Evidently, all 17 of those who are left play had their personal details, including CC info, exposed to scrutiny for about 12 hours or so by anyone who wanted to look! Including bad people! They haven't bothered to let people know that they were actually compromised. People were able to look at personal information, however. Here's a log of an IRC
discussion. Evidently, like the old dev team, information is passed through IRC and not on the official website like it should be. Dumbasses. Anyway, sorry but this is really long! DANU is the Chairman of IE, from what I understand.
(20:13:15) DANU_EI: Hi all
(20:13:16) gopher: How's the billing situation going? Any word?
(20:13:20) DANU_EI: Howdy Gopher
(20:13:27) DANU_EI: I read your posts
(20:13:41) DANU_EI: Billing is always a challenge
(20:14:12) gopher: Please post something then Danu
(20:14:19) gopher: At least a "we are looking into this"
(20:14:25) DANU_EI: The first issue is security, then accuracy and convenience follows pretty quickly on the tail of it
(20:14:33) gopher: It will help to reassure your player base if you do so.
(20:14:57) DANU_EI: Dark has made some comemnts and is going to run a post
(20:15:25) DANU_EI: Let me say we have had many reports of duplicate and erroneous trial billings under the old provider
(20:16:18) DANU_EI: The new hybrid system will allow secure entry via paypal, which if you ues prudently apperas very safe.
(20:16:19) gopher: I have seen no posts on the forums by Dark
(20:16:40) DANU_EI: In news and on forums later this evening whilst trolls sleep
(20:16:41) AA0: Danu.. there was a old bug that existed that billed trial accounts, but was fixed, the complaints still come because it was recent
(20:17:50) Abus_Altar: sry I won't use paypal it is not secure\
(20:18:04) DANU_EI: AAO send me a pm i love to listen
(20:18:12) Frid`s-laptop: what is 'not secure' about paypal?
(20:18:29) Abus_Altar: too many scam run against it request info
(20:18:30) DANU_EI: Abus we will disagree but will agree to direct bill you and accept your check
(20:19:20) Abus_Altar: I had 3 such scam that tryed to claim being from paypal
(20:19:29) DANU_EI: Abus if you particpate in a scam email request from chase bank or paypal that is the problem not your data being left unsecure at paypal
(20:20:04) DANU_EI: I have received dozens a week from many institutions
(20:20:04) Abus_Altar: what about a simple secure CC eb=ntry site?
(20:20:27) Plink: Why not both?
(20:20:33) Abus_Altar: that is all we really need
(20:20:50) Abus_Altar: but has to secure
(20:20:58) Abus_Altar: be*
(20:21:09) DANU_EI: we are planning a new set of options including direct pay and secure entry, these will take time to go through verification
(20:22:13) Seranthor: At the risk of sounding snarky and incuring wrath from you wouldn't that have been advisable to do prior to implementation of this new billing system?
(20:22:38) DANU_EI: I encourage anyone who is concerned to PM myself and I will figure out a way to accept your form of payment , I could use bronze bars on my hatchling in order
(20:23:34) DANU_EI: Seranthor at the risk of being snape like I suggest Horizons didn't have 3 months for me to authenticate servers before we closed the purchae!
(20:24:56) Seranthor: as it currently stands I cant see when my current 3 subs are due for billing next, and respectfully I refuse to give my CC info to Paypall or enter it in a non-secure system.
(20:25:05) AA0: Does that mean secure CC billing isn't coming for a while?
(20:25:11) DANU_EI: I apologize for upset to anyone this has caused,
(20:25:36) Solanaceae: DANU_EI: Can you clarify how to update billing information for accounts that have more than one subcription attached?
(20:25:47) DANU_EI: seranthor please PM me I will get dates and
(20:25:56) Solanaceae:
http://horizons.eiinteractive.com/account_update.htm mentions per-subscription but not how to do so.
(20:25:57) DANU_EI: respond
(20:26:25) Peaches: I have notified Danu about accounts that are linked
(20:26:36) Solanaceae: ah, kk.
(20:26:41) Ophelea: AA0, the issues caused with the billing Tulga just went through were caused by Pay-by-Touch coming into federal compliance. As of today, that is no longer the case. This is will not last for long as banks will beging refusing the ability for Horizons customers to use credit cards to pay for their subscriptions.
(20:26:58) DANU_EI: we are working on linked accounts to make this easier for you all
(20:27:27) Ophelea: The FDIC will not allow a grace period for the compliance as the grace period has passed.
(20:27:41) AA0: This just isn't acceptable..
(20:27:51) Peaches: pardon me? what right do banks have to not allow us to charge for horizons?
(20:28:02) Ophelea: they issue your credit cards
(20:28:10) Solanaceae: Ophelea: So you're saying that fed law now prevents me from buying subscriptions to online games using my visa card?
(20:28:17) AA0: yep, you have to handle things how they say. Period.
(20:28:20) Peaches: or my debit card??
(20:28:47) Ophelea: they will not take the responsibility of unsecure transactions when they're liable for the charges
(20:28:51) AA0: Only if the billing procedure isn't compliant
(20:29:04) Ophelea: so, if the billing isn't compliant, they will not approve the vendor
(20:29:19) DANU_EI: I think the simple solution is if you are uncomfortable with paypal we will have customer service help you through it with direct pay
(20:29:21) AA0: Don't worry, it like only takes a month to set up paypal
(20:29:35) Ophelea: hence the changes Tulga went through with Pay-by-Touch who waited until the last week of the grace period to become compliant
(20:29:52) Ophelea: At the moment, Horizons is not only not compliant, but inherently unsafe
(20:29:57) DANU_EI: paypal accounts are able to be established by a customer immediately'
(20:30:08) gopher: Danu: that is not true
(20:30:13) Peaches: I really find it hard to believe that they can tell us what we can and cant charge, but I will wait and see, meanwhile, Danu, I am at a loss as how to approach this n ow with my accounts
(20:30:15) gopher: Paypal accounts have to be verified
(20:30:22) Solanaceae: Ophelea: Can you give me something to google so I can know if I need to write an angry letter to shelly berkley or not?
(20:30:23) gopher: it takes a month to verify them
(20:30:25) AA0: yes, which takes a month
(20:30:29) Abus_Altar: that is true gopher
(20:30:35) Peaches: my husband opened ojn etoday and it is all set to be used
(20:30:49) DANU_EI: I s there anone who has a specific question for me?
(20:30:50) gopher: so anyone wanting to join HZ will now have to wait a month to be able to pay
(20:31:04) gopher: they will have to be REALLY interested in the game to do that
(20:31:06) Peaches: <Peaches> I really find it hard to believe that they can tell us what we can and cant charge, but I will wait and see, meanwhile, Danu, I am at a loss as how to approach this n ow with my accounts
(20:31:26) gopher: Frankly, I think you just screwed yourself out of a future playerbase though ignorance and incompetence
(20:31:27) Peaches: can I use credit card with pay pal for horizons?
(20:31:29) gopher: but that's just me:P
(20:31:30) Ophelea: Peaches.....your BANK takes all the risk for your credit card.
(20:31:31) DANU_EI: No you can log into paypal and use your credit card immediately!
(20:31:34) gopher: yes Peaches
(20:31:36) Dotcher: Solanaceae:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html are the requirements
(20:31:38) Abus_Altar: will there be a secure CC site?
(20:31:38) Ophelea: Not you
(20:31:40) Peaches: thank you danu
(20:31:42) Lycaunoss: you need secure CC transactions DANU or you are going to lose half the subs
(20:31:43) Solanaceae: Dotcher: Thank you.
(20:31:55) AA0: half.. at least
(20:32:09) Lycaunoss: that's not optional in most peoples minds
(20:32:14) Peaches: aao, its the banks fault, not Danu's fault
(20:32:15) DANU_EI: secure cc transactionsa re available thru a paypal screen thie minute
(20:32:19) Dotcher:
http://horizons.eiinteractive.com/update_cc.htm is out of compliance on points 3 and 4 of Protect Cardholder Data, at the very least
(20:32:22) AA0: It is EI's fault
(20:32:25) Ophelea: So, if EII does not provide a compliant site, your BANK will not allow charges to be made because it puts your credit card number out there on the net
(20:32:32) Lycaunoss: in addition to the feeling of unease that if you cannot have secure updates how can the info be secure
(20:32:33) gopher: Danu: only people in the US can use that Paypal system you set up I believe
(20:32:38) Anti_Eden: unfortunately, the half that continues to subscribe will do so due to lack of understanding the consequences of using an unsecure credit card transaction ofrm online.
(20:32:39) Ophelea: right now, credit card numbers can be captured.....
(20:32:45) gopher: so no austrialian players for isntance
(20:32:53) DANU_EI: We have a large number of international accounts at Savage eden
(20:33:06) AA0: they will only sub until the bank shuts them down
(20:33:08) DANU_EI: Using the same billing system
(20:33:16) Ophelea: Danu, enter your information and I'll read it all back to you, letter by letter
(20:33:20) gopher: oh? I could be wrong about that I suppose
(20:33:36) tramsan: Wait a sec. The new billig system uses ordinary, unencrypted HTTP for credit card forms?
(20:33:42) Anti_Eden: yes Trams
(20:33:44) Ophelea: it uses text
(20:33:46) tramsan: ...
(20:33:56) gopher: Yes trmasan
(20:34:01) Lycaunoss: sorry Danu my credit info is so wicked important to me paypal doesn't cut it and right now EI doesn't either
(20:34:03) tramsan: Wow. Fabulous.
(20:34:03) DANU_EI: Can I suggest the paypal system is easy and secure?
(20:34:05) gopher: please do not put in your CC info:P
(20:34:07) Lycaunoss: I'm not willing to put myself at risk
(20:34:16) tramsan: Not a flipping chance, gopher. =P
(20:34:20) Tathar: Also Danu, a billing system that isn't secure isn't a good idea
(20:34:31) gopher: Danu: until you get a secure system, just take down the insecure system. Leave the paypal one up:P
(20:34:40) tramsan: What gopher said.
(20:34:55) tramsan: If you can't provide adequate security, you should remove the option entirely.
(20:35:06) DANU_EI: OK so if someone wants to play and doesn't trust paypal we will provide a direct bill option.
(20:35:40) Ophelea: Danu, it's not only that it's not secure, it's out of compliance
(20:35:49) Ophelea: you're breaking the law simply by offering it
(20:36:04) Abus_Altar: sry my 5 accounts will not be renewed untill there is a secure cc site
(20:36:09) Steelclaw: dude, your site is broken
(20:36:13) gopher: LOL
(20:36:18) Plink: hehhe
(20:37:05) Dotcher: That server is also claiming that it runs Apache 1.3.20, which is known to have remote code execution vulnerabilities... if the data is being stored on that server, then there's a good chance even a not very skilled attacker would be able to get to it and read it
(20:37:08) Steelclaw: do you think you can take down the update forms untill you can get a https server up?
(20:37:11) gopher: it is just flowing right over his head!
(20:37:21) Ophelea: Correct, Dotcher
(20:37:22) ***gopher shakes danu, trying to make him understand
(20:37:34) Steelclaw: so people that dont know any better arent sending their financial info unencrypted?
(20:37:34) Dotcher: and if I'm reading the text correctly (I'm not a FrontPage expert by any means), the data is being captured to that server
(20:39:36) Anti_Eden: using that unsecure form is the same concept as writing your account information on the front window of your house. it's only "secure" if people aren't looking. If someone decided to turn their head and notice, you're screwed.
(20:39:46) DANU_EI: ok i think I have heard desires of these troops
(20:39:51) Dotcher: and even if you use PayPal,
http://horizons.eiinteractive.com/account_update.htm is just as insecure... I'd rather not have my home address going out on the wire unencrypted, either
(20:40:07) Steelclaw: heh desires?
(20:40:29) Steelclaw: no. we're telling you something is broken, we're telling you how to fix it. its not a desire. its covering your ass
(20:40:30) Ophelea: Danu, the apache version you're using means that the paypal address is open to capture
(20:41:02) Ophelea: they're not indicating desires...it's security deficient
(20:41:19) DANU_EI: we will turn off cc entry and allow the form to become printable in next several hours and use snail mail to carry that information to EI office.the f
(20:41:21) Lycaunoss: yep this is not a desire it's a total deal breaker
(20:41:22) Khoal: If the Apache version is open to capture... can anyone be certain CC data hasn't already been stolen?
(20:41:45) SnarkyElvis: another good question Khoal.
(20:41:52) Dotcher: Khoal, there's no guarantee
(20:41:55) Peaches: we went directly to paypal to create an account
(20:41:59) ***Ophelea cringes
(20:42:00) AA0: wow, thats gonna lose so many subs
(20:42:00) Lycaunoss: why not just set up a secure site?
(20:42:06) AA0: like.. wow
(20:42:35) Frid`s-laptop: well, besides the little to no interest in HZ by and large, and little outside knowledge of the flaw to begine with...
(20:43:31) AA0: I'm not mailing my cc info anywhere either
(20:43:37) Abus_Altar: I love game this but I'm not willing to risk my security
(20:44:15) Kumu_Honua: CC by snail mail?
(20:44:34) DANU_EI: Well if someone wishes to continue playing we will accept a check in the mail as well....\
(20:44:39) Kumu_Honua: The moo will no longer be in Istaria.
(20:45:17) Frid`s-laptop: hopefully it won't take very long to get a secure site up.
(20:45:20) Steelclaw: looks like your (old) apache server can handle secure pages. ... uh on second thought, dont do that.
(20:45:22) Tathar: Danu: We need https for credit card forms, not http.
(20:45:40) Steelclaw: openssl 0.96b
(20:45:43) Tathar: that's essentially what's being said
(20:45:46) DANU_EI: Understood
(20:46:17) Steelclaw: i know theres a worm that exploits an old version of apache+openssl of that vintage
(20:46:36) Ophelea: SC, correct. That's what Dotcher was saying.
(20:46:40) Steelclaw: yeilds a remote compromise
(20:46:48) Tathar: I have a couple weeks left on my subscription for you to work it out
(20:46:48) Steelclaw: not root
(20:47:08) Steelclaw: but if you're storing credit card info in a file readble by the httpd, its just as bad
(20:47:29) Dotcher: there's at least one remote execution vuln in that version, I didn't dig through the release notes for more
(20:47:31) DANU_EI: We will accept paypal as a secure form of entering creit card payments and direct billing outside of web environment
(20:48:00) Steelclaw: that works for now
(20:48:03) Kumu_Honua: Paypal requires that you have a bank account. I do not have a bank account. Still no moo.
(20:48:09) ***Tathar would rather not use paypal...
(20:48:13) Abus_Altar: so then there is no chance of a secure CC site ?
(20:48:15) Steelclaw: just get the insecure forms off.
(20:48:37) DANU_EI: We are willing to have a customer service rep post your account manually and receive your check
(20:48:39) ***Tathar knows that secure credit card forms are not impossible, other sites do it.
(20:48:57) Khoal: 0.o Manually?!
(20:49:16) DANU_EI: we will add secure credit card in future, Paypal is here now
(20:49:17) gopher: Kumu, I don't think Paypal requires you have a bank account. You can enter either bank or credit card info for them
(20:49:22) Steelclaw: heh whether they can do it or not isnt the issue right now. the issue is that there are people using those insecure forms and transmitting their financial data in plaintext
(20:49:28) Seranthor: DANU_EI how soon into the future?
(20:49:29) Kumu_Honua: They do gopher. At least the last time I looked into it.
(20:49:34) DANU_EI: Verification of system and site is under way.
(20:49:42) Peaches: thank you Danu
(20:49:45) DANU_EI: and takes weeks
(20:49:46) ***Tathar thinks that secure credit card forms are a necessity now, not later
(20:49:49) Steelclaw: take them down now.
(20:49:57) Anti_Eden: i'm not trying to be snarky here. i'm sincerely curious. who's the server guy at EI? Did he really and truly believe that setting up an unsecure credit card form was acceptable? Because I'm finding it hard to believe that there would such little respect for the playerbase. What was the reasoning for this unsecure site to be allowed to go live at all?
(20:49:59) gopher: ... hmmmm.... as far as I know, I didn't enter any bank account info into Paypal. let me go check
(20:50:26) tramsan: Paypal works fine with only a cc card.
(20:50:41) tramsan: I've used it like that myself once, a long time ago. =P
(20:50:41) Vel: There remains a problem with sending a check via the mail and having someone enter it "manually" into the system. That still gives you my bank account information in what is obviously not a secure setting.
(20:50:43) DANU_EI: I believe a credit card is minimum requirement for paypal not a bank account
(20:50:43) LO: Why are the vulnerable pages still up and why am I unable to access my account iformation when my subscriptions are paid until January?
(20:51:21) DANU_EI: your bank account information is not entered into a server.....your payment is poted as received
(20:51:37) Kumu_Honua: Either way. Paypal is not an option I am comfortable with. No moo.
(20:51:38) DANU_EI: posted
(20:52:00) gopher: "[19:46] <DANU_EI> I believe a credit card is minimum requirement for paypal not a bank account" I believe you are correct on this at least. Either a CC or a Bank account. You don't need both
(20:52:03) DANU_EI: So moo... send me an email as to how yo wish to pay.
(20:52:07) Ophelea: LO, That requires nightly synching with Pay-by-Touch
(20:52:47) gopher: Ah, so EI was unwilling to continue dishing out money to PbT?
(20:52:58) Anti_Eden: a moo-less Istaria isn't an Istaria at all......
(20:53:14) Kumu_Honua: Danu - It's simple. I wish to pay by credit card.
(20:53:45) Kumu_Honua: Securly. Without a 3 day wait period between "You can't log in" and "We have now received your payment".
(20:53:46) Ophelea: No, there were unfinished changes with Pay-by-Touch that are still on Blight and others taht were never delta'd in
(20:53:59) Tathar: Same as Kumu.
(20:54:14) Ophelea: Without the ability to prop the changes, they couldn't continue to use PbT
(20:55:09) Solanaceae: I want to pay with my visa card, like I did before, like how I do in every other game I play. Without having to have extra stuff that can fail, break, and double charge my card.
(20:55:20) Plink: What about those of us that paid by credit card BEFORE the announcement about today? How do I know my information is SAFE?
(20:55:40) Seranthor: exactly what Solanaceae said, goes the same for my 3 accts.
(20:55:46) DANU_EI: Information is purged from server into site
(20:55:54) DANU_EI: into on site fiel
(20:56:22) Plink: You're not convincing me DANU. You don't even sound like you know what you're talking about. Sorry.
(20:56:39) DANU_EI: What is your question
(20:56:54) Plink: What about those of us that paid by credit card BEFORE the announcement about today? How do I know my information is SAFE?
(20:56:57) tramsan: The truth is, Plink, you can't be.
(20:57:11) Blue:
(20:57:13) DANU_EI: Plink you can ask CTO any question you wish
(20:57:16) tramsan: If it was unencrypted anything could have happened to it.
(20:57:25) LO: Now that you have stated that you are aware of the vulnerability of the site pages, are you accepting responsability for any theft or misuse of the information transmitted and stored by those pages?
(20:57:45) Anti_Eden: Danu: the best thing you can do right now is this - pull the unsecure forms down right away. Then meet with your server guy. Find out exactly what your billing process is, write up a statement, and then either post it, or come back in here and let us know exactly how things are going to be handled.
(20:57:54) tramsan: It is, quite literally, sent as plain text over several routers, any of which could have intercepted it by chance. A very slim chance, granted, but still there.
(20:58:14) Steelclaw: or your cable network
(20:58:20) Plink: You need to post the breach in security. Your customers have the right to know that.
(20:58:20) tramsan: Yeah, that too..
(20:58:33) tramsan: Basically, anywhere on the path from your computer to Verio.
(20:58:35) Steelclaw: like.. when your neighbor is running a trojan
(20:58:36) tramsan: Er, *limelight
(20:58:37) LO: As long as those pages are up, you are placing your customer's information at risk
(20:58:49) Anti_Eden: at a very high risk.. willingly.
(20:58:50) Plink: You can't just say, we don't know what happened and expect to be believed.
(20:59:19) tramsan: Personally, if I had used that page I would cancel that card and request a new.
(20:59:27) LO: They do know, Plink. That's the issue
(20:59:38) Plink: Well mentioning in IRC isn't enough.
(20:59:49) Steelclaw: side note: storing the billing/financial info plaintext on the server side isnt good either
(21:00:01) tramsan: not the very least
(21:00:25) Steelclaw: especially if its dumped into a file that the web server can serve if someone knows the right path
(21:00:30) DANU_EI: The page is down and will be edited then brought back up and changes announced
(21:00:38) Steelclaw: thank you
(21:00:46) DANU_EI: Please consider paypal
(21:01:07) DANU_EI: we have accepted many forms of payment for Savage eden and kept mcustomers happy
(21:01:18) AA0: Savage Eden isn't horizons..
(21:01:20) Kumu_Honua: Irrelevant.
(21:01:23) AA0: don't treat it like it is
(21:01:25) AA0: never..
(21:01:31) Steelclaw: the page is still up :/
(21:01:35) Plink: It is.
(21:01:43) Plink: Lying is a good idea at this point.
(21:01:46) Anti_Eden: for those that might be interested......
http://www.privacyrights.org/ar/ChronDataBreaches.htm(21:01:47) Plink: er isn't.
(21:01:57) DANU_EI: he is pulling it down now
(21:02:16) DANU_EI: plink lying is not a good choiice of words
(21:02:45) Plink: I'll be calling my bank tomorrow to reverse some charges.
(21:02:50) DANU_EI: I believe you can listen and make your own calls
(21:03:10) DANU_EI: So people play asherons call , savage eden and Horizons
(21:03:10) Peaches: <DANU_EI> he is pulling it down now are his current words
(21:03:24) Steelclaw: i sent email to
info@eiinteractive.com detailing some of the problems with the implmentation
(21:03:29) DANU_EI: some people are slow typists like me
(21:03:37) DANU_EI: most people are reasonable
(21:03:48) Kumu_Honua: <DANU_EI> The page is down and will be edited then brought back up and changes announced
(21:03:55) Kumu_Honua: Sounds like he said it was down to me.
(21:04:10) DANU_EI: we try real hard to take care of people
(21:04:27) Steelclaw: please fix them. please buy a signed ssl cert, upgrade and secure your server software and billing database implmentation
(21:05:11) LO: Glad to hear that, Danu. There are a number of people with support issues posting in the forum help section that have not been responded to yet.
(21:06:26) Steelclaw: secure the data on the server side. encrypt it, guard the encryption keys. if you want some advice, reply to my emails
(21:07:32) LO: As long as you are here, I'd like a direct answer about what my five annual subscriptions are going to be buying for the rest of the year. Does EI intend to develop and implement new content and game systems, or will we be having live GM-run events only and no further actual development?
(21:08:21) LO: If you are going to be doing actual development, how long will it take you to have a team in place to begin learing the game system and code?
(21:08:23) DANU_EI: Is the site downnow/
(21:08:38) Kumu_Honua: Yes.
(21:09:03) Steelclaw: yeah
(21:09:04) DANU_EI: Ok I apologize for speaking 60 seconds too qucikly
(21:09:18) Steelclaw: heh it forwards to a 403/forbidden page
(21:09:25) LO: No account information is available, however
(21:09:31) DANU_EI: Will be abck up shortly
(21:09:36) AA0: heh, it loads and forwards
(21:09:49) Steelclaw: so uhm.. can the meta refresh tags be removed from the
https://horizons.istaria.com pages?
(21:09:58) Steelclaw: disable your meta refresh
(21:10:07) Steelclaw: er. disable allow meta refresh
(21:11:55) DANU_EI: We have a team being built and plan to add new content and in game live events
(21:12:38) Abus_Altar: That is great Danu I hope I can
(21:12:42) AA0: Which type of new content?
(21:12:46) Abus_Altar: play
(21:12:53) LO: And adding game features that require client, server, or simulation programming?
(21:12:57) DANU_EI: The team still needs an artist and an additional programmer
(21:13:15) DANU_EI: server and client team is in place
(21:13:45) LO: Will you or will you not be recruiting players and entrusting them with WM poers to run these events?
(21:13:54) AA0: Client team is a new employee? or old EI one?
(21:14:27) DANU_EI: Simulation programming is going to be a combination of old tulga and new EI for a period of time
(21:14:36) Plink: Contracted with Jason E on that.
(21:14:40) Lycaunoss: that's great news Danu
(21:15:02) Frid`s-laptop: Please tell me you got Eubank to stay @_@
(21:15:25) AA0: Jason would give the client hope..
(21:15:28) Abus_Altar: I for one will be happy to give you time to get your team up and running ..as long as I can figure out a way to pay
(21:15:50) DANU_EI: Abus can you mail me a money order?
(21:15:59) Plink: That annoucement needs to go public. I can't begin to stess that. Covering it up, will only lead to trouble.
(21:16:12) LO: I do hope your team is as good as you think they are. My primary concerns are the game being abandoned to stagnate or being run as a part time project.
(21:16:39) Plink: Can we trust you people to take a money order now?
(21:16:41) Solitaire: Plink, I think the forums will take care of it being very very public within an hour or two. ;P
(21:16:47) Abus_Altar: I was on monthly billing I just don't see doing that every month
(21:16:53) Peaches: *nods* to Solitaire
(21:17:10) DANU_EI: Plink which announcement?
(21:17:29) Plink: That you were storing Credit Card information in an unecrypted text file.
(21:17:53) Plink: I don't think you understand the full extent of what you did.
(21:19:23) GM_DarkEnigmaa: The text file was removed
(21:19:58) tramsan: Still has to be announced what happened.
(21:20:20) LO: Is it EI's intention to advise the player base of issues like this only in game? The only official statement I'm aware of other then this conversation was a comment made by Dyn in the Chaos MP.
(21:20:54) Plink: Either EI makes the anoucement, or someone else is going to announce it for them.
(21:21:05) DANU_EI: The details of how anyones information is being sotred can be directed through Darka nd admin suport will answer directly.omething that
(21:21:08) LO: Frankly, trying to communicate with the playerbase only in game is just asinine
(21:21:25) DANU_EI: We are not communicating throught hte game only
(21:21:33) Peaches: if you would all let him finish, then we can comprehend what is being said
(21:21:34) Plink: Game and here?
(21:22:07) DANU_EI: we use the news page and the forums as well as game manager
(21:22:09) LO: I just checked the forum and the community page. There has been no comment on this by EI personnel as of yet
(21:23:04) DANU_EI: We try to reach the players for their input in game as many do not go to the forums
(21:24:28) DANU_EI: Ok I am not signing off but would like a
(21:24:34) LO: Danu, that is understandable. Even commendable. However, EI seems to be ignoring the forums and any method of communication other then in-game
(21:24:51) Steelclaw: "Due to an error on our part, your billing and personal data may have been exposed to an unauthorized third party..."
(21:28:10) DANU_EI: Guys I am patient and understand stress, i have apologized for any inconvenience
(21:28:36) Abus_Altar: we know thxs
(21:36:53) DANU_EI: Anyone have any other questions
(21:37:49) LO: Not a question, but I'm looking forward to seeing a clear and convincing demonstration of EI's willingness and ability to implement new content and game systems
(21:37:50) LexDivinia: Do we have an update posted anywhere as to the current status? I was not here for prior questions
(21:38:03) LexDivinia: in reference to billing that is
(21:38:30) DANU_EI: Lex pm dark
(21:38:31) GM_DarkEnigmaa:
Zack@eiinteractive.com(21:38:42) DANU_EI: he will answer questions directly
(21:39:03) DANU_EI: we are accepting paypal fro secure credit card payment
(21:39:12) ***Steelclaw writes that one down (heh. no brainer)
(21:39:13) Peaches: thank you Danu
(21:39:26) DANU_EI: If you dont trust paypal we will take a check or a money order
(21:39:33) LexDivinia: I just want to know if I am going to be charged as soon as I update my info?
(21:39:52) DANU_EI: We are going to charge on anniversary sates
(21:39:58) DANU_EI: dates
(21:40:05) Peaches: anniversary dates?
(21:40:10) GM_DarkEnigmaa: for a paypal payment Plink?
(21:40:12) DANU_EI: renewal
(21:40:23) Peaches: okies
(21:40:40) Plink: To send you a check or money order and have it applied to account and not someone elses.
(21:41:01) Vesh: Vesh = Mad @ Horizons
(21:41:04) DANU_EI: Plink maybe you should find a nother game
(21:41:10) Rolynd: You can send 'em one to apply to my account
(21:41:12) LexDivinia: butif I enter info to PayPal, does it not automatically make a payment?
(21:41:28) Plink: I think that was the wrong thing to say DANU_EI...
(21:41:52) GM_DarkEnigmaa: Check and money orders are not stored on a text file Plink
(21:42:00) Plink: Should I quote you on that when I talk to my bank tomorrow?
(21:42:20) LO: Man, if you can't handle Plink, Seranthor is going to clean your clock...
(21:42:33) Khoal: the words can't be taken back. might as well use them, Plink
(21:43:25) Plink: But I'd say in addition to answers to my questions. I'd like to see an apology.
(21:45:12) DANU_EI: Plink I truly hope you will play Horizons and will some day be willing to send a money order to EI
(21:45:43) DANU_EI: I am going to chaos unless someone has another question
(21:45:53) LO: Anyway... Danu, Dark, as of yet there is still no mention of this in the forums. If you are wanting to get as much communication with the playerbase as you say, why are you not using the forums as well as IRC as well as in-game dialog? It seems contrary to your premise.
(21:46:10) DANU_EI: I repeat I need bronze bars in order
(21:46:38) DANU_EI: LO we are trying to get to all avenues
(21:46:58) LexDivinia: the first place many of us look before logging in each day is the forums.
(21:47:05) LO: I look forward to seeing an expanded forum presence then.
(21:47:10) GM_DarkEnigmaa: I'll pop in on order for a bit =D
(21:47:11) ***Steelclaw wouldnt mind paying his sub with in game resources
(21:47:28) Tathar: the first thing I look at is the stand-alone auncher
(21:47:50) Vesh: Ok, I have a question
(21:48:13) Vesh: I've heard there's a problem with the Creative X-Fi sound cards. Is that going to be looked at?
(21:48:28) GM_DarkEnigmaa: Vesh is that in the PM, i'm almost to you
(21:49:27) AA0: there are still sound bugs in game though, so something isn't right with the sound engine
(21:49:28) Vesh: I've just heard from different people that there's problems with X-Fi and Horizons.
(21:50:05) Khoal: old drivers do not interfere with HZ. new drivers totally bork it
(21:50:21) Vesh: Looks like I should find even older drivers then?
(21:50:44) Tathar: guess it's my old drivers then
(21:50:47) Frid`s-laptop: try the original CD?
(21:50:58) Vesh: Yup
(21:51:03) LO: My only issue with EI is that I do not wish to see the game left to stagnate. What I have seen is EI's statements so far concerns me greatly, as I don't see that you have the ability to add new content and game systems. I would very much like to see that impression disproved, gentlemen.
(21:51:46) Michael_Dyn: LO: I joined EI after being with Tulga Games. I would not have joined the team if they did not intend to add new content to the game.
(21:52:42) LO: I understand and appreciate that
(21:53:39) LO: I put a lot of effort and time into writing quests. I believe in this game. I do not want to see it die of neglect
(21:54:45) AA0: My quest is on indefinite hold..
(21:55:27) AA0: stopped at page 5 or so
(21:56:03) LO: As are a few of mine until a QC department comes in, some artists are hired, and my access to the quest editor is restored
(21:56:34) AA0: you can't access it?
(21:57:02) LO: My login was disabled
(21:57:04) Solitaire: I don't know if mine would have ever made it into the quest editor, but I found little desire to work on it lately.
(21:57:09) AA0: huh, mines fine
(21:57:48) Steelclaw: theres a few quests id like to do, and an emblem to introduce
(21:58:06) LO: My original istaria.com login still works, but I can't work on anything I authored on my main
(21:58:48) AA0: I've done psuedo code stuff, no input, heh.. simple anyways
Author
's me for posting all this rubbish! 
