Scared of having your account hijacked?

[Dawnmaster]

And what's the deal about these keyloggers anyway? Unless you download something (that is NOT fishy) you can never get it on your computer, right?

Actually...

If you have an insecure browser, or have not kept up with windows security updates, someone could use (among other things) java or activex to exploit the holes and download something on to your computer without you doing more than visiting their website. That's how most people get browser hijacked or end up with pop-ups.

So? As long as you stay on official websites only (this one excepted) you can't hurt yourself? Why would one go to fishy websites in the first place? To buy items, to join a fishy clan, to download programs?

That's nice. What does my post count say?

I assure you there is no keylogger on my computer, or the idiot that hacked me, would have hacked my good account and not the one I keep my garbage on. Plus I go nowhere NEAR any 3rd party sites.

It IS possible to get passwords. I have no idea how. I am left to assume they brute force them from time to time.

If blizzard would just make a number limit on number of failed logins before a 15 minute ban, it would help a bit.

I don't use the same passord for my account as for any forum.

Postcount says nothing, joindate says it all (newcommers with 1000 posts are still newcommers if their year is 2006)

Bruteforcing seems hard to believe, since that would require eons of attempts, I assume someone knew your password.

I'm not sure what you mean preciselly by 'number limit' though?

I'm not 100% sure this is in response to my post, but it looks like it is to me, so...

His "postcount" was a reply to my reply about newcommers here are often the ones that are getting hacked (with which I mean the 2006-2007 joiners)

 

[Athelstan]

Postcount says nothing, joindate says it all (newcommers with 1000 posts are still newcommers if their year is 2006)

What does post count or join date have to do with anything? I guess you didn't see this thread. Anyone can be hacked, at anytime, if someone wants to hack you bad enough.

 

[swish]

that's just crazy, why don't you just get a good firewall and change your pw every 1-2 months?

 

[Anumati]

So? As long as you stay on official websites only (this one excepted) you can't hurt yourself? Why would one go to fishy websites in the first place? To buy items, to join a fishy clan, to download programs?

Generally speaking, you're right. But just thinking you can't end up with bad stuff on your pc unless you actually do something is false security. Say for example someone manages to crack the Diabloii.net website, or the forums, and adds something like this, but you are not patched for it.

It would be at least a couple of hours before the admins were alerted and managed to do anything about it. That's assuming that whoever it was did anything really obvious. How often do they check the source for the front page? So there's you not going to any fishy websites, but only to one you "know" is safe.

 

[Armor_Biff]

If my account was hacked/stolen then I would have a good reason to spend more time on Xbox Live.

:goofy:

 

[Dawnmaster]

What does post count or join date have to do with anything? I guess you didn't see this thread. Anyone can be hacked, at anytime, if someone wants to hack you bad enough.

Seen it, read it, and that was West, I'm from Europe.

Sure, if someone actually wants to hack you, I guess they can hack into Blizzard and steal everything from anyone, but that would be the same as walking into a National Bank with a single gun and a plastic bag, and demand that they put all their gold in the bag and you expect to leave that place?

Generally speaking, you're right. But just thinking you can't end up with bad stuff on your pc unless you actually do something is false security. Say for example someone manages to crack the Diabloii.net website, or the forums, and adds something like this, but you are not patched for it.

It would be at least a couple of hours before the admins were alerted and managed to do anything about it. That's assuming that whoever it was did anything really obvious. How often do they check the source for the front page? So there's you not going to any fishy websites, but only to one you "know" is safe.

If anyone manages to hack this site, I guess it's not so offensive as hacking into Blizzard, but I'm guessing no one is stupid enough to actually try it, because of the consequenses? See the answer above your quote here?

And if someone would put that weird site you just displayed, I'd either not click it, or if I get directed to it automatically when doing stuff here, I'd just click it away, it doesn't even seem interesting?

Anyway, if I were to prepare to defend myself against that, I might as well take precautions in real life that terrorists are gonna drop a nuclear bomb unless I give them my car or something?

Who would go through the troubles of trying to pull this off, just to get some virtual items on a game that won't last forever?
And let's not forget that person will most likely not get away with it.

 

[AnimeCraze]

If anyone manages to hack this site, I guess it's not so offensive as hacking into Blizzard, but I'm guessing no one is stupid enough to actually try it, because of the consequenses? See the answer above your quote here?

If you haven't noticed already, hacking into a poorly protected server is awfully easy, and I have a strong suspicion that purediablo.com is a poorly protected server. It might just happened that a bot compromised the site's server by accident, and the hacker looking at the logs thinks he got something useful (which probably is true). I have been to a good talk once about how easy it is for many machines to be compromised.

And if someone would put that weird site you just displayed, I'd either not click it, or if I get directed to it automatically when doing stuff here, I'd just click it away, it doesn't even seem interesting?

You should look at it very, very carefully. Read the vulerability details, and convince yourself that it is indeed possible to have a keylogger on you even if you don't download anything at all. The site itself, of course, is safe, and as you noted, not very interesting (well, it's from Microsoft, what do you expect?). Anyways, it's a description of a famous series of operating system they have that has a bug in one of their programs that makes opening an image dangerous. They patched it, of course, but there is no gaurantee that this is the last bug from that operating system, and I also have a strong suspicion that it is not (*cough, cough*). Unless you are not using that operating system, you could have been infected by a bot without you knowing or downloading anything.

There are also other ways to hack as well, and some of them can be pretty easy, if the scripts are poorly coded. (XSS, anyone?)

I agree the whole security typing might be overkill, but using the same password (or similar password) on this site as your bnet login is clearly dangerous. I would also agree that it is indeed possible for someone to get a keylogger onto your computer with a non-perfect OS (not even Linux is completely immune).

Edit: I have even seen a demonstration of how someone can open Notepad (or a bank account password stealing trojan) on their computer by just looking at an image. FYI, there were several bank account lost by the above exploit.

 

[Anumati]

Also, I should mention that the penalties for "hacking" a site like purediablo.com would be quite bad, assuming of course that the "hacker" is somewhere they can be got to. So a script kiddie in Uzbekistan or somewhere is probably pretty safe from legal consequences. Especially if they don't do anything that actually costs anyone money. Also assuming they are too dumb to cover their own trail and can be found at all.

Also, there is a huge difference between preparing for nuclear attack, which has happened what, twice in the last century? Vs. trying to make your pc secure against exploits and malware, which you can verify how common those are by just googling up some web security or tech help forums and counting the "omg help my computer is infected" threads.

AnimeCraze already pointed this out, but let me also emphasize this as well; "hacking" your way into a game server to extract stored password and account information is a rather different beast than downloading a VBB crack and some homebrew backdoor apps or whatever, and then using them. Any reasonably bright and determined 13 year old can do the second of those, and lots of them do.

 

[AnimeCraze]

Actually, I have heard evidence that the first one isn't too hard to do as well, depending on the server. Since the speaker was willing to give a public talk on it, I would take it as good evidence. (though I would assume, hopefully, Blizzard server has protections against that)

@Dawnmaster: I think we have chatted in PM saying that getting a trojan or whatever on your comp was impossible, on a theoretical OS, as long as you don't do things stupid. There is one thing I have found out though, is that some certain OS are far from perfect.

 

[Anumati]

You're probably right AnimeCraze, I'm just going on the theory that it's a lot easier to find cracks for forums and websites than game servers.