Curse

The Way Out · Mar 14, 2008, 06:08 PM // 18:08

Quote:

Originally Posted by Musei Karasu

I don't. Would you like to compare credentials?

Seeing as how I can think of how to do it right now without really working hard on the thought I'm very positive it can be done, although not as easily as The Way Out is suggesting. It would take a bit of work. It's very scary what someone can do to you with just a tiny little bit of information.

I didn't claim it was easy, although it is with the knowledge of "how to". My point is that not everyone is to blame for getting hacked. By the way, many people in guild wars have been hacked.

They are one of the most commonly deleted thread on this forum.

"I've been hacked!"

Followed by ten people flaming them and blaming them for it happening. Then a mod closing it.

Lastly, guessing common password was a really old school way of doing things. There are much easier ways of doing things. Anyone with php, javascript, html, and basic network communication skills can do a lot of things they are not supposed to.

Numa Pompilius · Mar 14, 2008, 06:54 PM // 18:54

It's hard to separate reality from myth on how common it is to get GW accounts hacked. It happens, no doubt about that, but on the other hand "I've been hacked!" is the second most common excuse (after "my brother did it when I forgot to log out!") when someone does something stupid, gets banned, and tries to come up with a reason why he should be unbanned.

The Way Out makes a good point with the "forgotten password emails" (who doesn't have some emails like that in their archived inbox?) but AFAIK that doesn't really apply to GW, as NCSoft don't mail out new or forgotten passwords, it's more a forum/website security problem.

Also I think one must separate between hacking anything and hacking something that matter - sure, I have emails with passwords for filesplanet and random webfora in my MSN inbox, but I really couldn't care less if someone found them, because there's no passwords for stuff that matter, like banking or commerce. Or guild wars.

Undivine · Mar 14, 2008, 06:57 PM // 18:57

Although nowhere near as experienced as No Way Out, I have a bit of knowledge in networking and to some extend, network security. It wouldn't surprise me if MSN gives you that kind of opening.

However, let's get things clear; we will not have information on how to hack anything in this forum. So watch what you say!

The Way Out · Mar 14, 2008, 07:06 PM // 19:06

Quote:

Originally Posted by Undivine

Although nowhere near as experienced as No Way Out, I have a bit of knowledge in networking and to some extend, network security. It wouldn't surprise me if MSN gives you that kind of opening.

However, let's get things clear; we will not have information on how to hack anything in this forum. So watch what you say!

Again, I am not teaching anyone here to do something they shouldn't. I am not condoning hacking (either ethically or maliciously). I am reaffirming that blaming someone for getting hacked is kind of like kicking a one legged dog.

NOT EVERYONE THAT GETS HACKED IS TO BLAME FOR GETTING HACKED!

Sometimes they are, however, not everyone is. When asked how, I explain that it is possible. Don't call me out, and when I point you to where you can find that kind of information, condemn me for promoting hacking. If anything, I think I have made it pertinently clear that I am against it and advise people to be a bit more cautious with their information.

Also, was that a typo about the No Way Out call out, or are you hurting my feelings? lol

Undivine · Mar 14, 2008, 07:21 PM // 19:21

Oh, no no no... If I had thought you were telling people how to hack I would've already deleted your posts. Just a general warning to everyone not to get too detailed, as there seems to be more than just you who knows a thing or two about hacking.

The Way Out · Mar 14, 2008, 07:30 PM // 19:30

Quote:

Originally Posted by Undivine

Oh, no no no... If I had thought you were telling people how to hack I would've already deleted your posts. Just a general warning to everyone not to get too detailed, as there seems to be more than just you who knows a thing or two about hacking.

As long as pedro doesn't end up in here we will be fine... hehe

Wild Karrde · Mar 14, 2008, 08:29 PM // 20:29

You can generally crack a password under 10 characters long in about 5 minutes
and the time goes up by alot from there. If you want to have a good safe password that would take forever or cant be cracked it needs to be about 21 characters long.

My friend is good with computers and he can crack just about any password I have if its under 10 chars in about 5 mins. I trust him so I let him do it. He knows what hes talking about. If you really want a good password make it LONG with a combination of letters and numbers. I guess special characters like * or _ or something wouldnt hurt either.

Kanyatta · Mar 14, 2008, 09:56 PM // 21:56

Quote:

Originally Posted by Ku Ku

Several guild mates and friends of mine have lost everything in the last few months

Then your friends gave their password and/or e-mail to someone that they shouldn't have. IMO, they deserved to have their accounts taken.

Tarun · Mar 15, 2008, 02:35 AM // 02:35

Still watching for an answer to my questions.

Holly Herro · Mar 15, 2008, 01:03 PM // 13:03

I have the ultimate password for everything.. but it's only 6 characters >_> <_<

Quote:

Originally Posted by Kanyatta

Then your friends gave their password and/or e-mail to someone that they shouldn't have. IMO, they deserved to have their accounts taken.

And you deserve a punch in the face

Ku Ku · Mar 15, 2008, 03:59 PM // 15:59

Quote:

Originally Posted by Holly Herro

I have the ultimate password for everything.. but it's only 6 characters >_> <_<

And you deserve a punch in the face

Lol thanks for that... because yes, as you may have gathered they had no keyloggers dowloaded (especially in on case as he has a cap on his broadband so downloads nothing apart from gw updates) and no known entry points (i.e. nothing picked up by firewalls or virus scanners). In another case for example a guildmate also had his spare account hacked on the same day which had a completely different email and password - i would have thought that this WOULD have been a keylogger or something similar.

They were also the least trusting people i know, and i distincly remember an arguement springing up one time between one of them and their partner about the fact he wouldnt giver her his p/w while he was at work! So yes, that comment was wholely unuseful and thanks to you nerdy lot for pointing that out to peoples :P

i guess i am just getting sick of people pming me and saying... you'll never guess what happened last night... x got hacked... they've taken everything... and yeah im not too clued up on security (i know the basics.. strong passwords, how trojans work etc) so it was just a suggestion XD
(I think im going to stop starting threads... its not good for my complexion to get flamed so much and lotion is expensive!)

Ku xxx

Numa Pompilius · Mar 15, 2008, 05:22 PM // 17:22

Thing is... I don't know anyone who's actually been hacked, but a bunch of people in your guild has. By the sound of it, you guys are definitely getting hit more often than average.

That suggests that the culprit may be closer to you than you think.

Not only that, but deleting the warrior like that sounds like a joke/prank, it's not typical "goldseller steals account to rob and use for botting" behavior.

Perhaps you guys have discussed passwords in a bit too much detail, and one or several of you have an interesting sense of humor. Alternatively one of you have written or modified a keylogger so it isn't picked up by anti-virus software -that's not hard- and distributed it among you.

But hey, what do I know.

genofreek · Mar 15, 2008, 07:23 PM // 19:23

I was sort of thinking that myself. If a lot of one guild is getting this done to them, and nobody's been downloading, it's worth clamping down on the "lol if you type your pw in alliance chat it shows up as stars ******** see" sort of thing.

freaky naughty · Mar 15, 2008, 07:41 PM // 19:41

As long as you're not completely stupid you probably won't be hacked.
/notsigned.

Kanyatta · Mar 15, 2008, 08:10 PM // 20:10

Quote:

Originally Posted by freaky naughty

As long as you're not completely stupid you probably won't be hacked.
/notsigned.

exactly what i was saying

listen to this guy.

"ZOMG! I did Across The Wall in pre with this guy. I can trust him with my account info. He says he's good!"

Alex Morningstar · Mar 15, 2008, 08:18 PM // 20:18

There is a simple answer. You already stated it, you (along with other users) want to take the lazy road and have Anet or NCsoft hand it to you on a platter.

Make a masterNC account, change your password frequently. It's YOUR account, it's YOUR responsibility to maintain security for it. That means don't give out your info, do not give it out to your friends, do not use a commonly used email as your sign-in, do not buy services such as power levelling or in-game gold. The latter, I'm sure they could check whatever password and email you register with against the account you give them.

Use your brain.

The Way Out · Mar 17, 2008, 01:50 PM // 13:50

Please read down a bit. Typically speaking, people that get their account hacked have a friends list that travels with them. You normally have a friends list that has many members in your guild on it. I have had four people get hacked in my guild. I caught a hacker on a guild members account trying to give away all of his items in the guild hall. He was asking for everyone MSN account info. Without going into detail yet again about the fact that your MSN can be hacked (along with other things), I will just shut up and keep silent.

Last, if you don't think your MSN can be hacked... post it and sit back in confidence.

If you laugh at people getting hacked, I honestly hope you yourself get hacked someday. That will but a ton of humility into you and make you a little more receptive to your limited logic and understanding.

I have answered questions that were asked about anti-hack measures here like three times. If you don't want to hear the answer... stop asking. If you only want to hear the answer you are looking for... keep listening to the retards that tell you that you won't ever get hacked because you are too smart to give away your password.

Tarun · Mar 17, 2008, 03:41 PM // 15:41

The Way Out, since you avoided answering my questions once either please answer them in a timely manner or simply admit you really don't know half of what you're claiming.

You're not going into detail because you do not know is how it seems to me, and it's rather obvious. Claim all you want that you're in security or a "white hat" but that means nothing, because there are so many self appointed <insert title here> types online. To me you're acting just like one of them. Talking as though you're an expert in the field yet when challenged you lack the common knowledge (yes it's common knowledge for anyone with their respective degrees/certification) to explain it.

Here are my easy to answer questions for you, again:

Suffering from exploits through MSN and XFire? A "home beacon" for finding the user's pc on the Internet? I'd like to hear about these "exploits" and how it's a beacon.

The Way Out · Mar 17, 2008, 04:07 PM // 16:07

Quote:

Originally Posted by Tarun

The Way Out, since you avoided answering my questions once either please answer them in a timely manner or simply admit you really don't know half of what you're claiming.

You're not going into detail because you do not know is how it seems to me, and it's rather obvious. Claim all you want that you're in security or a "white hat" but that means nothing, because there are so many self appointed <insert title here> types online. To me you're acting just like one of them. Talking as though you're an expert in the field yet when challenged you lack the common knowledge (yes it's common knowledge for anyone with their respective degrees/certification) to explain it.

Here are my easy to answer questions for you, again:

Suffering from exploits through MSN and XFire? A "home beacon" for finding the user's pc on the Internet? I'd like to hear about these "exploits" and how it's a beacon.

Earlier I spoke about people who don't have updated software, and despite being laughed at, and told I don't know what I am talking about... here you go... here are a few...

http://www.bestsecuritytips.com/news...toryid+300.htm

http://www.us-cert.gov/current/archi...3/archive.html

These are two that some people use if your messenger client is not updated....

Again, I advised people earlier to update software on their systems.

I am trying not to give out too much information for people to begin misusing. If you don't see I am attempting to be helpful, then just ask me to stop sharing and I will. I answered you earlier. If you want to learn more about vulnerabilites around MSN and XFire... .Net and IE... Firefox and Myspace... etc... use either of the following...

www.google.com

www.us-cert.gov

You will quickly see that software developers are always one step behind hackers. If you don't update your software regularly, you will be at a greater risk the longer you wait.

I have worked in security for awhile now, and do a lot of consulting. Many people that I consult for tell me that they have anti-virus installed. More than half have never updated their anti-virus. Some client still have Norton 2002 or 2005 on their systems and call that protection.

Keeping your system up-to-date cuts a large portion of your exposure out. Running different programs for antivirus, anti-spyware, firewall, and registry guarding are a good means of security. Most people throw their security into an all-in-one suite that become a single point of failure (meaning that if the program gets corrupt or compromised, the system become entirely exposed). A hardware firewall is cool to have on your router, however, I don't recommend it for average to low-end users (you need a little knowledge about TCP and UDP traffic). Updating your firmware on you modem, router, and network adapters are recommended. Anyway, i think I am done with this thread. People are going to be pigheaded about this. Take care, everyone!

Good Luck!

Ctb · Mar 17, 2008, 04:26 PM // 16:26

Quote:

As long as you're fairly experienced with computers you probably won't be hacked.

FTFY

The entire computing industry has spent decades trying to idiot-proof computing applications while simultaneously ramping up the vast number of things those applications do. IT departments simultaneously introduce grander tools in the workplace while removing the level of maintenance the user has to peform on them.

Furthermore, a hefty number of the threats people face from the Internet have nothing to do with anything they can control. The entire system right down to the core protocols is ripe for abuse, with next to no thought ever given to security.

People aren't 'stupid' for not knowing these things, they just haven't been told how to do it because smarmy geeks would rather show off their "intellect" than take the time to explain how something works.

I've argued for years that applications and IT shouldn't be idiot-proofing computing for people because you wind up instilling a sense of wonder at the machines. People have come to view computers as almost magical, arcane things that only a privileged few can provoke desired behaviors from. They treat computers like complicated and brittle things because nerds have, for years, taken the attitude that they're better than everyone else and they'd rather just shove the user aside and do everything for that user than share their precious knowledge.

I don't blame users for not seeking out how to do these things, I blame smartass nerds with no social ability for not sharing their knowledge with the "plebes". I've fallen into that trap too, but lately I've been trying to interact more directly with people who have problems to try and get them to understand how to do things for themselves rather than having to rely on people that are no longer available after 5:00 PM.