frustrating.

[Beyond Awesome]

I am also in the top 20, and I know I did not cheat to get their either. But, yes, some of those players did cheat to get there. I know because I played against them.

[WanderingWinder]

EDIT: WanderingWinder, it's pretty clear that you want to be convinced that Goko is a relatively secure site. But in the end, you're going to have to convince yourself. Nothing we say is going to mean much. If I'd had the presence of mind when you first posted this thread, "Convince me that Goko is a good site, security-wise", I would have simply responded with, "No."

I'm not looking for a persuasive argument. I certainly doubt that there's just a framing of it that's going to change my mind.

I'm looking for new information. It's certainly possible that it's not out there. But I've looked as best I can. If someone else has something I haven't found, I'd like to see it here. If not, then the post doesn't particularly concern you - no response required.

[LastFootnote]

EDIT: WanderingWinder, it's pretty clear that you want to be convinced that Goko is a relatively secure site. But in the end, you're going to have to convince yourself. Nothing we say is going to mean much. If I'd had the presence of mind when you first posted this thread, "Convince me that Goko is a good site, security-wise", I would have simply responded with, "No."

I'm not looking for a persuasive argument. I certainly doubt that there's just a framing of it that's going to change my mind.

I'm looking for new information. It's certainly possible that it's not out there. But I've looked as best I can. If someone else has something I haven't found, I'd like to see it here. If not, then the post doesn't particularly concern you - no response required.

But none of us know what you want to hear. I personally don't believe any information—new or otherwise—is going to convince you. News flash: every site can be hacked. No system is completely secure. If you want to know whether the site meets your arbitrary standards, do the legwork yourself. Learn how to hack and try to break the site's security.

[WanderingWinder]

EDIT: WanderingWinder, it's pretty clear that you want to be convinced that Goko is a relatively secure site. But in the end, you're going to have to convince yourself. Nothing we say is going to mean much. If I'd had the presence of mind when you first posted this thread, "Convince me that Goko is a good site, security-wise", I would have simply responded with, "No."

I'm not looking for a persuasive argument. I certainly doubt that there's just a framing of it that's going to change my mind.

I'm looking for new information. It's certainly possible that it's not out there. But I've looked as best I can. If someone else has something I haven't found, I'd like to see it here. If not, then the post doesn't particularly concern you - no response required.

But none of us know what you want to hear. I personally don't believe any information—new or otherwise—is going to convince you. News flash: every site can be hacked. No system is completely secure. If you want to know whether the site meets your arbitrary standards, do the legwork yourself. Learn how to hack and try to break the site's security.

I fully understand that any site can be hacked - I am not a bluthering idiot. My standards are relatively arbitrary, I grant, but not hugely high - I am looking for something that can be trusted about as much as your standard webpage. I have specific reasons, as laid out above, that this site seems sub-standard here. The clearest thing, for me, that would bring this to okay-ness is information that they've hired a specific group (someone who could be looked up, with some kind of reputation or track record). Again, I'm not expecting to be convinced here, but if someone can do it, I'd be thrilled. If you can't, why post?

Learning how to hack and trying to get in to the site is an absolutely terrible idea, for a number of reasons. The amount of time and effort it would take is not even close to being worth it; it's illegal; it actually exposes me to greater risk than just sitting and doing nothing; it would be incredibly arrogant to think I could know when I've done a reasonable job of learning hacking techniques - I don't have that great of this kind of intelligence; most of all, it's absolutely unethical.

[blueblimp]

I am looking for something that can be trusted about as much as your standard webpage.

Your average webpage is typically fairly insecure. In my opinion, just avoid giving Goko your credit card info directly, and then you aren't really exposing yourself any more than generally perusing the internet.

[DStu]

most of all, it's absolutely unethical.

Agree with everything else concerning hacking, but in how far is it unethical to learn how to recognize security risks and warn the people who are commiting them/that are exposed?

Was it unethically of $whoeveritwas to search for the XSS exploit in the chat during beta?

[WanderingWinder]

most of all, it's absolutely unethical.

Agree with everything else concerning hacking, but in how far is it unethical to learn how to recognize security risks and warn the people who are commiting them/that are exposed?

Was it unethically of $whoeveritwas to search for the XSS exploit in the chat during beta?

Learning and searching isn't. But the step that goes to actually trying to pull it of is.

[WanderingWinder]

I am looking for something that can be trusted about as much as your standard webpage.

Your average webpage is typically fairly insecure. In my opinion, just avoid giving Goko your credit card info directly, and then you aren't really exposing yourself any more than generally perusing the internet.

Well, depends on how you define average web-page. Yeah, the web is full of sites that are insecure, but I guess I am not counting things like that which banner ads point you to, or the enormous troves of pornography.

[DStu]

most of all, it's absolutely unethical.

Agree with everything else concerning hacking, but in how far is it unethical to learn how to recognize security risks and warn the people who are commiting them/that are exposed?

Was it unethically of $whoeveritwas to search for the XSS exploit in the chat during beta?

Learning and searching isn't. But the step that goes to actually trying to pull it of is.

Also if it is some harmless stuff like popping up some window or so? You don't have to install a trojan horse...

[WanderingWinder]

most of all, it's absolutely unethical.

Agree with everything else concerning hacking, but in how far is it unethical to learn how to recognize security risks and warn the people who are commiting them/that are exposed?

Was it unethically of $whoeveritwas to search for the XSS exploit in the chat during beta?

Learning and searching isn't. But the step that goes to actually trying to pull it of is.

Also if it is some harmless stuff like popping up some window or so? You don't have to install a trojan horse...

First, if I am trying to test for what I'm worried about, I would have to attempt to do what I'm worried about. Second, that's actually not relevant - it's unethical to steal a car even if you just go move it to the next parking spot over. But a big debate on this isn't so helpful either.

[DStu]

most of all, it's absolutely unethical.

Agree with everything else concerning hacking, but in how far is it unethical to learn how to recognize security risks and warn the people who are commiting them/that are exposed?

Was it unethically of $whoeveritwas to search for the XSS exploit in the chat during beta?

Learning and searching isn't. But the step that goes to actually trying to pull it of is.

Also if it is some harmless stuff like popping up some window or so? You don't have to install a trojan horse...

First, if I am trying to test for what I'm worried about, I would have to attempt to do what I'm worried about. Second, that's actually not relevant - it's unethical to steal a car even if you just go move it to the next parking spot over. But a big debate on this isn't so helpful either.

I more or less completely disagree on the first two statements, but the third one is probably true.

[Hertz_Doughnut]

WW... I'm not on goko and not prejudiced in their favor, but I maintain an insurance company's website for a living.  Couple observations...

1. It's not a fair question to ask if everything is "good security-wise". That's like asking your doctor if you're 100% healthy. What doctor can test you for every single possible disease and abnormality? What doctor is a specialist on every organ of the body? Especially if you don't have symptoms.

You can ask a doctor if this skin spot is cancer, or what it means to have a fever and chills... I.e. specific questions. And so too with goko... you can ask if credit card info is saved on their site, if it's encrypted, if players can hack to see their opponents' hands, if you can trick the game into buying platinums on turn 1, etc. Those are questions that can be answered. So I would encourage you to write out every specific thing you can think of that you are concerned about, so we/goko can go through them 1 by 1.

2. It sounded like you were concerned that somehow a hacker was going to punch through goko and take over your computer. This, frankly, is totally unrealistic in today's internet. You are vastly undermining the armies of security professionals who work for (a) internet servers (b) web browsers and (c) operating systems. (Not to mention firewalls and anti-virus companies.) All 3 are continually being patched/updated to deal threats that came out last week.

I'm not saying it's impossible to have your computer taken over... That is possible if you go to a site that is intentionally trying to do that... What I am saying is that there are multiple layers of security built in to the way the internet works in 2013. There are at least 3 levels of checks that stop websites from running code directly on your computer... And these checks are maintained by non-goko companies. In other words, even if goko was no more secure than a cardboard box, my browser, google chrome, itself prevents all websites from accessing any data or running code outside of the tab the site is in without my permission. They can't even access info from other tabs in chrome, let alone delete files off my hard drive or install a program.

3. Security and bug-fixing is very much like an immune system. You get the flu, body develops a response, then you're immune to that strain. Kids are sick all the time, developing immunity that serve them for the rest of their life.

Programming is the same way. New software is buggy, someone gripes about a bug, programmers fix it, never an issue again. Hell, StarCraft 2 Heart of the Swarm came out yesterday, and there was a patch for it today... And that's with one of the best game companies in the business. Even Blizzard couldn't catch everything before release day.

What goko can be criticized for is that they let the public (beta testers) see things too early. They launched with too many bugs. This was a marketing mistake.

But they have been fixing them. You can't buy platinum on turn 1. The "immune system" is working.

4. My sense is that this isn't really about specific security questions, but rather a much more esoteric issue... Reputation. For you, goko's reputation took a hit last summer. They've made a lot of fixes to their system, but you are unwilling to forgive them or even give them a fresh look as if you first heard about them today. I'm not saying you don't have your reasons or aren't justified, I just think you should at least recognize this thread for what it really is... "I'm WW, I don't trust goko (and you can't make me)"

No, we can't. All I can request is that you be fair. Last July 4, the company responsible for the San Diego firework show had a bug that simultaneously shot off all their $500,000 worth of fireworks in 20 seconds. You can YouTube the event. They investigated the cause and gave a detailed report about the problem. Now this year cities have two choices: they can use this company and assume that they worked the glitch out and their show is more robust for it... Or they can hire another company, because, you know, company b has never had a glitch, and company a had a big one.

My question is: Is it fair to boycott company a after they acknowledged and fixed their glitch?

Anyway, hope this helps.

All the best....
David

[cactus]

Fantastic post Doughnut. +1 does not seem enough.

[DStu]

What goko can be criticized for is that they let the public (beta testers) see things too early. They launched with too many bugs. This was a marketing mistake.

You mean like at the morning of release day?

[Kirian]

What goko can be criticized for is that they let the public (beta testers) see things too early. They launched with too many bugs. This was a marketing mistake.

You mean like at the morning of release day?

Hell, StarCraft 2 Heart of the Swarm came out yesterday, and there was a patch for it today... And that's with one of the best game companies in the business. Even Blizzard couldn't catch everything before release day.