Being smart with computer security.

jedi · #1 10-05-2005, 04:30 PM

So, in THIS thread, we hear about someone who got their passwords/username/poker accounts compromised and lost a tidy sum of cash. For all you internet savvy players, what's the best way to protect ourselves from this type of hacking. I'm tempted to change all my passwords around when I go home tonight.

StevieG · #2 10-05-2005, 06:00 PM

[ QUOTE ]
So, in THIS thread, we hear about someone who got their passwords/username/poker accounts compromised and lost a tidy sum of cash. For all you internet savvy players, what's the best way to protect ourselves from this type of hacking. I'm tempted to change all my passwords around when I go home tonight.

[/ QUOTE ]

That thread is really good so far about discussing the specifics of the exploit. To learn more go there. But here are some suggestions in general that you can put to use.

If you use publicly accessible machines, do not visit password protected sites. I have to put this first because it is so damn true. Not even the strongest password creation and maintenance can protect you is someone can look over your shoulder as you type it.

Hardware key loggers are cheap and small, like this one. Software key loggers are even freely available. Assume that someone can catch your password.

If you like to check email on the road and you do not have a Blackberry or laptop, get a separate email account for business related items and do not access it from unknown machines. Ever. Get yourself a Gmail account or whatever, and change banking, poker accounts, etc., to all use this new exclusive account, and only access it from places you trust.

Make sure communication that sends a password you care about is encrypted. That usually means a padlock somewhere on your browser. Note 2+2 is not secure. So make sure your password here has nothing to do with what you use elsewhere.

Changing passwords every once in a while is certainly not a bad idea, as long as you don't wind up losing them or compromising good passwords because you change them so often and forget them.

For passwords, avoid dictionary words, names of sports teams, names of kids, etc. Too easy to guess. If I am not incorrect, the Paris Hilton cell phone hack used her pet's name which was broadcast on her reality TV show.

Keep them long, somewhat random, and get some special characters in there. A nice way to do this is to make up a personal substitution. For example, make { stand for taco and % for burrito. Now you can think of a phrase like "Man, do I love the burritos at taco bell." and change this to M,dilt%@{b Then for another place you can use "Taco Time has lousy burritos" and make that {thlousy%.

Use different passwords for different places. I know it's tough, but using a convention like that above can help "I use Party money to eat tacos" for instance is "IuP$2eat{" and is not a bad password.

You can check password strength at sites like this.

CountDuckula · #3 10-05-2005, 06:04 PM

1. Anti-spyware. I use Ad-Aware and Spybot Search & Destroy. It's best to have more than one, as one may catch a threat the other misses. Run scans frequently, at least weekly, daily is better.

2. Firewall. I use ZoneAlarm Pro. I think it's one of the best, if not the best, out there. It prevents unauthorized programs from accessing the Internet; every time a program tries to do so, ZoneAlarm will pop up and alert you, asking whether or not to allow it (and giving you a box to check if you want ZA to remember the answer, and not bother you again). If you don't have any idea why it's doing what it's doing, deny access. If it has a legitimate reason, you should be able to find out what it is, and decide from there. I also use a router, with built-in NAT (Network Address Translation); my router's IP address is exposed to the Internet, but my computers have IP addresses assigned by the router (via DHCP), so there's no direct route to my computer from the outside.

3. Anti-virus. Pick one; I happen to use Norton, but ZoneAlarm has its own built-in. And there are many others; you can check out back issues of PC Magazine or PC World for advice (they tend to do a comparison once or twice a year). Your local library should have these, or some other computer magazine.

4. Password security. If the site allows non-alphanumeric characters, use them. A password like "R#v*&zkyJ34!" is much harder to crack than "george". Use a password keeper if you can't remember them (then don't forget your master password!). I typically create passwords based on something I know, like the first letter of each word in the first line of a poem, then do some massaging. For instance, you could use "Mary had a little lamb", yielding "Mhall" (too short, but this is just an example), and then convert it to "Mh@l1"). Subtitute song lyrics, a favorite book, the initials of your teachers from first through 9th grades, whatever. Just make it something you can remember, even if you have to work a little to extract it. Use multiple passwords; do not use the same password for every site.

-Mike

StevieG · #4 10-05-2005, 06:22 PM

Using a firewall, antivirus software, and spyware checking are all prudent.

So is securing your browser. An easy way to do this is to use Firefox with the default security settings. Let's not make this a holy war, folks, I have no grudge with Microsoft, I also know Mozilla has been caught with their pants down. But as far as making it easy for people by using a browser that by default is more secure, Firefox wins.

IHateKeithSmart · #5 10-05-2005, 06:30 PM

[ QUOTE ]
Using a firewall, antivirus software, and spyware checking are all prudent.

[/ QUOTE ]

Good advice. Add onto this patching. I'm assuming 99% are using windows, so turn on automatic updates. MS releases their patches on the 2nd tuesday of every month.

Go here for some more basic advice on locking down your personal computer.

rlr · #6 10-05-2005, 11:28 PM

If you use a password safe like KeePass or PasswordSafe then you really should secure it with a pass-phrase and not a password.

Check out DiceWare for a neat way of creating a memorable passphrase. Certainly you can use a different dictionary then they have provided.

MyMindIsGoing · #7 10-06-2005, 02:47 AM

I think the whole thing is bs. First of all it was his MAIL ACCOUNT that was hacked not his computer. Via that they got his password for his account. So either he stored his pass there [why would anyone do that?] or they used the account to mail party for a new pass [this is why passwords are better sent via regular mail]. Hotmail been hacked several times before and should never be used for stuff like this. I do not feel sorry for him at all.

As soon as somthing like this happens everyone talks about getting firewalls, antispywhere and stuff. It is not needed if you set up your computer correctly and do not do stupid things (like clicking on every file you get on email and so on). The only securitything worth having as far as I am conserned is a good virusscanner. I only use mine to scan downloaded files. Having a resident scanners just sucks the life of any computer and does nothing good.

Terry · #8 10-06-2005, 05:57 AM

[ QUOTE ]
it was his MAIL ACCOUNT that was hacked

[/ QUOTE ]

and just about everything I can think of that requires a password also has a function somewhere called something like “Forgot your password?” that will email your password to your email account. That means that if someone has/gets your email account password he can get the passwords to ALL your other online accounts.

“uR!6l#3Gh” is a password. “Biteme" is asking for big trouble and you’d better change it right now ... all three of you.

MyMindIsGoing · #9 10-06-2005, 06:17 AM

[ QUOTE ]
[ QUOTE ]
it was his MAIL ACCOUNT that was hacked

[/ QUOTE ]

and just about everything I can think of that requires a password also has a function somewhere called something like “Forgot your password?” that will email your password to your email account. That means that if someone has/gets your email account password he can get the passwords to ALL your other online accounts.

“uR!6l#3Gh” is a password. “Biteme" is asking for big trouble and you’d better change it right now ... all three of you.

[/ QUOTE ]

Yes that is what I was saying:
1. Hotmail is very unsecure
2. Passwords to important stuff like pokeraccounts should be sent via regular mail, not hotmail.
3. Most people being scammed or getting robbed like this made some mistake before it happened. His problem was chosing a bad email provider.

Also minimizing how much you got "online" will minimize the loss incase something happens.

StevieG · #10 10-06-2005, 10:52 AM

No doubt, this exploit the combination of poor practices by Party and poor security in Hotmail hurt this guy. But you can't blame this user for having whatever amount in his account. He might play high limit.

Also, the original thread is the place to discuss the particulars of that case. The OP here wanted to know what good security practices are.

That said, I agree with you that trying to treat the disease (using ant-spyware, firewalls, etc.) is not as good as preventing it (not using exploited services like Hotmail and IE, not downloading untrusted software, disabling unwanted services, etc.). It's a good message that can't be overemphasized.