Pages: [1] 2 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 3 post(s) |
Ascuris Wurm
|
Posted - 2010.02.26 21:44:00 -
[1]
I, like many others have noticed the increasing number of posts relating to hacked accounts. CCP obviously has their hands full taking care of this business, and it's not really clear to what extent they investigate these crimes. It got me wondering if there was a way that we, the community could help. If details were gathered in one place, maybe the many eyes of the forum readers could reveal any patterns that might exist.
So I'm suggesting, that if you've had a hacked account, post as many details as you feel comfortable sharing in this thread, and let's see if any common denominators come to light. Maybe a common ISP? Maybe a common email provider? Who knows? Let's see what we can find out...
Some suggested details to include:
Region: continent? country? Be only as specific as you are comfortable with. Timeframe: ISP: email provider at the time: Sign into Eve/website from multiple locations?
ISK lost: non-liquid assets lost: corporation(s): alliance(s):
Please include the method of attack, if you know. In other words, you verified you had a keylogger on your system, you know someone also hacked your email, etc...
Anything else to include?
Let's please keep a positive attitude in this thread. Don't sit back and watch other players fall... the next one might be you!
|
Dex Timor
Valklear Guard
|
Posted - 2010.02.27 09:22:00 -
[2]
I'd like to see following info: - length of password (8+ is bare minimum) - lower/upper case, numbers, symbols mixed ? - password was a name / word just spelled with numbers ? - in-game name and username are identical or not ? - same username / password was used on another forum / game ? - people other than you have access to the used computer ? - interval at which you change your password. - Is your computer remote access enabled ?
|
Abrazzar
|
Posted - 2010.02.27 09:45:00 -
[3]
Originally by: Dex Timor I'd like to see following info: - length of password (8+ is bare minimum)
I am sorry, but this information is confidential.
Quote: - lower/upper case, numbers, symbols mixed ?
I am sorry, but this information is confidential.
Quote: - password was a name / word just spelled with numbers ?
I am sorry, but this information is confidential.
Quote: - in-game name and username are identical or not ?
I am sorry, but this information is confidential.
Quote: - same username / password was used on another forum / game ?
I am sorry, but this information is confidential.
Quote: - people other than you have access to the used computer ?
I am sorry, but this information is confidential.
Quote: - interval at which you change your password.
I am sorry, but this information is confidential.
Quote: - Is your computer remote access enabled ?
I am sorry, but this information is confidential.
Ok, answered your queries as best as I could (should). --------
|
Niccolado Starwalker
Gallente Shadow Templars
|
Posted - 2010.02.27 09:56:00 -
[4]
Edited by: Niccolado Starwalker on 27/02/2010 09:56:52
Originally by: Dex Timor I'd like to see following info: - length of password (8+ is bare minimum) - lower/upper case, numbers, symbols mixed ? - password was a name / word just spelled with numbers ? - in-game name and username are identical or not ? - same username / password was used on another forum / game ? - people other than you have access to the used computer ? - interval at which you change your password. - Is your computer remote access enabled ?
Honestly, those questions are all personal. The sole players can answer them for themselves, and if they answer NO on one of them, they should fix it. But giving the answer out to the public on this forum is pur and sheer idiocy.
Originally by: Dianabolic Your tears are absolutely divine, like a fine fine wine, rolling down your cheeks until they flow down the river of LOL. |
Dex Timor
Valklear Guard
|
Posted - 2010.02.27 10:40:00 -
[5]
Yeah, you're right. I didn't consider that. I'm just slightly annoyed at some of the "I got my account haxxed - CCP it's your fault" posts. Partly because I hope that it was user mistake and that I myself am not doing the same mistakes. Partly because, the more a user claims that he has done everything right, the more I think that I'm at risk myself. (Though I don't have several billions to lose).
|
Banana Torres
The Green Banana Corporation
|
Posted - 2010.02.27 11:12:00 -
[6]
Originally by: Dex Timor - same username / password was used on another forum / game ?
Yep, it used the same password as my googlemail account. I had assumed that google would look after my passwords. But it would seem the Hu Jintao wanted to know what is going on in my inbox.
I'm not saying the hacking of my google mail account and the hacking of my game account were related, but we know that Hu Jintao's country supports the criminal hacking of computers. The crimal gangs that are involved in RMT are also given protection by Hu Jintao's party.
|
Dex Timor
Valklear Guard
|
Posted - 2010.02.27 11:23:00 -
[7]
Originally by: Banana Torres
Originally by: Dex Timor - same username / password was used on another forum / game ?
Yep, it used the same password as my googlemail account. I had assumed that google would look after my passwords. But it would seem the Hu Jintao wanted to know what is going on in my inbox.
I'm not saying the hacking of my google mail account and the hacking of my game account were related, but we know that Hu Jintao's country supports the criminal hacking of computers. The crimal gangs that are involved in RMT are also given protection by Hu Jintao's party.
Oh my god ... China ... CCP China !
It was there for all of us to see, and yet we ignored it.
|
Jeneroux
Gallente
|
Posted - 2010.02.27 15:26:00 -
[8]
Socially engineered hacking: A person who observes chat channels and collects information about people over time. I see people tell the very personal detail in local many times. A corp member, someone you talk to about the game in msn or email on in a forum, anyone who can observe your communication with other people over time. Much information can be collected about you in this way. Lists of potential passwords to your account can be tested over time. Many many times a person you know is the problem.
Enfants de script.. I think english idiom is script kiddies. These are people who are the amateur hacker. Many scripts can be found on the net which can be used to do the periodic password attempt from a list of dictionary word with random numerical prefix or suffix. this method takes time and patience but little skill and can be used against multiple victims. A collection of information which you provide in chats over time can be added to this profile matrix. Is primary reason why simple short passwords are not wise. The name of a person or place.. add the significant date like the birth date.. maybe something you say in a chat. Passwords constructed in this fashion protect little.
Phishing websites. Some browsers are more safe. Firefox with the noscript addon is very strong. Basic Internet Explorer is not very strong defense. A strong browser and good security software is much but not all protection from keylogger and spyware download. Do not allow execution of script in browser unless you are comfortable with the site.
Security software. I know people who will not spend the money for strong software but will use free security software. To make it worse, I see people often abort the system scan because it take too much time. Is better to buy good security. zone Alarm extreme security is strong.. but only if carefully configured and the updates maintained.
When spyware gets into the pc, it can modify many security software to not see the spyware. This is why is important to always have good security practice AND good security software. You must do both for a degree of safety. one without other is useless.
If you remember your password, is not good password.
This is good password. 39854847ft654t25qnrkzmt74z8e85f5sr364m679q3ng This is not good password. mother1946
Never use same password more than one place. Make spreadsheet or buy password manager. I keep mine in spreadsheet on usb stick. copy paste works well. I store the usb stick in my behind. no one will take without my knowledge.
Hacking starts with you most times.
|
lollerwaffle
Sileo In Pacis THE SPACE P0LICE
|
Posted - 2010.02.27 15:34:00 -
[9]
Originally by: Jeneroux
I store the usb stick in my behind. no one will take without my knowledge.
Best line in a good post.
Originally by: salva dore Cloak should not be AFK solution. What do you think?
Originally by: AFK Cloaker
|
|
CCP Adida
C C P Alliance
|
Posted - 2010.02.27 15:41:00 -
[10]
Edited by: CCP Adida on 27/02/2010 15:43:29 Removed all inappropriate posts in this thread.
There are some measures you can take on your own to protect your account:
- Create a secure password by using a combination of letters, numbers, and symbols
- Update your password several times a year
- Use a different password than what's on your email
- Have a designated email just for your eve account
- Don't click on suspicious links or websites
- Don't share your account (no matter how much you think you trust someone)
These are just a few of many suggestions you can take account security into your own hands.
[yellow]Adida Community Representative CCP Hf, EVE Online http://support.eve-online.com/pages/petitio |
|
|
Professor Tarantula
Hedion University
|
Posted - 2010.02.27 16:00:00 -
[11]
Originally by: CCP Adida These are just a few of many suggestions you can take account security into your own hands.
I don't mean to disregard those basic security measures you suggested, but just allowing players to limit account use to a particular IP would do a world of good. It's something i was sure a MMO company would have picked up by now, and i'm not buying any talk about it being difficult to implement. Your basic forum tracks and bans users based on their IPs, search engines track IPs, Email accounts track IPs so you can see if anyone else is logging in to them, but so far the MMO world is pretending such a thing is unreasonable and/or impossible.
CCP don't want people sharing accounts, and CCP don't want customers quitting because their accounts got hacked, so they should get cracking on this. They can only blame the customers to a certain point. If they've got a blanket solution within reach why aren't they using it?
My deepest sympathies. Prof. Tarantula, Esq. |
vetodel morei
|
Posted - 2010.02.27 16:14:00 -
[12]
it is very easy to make a strong password, take a walk and note down 3 numberplates on cars, put these 3 number plates together and make one of them upercase, and there you have it a very random strong password
|
Dante Marcellus
Minmatar
|
Posted - 2010.02.27 16:43:00 -
[13]
All this talk about getting hacked is making me want to change my password and be more secure than I already am. And I'm just a new character lol
|
Professor Tarantula
Hedion University
|
Posted - 2010.02.27 16:55:00 -
[14]
If you get your identity stolen and the bank tells you it's because your PIN number or something was too simple, it's time to find another bank.
Thankfully, the real world doesn't mirror MMO policies, and banks want to ensure their customers remain happy no matter how stupid they may be.
My deepest sympathies. Prof. Tarantula, Esq. |
Master clone
|
Posted - 2010.02.27 17:53:00 -
[15]
just want to punch a question into this thread..
*mentions of other MMOs*
Yeah... Anyone who has ever seen another MMO out there... WoW.. Would know they brought in a little authenticator doodad. six numbers, on a dongle, that renders that account... nigh unhackable.. Bringing the amount of 'my account got hacked' Down alot. Why cant we have the option to buy a similar setup for Eve-online? A 3rd party company sets up the dongles for use with CCP, and its implemented via 'my account' section of the game.
You go to the eve-store and buy a $10 dongle. You enter the key on the back of it into eve-online (on a SECURE MACHINE)... every time you log into your character you have the enter the six digits on the key. If the key isnt entered in less then 15sec the key becomes invalid, you have to go back, press the button and enter a different key.
I dont see mission runners being very interested, they dont have a massive amount to loose, but I DO see titan pilots, alliance leaders etc, wanting something like this.
CCP - Can you at least look into this? for a fair price, I'm sure that some players would be interested, I would personally pay the $10 for this lovely little device, knowing I could log eve-online onto a public machine, and rest easy knowing im not going to get hacked!
|
Vitamin B12
Tyrell Megacorporation
|
Posted - 2010.02.27 18:14:00 -
[16]
Edited by: Vitamin B12 on 27/02/2010 18:14:23 i know this from a game i played years ago.
https://account.entropiauniverse.com/account/security/
maybe take a look ccp...
|
|
CCP Adida
|
Posted - 2010.02.27 18:26:00 -
[17]
Removed posts that link other MMOs. Please review the forum rules
All posts must be about or related to Eve Online. Posts about other games or game companies, products or services not related to Eve are not permitted.
[yellow]Adida Community Representative CCP Hf, EVE Online http://support.eve-online.com/Pages/Petitio |
|
Vitamin B12
Tyrell Megacorporation
|
Posted - 2010.02.27 21:18:00 -
[18]
Originally by: CCP Adida Removed posts that link other MMOs. Please review the forum rules
All posts must be about or related to Eve Online. Posts about other games or game companies, products or services not related to Eve are not permitted.
i tryed really hard but i cant find the forum rules. no joke... well i will censor everything related to another game...
"In order to help you protect your *** account from unauthorized use, we have developed the *** Security System.
What is the *** Security System?
The *** Security System adds an extra security layer to your *** account. The system consist of a physical chip card and a reader, the *** Kit. By inserting the card into the reader you generate unique one-time codes that you use as a complement to your username and password when you log in to the *** or to My Account on the website.
Why should you use the *** System?
The *** Security System helps prevent unauthorized use of your *** account. Even if someone somehow manages to get hold of your *** login information, this information will not give access to your account if you have an activated *** Security System."
replace *** with EVE. now its eve related.
|
Dr Decay
|
Posted - 2010.02.27 22:22:00 -
[19]
Originally by: Vitamin B12 i tryed really hard but i cant find the forum rules. no joke...
"really hard"?
Look to your left. See 'EVE Forums'? Click on it. You should see "Forum Rules."
One click.
That's just pathetic.
|
IVeige
Caldari Deep Core Mining Inc.
|
Posted - 2010.02.27 22:27:00 -
[20]
Originally by: lollerwaffle
Originally by: Jeneroux
I store the usb stick in my behind. no one will take without my knowledge.
Best line in a good post.
In before backdoor bandit reply to this one loll...
|
|
Malevian
|
Posted - 2010.02.27 23:13:00 -
[21]
"I store the usb stick in my behind. no one will take without my knowledge."
I prefer to simply commit passwords to memory instead of writing them down or sticking them on something like the above that could be lost or stolen. Use, mixed case, numbers, punctation etc always - but keep it memorable for yourself. Nevertheless, for most cases if the password forgotten you can just reset it - except for the really important ones like your os admin account.
Something else unmentioned above - aside from simply avoiding Internet Explorer, consider avoiding Windows altogether for vastly improved security and in most cases speed. The price for that though is a bit more hassle in setting things up like EVE - however if you can figure out how to play EVE to begin with then it shouldn't an issue for you.
However despite there being no need whatsoever to run virus scans on a mac or linux pc due to the os architecture, you are still exposed to trojans / rootkits and software flaws. So you need to be cautious about where you install components from, update your system frequently from verified sources and you should still run a firewall. Also use strong wireless encryption like WPA not WEP if applicable, use a router with stateful packet inspection and occasionally check for rootkits via chkrootkit andd rkhunter.
|
Vitamin B12
Tyrell Megacorporation
|
Posted - 2010.02.27 23:30:00 -
[22]
Originally by: Dr Decay
Originally by: Vitamin B12 i tryed really hard but i cant find the forum rules. no joke...
"really hard"?
Look to your left. See 'EVE Forums'? Click on it. You should see "Forum Rules."
One click.
That's just pathetic.
didnt see the forest because of all that threes...
|
Tippia
Reikoku IT Alliance
|
Posted - 2010.02.27 23:47:00 -
[23]
Originally by: Malevian I prefer to simply commit passwords to memory instead of writing them down or sticking them on something like the above that could be lost or stolen.
If you worry about your password Post-It™ being stolen, you can always use the reverse-memorisation trick:
Pick 1-3 letters of the alphabet as your non-password, and then use a password-generator to create a Byzantine mess of letters, symbols and numbers. Keep generating passwords until you get one without the letters you've chosen and then insert these letters at some random locations in the generated password and write that down.
Anyone who steals your ubar-sekkrit note will now have access to a very sneaky and hideously complex password… that's not the right one. Only you know which letters not to enter of the ones you've written down. ——— “If you're not willing to fight for what you have in ≡v≡… you don't deserve it, and you will lose it.” — Karath Piki |
Kolatha
|
Posted - 2010.02.28 00:33:00 -
[24]
Edited by: Kolatha on 28/02/2010 00:36:02
Originally by: Professor Tarantula
Originally by: CCP Adida These are just a few of many suggestions you can take account security into your own hands.
I don't mean to disregard those basic security measures you suggested, but just allowing players to limit account use to a particular IP would do a world of good. It's something i was sure a MMO company would have picked up by now, and i'm not buying any talk about it being difficult to implement. Your basic forum tracks and bans users based on their IPs, search engines track IPs, Email accounts track IPs so you can see if anyone else is logging in to them, but so far the MMO world is pretending such a thing is unreasonable and/or impossible.
CCP don't want people sharing accounts, and CCP don't want customers quitting because their accounts got hacked, so they should get cracking on this. They can only blame the customers to a certain point. If they've got a blanket solution within reach why aren't they using it?
Because IP spoofing is very real and a very common method for bypassing IP based authentication. It is a no brainer for the hackers to create their key logging software so that the infected system's IP address is sent along with the login and password. Then there is the issue of the whole dynamically assigned address space most ISPs use.
But I do agree that there does need to be some additional work on CCP's end of the deal. A separate login and password for account management, or at least forum access would be a great start and would cut down on quite a bit of heart ache.
One other thing to make your web browsing a little safer is to disable iframes.
The primary source of infections and browser exploits for most people is not, as is commonly stated, dodgy web sites selling shady products. It is "safe" sites that have been compromised by hackers who have inserted their own code which is often a hidden iframe linking to a shady site with an infection exploit. Worpress sites have been particularly vulnerable to these types of attack lately but they can hit anyone anywhere with poor security measures.
|
Ephemeron
Retribution Corp. Initiative Associates
|
Posted - 2010.02.28 01:17:00 -
[25]
Originally by: CCP Adida Removed posts that link other MMOs. Please review the forum rules
All posts must be about or related to Eve Online. Posts about other games or game companies, products or services not related to Eve are not permitted.
I'm pretty sure that hasn't always been the case. Numerous times players discussed other MMOs in the way they compare to EVE, most notably WoW threads.
And why have such a rule? it's not like these type of posts are flooding the forum, they are relatively rare. Is CCP that insecure about their game now? CCP just gets worse every year
|
Viktor Fyretracker
Caldari Fyretracker Heavy Industries
|
Posted - 2010.02.28 01:20:00 -
[26]
IP authentication also fails due to DHCP, there is no way to know a customer will have the same IP from one day to the next. i have even shifted subnets on Comcast before and gotten totally different IPs. the company simply owns so many blocks.
|
sue denim
|
Posted - 2010.02.28 01:54:00 -
[27]
Edited by: sue denim on 28/02/2010 01:55:34
Originally by: Viktor Fyretracker IP authentication also fails due to DHCP, there is no way to know a customer will have the same IP from one day to the next. i have even shifted subnets on Comcast before and gotten totally different IPs. the company simply owns so many blocks.
I'm not an expert in these things but maybe it's possible to lock it based on mac address, that's unique to the computer I believe? you can lock an account to a mac address so it can't login unless ur logging in from that specific mac address. Can that be spoofed?
I don't know how possible or easy that is... just spit balling.
|
Ephemeron
Retribution Corp. Initiative Associates
|
Posted - 2010.02.28 02:05:00 -
[28]
easiest thing is to create cookie file that identifies your computer from the rest, it's independent of IP That's how all the shopping websites work
|
Zedic
Amarr Universalis Imperium
|
Posted - 2010.02.28 02:14:00 -
[29]
Originally by: Professor Tarantula
Originally by: CCP Adida These are just a few of many suggestions you can take account security into your own hands.
I don't mean to disregard those basic security measures you suggested, but just allowing players to limit account use to a particular IP would do a world of good. It's something i was sure a MMO company would have picked up by now, and i'm not buying any talk about it being difficult to implement. Your basic forum tracks and bans users based on their IPs, search engines track IPs, Email accounts track IPs so you can see if anyone else is logging in to them, but so far the MMO world is pretending such a thing is unreasonable and/or impossible.
CCP don't want people sharing accounts, and CCP don't want customers quitting because their accounts got hacked, so they should get cracking on this. They can only blame the customers to a certain point. If they've got a blanket solution within reach why aren't they using it?
Holy @#$#@$@ NO!!!
I am a Flight Attendant, I don't have a "particular IP address" I am all over the country. Should I loose my accounts because of my profession? Sorry, but this suggestion is short sighted.
|
Viktor Fyretracker
Caldari Fyretracker Heavy Industries
|
Posted - 2010.02.28 02:21:00 -
[30]
Edited by: Viktor Fyretracker on 28/02/2010 02:23:27 Keyfobs like those used by VPN systems would be the best bet for total security. not only can you have the fob with you but the code becomes spent once you hit login. this would greatly make it safer to login from say, airport wifi.
and nice to see you poking around Zed, shoot me an mail in game or out sometime if you still have it.
|
|
|
|
|
Pages: [1] 2 3 4 :: one page |
First page | Previous page | Next page | Last page |