1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

How About a Little More Security With Our Security?

Discussion in 'UHall' started by Connor_Graham, Jul 26, 2008.

  1. During one of my bi-weekly virus scans yesterday I found a virus had embedded itself in my EA Games file (I'm still going through my history to figure out from where as I haven't been to any sites I haven't been to before). Once I removed the offender, the first thing I did was go to my EA account and change the password. Later on, I realized that I hadn't updated my credit card info to account for the new expiration date on the card I have on record. Once this was done, I'd gone over to my email account and responded to an email I'd received eariler, and found 2 emails from EA that basically said "xxx has been changed". This struck me as strange that a company as large as EA wouldn't have some type of "confirmation required" email. If someone got hold of an account's password, they could change the email to whatever email they wanted to, then the notification would get sent to the new email and not the old. Whomever the account belonged to would never receive any kind of notification, and wouldn't know their account had been hacked until they actually tried to log in. If the security had the check in place that any changes to the email address had to be verified by clicking on a link on the OLD email address, with no changes to the account being accepted until this was done, it would go a long way toward the basic security that most people expect from secure sites.

    So how about it EA/Mythic? Can we get a little security with our security?
     
  2. Kith Kanan

    Kith Kanan Guest

    prob is if you suddenly cant acsess that mail account anymore , I used a free mail client for signing to free shid and stuff , and the site got shut down and sold with no warning what ever l, if that been my uo email what should I've done ???
     
  3. I would have suggested at the beginning not to use a free site like that for any type of account that you pay for. My suggestion would be that any account, such as credit cards, banking, UO account, etc, use the email that is provided with your internet service provider, and ONLY use that email for accounts of this nature. Most internet providers allow you to create a sub account connected to the primary, that allows you to use a different password for access to it, and gives you an alternative email to use for your "free shid and stuff" without compromising your primary account. This also keeps the spam email almost completely out of the primary account, which is a nice bonus.
     
  4. DevilsOwn

    DevilsOwn Stratics Legend
    Stratics Veteran Alumni Stratics Legend

    Joined:
    Oct 27, 2003
    Messages:
    8,922
    Likes Received:
    378
    oooookay, this is scarey..... please be sure to let us know what you find
     
  5. Erekose

    Erekose Seasoned Veteran
    Stratics Veteran

    Joined:
    May 23, 2008
    Messages:
    429
    Likes Received:
    0
    Unfortunately a common vector these days is banner ads, so even if you visit sites you usually trust you can get infected with a trojan or virus if you aren't paranoid and careful.

    Use Firefox and adblock/flashblock
     
  6. Jahira-Tor

    Jahira-Tor Lore Master
    Stratics Veteran Stratics Legend

    Joined:
    Jun 3, 2005
    Messages:
    1,197
    Likes Received:
    2
    What i find even more frustrating then this is that we cannot change out account names. Everyone knows that occasionally an account gets hacked, and like me is upset to get it back completly stripped, and if your lucky not have your chars deleted. Anyway, somone out there knows your account name, you can change your password/emails/payment info, everything but the realy important one. Why cant we change account names?
     
  7. Revenant2

    Revenant2 Guest

    They wouldn't force a confirmation email for a password change because someone could have compromised your email account (whereas you personally are supposed to have your account password stored in your brain).

    The real ownership is intended to be with you, not the email account. In fact, I hear that if all your stuff gets hacked out the a$$, you can call them and as the owner/controller of the credit card that they've been using for the billing in the recent past, they will get you control of your account back.

    They aren't set up to arrange return of your deleted characters or stolen items and that's a travesty of customer service, though. They absolutely should make a means to retrieve deleted characters (and they CAN do this without much trouble, they can make servers store supposedly deleted characters silently and invisibly for a time). Returning stolen items in production UO is admittedly hard, but the action plan of "we do nothing to help with lost items" is not a good answer.
     
  8. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    We need to be able to change account names, and we also need to be able to include symbols in our passwords, and for the security challenged, you should simply not be able to create an account with a password less than eight characters long.

    And yes, absolutely you should be running Firefox with NoScript and AdBlock Plus, and only using that browser to browse. It isn't just a good idea, it is something you absolutely should be doing.

    You want to hear something really scary? I just heard a news report on a security vulnerability in the current general internet infrastructure which would allow an attacker to reroute traffic from or to a particular source, without you even knowing it has happened.

    This means you can think you are connecting to your online banking site when in fact you are connecting to some organized crime site where the purpose is to steal your personal and financial information, all without you clicking on any bad link, or doing anything stupid, whatsoever.

    Your only defence in this kind of scenario is something like NoScript and paying attention to the url that you are connecting to. If you were running NoScript you would connect to that site and NoScript would block the scripts. So if you connected to a bad site when you thought you were connecting to a good site you had connected to before, NoScript would warn you, but if you weren't running something like NoScript you would have no defence whatsoever.

    Hopefully this particular vulnerability will be addressed, and soon.
     
  9. DevilsOwn

    DevilsOwn Stratics Legend
    Stratics Veteran Alumni Stratics Legend

    Joined:
    Oct 27, 2003
    Messages:
    8,922
    Likes Received:
    378
    just to be certain, this is the one you're talking about?

    linky to NoScript

    already running Firefox :)

     
  10. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Yes, you can download and install the addon easily here.
     
  11. DevilsOwn

    DevilsOwn Stratics Legend
    Stratics Veteran Alumni Stratics Legend

    Joined:
    Oct 27, 2003
    Messages:
    8,922
    Likes Received:
    378
    did and done!

    thanks to Llewen and Erekose for the help! :)
     
  12. Prince Erik

    Prince Erik Journeyman
    Stratics Veteran

    Joined:
    May 18, 2008
    Messages:
    173
    Likes Received:
    92
    Llewen,

    I demonstrate ARP Cache poisoning on occation to people who believe they're secure. Most of them don't want to turn thier computer on after that.

    -P.E.
     
  13. Nine Dark Moons

    Nine Dark Moons Certifiable
    Stratics Veteran Stratics Legend

    Joined:
    Dec 7, 2006
    Messages:
    1,687
    Likes Received:
    43
    i definitely think we should be able to change the account names. i bought an account a few months back and the account name is rediculously short. that's the account that was hacked 2 weeks ago. when i called ea after the hack, i told them i wanted to change the account name and the indian man i talked to said that wasn't their policy, even when you buy that account from someone else, and go through ea's official transfer process. i think during that process you should be allowed to change the account name. my other account has a very long name with numbers and characters.

    i also think you should have to answer security questions before being able to change an account password. while that might not stop a hacker from stripping our accounts, at least it would allow us to still login after they're done. i think it's pitiful they don't even have THAT enacted.
     
  14. Dermott of LS

    Dermott of LS UOEC Modder
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    5,320
    Likes Received:
    528
    ...

    Yep, Firefox with security and blocker extentsions is ABSOLUTELY the way to go. Even though it kills the ads here and certain admin don't like that (which generally causes a nice uproar of a thread when a bad advertisement "slips" through to the site), the security of my system to me is a bit more important than a fan site (even if I've been posting here for 10+ years).
     
  15. Doomsday Dragon

    Doomsday Dragon Visitor

    Joined:
    Jun 11, 2008
    Messages:
    477
    Likes Received:
    0
    I agree firefox with adblock+ works pretty good that is what I have been using for a while now.
     
  16. THP

    THP Stratics Legend
    Stratics Veteran Stratics Legend

    Joined:
    Oct 13, 2003
    Messages:
    9,941
    Likes Received:
    1,711
    Firefox sucks
     
  17. Erekose

    Erekose Seasoned Veteran
    Stratics Veteran

    Joined:
    May 23, 2008
    Messages:
    429
    Likes Received:
    0
    Thank you for the cogent and helpful contribution to the discussion on security. Are you sure you were not commenting about yourself? It's ok; self esteem problems are common and can be addressed with proper therapy.
     
  18. THP

    THP Stratics Legend
    Stratics Veteran Stratics Legend

    Joined:
    Oct 13, 2003
    Messages:
    9,941
    Likes Received:
    1,711

    Alas i started a link of my own ages ago about account security ....and firefox was not a issue at all..... just stop this crap that firefox is the god when it is not..
     
  19. Erekose

    Erekose Seasoned Veteran
    Stratics Veteran

    Joined:
    May 23, 2008
    Messages:
    429
    Likes Received:
    0
    Nobody said it was. Show me the IE plugins that let you avoid ads and flash. What? None? Take a chill pill :)

    EDIT: Btw, if you know so much about computers maybe you could have actually contributed to the discussion instead of thread crapping and trolling.
     
  20. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    And IE never will, because Microsoft is all about big business, and advertising is big business. For this same reason they will never have anything like NoScript either, as advertisers often rely on scripts of one sort or another. NoScript all by itself makes Firefox an infinitely more secure option for surfing the web.

    Beyond that, these addons are possible because people with the skills and resources in the GNU community go to the trouble to create them, and none of them are ever going to create anything like that for a Microsoft product if they don't have to, for all kinds of reasons...
     
  21. Surgeries

    Surgeries Grand Poobah
    Stratics Veteran Stratics Legend

    Joined:
    Mar 18, 2004
    Messages:
    6,107
    Likes Received:
    92
    I just switched over to Firefox...wow...pretty darn excellent!

    I am not technically inclined at all, and it was a breeze to install, get the add ons working...everything.

    Not only that, I no longer have to look at the ads on Stratics!!!

    Thanks folks, for the info. I like it!
     
  22. Halister Marner

    Halister Marner Lore Master
    Stratics Veteran

    Joined:
    Oct 2, 2006
    Messages:
    1,213
    Likes Received:
    11
    Firefox + Adblock Plus + Noscript = extremely secure.
     
  23. THP

    THP Stratics Legend
    Stratics Veteran Stratics Legend

    Joined:
    Oct 13, 2003
    Messages:
    9,941
    Likes Received:
    1,711
    So does NASA use firefox?????????? .. oh they got hacked by a computer genious....on his laptop.......... whatever!!!!
     
  24. Halister Marner

    Halister Marner Lore Master
    Stratics Veteran

    Joined:
    Oct 2, 2006
    Messages:
    1,213
    Likes Received:
    11
    Those had nothing to do with what browser they used, they were server vulnerabilities, I believe Cisco, Solaris and an SQL vulnerability were the sources of the various NASA hacks. Weak passwords being a contributing factor.
     
  25. Eslake

    Eslake Guest

    Firefox, even with all of the nifty little addon security subs, is only secure until the scum out there decide to target it.

    It is the same reason Mac users love to brag about how they never get a virus. Well duh! When less than 10% of computers are Mac, why would a virus creator bother? They want to do damage so they go for the popular OS and hardware.

    The more popular Firefox becomes, the less secure it gets. As you probably already know, it has had its serious security flubs already. The more it brags about its security, the more the hackers want to prove how vulnerable it is. And as an internet interface, it is always going to be vulnerable.

    Point of fact, it doesn't matter what you use to browse the net, or even if you Do. Just having an active connection allows "brush" tests of your security without you ever opening a browser.
     
  26. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Partly true, but three points. The first point is, I'll take security in whatever form it presents itself. "Security by obscurity" is just as valid as any other form of security, and sometimes it is the best form of security. One of the major reasons Linux is so secure is no one is writing crap for it.

    Point two: Microsoft is not very well liked by many of those who are capable of creating hacks and exploiting vulnerabilities. This is in part Microsoft's own fault. Microsoft gained it's position of dominance by playing the corporate bully, and it is paying for that through losses in the resulting lawsuits, but also in the form of a very strong anti-Microsoft sentiment among many in the coding and hacking community.

    Point three: Firefox is developed under a different model than Microsoft's products, one that has a much better record when it comes to finding and fixing security vulnerabilities, it is called the "open source" model. "Open source" at it's most basic means that the source code for the project is available for anyone to look at, and anyone can write and submit code which improves the product, and fixes problems like security vulnerabilities.

    This means that you have, potentially, millions of coders acting as quality control for your product, and submitting fixes for any problems they may find. The more successful the product is, the broader the development base for the product becomes, and the faster security vulnerabilities are detected and fixed.

    So yes, the more popular Firefox becomes, the more the bad guys will target it, but on the flip side of that coin is a broader and deeper pool of potential contributers to the product, with the ability to find and fix any of the security vulnerabilities that the bad guys may wish to exploit. The "open source" model of software development isn't perfect, but it does work, and has a much better record for finding and fixing problems quickly, such as security vulnerabilities, than the proprietary model used by Microsoft.