Upvote Upvoted 16 Downvote Downvoted
1 2
Phoenix Red announces GGtoor Locked (down) & Loaded
posted in News
31
#31
whitelist.tf
6 Frags +
KevinIsPwnThe website is a security mess at the moment, for more reasons than the plaintext pw. I would advise against signing up until they confirm and prove these issues have all been resolved in a post.

Signing up to the website is not a requirement to be able to play in the tournament, that's all done through Toornament.

[quote=KevinIsPwn]The website is a security mess at the moment, for more reasons than the plaintext pw. I would advise against signing up until they confirm and prove these issues have all been resolved in a post.[/quote]
Signing up to the website is not a requirement to be able to play in the tournament, that's all done through Toornament.
32
#32
22 Frags +

damn fr you deleted my post that something fishy is going on? bit cringe tbh. this is a genuine concern as the parent company "sports venue of florida" is registered as a fucking food speciality company

https://i.imgur.com/Xlch5Ju.png

also, shadow credits being completely useless and also the fact that the website is so poorly designed that you can change the passwords of others too. (LOL)

damn fr you deleted my post that something fishy is going on? bit cringe tbh. this is a genuine concern as the parent company "sports venue of florida" is registered as a fucking food speciality company

[img]https://i.imgur.com/Xlch5Ju.png[/img]

also, shadow credits being completely useless and also the fact that the website is so poorly designed that you can change the passwords of others too. (LOL)
33
#33
17 Frags +

this is one of those "pls play for my team in this tournament heres the link to join" type scams

this is one of those "pls play for my team in this tournament heres the link to join" type scams
34
#34
22 Frags +

shit... i already used my shadow credits on socks

shit... i already used my shadow credits on socks
35
#35
PhoenixRed
30 Frags +

After what has been unfolding since this announcement was made public we’d like to take this opportunity to address some of the concerns brought up by the community regarding GGtoor's under-construction website, which was mentioned in the announcement for this tournament.

First of all, we would like to apologise for what we see as a failure on our part to make sure our players' privacy is respected and protected. We do recognise and understand the seriousness of the security issues that have been brought to our attention about the GGtoor website, and are taking action as needed. We would also like to thank the people who found these issues and pointed them out to us.

The following actions have been taken:


  • First, all the security concerns about their website issues have been reported to GGtoor together with proof of concepts. We’ve also made sure to emphasise how serious these issues are and are working with GGtoor to resolve them as quickly as possible.

  • Second, we were able to confirm with GGtoor that the web site is not yet completed, and registering on the GGtoor website was never a requirement to participate in this tournament. The website is still under construction, and we would like to encourage anyone who planned to register on the GGtoor website to wait until these security issues have been resolved.

  • Third, Shadow Credits have been removed from the prize pool completely. We're excited about the cash prizes, and the credits were intended to be an additional bonus on top of the cash prizing. However, to claim the credits, one would have to register on the GGToor website, and we do not want to give any incentives for a person to register on the GGtoor website until it is completed and the security concerns are addressed.

  • Fourth, we’ve gone over the registration page on Toornament.com to make sure we don't ask for any intrusive or unnecessary personally identifiable information.

We take the privacy of our tournament participants very seriously, and if you have any questions or suggestions don’t hesitate to contact us directly on Discord.

Thanks,
Mia & Heny
Phoenix Red

After what has been unfolding since this announcement was made public we’d like to take this opportunity to address some of the concerns brought up by the community regarding GGtoor's under-construction website, which was mentioned in the announcement for this tournament.

First of all, we would like to apologise for what we see as a failure on our part to make sure our players' privacy is respected and protected. We do recognise and understand the seriousness of the security issues that have been brought to our attention about the GGtoor website, and are taking action as needed. We would also like to thank the people who found these issues and pointed them out to us.

The following actions have been taken:

[list]



[*] First, all the security concerns about their website issues have been reported to GGtoor together with proof of concepts. We’ve also made sure to emphasise how serious these issues are and are working with GGtoor to resolve them as quickly as possible.

[*] Second, we were able to confirm with GGtoor that the web site is not yet completed, and registering on the GGtoor website was never a requirement to participate in this tournament. The website is still under construction, and we would like to encourage anyone who planned to register on the GGtoor website to wait until these security issues have been resolved.

[*] Third, Shadow Credits have been removed from the prize pool completely. We're excited about the cash prizes, and the credits were intended to be an additional bonus on top of the cash prizing. However, to claim the credits, one would have to register on the GGToor website, and we do not want to give any incentives for a person to register on the GGtoor website until it is completed and the security concerns are addressed.

[*] Fourth, we’ve gone over the registration page on Toornament.com to make sure we don't ask for any intrusive or unnecessary personally identifiable information.
[/list]
We take the privacy of our tournament participants very seriously, and if you have any questions or suggestions don’t hesitate to contact us directly on Discord.

Thanks,
Mia & Heny
Phoenix Red
36
#36
payload.tf
10 Frags +

Honestly with all of these security issues in play, I'd really hope GGTor completely scraps their website and start fresh.

This is web dev 101. You cannot get user authentication and authorization wrong, ever. Doing so could cost anyone millions of dollars in damage and legal fees if circumstances are correct. I cannot ever think of an organization to do such a thoughtless action, and this was intentional. There's not one bit of tutorials out there that will teach you this is how to do authentication. This was a conscious decision from their team, and it's here to haunt them.

I'm in no way blasting GGTor, I really hope this gets to them as constructive criticism. It's not easy building a large platform, and not easy to build one fast. That's why we have frameworks and packages to help us build quickly.

I would emphisize to GGTor that their current structure should be abolished in favor of a complete rewrite. I don't want to ever see that light of what would hopefully be their old backend, and I wish for them to do everything over from step 1 with the correct and well-secure methods we have available now-a-days. I really really hope that they find more flaws in their system so that it can be patched, because this as the first thing we notice? I'm really thinking there's more to it than just user passwords we can change.

Please, for the love of God, let this be a message to GGTor and their engineering team. May this be a message of construction rather than demolision.

Honestly with all of these security issues in play, I'd really hope GGTor completely scraps their website and start fresh.

This is web dev 101. You cannot get user authentication and authorization wrong, ever. Doing so could cost anyone millions of dollars in damage and legal fees if circumstances are correct. I cannot ever think of an organization to do such a thoughtless action, and this was intentional. There's not one bit of tutorials out there that will teach you this is how to do authentication. This was a conscious decision from their team, and it's here to haunt them.

I'm in no way blasting GGTor, I really hope this gets to them as constructive criticism. It's not easy building a large platform, and not easy to build one fast. That's why we have frameworks and packages to help us build quickly.

I would emphisize to GGTor that their current structure should be abolished in favor of a complete rewrite. I don't want to ever see that light of what would hopefully be their old backend, and I wish for them to do everything over from step 1 with the correct and well-secure methods we have available now-a-days. I really really hope that they find more flaws in their system so that it can be patched, because this as the first thing we notice? I'm really thinking there's more to it than just user passwords we can change.

Please, for the love of God, let this be a message to GGTor and their engineering team. May this be a message of construction rather than demolision.
37
#37
7 Frags +

Why is the toornament page asking for player ages? Never seen it before in other cups, even those organised by PR :p

Why is the toornament page asking for player ages? Never seen it before in other cups, even those organised by PR :p
38
#38
whitelist.tf
3 Frags +

Filling out your age is a requirement from GGtoor as you need to be 13 or older; if you're under 18 you also require consent from a parent or legal guardian (see point 2.9 in the toornament rules for more specifics). Which has to do with prizepools and them being an NA sponsor and having to do taxes for this too.

----

In other news, we'll be announcing later this weekend what we're doing with the plugins for the cup, as it looks like ETF2L has made up their mind for S38 and is making some changes there.

Sign-ups close on the 28th of January @ 21 CET, so make sure your team's roster is complete and signed up to be validated on Toornament and be eligible to play!

Filling out your age is a requirement from GGtoor as you need to be 13 or older; if you're under 18 you also require consent from a parent or legal guardian (see point 2.9 in the toornament rules for more specifics). Which has to do with prizepools and them being an NA sponsor and having to do taxes for this too.

----

In other news, we'll be announcing later this weekend what we're doing with the plugins for the cup, as it looks like ETF2L has made up their mind for S38 and is making some changes there.

Sign-ups close on the 28th of January @ 21 CET, so make sure your team's roster is complete and signed up to be validated on Toornament and be eligible to play!
1 2
Please sign in through STEAM to post a comment.