Fossilman's Stars Account Hacked?

[Dids]

I'm shocked to find out that you can just make infinite guesses on PS about passwords. Seems like this just makes it too easy to write some password cracker ap or something to sit there and try for hours. There has to be a limit right?

[alphatmw]

i'll bet greg's pw has something to do with the wsop. the date, 'wsopchamp04' or whatever.

[Jehaim]

Fossilsarefunforeveryone

AMIRITE?

[burningyen]

I would think Greg's only legal recourse at this point would be to refer the matter to prosecutors in Costa Rica, in the hope that they:

1) would be interested in pursuing,
2) could get a Costa Rican judge to issue a subpoena forcing Stars to give up the IP address, and
3) could coordinate with US prosecutors.

The US prosecutors would in turn have to:

4) be interested in pursuing,
5) get a subpoena forcing the ISP to give up the name and address behind the IP address and
6) pursue the guy, who might be in a different state from the ISP.

That's a lot of hoping. But I'm not a criminal lawyer and don't know what I'm talking about.

[Greg (FossilMan)]

[ QUOTE ]
Wouldn't it be very simple to have a max of 5 log-in attempts a day?

[/ QUOTE ]

I was liking this idea myself. But then somebody pointed out that if a person wanted to make life hard for you, they'd just try to log in as you 5 times, and get you locked out. Once you got things up again, they could repeat the process. Basically, they could get you locked out as often as they wanted.

Now that I've read lots of these posts, I'm a big fan of the idea of having a separate ID name, different from your screenname, that you use along with a password when you login. This way, if you got locked out, you could change your ID and your password, and the person trying to hassle you would have to guess your ID name in order to get you locked out again. And, if they're trying to hack into your account, they'd have to guess your ID name and password, simultaneously, to succeed. That makes it WAY less likely that somebody could do it without using spyware or something to get the information from your computer.

If anybody can explain why having a separate login ID name would be a problem for the sites, I'd love to hear. If there is no such problem, I'll lobby PS to get it done.

Later, Greg Raymer (FossilMan)

[Dids]

[ QUOTE ]
i'll bet greg's pw has something to do with the wsop. the date, 'wsopchamp04' or whatever.

[/ QUOTE ]

I bet he was playing at 'Stars before he won the wsop so unless he's a corny [censored] like Gavin Griffin (HOW DID THAT 2005 WORK OUT FOR YOU DOGGY?) it wasn't.

[Ontario_Tory]

[ QUOTE ]
[ QUOTE ]
i'll bet greg's pw has something to do with the wsop. the date, 'wsopchamp04' or whatever.

[/ QUOTE ]

I bet he was playing at 'Stars before he won the wsop so unless he's a corny [censored] like Gavin Griffin (HOW DID THAT 2005 WORK OUT FOR YOU DOGGY?) it wasn't.

[/ QUOTE ]

Dids - he could have changed his password at any time...

Fossilman - There shouldn't be a reason that they can't do it - technically it's just another field in a table. Please do lobby them for it - would be a great security measure... & while you're at it - can you please tell us what the password was? You've changed it now, and you have hundreds of people dying to know... [img]/images/graemlins/smile.gif[/img]

OT

[Dire]

[ QUOTE ]
[ QUOTE ]
It not particularly good press for Pokerstars if this issue became big. The last thing they want a potential customer hearing is that one of Pokerstar's biggests names had their account hacked and money stolen. Alot of people are already apprehensive towards playing/depositing online and this definitely doesn't help matters.

[/ QUOTE ]

If it's really true that somebody just flat guessed Greg's password, then it more makes Greg looks bad than PS. It's not like their security software was hacked, it's like one of their highest profile players had an easily guessable password.

[/ QUOTE ]

Password guessing really is just a bit less sophisticated (or more sophisticated?) brute force hack. Either way, I think this would be publicized simply as 'hacking'. I'm always a cynic, but I think this is one of the biggest reasons Stars would prefer to just sweet this all under the rug.

[pipedreamz]

has anyone ever had their account hacked by a joyrider and find extra money in it?

like they wanted to play high stakes, and ended up winning money for you?

[udbrky]

[ QUOTE ]


12345? Thats the kind of password an idiot would have for his pokerstars account

[/ QUOTE ]

DOH!