Security tips for avoiding account hackers

[M.B.E.]

Another security option that PokerStars should offer is the use of encryption and digital signatures on email correspondence, with the OpenPGP standard.

After this option is selected by a user, PokerStars would then decline any email correspondence from that user unless the email includes a valid digital signature.

This would prevent someone from hacking into your hotmail account and then emailing PokerStars pretending to be you. Also it would safeguard the confidentiality of your emails to and from PokerStars.

[pygmyhipo]

A few more tips:

-- keep up with Windows Updates, easiest by turning on Auto Update

-- disable JavaScript by default, only enabling it for sites that you trust. This helps protect you from unpatched scripting vulnerabilities that let a malicious site install a trojan on your computer. A good way to do that is to use Firefox and the NoScript plugin:
http://noscript.net

-- to be really safe, don't read email, browse the web or use instant messaging on the same computer that you play poker from. These are the big three ways of getting infected with trojans or keyloggers.

[6471849653]

-- I do not think the encryption that Pokerstars (or any other site) use to store this is all that secure and would easily be crackable.
++ I wonder if that's so.

-- The best solution: Use a Password safe where you can copy and paste the login information. Once you close the password safe, it will then clear your clipboard.
++ I wonder if that's not too late then.

[6471849653]

They are both already history in case you are thinking about getting a new one.

[6471849653]

[ QUOTE ]
10. Virus/Trojan/Spyware Scanners only detect things they know about. It is still possible to catch a customized piece of spyware or a key logger that has never been reported to the scanner authors... and you'll never know you've been infected in such a case. Thus, exercise good judgement when deciding what to download. How much do you know about that third party HUD (“heads-up display”) tool? Does the author identify himself? Has it been around for a long time and used by many players without incident? Don't be the guinea pig that finds “malware” the hard way. Don't install downloaded software you don't implicitly trust completely... and that list should be avery short one.


[/ QUOTE ]

This is at the top of importance (many of the other numbers on this list are debatable). I have a well known virus scanner that just can't find the one trojan (that also can download trojans) that keeps coming into my computer time after time (I am still verifying the source, one well known poker site is a major possibility). I used "Spybot - Search & Destroy" (a free one).

There are also things like UltimateBuddy that is rather suspect as it wants one's password. Then there are the Messengers that may not be safe, and actually any web page can be too dangerous; there are many of them that try to put a virus/trojan on one's machine and maybe the virus scanner warns about it, if one is lucky. So, one tip of never surfing etc. with the account one is playing with is good too, and in case one can use a separate computer account (on the same computer, though I don't fully understand that, or a different computer if one has to) for that, it would be safer. If one does not have too much money anywhere online, it's not a big risk, but if that's not the case it's a risk for sure.

[M.B.E.]

[ QUOTE ]
8. Never log into Windows to play poker as "Administrator" or equivalent. Use a restricted user account to make key loggers or trojans have a much more difficult time gaining access.

[/ QUOTE ]

Most people tend to operate Windows in ‘Administrator’ mode because it is the default and because some software -- including the PokerStars client -- requires it by default to use all options.

Software developers should familiarize themselves with Aaron Margosis’ WebLog about the issues involved in running as admin.

[Percula]

Bump hopeful for some responses from PokerStars staff...

[holland3r]

[ QUOTE ]
Im gonna give this bump, as it deserves it.

Also, anyone got any further info on Keepass? Is it really 100% safe?

If i were to email some security expert at like the CIA or something, would he agree that using Keepass is a good idea?

Just trying to improve security, tho im relatively secure as it is.

Oh, and in regard to the passwords as shown in OP, how good is a pass like blue100rugby or something similar?

[/ QUOTE ]

Nothing is 100% safe, but as an above poster mentioned, a reason to trust KeePass over similar, private software is that KeePass is open source. The source code is available for review by anyone -- I think anyone at the CIA crypto department would be more inclined to trust open source software over privately developed software.

Naturally anytime you install foreign software on your comp there is some level of risk, but I've used KeePass for over a year with no problems, as have thousands of others.

I would say the biggest risk to using KeePass is that it consolidates all of your passwords into one file -- if someone were able to gain access to your master-password as well as posession of that file, you'd be screwed. If you're very paranoid, you can ameliorate this risk somewhat by creating a hardware key whose presence is necessary to access your password file (a burned CD, a flash drive).