Okay, I will. Please deposit $79 dollars for our anti-malware service.Originally Posted by Airenn
Okay, I will. Please deposit $79 dollars for our anti-malware service.Originally Posted by Airenn
Just for shits 'n giggles, I thought I'd throw this out there too: if you have the means to surf the web on a separate machine from your gaming machine, you're drastically reducing the chances you'll compromise your FFXI account. Personally I do next to 0 web browsing on my gaming box, as I have a laptop to do that on. With that sort of isolation between web browsing and game playing, it increases security fairly significantly. Just trying to help out here, as seeing people who have been playing this game for years having their accounts hacked makes me feel bad for them (well, almost all of them.)
Your last argument was retarded, but you have a point this time.Originally Posted by rydiu
Aren't there some keyloggers that take periodic screenshots? Be sure you don't have one of those when opening your notepad file, or it might make it a even easier for them.
Given the recent rash of hackings, I'm going actually go against everything that logic dictates and agree that in this very specific case, storing your password in an unencrypted text file is actually more secure than storing it in POL or typing it every time.
Why? Because this process for stealing passwords (whatever it is) is almost certainly mostly automated. It is either stealing the encrypted password stored in POL, or logging the keystrokes to be interpreted later. Doing something non-standard which defeats both of those possible tests will thwart any automated method they are using to discover passwords.
Is it truly secure? Of course not. But I highly doubt that the attacker is going to be sifting through all your text files to obtain access to your single account. It simply doesn't make practical sense. Any method of security is bound to eventually fail. The key is to make it too time or resource-intensive for someone to bother attempting it.
These people don't "want your ffxi account that bad." They found an easy way to discover passwords (be it a keylogger or getting the stored password) and are exploiting that weakness to gain easy access to dozens of accounts.
STFU, it was an educated guess based on statistical evidence I previously gathered about POL and FFXI... Everything else I said is correct.Originally Posted by Ryko
Keyloggers are the most lame and pathetic way anyone will hack you at all...anyone with any amount of skill will be using something much more advanced that is more akin to remote desktop protocol.
So not only will they see what your typing and clicking, they will see what you see... scurry huh!
Fhqwghads brings up a good point and gives me an idea of something I should of said sooner. Having any sort of password writen down and stored somewhere on your computer is just a flag begging for someone to come up and take it. Don't do it.
It was a stupid guess based off of obviously CLEAR evidence that you ignored to make yourself look like a windowlicking fucktard. Going based off of sheer probability and plain old common sense would do you a wonder of help instead of being some buzzword humping geek. Ya fuckin' moron.Originally Posted by rydiu
And yet, it's worked before. Remote access works well for a specific set of targets, people are not going to give a shit about hitting people up specifically in the cases of thousands of game accounts.Keyloggers are the most lame and pathetic way anyone will hack you at all...anyone with any amount of skill will be using something much more advanced that is more akin to remote desktop protocol.
Yes, there are. And there are keyloggers that log produced text as opposed to keystrokes (meaning jumping around while typing doesn't change the readability of the log).Originally Posted by Khamsin
There are keyloggers that do most anything, really.
http://www.securityfocus.com/infocus/1829
Basically states you can get spyware/keyloggers just by visiting some pages. Not that you actually have to download anything.
I practice selective ignorance.....and it seems everything I'm selectively ignorant about never hurts the core of my argument and ends up benefiting me in the long run (the long run in this case, just a page later in the thread where ryko has been too distracted by a trivial matter to keep attacking the main argument with his lamer FUD)
Oh you practice ignorance alright...Originally Posted by rydiu
Check the edit link and shut up, the core of your argument made little sense to begin with, it didn't need to be hurt.
Well, you do have to download it...It's just that your webbrowser does it for you automatically (that's kinda what they're designed for)Originally Posted by Airenn
Yes...you do. Whenever you visit a page you download something let it be a simple HTML file or a JPG file. But downloading a virus just by being there? Not happening. Besides, how would it execute without being an ActiveX object? ColdFusion? No. It doesn't work that way.Originally Posted by Airenn
Originally Posted by Lynsy
Basically that it can still work its way onto your computer without one knowing. You don't actively, yourself, have to click ok on anything, is what I meant.
Microsoft Internet Explorer JPEG rendering library vulnerable to buffer overflowOriginally Posted by Zero Serenity
(old, but some people don't patch ... and just a single of many counter-examples)
I would think the only way that you can protect yourself is if Square Enix does something about this.. and they can..
1) Make it so that you can enable an option where you cannot get kicked off if someone else logs on to the same user.
2) Add a security question for when people attempt to change either your password or your credit card info, or both.
3) Allow for people to lock down their accounts to a particular IP or region. Im not familiar with systems or networks to know if this is possible but if it were, then it would mean that anyone trying to compromise your account would have to be geographically situated around you, or be using your own PC.
it's not "my" argument... its the argument of every security-minded person who's posting.
<Ryko> No you're dumb! har har! it's better to store your password in a text file and copy + paste it into POL every time you log in
<Everyone> Umm.. no?
1. Go to the store
2. Buy an xbox 360, and a usb keyboard
3. ???
4. profit
So glad I play on PS2/Xbox360. Lazing on the couch while I play > all. Though the jump in how the game looks when I moved from PS2 w/ reg. TV, to Xbox360 w/ HD LCD, made me a lil envious of the way it may look on PC.
I have always read that keyloggers are not only limited to keystrokes, that it is possible for them to detect any clipboard changes. Just so yall know if you do a google search for keylogger clipboard and look at "Ultra Keylogger" it is an example of a program out there that monitors clipboard.
As I told my LS, there is no way that you will protect yourself 100% unless you just don't use the internet, even then there is some risk. I support the idea of letting POL save your password instead of doing the plaintext thing.
Some of the people hacked were on PS2, yes?Originally Posted by Keston