1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Anti Hack/Theif methoding.

Discussion in 'UHall' started by Darkwolf469, Apr 8, 2009.

  1. Darkwolf469

    Darkwolf469 Guest

    Alright after being Subject to my accounts hacked and stolen twice in one year after using Really unique passwords I'm suggesting UO and EA Does what Blizzard did with their World or Warcraft. The ability to purchase a small key ring or Something that has no actual tie with the internet so thieves can not track it down.

    Like what im saying is go to the EA Main page purchase for like 5 dollars a small key ring or something of the sort that has a 12 digit key. And this key is used Every time you wish to get into your account along WITH your password and account name. if they key is entered wrong three times in a row the user is notified and has time to change his/her Password so that their account is not "Stolen"

    I do not know if i need to start a petition or what but after having two accounts stolen i think this would be a grand idea.
     
  2. DevilsOwn

    DevilsOwn Stratics Legend
    Governor Stratics Veteran Alumni Stratics Legend

    Joined:
    Oct 27, 2003
    Messages:
    8,921
    Likes Received:
    377
    and just this morning it took over an hour to find the keys to the garage

    for me, this is a really bad idea :D:eek:
     
  3. Harlequin

    Harlequin Babbling Loonie
    Stratics Veteran

    Joined:
    Jun 11, 2008
    Messages:
    2,716
    Likes Received:
    32
    You mean a security token that generates random numbers that owners also use to chose numbers for their lottery tickets? :D

    A good idea actually. But requires a substantial cost to setup the infrastructure and people tend to lose their tokens.
     
  4. Cear Dallben Dragon

    Cear Dallben Dragon Babbling Loonie
    Stratics Veteran Stratics Legend

    Joined:
    Feb 17, 2005
    Messages:
    2,005
    Likes Received:
    17
    Id rather just get a text message confirming I wanted my account password changed. or maybe the option if someone logs in to my account from another IP
     
  5. Darkwolf469

    Darkwolf469 Guest

    Well stick it on your keychain >.< i mean its what i would do. but the text message is a good idea as well...
     
  6. Kurgan

    Kurgan Guest

    Just curious Darkwolf469:
    Are you running any messenger type programs?
    Or any programs for doing VIOP?
    Do you use the same Email for all your accounts?
     
  7. omggrok

    omggrok Adventurer
    Stratics Veteran

    Joined:
    Jan 21, 2009
    Messages:
    80
    Likes Received:
    0
    I'd say just be more careful. Try not to download programs you aren't 100% sure of their legitimacy, don't discuss private matters such as that over messaging programs, and don't visit sites/use services that seem to good to be true. I've only had one account, and have rarely changed the password; this account has been in my (and only mine) possession nearing 10 years now.

    EA does the best they can to warn players of well-known scams, but there's certainly a heavy responsibility placed upon your shoulders as well! Asking to implement such an elaborate and physically costing system is a bit much when there are many measures you can undertake yourself to safeguard your investments.

    That said, however, sorry to hear of your loss, and hope something can be done for you either now or in the future (if you're on LS, let me know if you'd like help getting re-started).
     
  8. Aran

    Aran INFRACTION INFRACTION INFRACTION!
    Stratics Veteran Stratics Legend -A-

    Joined:
    Apr 1, 2000
    Messages:
    14,717
    Likes Received:
    1,021
    Willing to bet you use that same password on a shady website.
     
  9. Bomb Bloke

    Bomb Bloke Lore Keeper
    Stratics Veteran

    Joined:
    Apr 26, 2008
    Messages:
    850
    Likes Received:
    0
    Wait wait wait. So you're typing this key into your computer yourself, right? So it's going over the internet, same as your username and password? And it's just as vulnerable to keyloggers?

    Incedently, in WoW, how easy is it to get hold of people's account names? In UO, account names are even more security sensitive then passwords - People need to know the account name before they can start trying to guess your password, and you can't change it once they've worked it out.
     
  10. Lyconis

    Lyconis Sage
    Stratics Veteran

    Joined:
    May 20, 2008
    Messages:
    508
    Likes Received:
    68
    1. Your Computer and password.
    Keep your system clean.
    Tools to help (they are all free, or free for personal use)
    Hijack This - finds oddities in your system easy to pass text version of its logs to friends or forums.
    CCleaner - Nice registry cleaner
    AVG - Free AntiVirus
    GMER - Root Kit Revealer
    Spybot Search and Destroy - Spyware Cleaner
    Ad-Aware - Spyware Cleaner
    Host File Replacement - http://www.mvps.org/winhelp2002/hosts.htm redirects DNS names of known bad systems to localhost so you will never be able to access these sites.
    and if you really want to get into it
    try
    NMAP - port scanner, listening ports are bad thats a method a malicious individual can get in your system. Alot of the large worms that attack windows use listening ports to gain access your system via a zero day exploit.
    Also port scanning your system from an outside source is good try
    shields up
    https://www.grc.com/x/ne.dll?bh0bkyd2
    Wireshark - a free network protocol sniffer. This will use the winpcap library to communicate to windows networking. This tool will let you know what data is being sent to and from your system. You should see alot of windows garbage packets being sent around ports 137,138, 139, 445 etc.

    Random Generated Passwords
    http://www.pctools.com/guides/password/
    20 character minimum with letters (a-z), numbers(0-9) and symbols(!@$#^&*{]".)

    Know what your system should be running.
    Windows XP task manager process should have the following on a base system load
    alg.exe
    csrss.exe
    ctfmon.exe
    explorer.exe
    lsass.exe
    services.exe
    smss.exe
    spoolsv.exe
    svchost.exe (about 3 - 5 depending on your network settings)
    winlogon.exe

    I dump alot of the normal system processes things not needed. If you run your system for gaming only you can disable all your system ports instead of needing a firewall. ******If you do not know how to reinstall your operating system ignore this following link******http://hilands.com/security-windows_security.html incase your interested in turning all your ports off on XP.

    2. Firewalls and NAT'ing (name address translation)
    A basic hardware firewall/router like a DLink, LinkSys or other popular brand unit uses what will run a NAT. This will convert your ISP's IP address into virtually unlimited LAN IP addresses. When your firewall/router is working properly you should be on a private LAN IP address of
    10.0.0.0 - 10.255.255.255 or
    172.16.0.0 - 172.31.255.255 or
    192.168.0.0 - 192.168.255.255

    Software Firewalls are great. Windows firewall is common and if someone wants in your system they will be able to turn it off easily. Try something like WIPFW (Windows Internet Protocol Firewall). Its the port of the BSD IP Firewall to the windows system!

    3. Securing your email and password.
    Don't use your password or email on anything other than UO!. There are also tools that store and encrypt your password and send it to the correct text field for login purposes. They can help you avoid keystroke loggers.

    4. Email
    Web based email is fairly easy to access for the user and for a thief. Don't use email like hotmail, gmail, yahoo etc if you can help it. If you can set up a forward to your cell phone.
    I googled "cell phone email addresses" and found this. Try sending your self an email to your cell phone first. You can set this up two ways. 1. use the direct email address for your cell phone provider and add it to your account (but then they will have your cell phone information) 2. Make an email address for the soul purpose of redirecting. Preferable an email account you can't access through a common web email provider like the ones listed above.

    Alltel
    [10-digit phone number]@message.alltel.com
    AT&T (formerly Cingular)
    [10-digit phone number]@txt.att.net
    Boost Mobile
    [10-digit phone number]@myboostmobile.com
    Nextel (now part of Sprint Nextel)
    [10-digit telephone number]@messaging.nextel.com
    Sprint PCS (now Sprint Nextel)
    [10-digit phone number]@messaging.sprintpcs.com
    T-Mobile
    [10-digit phone number]@tmomail.net
    Verizon
    [10-digit phone number]@vtext.com
    Virgin Mobile USA
    [10-digit phone number]@vmobl.com

    5. What are you installing on your computer
    Don't install cheats or go to cheating websites. Don't use filesharing utilities, things like Limewire or whatever else is hip and cool. Be warry of social networking sites, like myspace facebook facespace and whatever is hip.
    Use the host file replacement as noted in section one, and turn off your active X features in Internet explorer if you use it. 90% of the viruses/adware/spyware and other crap I see getting installed on user systems is from basic web browsing. Web browsers by default are not safe you might not even know if you install something on your system.

    You have to know your enemy. They are smarter than you and know more about your system then you do. They sit there reading about security issues, updates, and learn how to exploit these systems. They read more computer magazines, subscribe to more email lists, read more forums and take the time to learn more about YOUR SYSTEM then you will. A token with a time based password still gives your enemy roughly a 5 minute window to keylog your code and log in to kick you out.

    If you read this post, you are either smarter than you were one minute ago or confused and scared. Either way it was worth your time.
     
  11. JC the Builder

    JC the Builder Crazed Zealot
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    3,154
    Likes Received:
    708
    The code changes every time. Only Blizzard and your token knows the code so even if someone manages to get it, it is useless after you use it. The code changes every 30 seconds or so. So even if they know your account name and password, they can't get in.

    It isn't any easier than it is in UO.
     
  12. Blesh

    Blesh Sage
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    743
    Likes Received:
    6
    blizzard also has an account recovery that you do not pay for should you get hacked. I had a guild mate last week get hacked, within a day or so, all his items, gold, and gear were returned to him via in game mail. i would think having the ability to help those who get hacked is better than dumping the customers money and the companys money into a system that may or may not prevent a hack.