Keyloggers, what to know, what to do (READ)

Merlijn

Shadow Master
Mar 11, 2009
2,284
My brother's account got hacked as well which I found out yesterday (but he refused to use virusscanners and such) which ended up with me getting 2,5k gold and allowing to terminate his account cause the hacker hadn't changed the password.. I like hackers =)

But seriously Joy.. stop comparing computer security to RL situation.. and if you do at least do it properly....

having no authenticator would be like locking your doors at night..
whilst having one would be comparable to having your doors locked AND have a alarm installed.....
Now you don't have the latter either do you?

Stop pretending that my account is an open door because I don't have an authenticator.. it's BS
 

Lonei

Shitpenis
Aug 7, 2008
499
Merlijn said:
My brother's account got hacked as well which I found out yesterday (but he refused to use virusscanners and such) which ended up with me getting 2,5k gold and allowing to terminate his account cause the hacker hadn't changed the password.. I like hackers =)
If the hacker didn't change the password he wasn't a very good one, and yet he still managed to get your brother's account. I bet you're proud of him :lol:.
 

Braque

Member
Dec 14, 2005
2,256
This metaphors still fails. Authenticator adds a extra layer - something you have - where the password is the first layer - something you know. Password is like a keypad pin code lock, great if no one puts a hidden camera in front of your door to see what you type, authenticator is like a physical key, fantastic if you don't leave it at the pub ....
 

Croga

Says funny things =)
Sep 9, 2008
892
The Hellmouth
Merlijn said:
having no authenticator would be like locking your doors at night..
whilst having one would be comparable to having your doors locked AND have a alarm installed.....
Now you don't have the latter either do you?

urrrrrr.... yes I do....... You are right though, it's not comparable..... IRL the thief will go for the house he thinks is easiest to break into; hence my alarm system, another reason for the thief to go look elsewhere..... hmmmm..... maybe it is comparable..........
 

Damonkey

Member
Mar 10, 2009
302
Like Merl i do not have an authenticator but i was told if i use my Kaspersky (Internet security). Which has a on screen keyboard for entering passwords keyloggers cant pick this infomation up. However i would like an authenticator but i am resticted atm :(
 

Merlijn

Shadow Master
Mar 11, 2009
2,284
On screen keyboards can still be logged by proper keyloggers.. if you get a keylogger on your computer you just suck at using the internet
 

Arly

Non-Shouter
Oct 3, 2007
1,733
The Windows version of Java Runtime Environment (JRE) contains a critical flaw.
Security researchers Tavis Ormandy and Ruben Santamarta both published separate notes on a vulnerability that affects all versions of Java since version 6 release 10, including the Java Deployment Toolkit. It allows execution of the 'Java web launcher' in Internet Explorer, Mozilla Firefox or Google Chrome and is being exploited in the wild to launch drive-by-download attack. A proof-of-concept that turns on the calculator in Microsoft Windows has published by Ormandy.
According to the researchers, disabling the java plugin is not sufficient to prevent exploitation, as the Java Deployment Toolkit is installed independently. A workaround would be to disable javaws/javaws.exe in Linux and Windows by any means as this vulnerability occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters.

http://seclists.org/fulldisclosure/2010/Apr/119 <-- To read about it / test the proof of concept.
 

Ayu

You need help.
Staff member
Aug 26, 2005
15,256
Usually passwords are not guessed, they are logged through a keylogger. Having the best password in the world won't help you if you don't run proper Anti Virus and Firewall software.
 

Merlijn

Shadow Master
Mar 11, 2009
2,284
Usually passwords are not guessed, they are logged through a keylogger. Having the best password in the world won't help you if you don't run proper Anti Virus and Firewall software.

I know they're mostly obtained through keyloggers or phising sites and anyone who falls for those shouldn't use a computer at all imo but still it's no reason to have an easy / weak password. It's still an extra layer of protection. You'd be suprised how many people still use passwords like qwerty and the likings

And inb4 Authenticator!!!!!1111oneoneone. It's not 100% secure either
 

Ded

is Ded
Mar 4, 2007
587
And inb4 Authenticator!!!!!1111oneoneone. It's not 100% secure either

I thought the only feasible way to hack in with an authenticated account was to be actively keylogging the person you're trying to hack as they log in, intercept their authentication code, and log in before them in the space of those few seconds.

You must have made some real enemies if they've gone that far :eek: but don't worry tho, I think my password is secure.

No one will guess "swordfish"... sssh