http://www.youtube.com/watch?v=QBw3x-JzIXo
That's why.
http://www.youtube.com/watch?v=QBw3x-JzIXo
That's why.
kinda related to the whole social networking stuff
http://www.collegehumor.com/article:1796236
About two weeks, I tried to log into my account and found the SE password was changed. I didn't download anything dangerous, nor do I visit strange sites, but I did an AVG check anyways. Nothing came up. I changed the SE password online and let a GM know. He said there was no issue with passwords, but I wonder at that.
Nothing on any character linked to the token (token is disabled) was compromised or changed. Just strange.
Just to note, yes she had one.
Whatever got on her computer turned her user account to no longer be the admin, changed the registry and made a fake POL login interface or something(or keylogged the real one, idk how it works) that took her S-E password and one-time password when she entered it, then crashed and used that on their end to log in and change her passwords.
Luckily she thought to use my laptop to attempt to log into her account a few times to boot whoever was on there so they couldn't do much on the actual account. The one-time passwords are not actually one-time usage though, I've used the same one to log into my main and then my mule a few minutes later(they're linked to the same token), so booting a person who stole it only once won't really do a whole lot, I believe it was shown the 6-digit codes are good for like 20-40 minutes.
I think it was timed at 23 minutes, which really sucks if you DC within the first 20 minutes of being logged in and have to wait for it to reset.
The codes are good for 20-25 minutes, but they're rendered useless the second you use it.
Also, most tokens tend to have codes that last around 15 minutes or less, it's just a threshold.
This is exactly what they do, but in order to get into your stuff they log into your SE account using the 1 time password you "gave" them, and unlink your token first. By unlinking your token they can then log into POL without it and change that password. I had a friend a few weeks ago hacked who used a token, and this seems to be the way they got him.
Whatever happened to my account, they didn't get as far as unlinking my token, I believe because I tried to log in right away again and invalidated any 1 time password they may have gotten. No idea how my POL password and my husband's got changed, or corrupted, but we've been fine since I called SE support and had our passwords reset.