Curse

jackers1234 · Mar 17, 2008, 04:28 PM // 16:28

seriously, i dont see the big deal with hacking in guild wars. it is one of the least hacked mmorpgs in existance.

my friend at school plays gw way too much, (like 12+ hours a day), so he knows loads of people in game, and he randomly gives stuff to them, like torment items, ectos, etc. for them to borrow (he never gets them bk, but he is too stupid to realise, lol).

he started giving out his account info to his guild leader and an officer, and 3 days later all his money, fow armor, weapons were gone, and the next day his account was banned for botting. and tbh, i dont feel sorry for him, even tho i kno him, cos it was stupid.

so the moral of the story is dont give out ur info to anyone, unless u can be 100% sure they wont turn on you.

Ctb · Mar 17, 2008, 04:33 PM // 16:33

Quote:

so the moral of the story is dont give out ur info to anyone, unless u can be 100% sure they wont turn on you.

Or write it down and lose it or type it in chat by mistake or have their own machine compromised with your info on there....

Better idea: don't give out your info to anyone unless you want to lose it for good.

Also, I italicized a number of real words in my post that should replace your make believe words the next time you post...

The Way Out · Mar 17, 2008, 04:54 PM // 16:54

Quote:

Originally Posted by Ctb

FTFY

The entire computing industry has spent decades trying to idiot-proof computing applications while simultaneously ramping up the vast number of things those applications do. IT departments simultaneously introduce grander tools in the workplace while removing the level of maintenance the user has to peform on them.

Furthermore, a hefty number of the threats people face from the Internet have nothing to do with anything they can control. The entire system right down to the core protocols is ripe for abuse, with next to no thought ever given to security.

People aren't 'stupid' for not knowing these things, they just haven't been told how to do it because smarmy geeks would rather show off their "intellect" than take the time to explain how something works.

I've argued for years that applications and IT shouldn't be idiot-proofing computing for people because you wind up instilling a sense of wonder at the machines. People have come to view computers as almost magical, arcane things that only a privileged few can provoke desired behaviors from. They treat computers like complicated and brittle things because nerds have, for years, taken the attitude that they're better than everyone else and they'd rather just shove the user aside and do everything for that user than share their precious knowledge.

I don't blame users for not seeking out how to do these things, I blame smartass nerds with no social ability for not sharing their knowledge with the "plebes". I've fallen into that trap too, but lately I've been trying to interact more directly with people who have problems to try and get them to understand how to do things for themselves rather than having to rely on people that are no longer available after 5:00 PM.

Ty for this post...

Righteous...

I fall into line of warning people to be careful and trying to guide them, only to get flamed for not telling them everything.... lol

I tread carefully around discussions concerning hacking. It is one of those thing that you know about, however, you don't want to really talk about.

Tarun · Mar 17, 2008, 05:14 PM // 17:14

Quote:

Originally Posted by The Way Out

Earlier I spoke about people who don't have updated software, and despite being laughed at, and told I don't know what I am talking about... here you go... here are a few...

http://www.bestsecuritytips.com/news...toryid+300.htm

http://www.us-cert.gov/current/archi...3/archive.html

These are two that some people use if your messenger client is not updated....

Again, I advised people earlier to update software on their systems.

I am trying not to give out too much information for people to begin misusing. If you don't see I am attempting to be helpful, then just ask me to stop sharing and I will. I answered you earlier. If you want to learn more about vulnerabilites around MSN and XFire... .Net and IE... Firefox and Myspace... etc... use either of the following...

www.google.com

www.us-cert.gov

You will quickly see that software developers are always one step behind hackers. If you don't update your software regularly, you will be at a greater risk the longer you wait.

I have worked in security for awhile now, and do a lot of consulting. Many people that I consult for tell me that they have anti-virus installed. More than half have never updated their anti-virus. Some client still have Norton 2002 or 2005 on their systems and call that protection.

Keeping your system up-to-date cuts a large portion of your exposure out. Running different programs for antivirus, anti-spyware, firewall, and registry guarding are a good means of security. Most people throw their security into an all-in-one suite that become a single point of failure (meaning that if the program gets corrupt or compromised, the system become entirely exposed). A hardware firewall is cool to have on your router, however, I don't recommend it for average to low-end users (you need a little knowledge about TCP and UDP traffic). Updating your firmware on you modem, router, and network adapters are recommended. Anyway, i think I am done with this thread. People are going to be pigheaded about this. Take care, everyone!

Good Luck!

Both WLM (it's not MSN anymore) and XFire both inform you of updates and allow you to update right away. Most users will update when prompted so not to be bothered with it later. WLM tends to force updates rather frequently too. Those links you provided are for items in late 2007 and there have been updates since then that most likely resolved all of those issues.

Anyone could easily say they know computers and security and be an average user. I've known people who know next to nothing about computers and call themselves security experts, stating the exact same that you do. That they have been doing it for some time and "frequently" recommend security software to people. Just like those gamers who claim disabling services grants added performance when in reality your system is crippled and those self appointed technicians who claim disabling/cleaning prefetch boosts your system performance when that too cripples it.

I've worked for a man in a small town tech shop who had several certifications and credentials. In fact he said he has 20 years experience and is a Certified Internet Webmaster (LOL!) and trained in: A+, Network+, Java2, e-commerce, Visual Basic, Oracle 9i, CCNA, Javascript & more.
What's really amusing is that after all of those, he was recommending Norton to his customers. Only one of his other employees actually knew of how bad Norton and the Symantec software really is. I told him about avast and the affiliate program so that he would be able to profit by selling avast Professional to users. After about a year the company now is selling avast and no longer pushing Norton. It literally took months for him to finally see how bad Norton was and what all it broke in systems.

You talk about hardware firewalls in routers, but a router's primary purpose is not to act as a firewall but to help your home network. If you want a firewall and do not wish to use a software firewall, you're best bet is to buy a hardware firewall that is standalone. That keeps things easier on your router and provides full security before any packets enter/leave your network.

Now if you want to protect an individual system it depends on your needs. For those who are fairly new to computers they should have an anti-virus, a software firewall, an anti-malware program and browser protections. I've written such an article about this which you can read at http://wiki.lunarsoft.net/wiki/PC_Security.

Ctb · Mar 17, 2008, 05:27 PM // 17:27

Quote:

Originally Posted by Tarun

http://wiki.lunarsoft.net/PC_Security.

I generally also like to put a few more things on people's machines to help them:

1. Privoxy to help filter ads and malware sites

2. MVPS HOSTS to supplement Privoxy

Also, for most regular users, I just personally recommend using the Windows Firewall. It's not perfect, but it's easy, it stays out of the way, and it does a fairly decent job.

The Way Out · Mar 17, 2008, 05:38 PM // 17:38

Quote:

Originally Posted by Tarun

Both WLM (it's not MSN anymore) and XFire both inform you of updates and allow you to update right away. Most users will update when prompted so not to be bothered with it later. WLM tends to force updates rather frequently too. Those links you provided are for items in late 2007 and there have been updates since then that most likely resolved all of those issues.

Anyone could easily say they know computers and security and be an average user. I've known people who know next to nothing about computers and call themselves security experts, stating the exact same that you do. That they have been doing it for some time and "frequently" recommend security software to people. Just like those gamers who claim disabling services grants added performance when in reality your system is crippled and those self appointed technicians who claim disabling/cleaning prefetch boosts your system performance when that too cripples it.

I've worked for a man in a small town tech shop who had several certifications and credentials. In fact he said he has 20 years experience and is a Certified Internet Webmaster (LOL!) and trained in: A+, Network+, Java2, e-commerce, Visual Basic, Oracle 9i, CCNA, Javascript & more.
What's really amusing is that after all of those, he was recommending Norton to his customers. Only one of his other employees actually knew of how bad Norton and the Symantec software really is. I told him about avast and the affiliate program so that he would be able to profit by selling avast Professional to users. After about a year the company now is selling avast and no longer pushing Norton. It literally took months for him to finally see how bad Norton was and what all it broke in systems.

You talk about hardware firewalls in routers, but a router's primary purpose is not to act as a firewall but to help your home network. If you want a firewall and do not wish to use a software firewall, you're best bet is to buy a hardware firewall that is standalone. That keeps things easier on your router and provides full security before any packets enter/leave your network.

Now if you want to protect an individual system it depends on your needs. For those who are fairly new to computers they should have an anti-virus, a software firewall, an anti-malware program and browser protections. I've written such an article about this which you can read at http://wiki.lunarsoft.net/PC_Security.

I am not going to start throwing around credentials with you, because I can already see that you are limited.

A router's primary purpose is to route traffic... not help your home network. I was not suggesting that you rely solely on a hardware firewall, however, having one is another added protection again outside penetration and relies less on your OS that is already buggy as hell (assuming you are running any form of Microsoft). This is where I can see the child in you.

Second, no one is talking about Norton, Avast, Kasperski, AVG, TrenMicro, Panda, or anything else... and I am not buffing myself up to be anything I am not. I love technology, and come here to help people out, not get into flame wars with someone who asks me a question and I answer it to the best of my ability.

I have been warned a couple times already for "disclosing" too much information on this forum, that I was nearing the realm of encouraging hacking. So, I guard what I say. Read the entire link I sent you and not just the first couple paragraphs. MSN and Internet Explorer have had more exploits than any other piece of Microsoft's Software, and this is because of the fact they face the internet more than anything else.

What pisses me off about your posts are that you are not being helpful at all. It seems like you are challenging me to... what?

Question... what are some anti-hack measures I can take to safeguard myself?

My answer... don't give out your info... make sure all your software is up-to-date and you run scans regularly... lock your registry and browsers from changes unless approved by you... tighten up your firewall

What is your answer... don't give out your info, dumbass, or you deserve getting hacked!

Back when this thread started I stated that the person that gets hacked is not always at fault.

Many users install Limewire, Kazaa, Torrent clients, and other programs that give people your IP addresses (along with shared right over many folders). MSN can give me your IP address with tools commonly found on the net.

In the end, the chances of me getting hacked are a lot less than many other people. Mainly, because I have a little knowledge around the ins-and-out of networking and system security. I share what I can without coming off like I am a preacher.

Since you know more than I do, apparently... please enlighten everyone here on the proper security measures they should follow up with.

FYI...

I can rattle off a ton of utils that do wonderful things once I have your IP. Avast isn't going to stop that... Maybe Comodo or some other form of firewall protection, however, as long you run MS products, there is always a new vulnerability that will be published on the net for anyone to pick up and run with. I gave you link... I gave you facts... I even told you the links were old and that "if you don't have updated software"... and you still come of pompous.

Take your A+ book and knowledge of freeware antivirus programs and go be safe somewhere. While you are installing that new hard drive, I will continue to work on my career and enjoy a game I log onto this forum to discuss about.

You have contributed nothing to this community.

jackers1234 · Mar 17, 2008, 06:19 PM // 18:19

far be it from me to go all mod here, but i think this thread is going downhill fast

Tarun · Mar 17, 2008, 06:44 PM // 18:44

Quote:

Originally Posted by Ctb

I generally also like to put a few more things on people's machines to help them:

1. Privoxy to help filter ads and malware sites

2. MVPS HOSTS to supplement Privoxy

Also, for most regular users, I just personally recommend using the Windows Firewall. It's not perfect, but it's easy, it stays out of the way, and it does a fairly decent job.

A proxy program is good for users who know what they're doing, but most people will complain about slower Internet browsing.

Hosts file is not meant to filter Internet baddies. This actually slows performance on your computer. So many people suggest foolishly to disable the DNS service but that only cripples your computer further. If you want to safely block malware and advertisements it's much easier than a host file. You can find plenty about it in my article on http://wiki.lunarsoft.net/Blocking_M...sements_Safely

Ctb · Mar 17, 2008, 07:40 PM // 19:40

Quote:

A proxy program is good for users who know what they're doing, but most people will complain about slower Internet browsing.

Privoxy alone will function at whatever level of performance the machine it's on functions. If you don't allow any other machines to use it, then the machine it's on will be only machine using it and that machine will get 100% of the available bandwidth from the proxy 100% of the time. The only slowdown is in the tiny hit required to run a request through a ruleset. This is noticeable on machines which frequently dump a significant amount of their running applications into the pagefile, but on most machines the performance hit is negligible.

Quote:

Hosts file is not meant to filter Internet baddies.

The HOSTS file is meant to map an IP address to a name. Nothing more, nothing less. What you map to where and why you do it is of no consequence to anybody but the users affected. If you want to map "baddies" to 0.0.0.0 there's no rule that says you can't or shouldn't. Hell, I have the name msnbc.com mapped to cnn.com's IP address because CNN annoys me and I got tired of visiting their site (but kept typing it in out of habit).

Quote:

This actually slows performance on your computer. So many people suggest foolishly to disable the DNS service but that only cripples your computer further.

First, a large HOSTS is inconsequential unless we're talking obscene numbers of hosts. The MVPS HOSTS file is something like 850 KB. No software has parsed the file on-disk in ages - all modern browsers load and key the file in a hash at startup - so the file itself is only adding roughly 1 MB of memory to the application's memory space. My current FF process is using up 64 megs of RAM already, I don't think if I added a 1 meg table of hostnames it would be a big deal.

Secondly, disabling the defective Windows DNS Client cache will not "cripple" your computer. Losing the cache only greatly impacts the lookups of bad hostnames because the nameserver you hit will have to dig through every record in a section of its tables before discovering it's a bad request. And, unless you keep trying to go back to the same bad host again and again, that should happen once for each typo.

The major drawback of relying on HOSTS is that you have to manually keep up to date, which nobody does. That's why I use HOSTS to supplement the easily updated Privoxy tool. It's an extra layer of protection, not the primary defense.

Quote:

I can rattle off a ton of utils that do wonderful things once I have your IP. Avast isn't going to stop that... Maybe Comodo or some other form of firewall protection, however, as long you run MS products

I took an old machine I had sitting around, slapped two NICs in it, plugged a switch into one and the cable modem into the other, put FreeBSD on it, now it's functioning as a router and a completely customizable firewall. I also have web and database servers running on the internal IF for code testing as well as sshd so I can hop into it with PUtTY and change things without even needing so much as a keyboard connected (although it's a PITA to reboot when the power goes out and it hits the POST check for a keyboard...)

Frankly, I think it was easier than mucking about with the commercial stuff...

The Way Out · Mar 17, 2008, 08:08 PM // 20:08

Quote:

Originally Posted by Ctb

Privoxy alone will function at whatever level of performance the machine it's on functions. If you don't allow any other machines to use it, then the machine it's on will be only machine using it and that machine will get 100% of the available bandwidth from the proxy 100% of the time. The only slowdown is in the tiny hit required to run a request through a ruleset. This is noticeable on machines which frequently dump a significant amount of their running applications into the pagefile, but on most machines the performance hit is negligible.

The HOSTS file is meant to map an IP address to a name. Nothing more, nothing less. What you map to where and why you do it is of no consequence to anybody but the users affected. If you want to map "baddies" to 0.0.0.0 there's no rule that says you can't or shouldn't. Hell, I have the name msnbc.com mapped to cnn.com's IP address because CNN annoys me and I got tired of visiting their site (but kept typing it in out of habit).

First, a large HOSTS is inconsequential unless we're talking obscene numbers of hosts. The MVPS HOSTS file is something like 850 KB. No software has parsed the file on-disk in ages - all modern browsers load and key the file in a hash at startup - so the file itself is only adding roughly 1 MB of memory to the application's memory space. My current FF process is using up 64 megs of RAM already, I don't think if I added a 1 meg table of hostnames it would be a big deal.

Secondly, disabling the defective Windows DNS Client cache will not "cripple" your computer. Losing the cache only greatly impacts the lookups of bad hostnames because the nameserver you hit will have to dig through every record in a section of its tables before discovering it's a bad request. And, unless you keep trying to go back to the same bad host again and again, that should happen once for each typo.

The major drawback of relying on HOSTS is that you have to manually keep up to date, which nobody does. That's why I use HOSTS to supplement the easily updated Privoxy tool. It's an extra layer of protection, not the primary defense.

I took an old machine I had sitting around, slapped two NICs in it, plugged a switch into one and the cable modem into the other, put FreeBSD on it, now it's functioning as a router and a completely customizable firewall. I also have web and database servers running on the internal IF for code testing as well as sshd so I can hop into it with PUtTY and change things without even needing so much as a keyboard connected (although it's a PITA to reboot when the power goes out and it hits the POST check for a keyboard...)

Frankly, I think it was easier than mucking about with the commercial stuff...

I have an old dell PII that I use as a Slack Firewall... Runs sweet and steady! My trick was getting the BIOS to allow the computer to bootup without keyboard and mouse. Everything else was fine. Nice to know other people here are compufriendly!!! Sweet!

warcrap · Mar 17, 2008, 08:24 PM // 20:24

how about we just get an e-mail whenever another i.p logs into the account.

Kanyatta · Mar 17, 2008, 09:25 PM // 21:25

Quote:

Originally Posted by warcrap

how about we just get an e-mail whenever another i.p logs into the account.

Wouldn't work that well, people can change their own IP's without realizing it.If you're using cable, every time you unplug your router, you change your IP, I believe. That may be the case with satellite too. And, what if you log on at another (friend's?) machine? What if you get a new computer? You'd be getting an e-mail every time you log on. Also, it would take up more server space, and no one wants that.

Bottom Line: Keep your info safe, and you don't have to worry about this.

Musei Karasu · Mar 18, 2008, 10:07 PM // 22:07

Quote:

Originally Posted by warcrap

how about we just get an e-mail whenever another i.p logs into the account.

Err, I change IPs about once every hour, sometimes more often. Not going to work, I'd prefer not to get an e-mail every single time I log into GW.

Tarun- it's rather obvious from reading your posts and your article you have at least a bit of knowledge about computers, and I'm not going to try and make you look stupid, but you know just about as much as I said, a bit. You're above the average user, but when it comes to knowing exactly how vulnerable any system is, I think you're a bit short of understanding.

Security on your computer is just as effective as security on your house. If I come to rob your house with nothing but my own hands, yea I'm going to have a hard time, but if I were to come with a lockpick it'd be far easier. Even easier would be a screwdriver and a hammer, but that leaves evidence. There are plenty of people who think they are hackers and really aren't. Googling hacking scripts doesn't make you a hacker. That's like someone who comes to your house with a key he thinks matches your lock and when it doesn't he can't do anything except walk off in shame. Hackers like that I tend to call asshats(we've got whitehats and blackhats, so now we've got asshats) others call them script kiddies. If you want to crack a computer system it's completely possible, no matter how much security software or hardware is on the computer, it'll just take a long time. Just like someone who's never seen a door in their life wouldn't know how to open it, someone who's not well versed in entering a computer won't know how to get in. Adding a lock on the handle will stop some, and slow down others, just like adding a firewall stops and slows down some. Add a deadbolt, you slow them down more, just like adding a hardware firewall. But when it comes down to the slim crap on the floor, it's possible to break into any computer, just depends on how much work you'd like to put into it. (Putting a human behind the firewall who knows what he/she is doing is a different story, just like if I'm standing behind my front door when you try to break in and I pump a full clip of .232 caliber rounds into your abdomen, you're not going to do a very good job of breaking into my house and robbing me blind now are you? :P )

When it comes down to it, the best way to secure yourself is to uninstall windows or unplug your Internet connection. Short of that, get an anti-virus, a firewall, keep your software up to date, don't visit sites that look like they're not safe, and don't give out personal information such as passwords, pin numbers, social security numbers, and the like. If your goal is to secure yourself on GW, then use an uncommon password that is rather long, uses at least eight characters including numbers, upper and lowercase letters and punctuation. No, that won't make you unstoppable, but it will make you a bit harder to hack. Remember the scumbags who are hacking your GW account to try and steal everything you own on GW are usually in a rather large rush and aren't looking to spend a lot of time on an account.

Quote:

Originally Posted by Ctb

Hell, I have the name msnbc.com mapped to cnn.com's IP address because CNN annoys me and I got tired of visiting their site (but kept typing it in out of habit).

Errr, you ever heard of this excellent little thing called bookmarks? :P