Curse

Nereyda Shoaal · Oct 29, 2009, 09:48 AM // 09:48

If "pr0 hacker" decides to get into your account you can't do anything about it.
Keyloggers are the most popular, easy to use but list of how to get someones login is much longer
A while back a friend of mine was switching off my PC by exploiting loopholes in Windows. He also created a new folder and put a text file saying "I was here. [his name]"
I work for IT and despite the fact I know "few" things about computer security I know I'm not safe. I can take steps to protect my account but at the end of the day I can't stop everyone, can I?
There was this guy last year. Came up and said "I want my PC to be 100% secure". My answer was "Unplug the network cable"

Xenex Xclame · Oct 29, 2009, 10:08 AM // 10:08

I'd like to clarify a point.I don't think there's been a higher rate of "hacking" but instead a higher rate of reporting it (to us).

Also and im not saying this to anybody in particular or about everyone thats been "hacked", but its hard for gold buyers to get sympaty,meaning that if the person that got hacked got hacked because he bought gold, or because he wanted to cheat or whatever, he might try to hide that fact.

I mean its not like we can know theyr lieying.

PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.

zwei2stein · Oct 29, 2009, 10:17 AM // 10:17

Quote:

Originally Posted by Enon

Then again, each person that has been hacked coming on GWG specifically states they never shared their passwords with friends or relatives, don't visit certain scam sites, never downloaded nor used any third party tools and they all have some sort of IT experience.*

Are they all lying or is Anet screwing up from their side?

*Sarcasm intended. But it's still a serious question.

Chances are, if you know you screwed up your security, you will be silent because you already know who to blame.

What worries me personally is the fact that i did not manage to find anything more dangerous than cookie (And I tried hard, trust me

...), coupled with fact that I log in to three accounts regularly and only one got 'hacked' .. and the one which has username that i would consider hardest to figure out and impossible to dig from gw related websites as it was never used on them ... I was quick with password change, of course. I would like to know more about that keylogger support was talking about before directly blaming anets security. Source site? What software did it hide in? Any clue?

I know there is trojan in gw.dat browser - really sneaky one, it comes with source code, but compiled version has generic trojan embeeded. Yay for antivirus. But other than that i have not seen anything other than "please, type here your account and password to get free ecto stack/gw2 beta/tool to hack ruch people"

Linksys · Oct 29, 2009, 10:46 AM // 10:46

Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?

Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.

If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.

Sierraa · Oct 29, 2009, 10:48 AM // 10:48

Quote:

Originally Posted by Xenex Xclame

PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.

Wrong. There's a difference between not knowing anything about security and making mistakes, and working in the industry. The average computer user uses the same email and password for everything. It's generally a very simple password too. Someone who works in the industry, or at least has some idea of how to be secure (or knows the risks) will take the extra steps to use a different email, have a more complex password, and pay attention to what they're downloading.

People who know the risks are LESS likely to be hacked or do something that can jeopardize their account.

Quote:

Originally Posted by Linksys

Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?

Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.

If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.

Using ventrilo or a forum isn't going to get you hacked, if you're going to be paranoid about your IP address please unplug your internet. Your IP address can be seen almost anywhere, even on MSN. :| I highly doubt your guild or alliancemates are making you sign up for a forum for the intent of stealing your account. If they did I'm sure there'd be an uproar on guru.

Fay Vert · Oct 29, 2009, 11:22 AM // 11:22

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.

oxylus · Oct 29, 2009, 11:39 AM // 11:39

Quote:

Originally Posted by obsidian ectoplasm

I think thats bullshit, I have seen so many people saying they have been hacked although they are actually in the computer business, and they are well aware of changing passwords every week/ not giving out info ect

Let me just say that if these people who are in the computer business change their password every week they probably should get out of the computer business.

Changing your password every week does not make you secure. When was the last time you changed the PIN on your bank card?

gremlin · Oct 29, 2009, 11:40 AM // 11:40

If you blame anyone blame Microsoft

Microsoft messenger that I turned off after mysterious grey boxes advertising none ms services appeared on my screen.
Active x that can also run stuff I may not want.
Javascript ditto
macromedia Flash created to make websites more interesting but it overrides any settings you made to limit what a website can show.

all those and services that allow remote control of a computer over the net are the root cause.

If you don't know what to turn off and you run online on an administrator account you could well be heading for trouble.

They came up with some great ideas to make the internet run smooth and look great but forgot that their creations made great tools to break into systems.

Windows 7 the solution who knows if so its about time.

rant over

Riot Narita · Oct 29, 2009, 11:42 AM // 11:42

Quote:

Originally Posted by Fay Vert

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.

I've said it before, I'll say it again - I'd PAY for that.
Items, gold etc I don't care, as long as my main char is safe.

I take great care over my PC and GW security, but I know that sh*t can happen regardless. So it would be nice to have an absolute safeguard against character deletion.

zwei2stein · Oct 29, 2009, 11:49 AM // 11:49

Quote:

Originally Posted by Fay Vert

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.

This is, however, poor bandaid for poor security and would likely cause support nightmare.

I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.

There are many other solutions: you could have sms-auth that is commonly used when ebanking (when you log in to your account, you will need to insert pin number. You will receive that pin number by SMS, SMS that only person physically owning cellphone can see). I can personally guarantee you that it is fairly easy to implement.

One could even produce USB key - similar principle, but you just plug it in instead of having to type your pin.

gremlin · Oct 29, 2009, 11:53 AM // 11:53

Someone clear something up for me.

Does a keylogger read direct key input ?.

I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.

zwei2stein · Oct 29, 2009, 12:07 PM // 12:07

Quote:

Originally Posted by gremlin

Someone clear something up for me.

Does a keylogger read direct key input ?.

I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.

Keylogger can monitor whole system and do everything that any other malware can do. That is, pretty much anything.

Keylogers usually just monitor keyboard because that is all they need to do, but they can monitor mouse clicks or network communication or take screenshot if author requires that functionality.

So click-typing password is not a solution.

Riot Narita · Oct 29, 2009, 12:10 PM // 12:10

Quote:

Originally Posted by zwei2stein

I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.

I'd be interested in that too. It's been available for WoW for quite some time now, hasn't it? Have there been any reports published on its success/failure? Did it reduce numbers of lost accounts for people using them? Are people still losing accounts in spite of using them? etc?

Zahr Dalsk · Oct 29, 2009, 12:28 PM // 12:28

Want to avoid getting hacked?

- Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.

If you avoid these two things, you will never be hacked. End of story.

Notorious Bob · Oct 29, 2009, 12:43 PM // 12:43

Quote:

Originally Posted by Fay Vert

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.

I always thought that it was incredibly daft of Anet to require an 'authorisation' to delete a character but then make that authorisation the character's name - doh! :O

Surely after 4+ years Anet couldve come up with something a little more secure - if they really wanted to.

Aussie Boy · Oct 29, 2009, 12:44 PM // 12:44

Yes it's our fault most of the time because we didn't protect ourselves enough or were stupid in sharing things.
I realize that but Anet could add more space to the passwords like oh i dunno 20 25 text numbers just to make guessing it more difficult. ?
Also before the password is changed a confirmation to the email address
that you have to click to complete the change.
Maybe?

Riot Narita · Oct 29, 2009, 12:47 PM // 12:47

Quote:

Originally Posted by Zahr Dalsk

Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.

If you avoid these two things, you will never be hacked. End of story.

Pretty naive. Of course I do these things, and a whole lot more - but I do not assume that makes it impossible for my account to ever be compromised.

Everybody runs "third party software" - not for GW of course, but for other stuff that makes a computer, you know, USEFUL. Everybody visits websites, many accessed from Google with no easy or reliable way of knowing whether it's safe or not.

I doubt your average joe has any way to assess the safety of a given website or piece of software, and maybe doesn't know where to get a free email address that they can use exclusively for GW. They're likely to use an email address that they actually use and check regularly, and what use would their email address be, if they didn't give it to anyone? They'd never receive any email. And really, why should they be expected to do any different?

slowerpoke · Oct 29, 2009, 01:08 PM // 13:08

I still think there are/have been undisclosed security flaws. After all it was possible to directly hack the client (travel anywhere, open storage) and crash the server, who knows what else.

It may be a new tactic of gold sellers to simply hijack other players accounts than waste time botting, which is has poor returns since RMT was introduced.

REDdelver · Oct 29, 2009, 01:59 PM // 13:59

Why not just make your account based of an email that you open.....then delete after its been verified? That way you can never use that email ever again for other websites.

.....on top of all the other do's and dont's passed down on DONT GET HACKED thoughts.

Mangione · Oct 29, 2009, 02:14 PM // 14:14

Quote:

Originally Posted by Fay Vert

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.

There you go:
http://www.guildwarsguru.com/forum/s...php?t=10248665

I know Lineage 2 has a 3 day "delay" before allowing you to delete completely a character.
There's the WoW Pin mentioned by zwei2stein that would be awesome.

I'd like anything to be more secure, really.