cant edit:Originally Posted by lcl22
in any case, reread, and i realized you did get hacked, im sorry about that, good luck getting your account back secured
on a side note, it got me thinking , most of us are using external sites for our builds and talent calculators, a perfect setting for a hacker to lay their keyloggers, a place where tons of people will go chek their builds on a new game, especially considering , there are so little rift sites out there still..
Zam has one already up and running. I would trust that over anything else short of the official site.
Of course, even they have had malicious ads placed on their sites in the past, best bet is to simply run adblock/noscript.
Me neither, seeing as how you've already said you're using the AV/AM tools built into Win7. Free Clue, Mister I Know Everything About Internet Security So It Can't Be My Fault - if your antivirus doesn't update its database several times a day at least, you'd be better off with nothing. At least then you'd know you had to install proper security, and maybe have the sense to stay off the net entirely until you did.
Internet security is like sex. Always make sure you know your partners are safe, and always use one or more recognised forms of protection from a certified manufacturer. If, on the other hand, you choose to act like the OP and go in bareback on half a dozen Bangkok ladyboys, don't come running to me for sympathy when you test *** positive.
Trion IS at fault for some things, even if it is unlikely their account server got hacked.
For instance, the username is an email address. This is stupid and insecure, since most people use their email address for more than one thing, often on fansites dedicated to the game - many of which are fronts run by gold selling companies that are used specifically for gathering usernames/passwords to try on the game accounts. By requiring email address to be my password, most users are being required to GIVE half of their login information to those attempting to steal their accounts.
The forums use the same login as the game itself. Again, insecure. The forums shouldn't use the same login, and worse, as far as I can tell there is no lockout for number of login attempts. This means that, since they already have an email address to try as a username, they can attempt to brute force a password by tossing multiple login attempts.
There are things we can do to protect ourselves further - for instance, I created a unique email account that is used only for the game, and if I ever see anything else come through on that account that isn't from Trion, I can change my login to another email. But most users aren't security-conscious enough to do something like this.
-Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
Ailanreanter, Arcanaloth
I can say with 100% certainty that the odds Trion got hacked vs you doing something stupid is about 10000000000000000000000000000000000000000000000000 00000/1
Looks like the kiitten hackers started messing with the Rift accounts too..I know they could get you through e-mails but what are other ways they can steal your account info?
1. You can make a new e-mail account just for the game.
2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
3. What the hell are you talking about e-mail being your password?
4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.
This is beyond stupid. The forums are on the same authentication servers. I am sure the admins won't notice the 10000 sequential attempt on your password. The odds of getting brute forced are beyond minuscule unless you use doggod as a password.The forums use the same login as the game itself. Again, insecure. The forums shouldn't use the same login, and worse, as far as I can tell there is no lockout for number of login attempts. This means that, since they already have an email address to try as a username, they can attempt to brute force a password by tossing multiple login attempts.
People get keylogged.
You solved the problem from your first point. That is the users responsibility, not Trions.There are things we can do to protect ourselves further - for instance, I created a unique email account that is used only for the game, and if I ever see anything else come through on that account that isn't from Trion, I can change my login to another email. But most users aren't security-conscious enough to do something like this.
Any method that would allow them to put a keylogger on your computer.
OP, if they spoofed your password, they've also got your MAC Address and IP address that they can use alongside, so restricting it based on IP address is redundant. Its much harder to get a password then an IP addy.
Depending on the forums used, you can get your IP addy known by anyone there.
Passwords are usually stolen by Keyloggers. How does a Keylogger get on your computer?
**** sites?
Warez sites?
Limewire?
Viral-infected Emails?
Sometimes one of the above is true.
But actually you are getting them from Google.com, Microsoft.com, Cnn.com, MSNBC.com, or any other mainstream website. But not from the website themselves.
These websites contract ad agencies to do their advertisements for them using flash banners usually. They let these agencies control what goes in that spot.
These ad agencies aren't stealing your passwords either now. But they are less stringent on what goes on these ads. As in they fix the bad ones reactively instead of proactively. And usually only when there is a complaint. This is assuming people know the source of said keylogger.
Lets say one of Google's advertisements gets a bad egg. Lets say it isn't caught for say... 6 hours. How many people do you think just got that bad piece of malware before it was caught? Usually Malware Bytes or Anti-virus catches it. But lets say 5% don't. Thats still a large number of people.
Are we just SOL? No.. we're not. The advertisement agencies are. Send them a message by using Firefox with AdBlock and NoScript addons. You'll never see these banner ads, it will block them before they can be displayed and possibly put a keylogger on you.
In addition you won't see those ads on free guild sites or the fansites with information about the game. The downside is if everyone does this, the agencies will go bankrupt and cause the sites they support to go down. But it should be up to them to Proactively scan their ads for malware. We shouldn't have to run our scans each time we visit their website and pray there isn't something that will slip through.
Er.
User name/password are in principle a combination of which you need both to get anywhere. Account names are not supposed to get transmitted in plain text for secure authentication. Stored, yes, making them somewhat less secure than passwords, but they can still be a component of security.
Separating user name from email address would, indeed, improve security.
I just got an attempted infection from a link to imageshack off a stickied thread. If you get a popup from any of these sites, do not click a button or even on the X in the upper right corner. Go into task manager and end the task. Even clicking on the X can infect you. It was an amusing attempt, telling me AVG had found suspicious activity. I do not use AVG.
Stop and think for a moment. If the issue would be at Trion's side would not pretty much everyone have been a victim?
Sorry but i am not going to stop browsing **** for this game.
Give us authenticators please.
I'm not supporting the OP here, for clarification.
2. Username are not nor ever were a useful aspect of security. If they were they would not be stored nor transmitted in plain text.
4. I will repeat, a username is not half of your security. Stop thinking it provides any sort of useful protection to an account.
First, try logging in WITHOUT entering your username. If someone doesn't know your username they have to guess two things to bypass security. Second, username SHOULD ALSO be encrypted and a third numeric 4-digit PIN should also be associated with the account. Username & password security are years old; time to add one more step to limit common hackers.
3. What the hell are you talking about e-mail being your password?
I'll assume this person meant 'username' and this was a typo.
The forums are on the same authentication servers
All the more reason to have SEPARATE forum accounts with a relation to a main account. Also, all the more reason to have different logins for the Trion account management and the RIFT authenticator. I should only use my Trion login to access my account information, a Forum login to participate here, and a RIFT login to authenticate in the launcher. Would that be inconvenient for many? YES, and if it is inconvenient for many players it ups the chance that it would be inconvenient for common hackers. Anyone with 5.95 on a prepaid card (heck even free really) can set up a 'fan-site' and add loggers and viruses --not to mention shady advertisers.
To play the other side, it IS our responsibility to be security-aware when we use the internet. And many times security is circumvented in the most basic way. If you all haven't seen this video in the past I suggest watching it in length now (http://video.google.com/videoplay?do...4376898701015#). It is kinda funny but you just may be shocked how STUPID all you people calling the OP stupid really are when it comes to your own security. It's not always about getting keylogged or letting your wife know your password...
Quoted for truth.
~~Triple~~
Former Monarch in Asheron's Call (The Gathering on Solclaim) for 5 years.
Former GM of Casual Raiding guild in WoW (6 years). http://www.wowno.com
GM of Novus Orsa guild on Shatterbone. http://www.therifts.com
Posting Permissions
Reply With Quote
Bookmarks