Maybe hackers is too strong a term, they probably just used some little silly known vulnerability vector key-logger. But yeah, they broke into my gmail and battle.net accounts and cleaned my WoW characters out before locking me out with an authenticator. fortunately gmail felt like logging the strange IP and alerting me to it, once I found my linked Starcraft account wanting an authenticator this morning and started investigating. They didn't even bother deleting the blizzard alerts that I had changed my password and added an authenticator. It was the virtual equivalent of a quick smash and grab.
Oh it's probably my fault somewhere along the line. Maybe multiple times. What I suspect happened is they saw the battle.net password from letting my brother play Starcraft 2 on his computer (which has been drawing suspicious router activity lately anyway,) and my email foolishly had nearly exactly the same password that they just happened to guess the one character of difference for. Just to be sure I ran a bootable virus scanner to look for rootkits, and currently running a professional one in OS, but are likely to tell me I didn't really have anything on here, I'm pretty careful about that.
I suppose the good news is that they were only after $60 in virtual gold and not, you know, my bank account information, credit card, or stock access.
I changed a lot of passwords today.
I'll probably have to kill my debit/credit card Monday morning.
So I just wanted to rant about it a little. Even if you're as tech savvy as I am, keep some virus protection around and up to date. You just can't be too careful. Hopefully I can get my brother to listen to this advice when he gets back on-line Thursday.
It is currently Sat Apr 27, 2024 5:43 pm
Chinese Hackers, wrecking my virtual stuff.
Moderators: The Administrators, Moderators
10 posts
• Page 1 of 1
Chinese Hackers, wrecking my virtual stuff.
by AmericanLyokoTeam » Sun Aug 22, 2010 1:35 am
R.I.P. in peace, Polar and Forest sectors 2003-2013
by TheLQ » Sun Aug 22, 2010 2:58 am
Ah, internet security
Step 1) You probably got phished. The big 3 browsers (IE, Firefox, Chrome) all have domain highlighting, where the domain is blacker than the rest of the gray text. Always(!) look there before entering your login information. They clone the layout making it impossible to tell if its the real thing or not, but nobody can hide their domain
Step 2) Password generation and storage - You need big long randomly generated passwords. This can be made 10000x easier by using a password manager. I absolutely love Lastpass. It exists online, has extensions/plugins/addons for all browsers, and even works on your phone! Don't have it installed? It has a web interface that you can use to login to sites.
The most important feature is a random password generator. My yahoo and facebook account is protected by a 100 character alphanumeric+special character password. Considering it takes a few million years to brute force 15 character passwords, I think I'm covered.
AND, its keylogger proof!
Step 3) Don't use the same password for everything! - This is very important, but often the least followed. I remember when I "acquired" my brothers password to Facebook, I was then able to get into his email, gaming, and forum accounts. Now if he was an adult I would also have things like bank passwords. Very bad
If you use Lastpass, this shouldn't be an issue.
Step 4) Password rotation - This is an even less followed tactic outside of hospitals. For your most critical stuff, change your password every month or so. This can be as simple as aPassjanuary or as complex using multiples of the dates. Since doing this involves a significant amount of work, only do it for your most sensitives stuff.
Step 5) Get Linux - Those stats are correct, Linux has 0 viruses. And at least with Ubuntu, fixes are pushed up so quickly that virus makers can only have a several hour window before the patch is pushed to the internet. And if your a tech person, it can be fun to play with your DE or kernel.
---
You've probably heard of most of this, but I thought I would try.
Step 1) You probably got phished. The big 3 browsers (IE, Firefox, Chrome) all have domain highlighting, where the domain is blacker than the rest of the gray text. Always(!) look there before entering your login information. They clone the layout making it impossible to tell if its the real thing or not, but nobody can hide their domain
Step 2) Password generation and storage - You need big long randomly generated passwords. This can be made 10000x easier by using a password manager. I absolutely love Lastpass. It exists online, has extensions/plugins/addons for all browsers, and even works on your phone! Don't have it installed? It has a web interface that you can use to login to sites.
The most important feature is a random password generator. My yahoo and facebook account is protected by a 100 character alphanumeric+special character password. Considering it takes a few million years to brute force 15 character passwords, I think I'm covered.
AND, its keylogger proof!
Step 3) Don't use the same password for everything! - This is very important, but often the least followed. I remember when I "acquired" my brothers password to Facebook, I was then able to get into his email, gaming, and forum accounts. Now if he was an adult I would also have things like bank passwords. Very bad
If you use Lastpass, this shouldn't be an issue.
Step 4) Password rotation - This is an even less followed tactic outside of hospitals. For your most critical stuff, change your password every month or so. This can be as simple as aPassjanuary or as complex using multiples of the dates. Since doing this involves a significant amount of work, only do it for your most sensitives stuff.
Step 5) Get Linux - Those stats are correct, Linux has 0 viruses. And at least with Ubuntu, fixes are pushed up so quickly that virus makers can only have a several hour window before the patch is pushed to the internet. And if your a tech person, it can be fun to play with your DE or kernel.
---
You've probably heard of most of this, but I thought I would try.
by AmericanLyokoTeam » Sun Aug 22, 2010 1:46 pm
1) It wasn't phishing, I use Opera, but I check URL's religiously before putting in info.
2) Keyloggers these days are sophisticated pieces of work, they can copy from memory buffers and even take screenshots. Using password storage is not a guarantee of safety, just a good step.
3) (in which I failed it.) Don't use the same password for any two things. A lot of my more important ones were different, but merely having my email and battle.net the same killed me here.
4) My school makes me do this for email and I used to find it retarded. Maybe not so much now. wouldn'ta helped here though, there wasn't even a month between accessing the computer I suspect that was logged and getting broken into.
5) Linux doesn't play Starcraft 2. You'll be happy to know my bootable virus scan was linux based though.
I appreciate putting up the tips though, maybe others will benefit. and maybe I'll pay attention to #3 next time.
Had to contact billing again today. They take some time to even say they're looking into it. I imagine they have a lot of broken into accounts to investigate, to be fair.
2) Keyloggers these days are sophisticated pieces of work, they can copy from memory buffers and even take screenshots. Using password storage is not a guarantee of safety, just a good step.
3) (in which I failed it.) Don't use the same password for any two things. A lot of my more important ones were different, but merely having my email and battle.net the same killed me here.
4) My school makes me do this for email and I used to find it retarded. Maybe not so much now. wouldn'ta helped here though, there wasn't even a month between accessing the computer I suspect that was logged and getting broken into.
5) Linux doesn't play Starcraft 2. You'll be happy to know my bootable virus scan was linux based though.
I appreciate putting up the tips though, maybe others will benefit. and maybe I'll pay attention to #3 next time.
Had to contact billing again today. They take some time to even say they're looking into it. I imagine they have a lot of broken into accounts to investigate, to be fair.
R.I.P. in peace, Polar and Forest sectors 2003-2013
by matsumo itsu » Fri Jan 28, 2011 11:13 pm
muhahaha when you said the 100 character randomized password was the best way to go, me and a few of my friends are working on getting security plus and in reality yes it will be safe, but one keylogger and bam done, screen shot, text written, or if they can't get to it, it will email all the info.
Anyway yeah keyloggers/hackers/annoying people with no time on their hands, er I mean very smart people who will go far if they use the knowledge for good and bad.
Anyway yeah keyloggers/hackers/annoying people with no time on their hands, er I mean very smart people who will go far if they use the knowledge for good and bad.
by TheLQ » Sat Jan 29, 2011 12:35 am
matsumo itsu wrote:muhahaha when you said the 100 character randomized password was the best way to go, me and a few of my friends are working on getting security plus and in reality yes it will be safe, but one keylogger and bam done, screen shot, text written, or if they can't get to it, it will email all the info.
Anyway yeah keyloggers/hackers/annoying people with no time on their hands, er I mean very smart people who will go far if they use the knowledge for good and bad.
If there's a keylogger on your computer there are more important problems than your Wow account being hacked...
by Dark William » Sat Jan 29, 2011 5:14 pm
I do not think, that ya have a life, if ya hack people -.-
by KayLenny#7 » Sat Jan 29, 2011 6:45 pm
Dark William wrote:I do not think, that ya have a life, if ya hack people -.-
Not all hacking is malicious. I have a friend that hacks as a hobby and he never does anything to harm anyone's information. He has a life, he is a radio announcer, good student, farmer. More awkward than Jeremie, but a life anyway.
Formerly known as Numbuh 7
I'm out. Have fun homies.
I'm out. Have fun homies.
by TheLQ » Sat Jan 29, 2011 6:50 pm
Dark William wrote:I do not think, that ya have a life, if ya hack people -.-
I do some white hat penetration testing (in English that's ethical hacking). Its fun and if your really good can make you a shit ton of money
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 25 guests
