Re: Hacked, ,anyone else lately

It's not necessarily a key logger. Passwords are stored on your system in a rather easy to find place and probably in an easy to unencrypt format. So who knows, you may not be safe whether you store it or not.

Re: Hacked, ,anyone else lately

I asked Sev about this in the cross-post he made about this on BG, and it seems that this new version of the exploit gets around Firefox. One of my LS mates who uses Firefox noticed some funky CPU action on Friday night and he uses Firefox too.. We told him to do a scan & change his PWs just in case.. hopefully he didn't get compromised too.

Needless to say guys - scan your stuff, make sure you have all the Windows updates (ESPECIALLY the one for Realplayer if you have it installed) and change your passwords if you've been visiting these sites over the past few days.

Re: Hacked, ,anyone else lately

Um, no. That would probably be a Bad Sign (TM).

Re: Hacked, ,anyone else lately

Well then, why not just get rid of passwords entirely. A passcode to do things in the game defends against other things, like giving your password away.

Moving items outside your inventory (tossing, mailing, bazarring, trading, and selling on the AH) would most likely be covered by the same code.

Re: Hacked, ,anyone else lately

I've seen similar things happen, it was just keys getting stuck on a keyboard. I believe the exact culprit was a potato chip.

Re: Hacked, ,anyone else lately

Potato chips, those damn remote-desktoping bastards!


Can anyone suggest any good anti-virus software? I lost my Synamatic/Norton disk when I had to reinstall windows last week (great timing you stupid thing), so while I have super-anti-spyware and a firewall, I dont have antivirus atm. I also hear that Norton isnt super-great, and the fact mcafee identified this latest hacking attempt kind of impresses me...

Re: Hacked, ,anyone else lately

AVG is free and often recommended, I use it myself and have never had any problems. It updates daily and does a pretty good job of keeping my com clean, despite my lack of any other attempts to do so.

Though after all this talk of hacking, I think I'm gonna go home and re-run all my scanners. I may not have any of the super uber endgame stuff, but I do have a fair amount of gear and tons of furniture. But most importantly is that I'm the shell holder for a fairly sized, long running LS filled with friends and if something happened to that I would be very pissed.

Re: Hacked, ,anyone else lately

It could be optional and on a choice basis, so you pick which items you lock with the passkey of your choice and you then have to enter the passkey to chuck or move them from your character.

I change my password every month or so for kicks, I like to think this may help but I don't really have a clue. I think at the end of the day it comes down to bad luck than who's the most insecure.

It sucks to hear it was you Sevv.

Re: Hacked, ,anyone else lately

SE really needs to put an old feature from 4 years ago back into the game too. When I started playing...well in order to change any account info you had to enter your POL and/or FFXI reg code. It was somewhat annoying and it might not stop keyloggers but it was a good safety precaution.

I just avoid PCs with my password(personally) as it's safer(and I use the much fewer security holes than IE browser "Mozilla Firefox")...I also periodically change my password anyway. I ment to just write down general anti-hacker stuff...hey I went to school for networking stuff!

Just to summrize the thread and add stuff you can do for added security:

1. use a crazy mix of letters and numbers for passwords
2. use anti-spyware and an anti-virus
3. Don't use IE. It's much more attack prone than Firefox or even Opera. If you must use it keep it patched and up to date. Same goes with any program or OS parts.
4. Install a firewall program to block any strange programs(like keyloggers) from accessing the internet. [A good free one used to be Zone Alarm. I've been out of the loop XD]
5. if you can avoid PCs altogeter with this game...it's probabaly the safest option...but most of you can't...
6. NEVER GIVE ANYONE YOUR PASWORD!

Re: Hacked, ,anyone else lately

Sad part is these virus's are out before the software has the protection for it. So in that one instance you pretty much screwed yourself. Not to mention some things are not found by one virus software, but found in another. An you can't have 2 virus protections installed on your computer because that supposedly is harmful.

I run AVG before I go to bed and when I wake. As well as my spyware software. An even at this point I never really feel safe. I have to many highend gear, an a ton of hours put into it. To see it go would really suck.

Re: Hacked, ,anyone else lately

Wasn't FFXIAH thinking it was a bad ad, again? I thought I heard that somewhere. I thought they used those google ads? If that's the case, couldn't anywhere that pulled up the Google ads be dangerous?

IE: Gmail, free forums, things like that?

I don't play XI, but that doesn't mean they won't get my LotRO data. And then I'd kick someone's ass. Because I *do* have two rather expensive pieces of unbound gear I'm saving for my captain and minstrel.

Re: Hacked, ,anyone else lately

Yes, that is what they thought it was. If it was the same problem that McAffee found, they're wrong.

Re: Hacked, ,anyone else lately

You know, the simplest way to protect your PC is always going to be training yourself to think tactically. Put yourself in a hacker's shoes for a minute. If you want to cause damage or make money, what's the best target out there? The one everyone's using.

That's the problem with IE. Sure, it's free with your system and regularly maintained. Supposedly microsoft updates it to prevent hacks. But, the problem remains that at one time 90% of the market had Windows installed on their machines. Which meant that 90% of the market had access to a legal or hacked copy of IE. 90% of the world could potentially take that program apart looking for security vulnerabilities. If you wrote a virus script, you could hit 90% of the market unless someone was 'johnny on the spot' with updating. Chances were always good that you could beat Microsoft to the punch by exploiting a vulnerability, because unlike them, you don't have to test everything several times to make sure it doesn't break anything else on the machine.

So, to really take advantage of the hacker movements' profit motive, you need to start making yourself an unattractive target. Let's say that a browser exists named "Gefeltefish", (hey, it's my example, I pick the crazy names). Now, no one in the right mind will probably find this in a search engine, unless they're really old or really Jewish. So, your user base on this browser is limited to around let's say 50 people worldwide. You're a hacker, you want to make money. Are you really going to target a market of 50 people when you could hit one that's several million strong?

This is what smaller browsers like Firefox and Opera have going for them. These browsers are growing right now, but it's not the wildfire growth yet. They're also open source, which means that the Q&A dept is several million no-lifer Computer Science geeks instead of a steadily employed Microsoft dept of 50-100 people. Who's more likely to find a bug? Several million people looking at random areas or 50-100 looking in several areas in coordination? It's a shotgun approach, but it does hit things more often than not. What you need to realize though is that there's a point where Firefox hacking will become profitable. When Firefox users become 20-25% of the market, suddenly there's a potential to make money here. Hit that point, and you're worth money again. That's when it's time to explore other browser options.

On the subject of passwords: don't be lazy. Go with the string of random numbers and letters. Go case sensitive. Don't try to be clever by going L33sp34k on it, either. I used to own a company that sold products online. My partner was a web designer. His password for the website was the word "soccer" with a zero in place of the o. Here's the thing, any decent spammer can write a program that hits me with misspelled versions of erectile disfunction drugs with the same lettering schemes. How hard is it to repurpose that program to hack into an account? Sure enough, less than two weeks after he changed it there was an order for $500 worth of merchandise on the company account that supposedly had to be shipped out immediately. Never decide you're smarter than everyone else and you know a word no one out there will ever think to use. Trust me, someone already has a dictionary bot booted up to crack you. Your phone number and your address are both technically random strings of numbers and letters, and you memorized both of them successfully. Pick a new one and give it a shot.

Re: Hacked, ,anyone else lately

that's not really true. The large majority of exploits target people using outdated software. Exploits that individuals know about and use but the software makers are unaware of aren't really common.

Also not really true. It's a common misconception, but popularity and hackability do not go hand in hand. Look at Apache, for instance. Even when it had a majority of the market, it had fewer exploits and problems with exploits than proprietary competitors. Crackers generally take the path of least resistance-- yes, in most cases that is the majority, however that is because insecure software is the majority, in most cases; not because being popular makes something an easy target.

Also, Opera is proprietary, not open source. You are mostly correct about the large benefit of open source programs, though, in that it's hard to sneak vulnerabilities past thousands of people who are looking over the code in whatever way they please instead of a very small group of people who are only looking where they feel they need to.

Also, Firefox already has about a 20% market share. It's higher in European regions (up to around 40% in some places). They celebrated their 500 millionth download about a month ago, if that isn't plenty of money to be made, I don't know what is.

Re: Hacked, ,anyone else lately

Sorry for your loss Sevv.
You can always come kick my ass in SSBB to vent your anger.

On a side note, I went on a mini hiatus, (My motherboard is going out for an exchange of a new one (EVGA's Step-up program)). I tried to call SE to put my account on freeze, heh they said they didn't do that. Oh well. I can't even cancel my POL account for the time being unless they do it for me. :p

I hope somethings work out for ya.