Ralph CarothersOnline security and You.... must read for many online gamers (LINK)
May 7th 2008 14:44
So, I'm going to link to an older post I put on my WoW guild's forum previously, and cross post the info here. This is largely something many gamers ignore, much to their own grief. Hacking has become a large problem in many online games, WoW being one of the larger targets at the moment. (Or at least the most publicized)
Basically, people will get you to give you the password through various methods,. They then log into the account and strip your character of items/gold and send it elsewhere so they can try to sell it on ebay or elsewhere for real cash. Its a seemingly minor form of identity theft, but with much larger ramifications since a lot of people tend to share passwords among accounts and/or it gives them more access to your info in general so they can make it much more of an issue.
With that in mind, here are some security tips I wrote up to help guildies, and I hope they can be of help to any readers here!
Security Tip #1- What browser are you using?
I'm gonna guess that some of you don't even have a clue. That's fine. You can usually find out by going to Help ---> About at the top left of your screen. Dont have it top left? You most likely are using a new Internet Explorer. It's on the right side of your screen. You'll see Page, Tools and >>. Hit the >> button and go to Help, click the lil down arrow - About.
If you're not using Firefox, I highly recommend you jump on board:
http://getfirefox.com/
Keeping it up-to-date isn't very hard either. You'll get prompted when it has a download and needs to reboot. (Just the browser too, not your whole OS)
When asked, MAKE IT YOUR DEFAULT BROWSER
Now, why would I tell you to do this? IE has worked fine for you right?
This is an example of a VERY new rootkit put out. This isn't easily detectable, can by pass a lot of normally built in security, etc. Its designed to go past firewalls and intrusion detection software, and well, some scanners may in fact miss it due to brand new exploits to get it on your system.
Notice some of its attack vectors, 3 of them are basic MS components. All 3 of which are exploitable from within IE, without you ever knowing. All you need to do it hit a site thats broadcasting the exploit...nothing else. Keep in mind....banner ads can and have been used to broadcast stuff like this. This rootkit exploit linked is being largely targeted towards getting financial info. It is *very* professionally written. The thing is, rootkits are commonly taken and changed for other purposes...and while I'm not sure if its still true, but WoW and Second Life accounts were looked at as more profitable than credit card and banking info for a long while. Virtual Cash may be Worth More than your Real Cash
IE tends to be VERY exploit ridden. It lets many things through that other browsers wouldn't. If the site doesn't look right, and you need to use IE, feel free, but for general browsing hit up Firefox, Opera, or even Netscape. (though its no longer being updated I believe)
None of these will be 100% effective at stopping everything. There is almost always going to be some sort of exploit people can use, but, the newer guys are updated quite frequently, and usually within 24-48 hrs of finding a major exploit. (IE can take weeks/months...or not at all)
Security Tip #2- Protect yourself.
What are you using to even scan for vulnerabilities? Is it worthwhile? Is it a Norton based product? (Hint, the last two questions do not go hand in hand)
Norton is largely overblown, in many ways. Its expensive, almost any package is VERY bloated, and it tends to "miss" things.
A decently priced (ie- free) and VERY good scanner, that you can optionally pay to unlock even more out of....is Avast. This scanner *can* scare the crap out of you, especially if you're like me and you leave the speakers on all the time, but I've yet to see it not pick up something.
I personally use and have installed Avast on a number of systems. I suggest others post up their suggestions as well. McAfee/Symantec(Aka- Norton) I really don't recommend though. Trend and F-Secure are two paid scanners that are worth looking into though with smaller footprints. (Less memory/HD space taken up)
I also recommend picking up Spybot or Microsoft Defender as well for spyware detection.
Security Tip #3 - Be Smart.
You get an email, instant message, or see a forum link you might be wondering what its about. Its to a site you may never have heard of and looks weird. Don't click it!
I can't stress this enough. I'll frequently see bad instant messages with stuff like this, but moreso I've been seeing it in various forums/comments. WoWHead, Thottbot, Curse and the WoW Forums. You'll see odd links with out of place comments...you generally know its an exploit. DO NOT DO IT.
If you receive an email ever asking for passwords....don't reply. Hit the company's website, (Google search it, don't rely on the email) and ask them if they tried to contact, explain the email, etc if you are concerned. Better safe than sorry.
Also...if you see a window that looks like it might be a virus scanner or some sort of alert and you know that piece of software isn't on your computer, close the window...don't click on it!!!!!
Security Tip #4- Make sure to be UNIQUE.
Let's use myself as an example here....
My login name to the blogs here do NOT match my login name to WoW, or my bank account, or my credit cards, etc.
If you tend to be like many people, you have 1-2 passwords and user names that you may use across all sorts of logins....do yourself a favor and begin changing those now then.
I've not gone in and looked at the MySQL database that runs these forums, but in many cases the stuff isn't encrypted. So, if you know where to look...you've got their info. Now, imagine all of you used your WoW account info on the MySQL database and I was a real asshole, or worse yet, someone managed to hack our forum? Now, think of any forums or anything you've gone to related to the game and may have registered on? Always try to come up with other login names/passwords.
Security Tip #5- KEEP UP TO DATE
I don't understand why people won't run updates on their machine, or even allow the machine to run them automagically. Every so often, use the Windows Updater (Hit Start, go to All Programs - Windows Update on Windows XP/Vista) and grab anything you see basically.
Barring that, let your computer do it by itself (It won't grab some updates, but the critical ones it will)
Click on Start, go to Control Panel, select Automatic Updates and tell it when to do it. Yeah, you'll come back to your PC rebooted sometimes, but a lot less worry on top of that.
Common Myths:
* WoW Ace Updater hit me with a virus!
Possible, it uses banner ads, but most unlikely...or a rash of hacks would be happening. Like nonstop
* Addons in general cause hacks
Unless Blizz changes how they work, this can't/shouldn't happen. They load after you type in Name/PW. They don't execute anything on your HD, etc. Now, some addons can/do use .exe's to install. (Or Java Script, etc) Some also embed exe files into the mod files hoping someone will click them if they browse the folder or zip file. This *has* happened on Thott, Curse and WoW Interface, and I'm sure others.
* I'm safe because I have a scanner for virus and spyware
Sadly, this will never be true I fear. There is ALWAYS new stuff coming out to get past them. Exploits and such don't help, especially with some directly targeting the scanners. If you don't keep up to date, you'll also be at serious risk of attack.
Basically, people will get you to give you the password through various methods,. They then log into the account and strip your character of items/gold and send it elsewhere so they can try to sell it on ebay or elsewhere for real cash. Its a seemingly minor form of identity theft, but with much larger ramifications since a lot of people tend to share passwords among accounts and/or it gives them more access to your info in general so they can make it much more of an issue.
With that in mind, here are some security tips I wrote up to help guildies, and I hope they can be of help to any readers here!
Security Tip #1- What browser are you using?
I'm gonna guess that some of you don't even have a clue. That's fine. You can usually find out by going to Help ---> About at the top left of your screen. Dont have it top left? You most likely are using a new Internet Explorer. It's on the right side of your screen. You'll see Page, Tools and >>. Hit the >> button and go to Help, click the lil down arrow - About.
If you're not using Firefox, I highly recommend you jump on board:
http://getfirefox.com/
Keeping it up-to-date isn't very hard either. You'll get prompted when it has a download and needs to reboot. (Just the browser too, not your whole OS)
When asked, MAKE IT YOUR DEFAULT BROWSER
Now, why would I tell you to do this? IE has worked fine for you right?
This is an example of a VERY new rootkit put out. This isn't easily detectable, can by pass a lot of normally built in security, etc. Its designed to go past firewalls and intrusion detection software, and well, some scanners may in fact miss it due to brand new exploits to get it on your system.
Notice some of its attack vectors, 3 of them are basic MS components. All 3 of which are exploitable from within IE, without you ever knowing. All you need to do it hit a site thats broadcasting the exploit...nothing else. Keep in mind....banner ads can and have been used to broadcast stuff like this. This rootkit exploit linked is being largely targeted towards getting financial info. It is *very* professionally written. The thing is, rootkits are commonly taken and changed for other purposes...and while I'm not sure if its still true, but WoW and Second Life accounts were looked at as more profitable than credit card and banking info for a long while. Virtual Cash may be Worth More than your Real Cash
IE tends to be VERY exploit ridden. It lets many things through that other browsers wouldn't. If the site doesn't look right, and you need to use IE, feel free, but for general browsing hit up Firefox, Opera, or even Netscape. (though its no longer being updated I believe)
None of these will be 100% effective at stopping everything. There is almost always going to be some sort of exploit people can use, but, the newer guys are updated quite frequently, and usually within 24-48 hrs of finding a major exploit. (IE can take weeks/months...or not at all)
Security Tip #2- Protect yourself.
What are you using to even scan for vulnerabilities? Is it worthwhile? Is it a Norton based product? (Hint, the last two questions do not go hand in hand)
Norton is largely overblown, in many ways. Its expensive, almost any package is VERY bloated, and it tends to "miss" things.
A decently priced (ie- free) and VERY good scanner, that you can optionally pay to unlock even more out of....is Avast. This scanner *can* scare the crap out of you, especially if you're like me and you leave the speakers on all the time, but I've yet to see it not pick up something.
I personally use and have installed Avast on a number of systems. I suggest others post up their suggestions as well. McAfee/Symantec(Aka- Norton) I really don't recommend though. Trend and F-Secure are two paid scanners that are worth looking into though with smaller footprints. (Less memory/HD space taken up)
I also recommend picking up Spybot or Microsoft Defender as well for spyware detection.
Security Tip #3 - Be Smart.
You get an email, instant message, or see a forum link you might be wondering what its about. Its to a site you may never have heard of and looks weird. Don't click it!
I can't stress this enough. I'll frequently see bad instant messages with stuff like this, but moreso I've been seeing it in various forums/comments. WoWHead, Thottbot, Curse and the WoW Forums. You'll see odd links with out of place comments...you generally know its an exploit. DO NOT DO IT.
If you receive an email ever asking for passwords....don't reply. Hit the company's website, (Google search it, don't rely on the email) and ask them if they tried to contact, explain the email, etc if you are concerned. Better safe than sorry.
Also...if you see a window that looks like it might be a virus scanner or some sort of alert and you know that piece of software isn't on your computer, close the window...don't click on it!!!!!
Security Tip #4- Make sure to be UNIQUE.
Let's use myself as an example here....
My login name to the blogs here do NOT match my login name to WoW, or my bank account, or my credit cards, etc.
If you tend to be like many people, you have 1-2 passwords and user names that you may use across all sorts of logins....do yourself a favor and begin changing those now then.
I've not gone in and looked at the MySQL database that runs these forums, but in many cases the stuff isn't encrypted. So, if you know where to look...you've got their info. Now, imagine all of you used your WoW account info on the MySQL database and I was a real asshole, or worse yet, someone managed to hack our forum? Now, think of any forums or anything you've gone to related to the game and may have registered on? Always try to come up with other login names/passwords.
Security Tip #5- KEEP UP TO DATE
I don't understand why people won't run updates on their machine, or even allow the machine to run them automagically. Every so often, use the Windows Updater (Hit Start, go to All Programs - Windows Update on Windows XP/Vista) and grab anything you see basically.
Barring that, let your computer do it by itself (It won't grab some updates, but the critical ones it will)
Click on Start, go to Control Panel, select Automatic Updates and tell it when to do it. Yeah, you'll come back to your PC rebooted sometimes, but a lot less worry on top of that.
Common Myths:
* WoW Ace Updater hit me with a virus!
Possible, it uses banner ads, but most unlikely...or a rash of hacks would be happening. Like nonstop
* Addons in general cause hacks
Unless Blizz changes how they work, this can't/shouldn't happen. They load after you type in Name/PW. They don't execute anything on your HD, etc. Now, some addons can/do use .exe's to install. (Or Java Script, etc) Some also embed exe files into the mod files hoping someone will click them if they browse the folder or zip file. This *has* happened on Thott, Curse and WoW Interface, and I'm sure others.
* I'm safe because I have a scanner for virus and spyware
Sadly, this will never be true I fear. There is ALWAYS new stuff coming out to get past them. Exploits and such don't help, especially with some directly targeting the scanners. If you don't keep up to date, you'll also be at serious risk of attack.
| 84 |
| Vote |
Subscribe to this blog
Comment by Ralph Carothers
Gaming Slate
WoWInsider mentioned this once, and you can find the comment in the original link as well...but ANY device you hook into your computer can come pre-loaded with viruses or other malware.
That fancy new iPod could have already been loaded with stuff on its hard drive that got loaded onto your pc!
The WoWInsider article talking about a similar issue is here: Click Me
Comment by Harry
World Art
Sydney Diary
Personals
Video Games
Brisbane Diarystar
Zoo Parent
Comment by jon
Orble News
Urban Hint
Blog Adviser
Jon's Bookmarks
Debate Battle
Orblepedia
Orble Notes
Sydney WeekendNotes
You may also need to add the email address admin -at- orblemail.com to your address book in order to receive Orble admin emails in the future.
Thanks,
Jon.
(Orble Admin)