Internet account security interview with Lee Jones

[Tuco]

[ QUOTE ]
Just curious, did they chip dump, gambool, or somehow cash out? If some chump hacked my accout for a joy ride I'd be pissed. If party sent my money to fort worth or some such I'd be furious!


[/ QUOTE ]

He's not sure, as party won't repond to his requests for all the hh's but likely that he was joyriding.

[ QUOTE ]
ps. How can we get your show on the internets?

[/ QUOTE ]

The show is streamed live Sundays from 10pm to midnight PST at www.team1040.ca

Also, the archives can be found at my site. See my profile.

Tuco.

[Losing all]

I don't understand why they wont help him figure it out, clowns. Thanks for the info

[gambelero2]

don't they send you an email notifying you of a withdrawal from your account (Party hack thing).

[Tuco]

[ QUOTE ]
don't they send you an email notifying you of a withdrawal from your account (Party hack thing).

[/ QUOTE ]

It was obvious from the last 100 hh's that he ordered that the culprit was on a joyride.

Tuco.

[Freudian]

Topics to ask about.

1) The blackmail attempts. Even though he won't go into specifics it is an interesting topic.

2) PS specific. Ask how they protect players from account hijacking. For example if I have played on PS from Sweden all the time, would someone from China be able to log on and play on my account. If yes, why?

[RPMick]

[ QUOTE ]
For example if I have played on PS from Sweden all the time, would someone from China be able to log on and play on my account. If yes, why?

[/ QUOTE ]

Because people like me, play from Japan where they live. Return to the states for business and vacation, go off to other parts of the world on business, and play poker online the whole way.

It's not often easy to just pick up a phone and verify my identity every time I land in another country.

PW management is key. Whoever hit on it with the sarcasm is very much correct. As long as sites have processes in place to identify x number of unsuccessful login attempts, a strong password should be all you need.(BTW, sites that limit special character usage in PW's are ridiculous)

The hypothetical, got your computer, got your pw, got your life thing is very unlikely. Especially for people who exert the slightest of protective measures.

My main concern is the larger target, the sites themselves. It's much easier to find and attack a site than it is an individual. Are they obligated in any way to protect your money? Are they required to notify you when your account may have been fraudulently accessed? Do they have a moral obligation to make their security efforts publicly known? Would that even be a good idea?

It's a very interesting topic and one that always catches my eye when brought up.

[Freudian]

[ QUOTE ]
[ QUOTE ]
For example if I have played on PS from Sweden all the time, would someone from China be able to log on and play on my account. If yes, why?

[/ QUOTE ]

Because people like me, play from Japan where they live. Return to the states for business and vacation, go off to other parts of the world on business, and play poker online the whole way.

It's not often easy to just pick up a phone and verify my identity every time I land in another country.

PW management is key. Whoever hit on it with the sarcasm is very much correct. As long as sites have processes in place to identify x number of unsuccessful login attempts, a strong password should be all you need.(BTW, sites that limit special character usage in PW's are ridiculous)

The hypothetical, got your computer, got your pw, got your life thing is very unlikely. Especially for people who exert the slightest of protective measures.

My main concern is the larger target, the sites themselves. It's much easier to find and attack a site than it is an individual. Are they obligated in any way to protect your money? Are they required to notify you when your account may have been fraudulently accessed? Do they have a moral obligation to make their security efforts publicly known? Would that even be a good idea?

It's a very interesting topic and one that always catches my eye when brought up.

[/ QUOTE ]

Of course people like you, who are globetrotters, can contact PS in advance telling them that you will play from different countries. Then they know it is you and not someone who is looking to steal from you.

Problem solved.

[smoore]

There could also be an onion of security with password, location and MAC address all being part of it. If I don't want to use the MAC security (because I log in from different computers in the same location) I uncheck a box in preferences. If our globetrotting buddy always uses the same laptop but does it from different locations then he can leave the MAC security in place and disable the location security.

Dont' forget, both of those security measures are easier to defeat than strong passwords.

edit: oh yeah... definitely need to limit failed login attempts too.

[Freudian]

My main point is that people who play poker as bad as many do won't protect their computer but instead happily open any mail-attatchment they see. Some need to be protected from themselves, especially since they also are the most likely ones to panic and mail their congressman if they get ripped off. So extra layers of protection for these players is something that doesn't have to be all that advanced but makes their online experience much safer.

I am much more worried about the general perception of online gambling security than we me personally getting ripped off.

[MicroBob]

UB just sent me a friendly e-mail 'reminder' that it's time to change my password. They have been focusing a bit more on this password management thing lately.



Three things my bank does that pokerstars or any other site could do to help protect their players from hackers/phishers as well as themselves:


1 - Every few weeks it FORCES me to change my password. I have to type in the old-password to log-on and then, after that, it tells me that it has been a few weeks and I am not allowed to do anything until I enter a new password.
It's a pain if I forget to write down the new password and have to call the bank to say that I forgot it already...but it's a measure I appreciate. This is my money afterall and I'm glad my bank is doing what they can to protect it.


2 - I am FORCED to use both letters and numbers in the password. So something like "Robert" just won't cut it.


3 - If I don't completely remember my password it will only give me 3 or 4 tries to get it right before it freezes my account and requests that I call customer-service.
I don't know about Stars or Party....but if a password-phisher gets an unlimited number of tries to get it right that's just a recipe for disaster.
If they aren't freezing an account after the 3rd or 4th try to get the password correct I think it is something they should strongly consider doing.

----------------------------------------


Another idea I have would involve the site allowing you to know when someone attempts to log-on to your account.

First - if someone attempts to log-on with an incorrect password I should get an e-mail notification of this.
If it was me that was trying to do that then it wouldn't worry me anyway.
If it was someone else then I have a right to know and can alert the site that someone OTHER than me was trying to get onto my account (they could even block the ISP that was used from EVER being able to access that site again if I requested).
I can also change my password again IMMEDIATELY if I learn of this happening.



Also - Just a list of times that my account was successfully logged onto. It wouldn't have to be too complicated. Something like the list that shows up under Cashier --> History.

If I can have a list of my deposits and cash-outs from the cashier page then having a list of successful/unsuccessful log-on attempts shouldn't be too difficult.



I realize that some of these measure would be a huge pain for some of the sites to implement.
But I don't like thinking that there are people trying to get onto my account who just haven't figured out the password (yet) and I think I have a right to know if someone is trying.

If sites are TRULY serious about online-security and password-safety, etc etc then I think they should seriously consider taking measures like this.


Feel free to use my 2+2 handle in your radio program if you like and/or want to reference any of these ideas.

Thanks,
Bob