EQ2 Forum Archive @ EQ2Wire

 

Go Back   EQ2 Forum Archive @ EQ2Wire > EverQuest II > General EverQuest II Discussion > General Gameplay Discussion
Members List Search Mark Forums Read

Notices

Reply
 
Thread Tools
Old 03-16-2012, 04:25 PM   #1
Zewt

Loremaster
 
Join Date: Nov 2004
Posts: 9
Default

Today someone was talking in chat about how they got hacked with a strong password, and had no idea how that is possible.

Here are some easy and free steps to take to prevent that from happening to you.

  • Do not use Internet Exploder (except maybe on Win 8, ver 10 of IE is much more secure)
  • Keep your browers (Chrome, Firefox) updated ALWAYS. Those updates are usually security related.
  • Add "HTTPS Everywhere" extension from the Electronic Frontier Foundation to all your browsers.
  • Add "Ghostery" to all your browsers. Make sure to configure.
  • Add "Do Not Track Plus" to all your browsers.
The most prevalent and easiest hack used these days is the "Man in the Middle". This hack does not care how tough your password is, or how smart you think you are. It has been around for years and is much easier for hackers to use then phishing, and brute force techniques.
Man In The Middle attack simply involves the hacker monitoring network ports on routers (yes even on Tor), intercepting TCPIP communications, and hijacking the communication between you and wherever you were browsing to. Such as say maybe a bank, or credit card company, ticketmaster, facebook, Sony Online, and so forth.
Once hackers intercept the TCPIP communication, they sit back and strip away any useful data such as login's and passwords while passing all the other data back and forth, such as the layout, text, css and so forth. Even if you think you are connected via encryption and see that little "lock" icon on the screen. You are not, and have been hacked.
The #1 way to protect yourself from Man In The Middle is by using HTTPS instead of HTTP. But as most people are too lazy, or simply do not understand the importance all they do is type in the name of where they want to go, such as bofa.com, instead of https://bofa.com.
If you go to bofa.com, what happens is that you started a non-encrytpted communication with bofa.com, and that is what the Man In The Middle hackers are looking for. They grab that, pass on the communication to bofa.com and proceed to sit in the "middle" grabbing any useful data.
If you go to https://bofa.com, all that communication is encrypted, so nothing for the Man In The Middle hack to work with. He needs clear text, not encrypted text.
All sites you go to without HTTPS, will re-direct you to their secure HTTPS server at some point for account login or item purchases, but at that point it is too late. You have to START encrytped, not be re-directed to it. The hacker is already in the middle and passing you fake info such as a lock icon when you really are not encrypted.
if you want to see how serious an issue this is, look up firesheep. Facebook never encytped to protect their users, and all connections were easily hackable by Man In The Middle. Untold millions of people have had their accounts and data stolen.
This is how your sony gaming account gets hacked. Logging into the forums by starting at the non-encrypted HTTP entry point, then sony re-directs you to their encrypted SSL page.
Add the HTTPS Eveywhere extension, it tries to force https everywhere you browse. Encryption will help protect you in a large way.

Zewt is offline   Reply With Quote
Old 03-16-2012, 04:51 PM   #2
Peogia

Loremaster
Peogia's Avatar
 
Join Date: Jul 2010
Posts: 928
Default

[email protected]_old wrote:

Add the HTTPS Eveywhere extension, it tries to force https everywhere you browse. Encryption will help protect you in a large way.

I just tried this with forum and it made it load so god awful slow not worth it

__________________
The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.
Peogia is offline   Reply With Quote
Old 03-16-2012, 05:15 PM   #3
CoLD MeTaL

Loremaster
CoLD MeTaL's Avatar
 
Join Date: Apr 2005
Posts: 3,217
Default

Peogia wrote:

[email protected]_old wrote:

Add the HTTPS Eveywhere extension, it tries to force https everywhere you browse. Encryption will help protect you in a large way.

I just tried this with forum and it made it load so god awful slow not worth it

Secure is always slower.  Deciding when slower is better is the hard part.

__________________


CoLD MeTaL is offline   Reply With Quote
Old 03-16-2012, 05:50 PM   #4
Peogia

Loremaster
Peogia's Avatar
 
Join Date: Jul 2010
Posts: 928
Default

CoLD MeTaL wrote:

Peogia wrote:

[email protected]_old wrote:

Add the HTTPS Eveywhere extension, it tries to force https everywhere you browse. Encryption will help protect you in a large way.

I just tried this with forum and it made it load so god awful slow not worth it

Secure is always slower.  Deciding when slower is better is the hard part.

Not all web sites support it either yahoo completely removes it from the url if you try and add it or fails to load

__________________
The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.
Peogia is offline   Reply With Quote
Old 03-16-2012, 06:14 PM   #5
Brigh

Loremaster
Brigh's Avatar
 
Join Date: Nov 2004
Posts: 3,159
Default

..

__________________
Anything you can achieve through hard work, you can also just buy.

-Stephen Colbert

CoD3 double XP Rank Up promotion lesson for kids
Brigh is offline   Reply With Quote
Old 03-16-2012, 07:00 PM   #6
Seffrid

Loremaster
Seffrid's Avatar
 
Join Date: Nov 2004
Posts: 583
Default

Don't get paranoid would be my suggestion, not least where IE is concerned (Firefox and the other browsers have had their fair share of security issues),  very few people who practice reasonable and routine  internet security measures get hacked other than by circumstances outside their control, eg the stealing of a company database filled with passwords and personal information.

As for what constitutes reasonable and routine internet security measures, it's the usual stuff - use passwords that are reasonably strong, never under any circumstances share them with anyone such as friends, little brothers and guildmates, and practice safe surfing with particular care paid to downloads and email attachments (even if those emails are from people known to you). Last, but not least, use a decent anti-virus program plus an anti-malware program and keep them up-to-date as well as running regular scans especially.

There's certainly no room for complacency, but paranoia is just as bad.

Seffrid is offline   Reply With Quote
Old 03-16-2012, 08:25 PM   #7
gourdon

Loremaster
gourdon's Avatar
 
Join Date: Dec 2008
Posts: 632
Default

Seffrid wrote:

Don't get paranoid would be my suggestion, not least where IE is concerned (Firefox and the other browsers have had their fair share of security issues),  very few people who practice reasonable and routine  internet security measures get hacked other than by circumstances outside their control, eg the stealing of a company database filled with passwords and personal information.

As for what constitutes reasonable and routine internet security measures, it's the usual stuff - use passwords that are reasonably strong, never under any circumstances share them with anyone such as friends, little brothers and guildmates, and practice safe surfing with particular care paid to downloads and email attachments (even if those emails are from people known to you). Last, but not least, use a decent anti-virus program plus an anti-malware program and keep them up-to-date as well as running regular scans especially.

There's certainly no room for complacency, but paranoia is just as bad.

Most people that get hacked have given the information to the hacker, mostly by following links in email or by having someone they trust betray them.  Hackers breaking in to servers and stealing your information is not your biggest vulnerability, you are.  Being paranoid with how you give out your information is your absolute best defense.  Worrying about someone getting a keylogger on your system is not the threat you might think, because there is a lot of data sifting to be done to get anything meaningful from them.  It is much easier to poorly write an email that requests sensitive information and get someone who isn't paranoid with their information to just give it to you.

__________________
gourdon is offline   Reply With Quote
Old 03-16-2012, 11:30 PM   #8
RadarX

Community Relations
 
Join Date: Jun 2009
Posts: 147
Default

While there is some good advice in this thread, this really isn't specific to EverQuest II gameplay.  Discussions of hacking techniques should probably be left better unspoken.

RadarX is offline   Reply With Quote
Reply

Thread Tools

Forum Jump


All times are GMT. The time now is 09:42 AM.

vBulletin skin by: CompleteGFX.com
Powered by vBulletin® Version 3.7.5
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
All threads and posts originally from the EQ2 and Station forums operated by Sony Online Entertainment. Their use is by express written permission.