This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Live
PTR
10.2.7
PTR
10.2.6
Beta
How to not be "hacked"
Post Reply
Return to board index
Post by
twsX
you should go with Opera or Google Chrome.
I don't reccomend Opera, but Chrome is a good safe browser. They recently had a meet up and the first ones to exploit every major browser went home with a prize, first to go was IE (no surprise there), then Safari, Firefox. Google Chrome didn't even get exploited.
Opera has the cleanest record of existing security vulnerabilities and response times for all browsers on Windows.
Post by
316127
This post was from a user who has deleted their account.
Post by
twsX
Or you could just use linux..
WoW on Linux, by now, works quite OK. But it's stilla big hassle, and close to impossible for people who are not familiar with Linux/UNIX systems.
Post by
410279
This post was from a user who has deleted their account.
Post by
108376
This post was from a user who has deleted their account.
Post by
TheReal
Ah yes, twsX. I was mistaking Javascript for a Java applet. Will get this corrected.
I seriously recommend you do not do that.
This is close to as careless as giving your password to a friend of yours.
Since I have to dig the file up every time I want to log on, it's really not that careless. I don't keep the .txt file anywhere near my WoW directory. Perhaps I should clarify that.
Also, clicking random spambot links, bad bad bad.
I thought that point was covered in the first two articles I linked, but maybe not. Very good point! I'll have to add that in somewhere. I'll also add in an explanation about why accounts are not generally "hacked."
Edit: On second thought, I believe I'll leave out the explanation about why accounts are not "hacked." We have 3 categories that summarized the only possible attacks on WoW accounts, and the last, to my knowledge, has never occurred. People either voluntarily or involuntarily give up their account information so some bad guy can use the account; when this happens, it is a case of an account
hijacking
and nothing more or less.
Post by
267241
This post was from a user who has deleted their account.
Post by
TheReal
Flurrius is correct. Brute force is likely not worth the effort since it would probably take forever, but we still choose to protect against it.
Just wanted to bump this up because of the added new information.
Secunia PSI
was added to the list of things to help us protect our accounts.
Post by
Quintuple
Just a few things: firstly, if you have WPA-2 as your wireless network security, there's currently no-one in the world who can hack into that network (at least, not that is publicly know). WPA can be hacked in roughly 12-15 minutes (
http://dl.aircrack-ng.org/breakingwepandwpa.pdf
), but it's better than WEP, which is pretty much only useful to keep your elderly neighbors out.
On the topic of browsers, I don't know which browser has the least security issues, and I'm not sure if anyone knows the answer
for sure
, but personally I recommend Firefox with NoScript, combined with the patience to keep everything blocked and allow only what you really want and deem safe (which also requires some common sense). If then Java, Flash or other plugins turn out to be exploitable again, you will most likely not be affected by it.
Then about brute forcing. I'm not sure if you'd get suspended if you use a wrong password too many times, it's more likely there's a timeout on the passwords, so that you can only try out a passwords every few seconds. I'll explain why that's enough.
A World of Warcraft password can be at most 16 characters in length and can consist out of the characters 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"#$%'. That's 26+26+10+5=67 characters to choose from.
Suppose we make a password like this: we make a list with all the above characters numbered from 1 to 67, and then use say a calculator to generate 16 random numbers, then pick the corresponding characters to form the password. There are then 67^16 possible passwords, which is about 164890000000000000000000000000. Suppose you have a 1MBit up connection and are able to try 10000 passwords every second (an overhead of 100 bytes per password). It'd then take roughly 1250000000 billion years to try all passwords. If we can try only once every few seconds, it'd take 10000 times as much time, which usually makes dictionary attacks (trying all the words from the dictionary) unfeasible as well, which is why I deem a timeout likely.
Who'd be mad enough to remember such a password? I made mine like that. My brother got one too. No one will ever brute force our passwords. How do we remember? Start remembering the first 4 letters, then keep adding 4 more until you get to 16, then repeat it a hundred times. Log in every day. You'll never forget it again.
So, what if I start typing my password with 'paord', then click in the middle and fill it up to 'password'? Won't I be fooling all keyloggers then? You might be fooling basic keyloggers, yes, but not more advanced ones. For starters, if they know where the password is located on the screen, they can monitor your mouse to see where you added the rest. For the rest of this post, I assume the keylogger knows about the keyboard and the mouse, but not the position of the password box.
If the keylogger notices you press some buttons, then click somewhere, press more buttons and then press enter, it might try every possible combination, as there are only a few: if we use 'paord' -> 'password', we get 'sswpaord', 'psswaord', 'password', 'paosswrd', paossswd', 'paordssw', which are only a few passwords to check.
If you fill your password up like 'o' -> 'ao' -> 'aso' -> 'paso' -> 'pasor' -> 'pasord' -> 'passord' -> 'password', there are significantly more possibilities, but there are 'only' about 20930000000000 of them (if your password is 16 characters long), so a full strength password is way less likely to get hacked. If you'd have about a thousand computers trying your password at 10000 passwords per seconds, you'd have checked all possible passwords in a year and a half.
Also, any smart keylogger could notice if you use different patterns every time. Using 'paord' + 'ssw' -> 'password' first and then 'sword' + 'pas' -> 'password' leaves no doubt as to the actual password. So, if you decide to do this, be consistent.
About the deletion suggested before, if a keylogger notices you use the delete or backspace key after using the mouse, it could simply try cutting out all possible ranges from your total word, so 'pas
erahns
swo
aerg
rd' could be tried as 'pasrd', because the keylogger cut out the wrong part. There are only quite a bit less than 256 possibilities (taking an upper bound here, using 16 characters) to cut parts, which is easily doable as well.
The best medicine to most of the stuff discussed here is common sense, patience to do what is needed and the knowledge to do what is right. Most people lack all three.
Post by
241152
This post was from a user who has deleted their account.
Post by
Quintuple
Isn't this all a little paranoid? WoW is just a game. So what if someone steals both my 80s? It's always way more fun to start a new character than it is to play a level capped one.
Indeed, WoW is just a game. However, apparently a World of Warcraft account is worth more than a credit card (
http://news.bbc.co.uk/2/hi/technology/6526851.stm
, about 2/3 downwards in the article) according to Symantec, so, I guess you can say it's 'work' for some people (the hackers).
Some people do like a capped one better than starting a new character, so this thread is probably more useful to them than to you.
I've played WoW for almost two years, and never had a problem with my account getting hijacked, neither have any of my WoW-playing buddies.
Good that you managed to keep them safe during those two years. I think most people manage not to get hijacked and others are just plain lucky, but if it happens, people lose a lot of 'time investment', and that's usually a sad thing.
Do keep in mind though: those two safe years are not going to protect your account. It's not like your account becomes safer if you are not hijacked after a long time, indeed it might get less safe because people get better ways of hijacking your account.
PS: nothing against you personally Genericusername, if you like how you are managing things now, keep doing so, I just took the opportunity to take a few quotes from your post to illustrate a couple of points I wanted to add to this thread.
Post by
Dragonzero
Way to Go ... brother!
man i have read many diff way from hijack can do. they did stole my account long ago by keylogger. Then my bro TheRealArkayn got idea by use 10 days free trail and saw my toon is online then still runnning in Auchindoun: Shadow Labyrinth as gold farmer.
About couple weeks later then i got my account back and then next i doubt.
so im surpise at TheRealArkayn posted it right now and i agreed
must
get some protect the computer from hijack.
so Gratz to my bro TheRealArkayn on sticky! /cheer
Post by
2087
This post was from a user who has deleted their account.
Post by
TheReal
Shameless bump because of a few instances of new "QQ I'm haxzored!" threads.
Post by
Socksabox
You can get McAfee free if you have Comcast internet!
http://us.mcafee.com/root/landingpages/affLandPage.asp?affid=101&lpname=16891&aco=0&cid=52163&siteID=hb8b9fS/4gg-ccOtbBSZ33fffsH9PGSLjA
Post by
caboosefanatic
To the people saying use AVG and/or other free programs, would it be possible for you to put up links? I remember when I downloaded AVG I couldn't find the free version on their site (basically give us good links so some person doesn't search it on yahoo and clicks a fake site)
Also if you are going to say this free/payed for anti-virus program is better than this one, PLEASE say why.
So wait, looking at porn is bad now? dammit >.>
Post by
TheReal
Links for
Avast
,
Avira
, and
AVG
are all about halfway down the first page, but they're also linked again here for your convenience.
(The link to AVG takes you to CNet, which is where the link from the AVG page will take you.)
Post by
caboosefanatic
ah oops lol, must of forgot about it hehe
Post by
158888
This post was from a user who has deleted their account.
Post by
Croco
ok so my account was stolen. can I post here to ask advice? I know that mailing blizz didn't get me anywhere, it's almost like they don't care!
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.