Posted - 2011.01.12 11:11:00 - [5]

 

Originally by: Pashino marontekk

---

I'm pretty sure I got hacked through my steam account, so definitely heads up to anyone out there who uses the same passwords for multiple mmo's. Don't do it. I learned my lesson.

---

That's one of the most common and simple advice given time and again.

So sad that people are usually unwilling to learn until it's too late.

Posted - 2011.01.12 12:21:00 - [7]

 

noscript

use randomized passwords AND login names! That way if you ever do end up somehow getting your password compromised through say a key logger or using it on multiple locations at least they wont know your username.

and you know those security questions? like whats the name of your dog, or the city you grew up in? The proper answer is... another randomized password =P

also keep your windows update on.

How do you keep track of all these randomized passwords and usernames, AND keep them different so if one gets compromised you are okay with everything else?

I have a tip for you! While there are softwares and services that do a good job at this, i dont trust them.

Make 63 character long string of letters and numbers, upper and lowercase. Randomize it if you can. There are websites that will generate strings of randomized alphanumeric characters for you, here is one:

YJgHh3MwJNrpxV5bqOCvJUxHIFLQ9zz2LNlNL8DXNUvab2QhcMAlmxFhFYHqdln

Now, you want to match the above up with upper and lowercase letters of the alphabet, numbers 0-9, and space. Like so

YJgHh3MwJNrpxV5bqOCvJUxHIFLQ9zz2LNlNL8DXNUvab2QhcMAlmxFhFYHqdln
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890

Now get another one and repeat

3vsw4cDEMwpiustgRiIrgrzE6R5g4W1wiiUcdDU1YgBLbBgNet64B8Ffm4cwFI7
ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz1234567890

These two strings can be printed out and saved soemwhere. Laminate them, stick them in your wallet. Email them to yourself, whatever. NEVER LOSE THEM!.

Now all you do, is your randomize username and password for a site/service/game/whatever is simply that games name in the first string, and the second string.

So EVE Online becomes

Username:hUhL5NUcN2
Password:4R45tYUcYw

Since your username is saved by the program a keylogger will not be able to get it even if they have your pasword!

And as long as you keep those strings of randomized characters handy, you will be able to figure out what your login name and password for some site you signed up for 5 years ago and have totaly forgotten about is!


Now, this would not be a good solution if you actually had people trying to target you specifically and 'after you'. But nobody is 'after you'. Its just people exploiting advantageous lapses in your security. So simply making sure you have different passwords and usernames that are not dictonary words or a word with a number on the end or something easy to guess is good enough.

It may seem clumsy at first. But sites you use a lot you will remember the password after a while simply through repetition.

Posted - 2011.01.12 13:11:00 - [11]

 

You really should only need noscript and some sort of antivirus. Microsoft security essentials is the best free one, which is really good enough.

Those old anti-spyware things like spybot, adaware, etc, are not as important as they used to be. You can still run them but all they are going to do is clear out tracking cookies.

Noscript is a big one. Its actually fixed zero day exploits before microsoft got around to patching them in some cases. Everyone should be using noscript. There is a chrome equivalent, im not sure if it works as well or not.

Make sure your ports are stealthed, not just closed. Most modern routers automatically do that though.

Posted - 2011.01.12 14:11:00 - [13]

 

Originally by: CCP Spitfire

---

To everyone else: account hacking is a very real threat, and, contrary to what some might think, it does not only affect those who indulge in illegal activities.

---

Just wanted to pipe in and say that RMT isn't illegal. It's just against the terms of use for Eve and can get your account shutdown. Eve supports and encourages RMT in the form of Plex.

But the sentiment is correct. Browsing innocent sites could bring up malicious ads. Myspace and Facebook have been the distribution vehicles for malicious ads in the past, so it's likely to happen again with whatever the FOTM social networking site is.

As far as securing yourself, even NoScript (amazing addon), AdBlock Plus, FlashBlock, and the others, combined with Antivirus, Microsoft or otherwise, isn't always enough if your computer is left wide open without making sure you diligently apply security patches ... when Microsoft deems the public worthy enough to patch the gaping holes in the operating system. Even just sitting there, on a network or with wireless enabled, you are vulnerable.

And please, never use Internet Explorer, and never surf for porn on the same computer you play games on. Malicious software likes porn too, and it wants to share the love. (Evading the filter because this is something people need to see, not guess at).

Also know that Eve uses Microsoft's HTML engine/IE components for its in-game browser, so it is vulnerable to whatever maladies those components are vulnerable to. It may be best to use the in-game browser for only *.eveonline.com sites (and maybe not even that) unless CCP explores alternate, more historically secure avenues for their in-game browser.