Regarding Account Secruity, A Special Tip :)

[damet]

If you are having problems with the methods already mentioned, or you just don't feel secure, a good way to ensure you computer is rid of all malware/trojans/keyloggers etc..you can visit AumHa Forums http://aumha.net/viewforum.php?f=30 (scan link, it's not a virus lol)
Download Hijackthis, and post your logs on their forums, their programmers are very talented and pro. They will solve all your problems Just thought I'd share.

[Tajin]

For the record, Hijackthis is now part of trend micro so:

http://www.trendsecure.com/portal/en-US ... hijackthis

[AoshiZ]

I'm sorry that i'm posting this after the thread got locked but the thread got locked while i was posting a reply and i feel this is important for people to know.

You want to GUARANTEE that you won't get hacked?

Do not ever turn your computer on. And if you do, certainly make sure there is no wireless connection ability and definitely don't plug it into any sort of network.


The absolute best you can do in this case is give confidence and hope that you are safe from hackers.

You cannot, never, ever, not even if you're Taj be 100% protected from hackers while on the network. Its just NOT possible. Sorry to rain on anyone's parade. Burst bubbles. Etc.

There have been many comments like this one in the last account security thread that are completely unjustified.

On the comment of you can never be 100% protected from hackers on a network is completely false. If you have nothing listening on the ports, then there is nothing to exploit. Attacks on vulnerabilities require that something be exploited to compromise the said system. This is the sole purpose of firewalls. Of course packets can penetrate some firewalls by altering their flags to mimic that of "Stateful" packets but if there is nothing to listen to the packet then it is impossible to exploit something that isn't there. To minimize the number of applications that are listening on ports, individuals can turn off unneccessary applications/services. (Don't turn off anything you're not sure of). One way to check what applications are listening on what ports you can use a built in program from the command prompt:

Netstat -a -b
(this will show you what executables are listening on what ports)

There's also alot of talk about decrypting files that are stored locally on the systems. These kind of statements lead me to believe that these people think that they are authoritative figures. If so can you elaborate on what the encryption algorithm that is used and how the private key is generated? Or how the ciphertext is decrypted using some vulnerability? If not i suggest you STFU because hacking encryption involves a high level of complexity almost always ruling out brute force and relying on heuristics or a vulnerability in the algorithm. This point of attack has the lowest probability out of all the ways to compromise personal information. I don't think it should be brought up unless there is definitive evidence. Its not productive to try and scare people.

There was also mention of the system password being resident in memory at one point in time no matter how short the duration. This statement is a false statement unless the individual knows how POL is designed. It is possible to not even decrypt the stored password client side and send it to the server for decryption and authentication verification server side. This can be sent securely using a secure connection with a handshake process (even possibly using a 3rd party trusted authority implementation).

Taj also mentioned that the POL ID cannot be obtained client side without a screen shot. Does POL rasterize the POL ID before it displays it or were you saying that it cannot be obtained because of the improbability of decrypting it client side? If you were referring to the later of decrypting than i will have to agree and say its not probable. Otherwise, can you elaborate as to why this is not possible? Generally you can obtain displayed information from GUI components with API's similar to ones such as WM_GETTEXT (custom component?). Not trying to scare people but i think this is important to know.

Regarding the comments on Hash algorithms... hashing has collisions... can anyone elaborate as to why anyone would store a hash locally? Hash functions are good for encryption processes to make one-way fingerprints. They are generally not one to one and used to prevent two-way calculations. These lead to more complicated security implications and I think people should stray away from explaining how things work if they do not specically know how it is implemented.

I am going to state right now that I am no expert in the mechanics of PlayOnline... but i posted this response because it seems there there are alot of people speaking authoritatively when they are not. Please, share information if you know what you're talking about... and more importantly never make arguments based off the principle of the unknown (example: You cannot stop everything! or You cannot know all the exploits out there) because the argument is a debating fallacy in which you cannot win the argument. Therefore it makes it a weak argument.

From my personal experience i have found that the things to lookout for are websites that I am not familiar with. alot of the nasty spyware out there these days use exploits in IE, javascript, JAVA, plugins, or something else to infect your computer. Even without running anything and just visiting the site. I'm not talking about ActiveX controls but actual vulnerabilities in software. The easiest way to avoid not getting spyware is to stay away from sites that you are not familiar with or have no financial backing. Generally, websites with companies running them that have some form of liability will almost always not have malware because they have legal reprecussions. Websites off free servers are something you should lookout for.

Also my grammar and volcabulary are not that good so don't bothering trying to bash me there... if you do... way to use the strawman fallacy.

[Ryko]

Rofl I didn't even have to do it.

[AoshiZ]

Oh I forgot to mention. Some Spyware applications like to run as DLL hooks and ride on applications/services and act on their behalf. These are kinda scary... because you can't see them on the process level. There are applications out there like sysinternal's (now a part of microsoft) Process Explorer that let you see these dll's running as threads of other processes.

Here is a link:
http://www.microsoft.com/technet/sysint ... lorer.mspx

The application also lets you suspend or kill these threads so you do something about it.


Hopefully that helps someone.

[nithyan]

I'm sorry that i'm posting this after the thread got locked but the thread got locked while i was posting a reply and i feel this is important for people to know.

You want to GUARANTEE that you won't get hacked?

Do not ever turn your computer on. And if you do, certainly make sure there is no wireless connection ability and definitely don't plug it into any sort of network.


The absolute best you can do in this case is give confidence and hope that you are safe from hackers.

You cannot, never, ever, not even if you're Taj be 100% protected from hackers while on the network. Its just NOT possible. Sorry to rain on anyone's parade. Burst bubbles. Etc.

There have been many comments like this one in the last account security thread that are completely unjustified.

I hear there's this thing called "hyperbole". People use it sometimes to emphasize things by deliberate overstatement. You know, like the old quote about the only secure computer being the one that's turned off, covered in concrete and sealed in a lead-lined room protected by armed guards? And even then not being sure about it?

[Seditedi]

What is secruity?

[theo]

ensure

+10 pages.

On topic, I wouldn't feel comfortable handing over logs of my computer to complete strangers. I know your intentions are probably good, but with all the hacking lately it just seems like a terrible idea to me.

[damet]

why dont u take a few minutes and read those forums then make a decision. If you don't trust it, you do have to do that. And for the record, handing over log files from Hijackthis isn't really dangerous, you can't do much with it expect like see what runs on your computer and what files you have basically.

[rydiu]

On the comment of you can never be 100% protected from hackers on a network is completely false. If you have nothing listening on the ports, then there is nothing to exploit.

That alone requires a level of know-how beyond the average computer user....and if you're listening on no ports you might as well leave it turned off and/or not plugged into a network...

Aside from this bit of nonsense the rest of what this man or woman has to say is sound advice.

Whoever said the password is stored in memory in plaintext is lolworthy as well as the people who think its a simple task to decrypt the POL password stored on your machine....

My comment is completely justified since there is no way to ensure you will never get hacked short of not plugging your computer in to the network. There are ways to make it highly unlikely you will ever be the victim of a successful attack but there is no way to guarantee it, no matter how smart you think you are. Your defense is only as strong as the weakest link and in most cases that link is pretty damn weak and 90% of the time it has nothing to do with technical computer security.

If there's a will there's a way....

[LinktheDeme]

On the comment of you can never be 100% protected from hackers on a network is completely false. If you have nothing listening on the ports, then there is nothing to exploit.

That alone requires a level of know-how beyond the average computer user....and if you're listening on no ports you might as well leave it turned off and/or not plugged into a network...

Aside from this bit of nonsense the rest of what this man or woman has to say is sound advice.

Whoever said the password is stored in memory in plaintext is lolworthy as well as the people who think its a simple task to decrypt the POL password stored on your machine....

My comment is completely justified since there is no way to ensure you will never get hacked short of not plugging your computer in to the network. There are ways to make it highly unlikely you will ever be the victim of a successful attack but there is no way to guarantee it, no matter how smart you think you are. Your defense is only as strong as the weakest link and in most cases that link is pretty damn weak and 90% of the time it has nothing to do with technical computer security.

If there's a will there's a way....

You've been argueing pointless shit for the longest time just admit your wrong and walk away. Your probably the most annoying person thinking of reasons x , y , z to justify what you say when there all flawed and you are just trying to look smart. Normally I'd make a snappy come back or something to what you previously said but your just so annoying. Stop zombieing your wrong points when you get proven wrong then bringing up another theory to support your bullshit which will only get proven wrong.

The End.

P.S. I'm well aware that you will probably respond to this in an attempt to satisfy your ego because you seem like the type that needs the last word. I also could care less if you do so or make fun of my grammer/spelling (that's normally the bitches way out for not admiting their wrong and re-directing the issue to something else). I won't respond to anything else because it will just continue a dumb arguement like what you and ryko had last thread.

Sorry was just tired of stupid shit getting argued when theres a more serious matter at hand and your contributing nothing but filling the thread with nothing to raise your post count.
/rant off

[aurik]

I guess you guys didn't get the message when I locked the last one.