Today there was an unauthorized transfer from my account and I had to contact Party support who did a great job taking care of it, got the money right back in minutes. The guy said the account the money was transferred to had no name or address assigned to it, and that it was made just to get the cash from my account (don't know how they would then get it, but anyways). I just re-upped my Party account after a year or so of inactivity to go after the bonuses. I remember a couple of days ago it mentioned me being logged in from another computer (I was drunk at the time and had party running but I wasn't playing. Meant to make a note of it!) I played party at a buddy's place about a year ago (same PW) so that's a possibility since he plays but sucks at poker and I don't talk to him much, but I'm also on a wireless internet connection. Have any of you guys had problems with security of your account, specifically with wireless internet? Basically I'm going through and changing all my PW's right now and am going to read up on wireless security.

[ QUOTE ]
I remember a couple of days ago it mentioned me being logged in from another computer (I was drunk at the time and had party running but I wasn't playing. Meant to make a note of it!)

[/ QUOTE ]

This happened to me a few times and spooked me a bit. I changed all my passwords and it hasn't happened since.

I guess my first question is if you are running WEP/WPA encryption on your wireless router. However, even if you are not I would doubt Party sends their passwords in clear text across the internet. (Actually I will have to fire up a packet sniffer when I get home to check on this) But anyway I would doubt that someone got your username and password from sniffing your wireless connection. A much better possibility is either that your friend got it somehow or your PC has been compromised and a keylogger placed on it. The second option is more likely if you have an unsecured wireless connection.

Party uses OpenSSL with EVP encryption on both usernames and passwords among other things. I know this because I did experimentation to see exactly how secure their stuff is, and it is very secure. These are the only ways they can get your password:

a) Guess it
b) Hack your e-mail account and use that to recover it
c) You gave it to them
d) Install a keystroke logger on your computer

Trust me when I tell you they did not snoop it. I can get your password if I have a few hours to spend on your computer but I can't grab it out of the air. I would really not worry about your Wireless network I would instead worry about your e-mail accounts, post it notes, and your dictionary based passwords.

I'm getting a little nervous.

This happened to me on Party like 3 times in fifteen minutes about 1 month ago.

The message I receive was something to the effect of
"Your account is trying to be accessed from another computer...blah, blah."

The first two times, I closed all my tables and created a new password. The third time I got lazy and said forget it, thinking it was just some bug.

This has now been mentioned by a few other posters.

I think this weekend I will email Party asking them EXACTLY what triggers this message.

If I knew someone with a Party account I'd like to have them try signing on Party with my user name and then just type in any old password to see if I receive this message while I'm playing on Party.

I'm wondering if someone was just trying to make a random hack of my password.

The way I do it is to store all my passwords in a Word document protected by a passowrd (?safe). I then copy + paste this information whenever I access my Neteller account because keystroke loggers frighten the hell out of me.

Just a comment: I think Party ought to ask for a special password when you sign up, specifically for account transfers, and not allow it to be the same as your login password.

-Mike

One thing I've been meaning to ask for a while, but was hoping it would come up.

If you have a keystroke logger virus (or whatever it's called) and you type other symbols into another window in amongst your password, would the logger be able to tell the difference.
I'm aware that they could use some wit to work it out, but if it causes them enough trouble I figure they'd just go to an easier account.

Lori

Might it have something to do with playing 2 party skins at once? I remember the first time i signed up at a 2nd party skin(after fixing the key in regedit) i got an error message saying something like 'this user is already on the party network, account creation failed'. Then i'd try a second time with exact same details and it would work...wierd.

These keystroke loggers, do they get removed by anti-visrus software, by anti-spy software, or by both?

[ QUOTE ]
I played party at a buddy's place about a year ago (same PW) so that's a possibility since he plays but sucks at poker and I don't talk to him much

[/ QUOTE ]

You probably had "remember password" checked.

[ QUOTE ]
These keystroke loggers, do they get removed by anti-visrus software, by anti-spy software, or by both?

[/ QUOTE ]

I'd say anti-spyware is more likely to do it. Anti-virus might, but I wouldn't count on it.

-Mike

One thing to take into consideration is that there are hardware keyloggers.

It is a small piece that connects between the end of your keyboard cord and the keyboard inlet. ( Picture of one here, but I've seen them much smaller than that: http://www.amecisco.com/hkstandalone.htm )

It'd be hard to notice if most of your cords are in a tangled mess behind your computer or under your desk. And it'd only take someone a matter of seconds to connect.

Not such a worry if you're in your own home, but those living in dorms or sharing apartments with lots of people coming and going should take note!

This has happened to me, but it occurs during periods of bad connectivity. I believe for whatever reason Party thinks you're disconnected, reconnected, something with the order there, and throws up that message.

A keystroke logger will log EXACLTY what keys you've hit. Unless your keyboard is super weird and your symbols are different from a standard keyboard the logger will know that when your password is poker$ you input p-o-k-e-r-shift+4. Some loggers are probably sofisticated enough that even if your keyboard in non-traditional it knows what standard symbol you've input.

If I type p-o-k

then switch to 2+2 and type out a post and hit backspace a few times then switch back to party and type e-r that would be kind of hard to tell. (That's what lorinda was suggesting).

Good lesson. Don't play on other persons computers and be wary of WI-FI because it is not secure.

Good info amirpc. I figured at the least the username and password were encrypted. I'm guessing all communication between client and server are encrypted as well. Atleast it would make sense.

I didn't think about hacking an email account, good point.

I'll relate my experience with this problem, but first a couple of questions.

What is a keyboard logger?

What does WI-FI mean?

My problem was with Empire Poker. I would be playing along and then all of a sudden I would get disconnected with the error message that "I had just logged in from a different computer." I fired off an e-mail to Empire asking them "what different computer? There is no 'different' computer."

They of course answered in their usual brisk four-day turnaround. I then changed the password and within fifteen minutes I was logged off again! I changed the password again.

When Empire finally responded they said something to the effect that it was a problem on their end, yada, yada, yada. I wish I still had the e-mail. They don't answer the phone you know unless it's for pay-pro. They'll talk to you about money problems, but forget about anything else.

It has happened once or twice since then, and I have no idea what's causing it. I'm due to change my passwords again.

No money was transferred or lost, but the whole idea of it has left me feeling very paranoid.

There is an open-source project that is designed for this - much better than Word.

Check out:
Keep Safe (http://keepass.sourceforge.net/)

It uses some serious encryption. It has a good user interface for many different passwords. It allows you to copy passwords directly into the clipboard without visibily displaying them. It has a password generator that using mouse movements to create passwords like:
71K9K3jlpy9j6garceDZovStAi1f4abd

I don't know how different sites handle dictionary attacks on passwords, but if your password is:
riverking
boatman
luckyguy
royalflush
pokergod

Or anything that could possibly be guessed, you're at a real risk.


rabbit

There was a post about this sort of problem a few weeks ago (I don't hace the link handy but a search should reveal it) - someone emptied someone's Neteller into a random Pacicif Account.

Anyway there was a very useful discussion that followed about how to protect your computer, explaining what everything did and in easy language to boot for those of us less tech savvy.

A number of programs, most of which were free, were recommended and as a result since then I installed Keepass (does what Lorinda was suggesting but better and free), processguard, spybot & adaware. The only thing I had to pay for was processguard (and there is a free version too minus some of the features). Googling any of these terms should find you a download site.

Keepass is very easy to use but there's nowhere telling you how to use it so I had to ask in a thread where it was explained to me here:

http://forumserver.twoplustwo.com/showflat.php?Cat=&Board=inet&Number=1474207&fpart= 1&PHPSESSID=

Throw in a decent antivirus/firewall and I don't know anything you could do to make your computer more secure. I'm sure there's something but I don't know what it is.

Good Luck

Mackas

[ QUOTE ]

Throw in a decent antivirus/firewall and I don't know anything you could do to make your computer more secure. I'm sure there's something but I don't know what it is.


[/ QUOTE ]

You could unplug it.

Found it here:

http://forumserver.twoplustwo.com/showflat.php?Cat=&Board=inet&Number=1471432&Forum= ,,,,,,,,,f14,,,,,,,,,&Words=process%20guard&Search page=8&Limit=25&Main=1463424&Search=true&where=bod ysub&Name=&daterange=0&newerval=&newertype=&olderv al=&oldertype=&bodyprev=#Post1471432

In case anyone didn't notice I don't know how to do that cool underlined description of a link thing, the sort of check it out HERE thing. I'm not sure if a link as long as that above will work. If no it was a thread titled "Keylogging programs steal poker password" and started on 1st January 2005.

In particular RichRF's posts towards the end are good and include links to the relevant programs.

Good Luck

dang bro. use the url feature to shorten the links. this was an interesting thread now i give up on it.

If your are an a dialup, and your modem is hanging up and then redialing, it may be that you are connecting from a different IP address on your new connection, which the server software is interpreting as a different computer.