|
|
#21
02-16-2007, 01:44 PM
|
|||
|
|||
Re: Security tips for avoiding account hackers
[ QUOTE ]
How many are from someone actually stealing a person's computer and logging in? Now count how many were hacked from keyloggers, etc. [/ QUOTE ] Actually, the keyloggers are a recent addition to the bad guys' arsenal. By far the most frequent problems we deal with are: 1. Player sets his account to "remember password" and roommate, housemate, friend-of-housemate, etc. sits down and drains his account one way or another. 2. Player gives his userid & password to friend/housemate/girl-he's-interested-in, it gets used or passed on from there and player gets his accout drained. While the keylogger hack is interesting and "sexy", the mundane ways people lose their money are much more common. Best regards, Lee Jones PokerStars Poker Room Manager 
|
|
#22
02-16-2007, 01:48 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
[ QUOTE ] [ QUOTE ] 1. Never let the system “remember” any of your passwords. While systems provide this as a matter of convenience, this is the most common "hack". A password does nothing for you at all if itnever has to be entered. [/ QUOTE ] This one is a two-edged sword. If you have the password on remember, you're risking the remote desktop hack. If you don't, you have to enter it every time and now you're exposed to keyloggers. IMO keylogger is a more likely threat so I leave my password saved. [/ QUOTE ] I was just going to post the same thing. Sorry Lee, but it is absurd to suggest to people to type in their password every time. Look at the title of your own thread... Please go back and look at all of the "account hacked" threads on 2+2. How many are from someone actually stealing a person's computer and logging in? Now count how many were hacked from keyloggers, etc. You are giving out very dangerous advice in a well intentioned post. My computer locks down within 20 mintues, and you can't simply access the hard drive, the system is double protected. And even if someone did steal the computer, I would have time to contact the poker site before all but a very sophisticated thief was able to get into my system. You seriously need to rethink this one. Absolutely ridiculous advice coming from someone in your position. (The one obvious exception would be someone living with a group of people [dorm] who might have access to their system.) The best idea in this entire thread is the idea of giving access to a specific computer ID at the correct IP address. This would eliminate almost any theft. It wouldn't be for everyone, but it could be some added safety for the high stakes players. [/ QUOTE ] The advice is accepted as a best practice with computer security. The best practice applies more toward companies where there are people hanging around waiting for workers to leave their desk. In this particular case of home poker, perhaps there is less exposure from the open gateway, than from keyloggers. I do not know, but you seem to have a point.
|
|
#23
02-16-2007, 01:51 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
Hi Lee,
I would also suggest adding a virtual keyboard (with a randomize layout feature) to the PS client. This could be a optional way to enter username/password. Yes, some 'keyloggers' grab screenshots on mouse clicks, but this can be defeated by having the mouse pointer hover over the key for a few seconds as a method of selection.
|
|
#24
02-16-2007, 01:51 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
Thanks, Lee. Good post. I just spoke to CDPoker to change my password. Here's some of the chat: * Me: hello? chatoperator1: Kylie: Hi! This is Kylie from Online Support. How may I help you? [img]/images/graemlins/smile.gif[/img] Me: i want to change my pw for normal basic security reasons as ive had it for a long time but i cant see how to on the site Me: kindly point me to the option thx chatoperator1: Kylie: Shania there is no option in the software to change your password however I may change your password online provided that you have to tell me your email address... chatoperator1: Kylie: But the password is randomly selected by the computer. chatoperator1: Kylie: is that okay with you? Me: that seems very unsafe - do you send it in an ordinary email? chatoperator1: Kylie: yes we will send the password into the email that you have registered here. * Does that method fit in well with a secure system, Lee? [/ QUOTE ] I have typically seen this where you get your first password over email, then you can change it to something personal. I do not like the arrangement you describe. Of course, we are talking very small chance of issues occuring, but there are clearly better ways to secure a site.
|
|
#25
02-16-2007, 02:19 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
You'd trust an on-line downloadable program with all your passwords??
Sounds insane. I'd rather write them down in my own home with a numeric code(plus or minus shift on numbers/letters) that only me and one other person know.
|
|
#26
02-16-2007, 02:30 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
[ QUOTE ] [ QUOTE ] 1. Never let the system “remember” any of your passwords. While systems provide this as a matter of convenience, this is the most common "hack". A password does nothing for you at all if itnever has to be entered. [/ QUOTE ] This one is a two-edged sword. If you have the password on remember, you're risking the remote desktop hack. If you don't, you have to enter it every time and now you're exposed to keyloggers. IMO keylogger is a more likely threat so I leave my password saved. [/ QUOTE ] I was just going to post the same thing. Sorry Lee, but it is absurd to suggest to people to type in their password every time. [/ QUOTE ] I think a point that you are all missing is that when you "Remember Me" the actual password is stored (encrypted) in your registry. I do not think the encryption that Pokerstars (or any other site) use to store this is all that secure and would easily be crackable. The best solution is to not remember me but to then use a Password safe where you can copy and paste the login information. Once you close the password safe, it will then clear your clipboard.
|
|
#27
02-16-2007, 02:49 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
This one is a two-edged sword. If you have the password on remember, you're risking the remote desktop hack. If you don't, you have to enter it every time and now you're exposed to keyloggers. IMO keylogger is a more likely threat so I leave my password saved. [/ QUOTE ] One simple solution to this is simply to store your password in a random cell in some Excel file that you routinely use. Don't identify it as a password and no one other than you will know its significance. Then you can just copy and paste that password into your Stars client. I think this way, no keylogger will be able to pick up your password. In fact you can even have 20 letters in that Excel cell, and merely copy and paste in the middle 8 letters. Or format that cell so it looks like jibberish, etc. But I agree with Lee Jones that having your computer remember your password is just asking for trouble somewhere down the line.
|
|
#28
02-16-2007, 02:55 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
Then you can just copy and paste that password into your Stars client. I think this way, no keylogger will be able to pick up your password. [/ QUOTE ] If your going this route, just use Keepass. It encrypts everything in memory and clears the clipboard after you paste. Used to be that if you hit up webpages with IE your clipboard could be read -- think this was fixed in IE7/recent patch.
|
|
#29
02-16-2007, 03:01 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
5. Don't use the same password in any two locations. Sure, it makes it easy to have the same password everywhere. Easy for you. Easy for hackers. You may trust the operators of this forum, but if you sign up at a forum somewhere and use the same password (and heaven forbid, the same user ID!), then you're asking for a hack. A determined hacker is willing to go to the effort to establish a forum that looks legitimate and to stick with it for a VERY long time, in order to harvest many emails, account names and passwords. Only months later will he go in for the kill, draining at once all the accounts he's managed to find. [/ QUOTE ] I have a question about this one, dont the vast majority of reputable forum software out there (like UBBthreads, etc), doesn't the software prevent the admins from knowing or finding out all users passwords ?? or am I completely wrong on this? I realize there are exceptions to everything, but I thought in general, forum software isn't made like that... But this is a great post, and any info on security is a good one...
|
|
#30
02-16-2007, 03:08 PM
|
|||
|
|||
|
Re: Security tips for avoiding account hackers
[ QUOTE ]
Hi I'm not sure yopu can do this but what I'd like to be able to do is register computers or IP addresses I can logon to pokerstars with. Then if I want to play somewhere else I have to tell you and either be identified by an employee who knows me well enough or have to wait a few days during which time you can send me an email telling me that you are adding the new location (even by country would be something). [/ QUOTE ] This is a good idea in theory however it would probably not work. Most people do not have a static IP address (meaning that once in a while it is possible that it may change) and this would lead to hundreds of "WTF stars wont let me access my account!?!"
|
 |
|
|
Linear Mode
