Guild Wars Forums - GW Guru
 
 

Go Back   Guild Wars Forums - GW Guru > Forest of True Sight > Technician's Corner

Notices

Closed Thread
 
Thread Tools Display Modes
Old Oct 29, 2009, 09:48 AM // 09:48   #21
Frost Gate Guardian
 
Nereyda Shoaal's Avatar
 
Join Date: Jul 2006
Location: Deldrimor Warcamp
Profession: Mo/W
Advertisement

Disable Ads
Default

If "pr0 hacker" decides to get into your account you can't do anything about it.
Keyloggers are the most popular, easy to use but list of how to get someones login is much longer
A while back a friend of mine was switching off my PC by exploiting loopholes in Windows. He also created a new folder and put a text file saying "I was here. [his name]"
I work for IT and despite the fact I know "few" things about computer security I know I'm not safe. I can take steps to protect my account but at the end of the day I can't stop everyone, can I?
There was this guy last year. Came up and said "I want my PC to be 100% secure". My answer was "Unplug the network cable"
Nereyda Shoaal is offline  
Old Oct 29, 2009, 10:08 AM // 10:08   #22
Desert Nomad
 
Xenex Xclame's Avatar
 
Join Date: Mar 2006
Guild: DPX
Profession: R/
Default

I'd like to clarify a point.I don't think there's been a higher rate of "hacking" but instead a higher rate of reporting it (to us).

Also and im not saying this to anybody in particular or about everyone thats been "hacked", but its hard for gold buyers to get sympaty,meaning that if the person that got hacked got hacked because he bought gold, or because he wanted to cheat or whatever, he might try to hide that fact.

I mean its not like we can know theyr lieying.

PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.
Xenex Xclame is offline  
Old Oct 29, 2009, 10:17 AM // 10:17   #23
Grotto Attendant
 
zwei2stein's Avatar
 
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
Default

Quote:
Originally Posted by Enon View Post
Then again, each person that has been hacked coming on GWG specifically states they never shared their passwords with friends or relatives, don't visit certain scam sites, never downloaded nor used any third party tools and they all have some sort of IT experience.*

Are they all lying or is Anet screwing up from their side?

*Sarcasm intended. But it's still a serious question.
Chances are, if you know you screwed up your security, you will be silent because you already know who to blame.

What worries me personally is the fact that i did not manage to find anything more dangerous than cookie (And I tried hard, trust me ...), coupled with fact that I log in to three accounts regularly and only one got 'hacked' .. and the one which has username that i would consider hardest to figure out and impossible to dig from gw related websites as it was never used on them ... I was quick with password change, of course. I would like to know more about that keylogger support was talking about before directly blaming anets security. Source site? What software did it hide in? Any clue?

I know there is trojan in gw.dat browser - really sneaky one, it comes with source code, but compiled version has generic trojan embeeded. Yay for antivirus. But other than that i have not seen anything other than "please, type here your account and password to get free ecto stack/gw2 beta/tool to hack ruch people"

Last edited by zwei2stein; Oct 29, 2009 at 10:19 AM // 10:19..
zwei2stein is offline  
Old Oct 29, 2009, 10:46 AM // 10:46   #24
Jungle Guide
 
Join Date: Apr 2006
Default

Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?

Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.

If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.
Linksys is offline  
Old Oct 29, 2009, 10:48 AM // 10:48   #25
Supastar~ ★
 
Sierraa's Avatar
 
Join Date: May 2006
Location: USA [GMT -7]
Guild: Sierraas Asian Harem [love]
Profession: Me/
Default

Quote:
Originally Posted by Xenex Xclame View Post
PS.Just because a person is a computer techincian doesn't mean theyr computer is more safe then someone elses that has zero pc experience,the technician could be packed with security but then do dumb stuff like use the same email on forums.
Wrong. There's a difference between not knowing anything about security and making mistakes, and working in the industry. The average computer user uses the same email and password for everything. It's generally a very simple password too. Someone who works in the industry, or at least has some idea of how to be secure (or knows the risks) will take the extra steps to use a different email, have a more complex password, and pay attention to what they're downloading.

People who know the risks are LESS likely to be hacked or do something that can jeopardize their account.

Quote:
Originally Posted by Linksys View Post
Could be key loggers. Or that could be a throw off. Remember when GW was so laggy and Anet first blamed our video cards?

Another thing to be careful of is using programs to communicate with people in GW. I'm not that familiar with Ventrillo or other online gaming voice chat programs. But if it makes it possible for people who run those to see other people's IP numbers, be wary of those. If you use some forum on someone's unknown personal website or even an alliance website, also be careful. Use a different email address and also keep IP numbers in mind.

If your guild or alliance wants you to use some voice chat program no one's heard of, don't do it.
Using ventrilo or a forum isn't going to get you hacked, if you're going to be paranoid about your IP address please unplug your internet. Your IP address can be seen almost anywhere, even on MSN. :| I highly doubt your guild or alliancemates are making you sign up for a forum for the intent of stealing your account. If they did I'm sure there'd be an uproar on guru.
Sierraa is offline  
Old Oct 29, 2009, 11:22 AM // 11:22   #26
Desert Nomad
 
Join Date: Apr 2006
Profession: R/
Default

I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
Fay Vert is offline  
Old Oct 29, 2009, 11:39 AM // 11:39   #27
Ascalonian Squire
 
Join Date: Feb 2006
Profession: R/E
Default

Quote:
Originally Posted by obsidian ectoplasm View Post
I think thats bullshit, I have seen so many people saying they have been hacked although they are actually in the computer business, and they are well aware of changing passwords every week/ not giving out info ect
Let me just say that if these people who are in the computer business change their password every week they probably should get out of the computer business.

Changing your password every week does not make you secure. When was the last time you changed the PIN on your bank card?
oxylus is offline  
Old Oct 29, 2009, 11:40 AM // 11:40   #28
Furnace Stoker
 
Join Date: Oct 2006
Guild: GWAR
Profession: Me/Mo
Default

If you blame anyone blame Microsoft

Microsoft messenger that I turned off after mysterious grey boxes advertising none ms services appeared on my screen.
Active x that can also run stuff I may not want.
Javascript ditto
macromedia Flash created to make websites more interesting but it overrides any settings you made to limit what a website can show.

all those and services that allow remote control of a computer over the net are the root cause.

If you don't know what to turn off and you run online on an administrator account you could well be heading for trouble.

They came up with some great ideas to make the internet run smooth and look great but forgot that their creations made great tools to break into systems.

Windows 7 the solution who knows if so its about time.

rant over
gremlin is offline  
Old Oct 29, 2009, 11:42 AM // 11:42   #29
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by Fay Vert View Post
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
I've said it before, I'll say it again - I'd PAY for that.
Items, gold etc I don't care, as long as my main char is safe.

I take great care over my PC and GW security, but I know that sh*t can happen regardless. So it would be nice to have an absolute safeguard against character deletion.
Riot Narita is offline  
Old Oct 29, 2009, 11:49 AM // 11:49   #30
Grotto Attendant
 
zwei2stein's Avatar
 
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
Default

Quote:
Originally Posted by Fay Vert View Post
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
This is, however, poor bandaid for poor security and would likely cause support nightmare.

I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.

There are many other solutions: you could have sms-auth that is commonly used when ebanking (when you log in to your account, you will need to insert pin number. You will receive that pin number by SMS, SMS that only person physically owning cellphone can see). I can personally guarantee you that it is fairly easy to implement.

One could even produce USB key - similar principle, but you just plug it in instead of having to type your pin.
zwei2stein is offline  
Old Oct 29, 2009, 11:53 AM // 11:53   #31
Furnace Stoker
 
Join Date: Oct 2006
Guild: GWAR
Profession: Me/Mo
Default

Someone clear something up for me.

Does a keylogger read direct key input ?.

I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.
gremlin is offline  
Old Oct 29, 2009, 12:07 PM // 12:07   #32
Grotto Attendant
 
zwei2stein's Avatar
 
Join Date: Jun 2006
Location: Europe
Guild: The German Order [GER]
Profession: N/
Default

Quote:
Originally Posted by gremlin View Post
Someone clear something up for me.

Does a keylogger read direct key input ?.

I was thinking if passwords were entered by mouse clicking on a virtual keyboard on the screen would that get past a keylogger.
Keylogger can monitor whole system and do everything that any other malware can do. That is, pretty much anything.

Keylogers usually just monitor keyboard because that is all they need to do, but they can monitor mouse clicks or network communication or take screenshot if author requires that functionality.

So click-typing password is not a solution.
zwei2stein is offline  
Old Oct 29, 2009, 12:10 PM // 12:10   #33
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by zwei2stein View Post
I would prefer WoW solution: Special pin generator. Only person owning physical device that generates pins can access account.
I'd be interested in that too. It's been available for WoW for quite some time now, hasn't it? Have there been any reports published on its success/failure? Did it reduce numbers of lost accounts for people using them? Are people still losing accounts in spite of using them? etc?
Riot Narita is offline  
Old Oct 29, 2009, 12:28 PM // 12:28   #34
Grotto Attendant
 
Join Date: Aug 2007
Location: Canada
Default

Want to avoid getting hacked?

- Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.

If you avoid these two things, you will never be hacked. End of story.
Zahr Dalsk is offline  
Old Oct 29, 2009, 12:43 PM // 12:43   #35
Frost Gate Guardian
 
Notorious Bob's Avatar
 
Join Date: Mar 2009
Location: Gwen's underwear drawer
Guild: The Curry Kings
Profession: R/
Default

Quote:
Originally Posted by Fay Vert View Post
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.
I always thought that it was incredibly daft of Anet to require an 'authorisation' to delete a character but then make that authorisation the character's name - doh! :O

Surely after 4+ years Anet couldve come up with something a little more secure - if they really wanted to.
Notorious Bob is offline  
Old Oct 29, 2009, 12:44 PM // 12:44   #36
Alcoholic
 
Aussie Boy's Avatar
 
Join Date: Mar 2007
Location: Australia
Profession: W/
Default

Yes it's our fault most of the time because we didn't protect ourselves enough or were stupid in sharing things.
I realize that but Anet could add more space to the passwords like oh i dunno 20 25 text numbers just to make guessing it more difficult. ?
Also before the password is changed a confirmation to the email address
that you have to click to complete the change.
Maybe?
Aussie Boy is offline  
Old Oct 29, 2009, 12:47 PM // 12:47   #37
Desert Nomad
 
Join Date: Apr 2007
Default

Quote:
Originally Posted by Zahr Dalsk View Post
Don't tell anyone your email address. If you keep it hidden there is no way for someone to target your account.
- Do not run third party programs. First of all, it's considered cheating, and second, it could have a keylogger.

If you avoid these two things, you will never be hacked. End of story.
Pretty naive. Of course I do these things, and a whole lot more - but I do not assume that makes it impossible for my account to ever be compromised.

Everybody runs "third party software" - not for GW of course, but for other stuff that makes a computer, you know, USEFUL. Everybody visits websites, many accessed from Google with no easy or reliable way of knowing whether it's safe or not.

I doubt your average joe has any way to assess the safety of a given website or piece of software, and maybe doesn't know where to get a free email address that they can use exclusively for GW. They're likely to use an email address that they actually use and check regularly, and what use would their email address be, if they didn't give it to anyone? They'd never receive any email. And really, why should they be expected to do any different?
Riot Narita is offline  
Old Oct 29, 2009, 01:08 PM // 13:08   #38
Desert Nomad
 
slowerpoke's Avatar
 
Join Date: Jul 2007
Location: Cuba
Default

I still think there are/have been undisclosed security flaws. After all it was possible to directly hack the client (travel anywhere, open storage) and crash the server, who knows what else.

It may be a new tactic of gold sellers to simply hijack other players accounts than waste time botting, which is has poor returns since RMT was introduced.
slowerpoke is offline  
Old Oct 29, 2009, 01:59 PM // 13:59   #39
Lion's Arch Merchant
 
Join Date: Nov 2007
Guild: Girls Pee Pee When They See [ME]
Profession: N/Mo
Default

Why not just make your account based of an email that you open.....then delete after its been verified? That way you can never use that email ever again for other websites.

.....on top of all the other do's and dont's passed down on DONT GET HACKED thoughts.
REDdelver is offline  
Old Oct 29, 2009, 02:14 PM // 14:14   #40
Lion's Arch Merchant
 
Join Date: May 2007
Default

Quote:
Originally Posted by Fay Vert View Post
I would be happy if they added a flag that you could set on a character to make it undeletable, or at very least only deletable one month after removing that flag.


There you go:
http://www.guildwarsguru.com/forum/s...php?t=10248665

I know Lineage 2 has a 3 day "delay" before allowing you to delete completely a character.
There's the WoW Pin mentioned by zwei2stein that would be awesome.

I'd like anything to be more secure, really.
Mangione is offline  
Closed Thread

Share This Forum!  
 
 
           

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:59 AM // 04:59.


Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("