Keyloggers, what to know, what to do (READ)

[Merlijn]

My brother's account got hacked as well which I found out yesterday (but he refused to use virusscanners and such) which ended up with me getting 2,5k gold and allowing to terminate his account cause the hacker hadn't changed the password.. I like hackers =)

But seriously Joy.. stop comparing computer security to RL situation.. and if you do at least do it properly....

having no authenticator would be like locking your doors at night..
whilst having one would be comparable to having your doors locked AND have a alarm installed.....
Now you don't have the latter either do you?

Stop pretending that my account is an open door because I don't have an authenticator.. it's BS

 

[Lonei]

My brother's account got hacked as well which I found out yesterday (but he refused to use virusscanners and such) which ended up with me getting 2,5k gold and allowing to terminate his account cause the hacker hadn't changed the password.. I like hackers =)

If the hacker didn't change the password he wasn't a very good one, and yet he still managed to get your brother's account. I bet you're proud of him :lol:.

 

[Braque]

This metaphors still fails. Authenticator adds a extra layer - something you have - where the password is the first layer - something you know. Password is like a keypad pin code lock, great if no one puts a hidden camera in front of your door to see what you type, authenticator is like a physical key, fantastic if you don't leave it at the pub ....

 

[Croga]

having no authenticator would be like locking your doors at night..
whilst having one would be comparable to having your doors locked AND have a alarm installed.....
Now you don't have the latter either do you?

urrrrrr.... yes I do....... You are right though, it's not comparable..... IRL the thief will go for the house he thinks is easiest to break into; hence my alarm system, another reason for the thief to go look elsewhere..... hmmmm..... maybe it is comparable..........

 

[Careface]

I like words that pretend to be other words. Like heffalump. Or flam.

 

[Lebuff]

I love flan. Flaaan.

 

[Damonkey]

Like Merl i do not have an authenticator but i was told if i use my Kaspersky (Internet security). Which has a on screen keyboard for entering passwords keyloggers cant pick this infomation up. However i would like an authenticator but i am resticted atm

 

[Merlijn]

On screen keyboards can still be logged by proper keyloggers.. if you get a keylogger on your computer you just suck at using the internet

 

[Braque]

Authenticator protected accounts are not protected vs new trojan:

http://www.mmo-champion.com/news-2/auth .... thcharger/

 

[Cronocious]

old news

 

[Joy]

Just found this: http://www.sandboxie.com/

Looks very useful, check it out.

 

[Merlijn]

Now this looks interesting

 

[Arly]

The Windows version of Java Runtime Environment (JRE) contains a critical flaw.
Security researchers Tavis Ormandy and Ruben Santamarta both published separate notes on a vulnerability that affects all versions of Java since version 6 release 10, including the Java Deployment Toolkit. It allows execution of the 'Java web launcher' in Internet Explorer, Mozilla Firefox or Google Chrome and is being exploited in the wild to launch drive-by-download attack. A proof-of-concept that turns on the calculator in Microsoft Windows has published by Ormandy.
According to the researchers, disabling the java plugin is not sufficient to prevent exploitation, as the Java Deployment Toolkit is installed independently. A workaround would be to disable javaws/javaws.exe in Linux and Windows by any means as this vulnerability occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters.

http://seclists.org/fulldisclosure/2010/Apr/119 <-- To read about it / test the proof of concept.

 

[Merlijn]

https://www.microsoft.com/protect/fraud/passwords/checker.aspx found this today. Might wanna check how strong your password is. If it's weak or medium I'd strongly suggest changing it. Might even want to consider changing if it's strong until it reaches best but imo that's for the most paranoid amongst us

 

[Ayu]

Usually passwords are not guessed, they are logged through a keylogger. Having the best password in the world won't help you if you don't run proper Anti Virus and Firewall software.

 

[Arly]

I made a password checker too. Please test your WoW password at http://isellgold.com/passwordchecker.php

 

[Lebuff]

Someone hacked Arly's forum account.

 

[Merlijn]

Usually passwords are not guessed, they are logged through a keylogger. Having the best password in the world won't help you if you don't run proper Anti Virus and Firewall software.

I know they're mostly obtained through keyloggers or phising sites and anyone who falls for those shouldn't use a computer at all imo but still it's no reason to have an easy / weak password. It's still an extra layer of protection. You'd be suprised how many people still use passwords like qwerty and the likings

And inb4 Authenticator!!!!!1111oneoneone. It's not 100% secure either

 

[Ded]

And inb4 Authenticator!!!!!1111oneoneone. It's not 100% secure either

I thought the only feasible way to hack in with an authenticated account was to be actively keylogging the person you're trying to hack as they log in, intercept their authentication code, and log in before them in the space of those few seconds.

You must have made some real enemies if they've gone that far but don't worry tho, I think my password is secure.

No one will guess "swordfish"... sssh

 

[Merlijn]

Yeah, you're right Ded. Here's the theory behind it : http://en.wikipedia.org/wiki/Man-in-the-middle_attack Doesn't mean it doesn't happen though