Forum Settings
       
Reply To Thread

Account security - what are you doing?Follow

#1 Sep 17 2013 at 5:07 PM Rating: Excellent
24 posts
Hi all,
Years ago, my FFXI account got hacked. I was fully decked out, back when the lvl cap was 75 and having 3-4 prices of AF2 was "Godly."
I'll never forget how hopeless I felt, and when I did get back in, seeing ALL my gear dropped (dropping AF2 etc is just plain cruel!). They offered the "one time account restore" and I've been paranoid ever since.

Anyway, there were a bunch of threads on the (crap) OF about ppl getting hacked in 14 and CS doing nothing about it.

So what's your plan for account security? I use a token, NEVER visit any ffxiv related Website from my PC. ONLY visit FFXIV sites from an iOS device or my Mac, and STILL I'm paranoid to use the PC and been sticking with the PS3 for the past 2 weeks.

I'm traveling on business soon, and will need to use the laptop to play. Am I taking this too far? What are you guys doing?
#2 Sep 17 2013 at 5:37 PM Rating: Excellent
**
576 posts
Aside from using a security token, some tips:

  • Keep your OS/Browser up to date
  • Uninstall Java unless you have a specific need for it
  • Make sure UAC is enabled for Vista/Win7/Win8
  • Use an antivirus and keep it up to date (I like Microsoft Security Essentials, and it's free)
  • Consider running NoScript is you use Firefox
____________________________
FFXI, Siren: Pickins BST99.:~:.BLM75.:~:.RDM56
FFXIV, Siren: Miss Pickins - Builder of the Realm
#3 Sep 17 2013 at 5:39 PM Rating: Good
Avatar
*
137 posts
I have had a token since they first came out in FFXI.
I also have a password which is unique to SE account- I don't use it anywhere else on the web.
I only visit Zam and the official forums.
I play on PS3 and browse on my PC.
I never respond to emails that tell me my account is compromised and to go here and enter my name and password.
The funniest of these emails was for a Diablo 3 account for a game I never purchased = all I did was create a Battle Tag for the forums.
So it seems some forums are easy to hack and anyone who uses their actual game log-in are very vulnerable.
Oh and I use Firefox with noscript and addblock plus enabled

Edited, Sep 17th 2013 7:41pm by KissMyPixel
____________________________
FFXI: Kiyaya :Siren:
99 WAR/RDM/BLM/BRD/PLD/NIN/DNC/BST/MNK/SAM

FFXIV: Kiya Sirenia : Siren:
DoM: 37 Arcanist, SMN and SCH 15CNJ 15THM
DoW: 13MRD 12PUG
DoH: 45WVR 45BSM 45GSM 44CUL 40ALC 40CRP 39LTW 39ARM
DoL: 50FSH 47MIN 47BTN
#4 Sep 17 2013 at 5:41 PM Rating: Excellent
Needs More Smut
******
21,262 posts
#1 Update your AV software
#2 Security token, security token, security token
#3 Don't use unsecured free Wi-Fi. At a hotel it should be okay since you have to have some sort of authentication to use the free wi-fi, but don't go wardriving in the hopes of playing XIV because it's not safe. Airports are particularly dangerous. Pay the $20/day Internet blood money for Internet if you have a long layover, or abstain

In summary, surf smart and be proactive and you should be fine.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#5 Sep 17 2013 at 6:05 PM Rating: Excellent
24 posts
Thanks guys!!! Actually, I did not think about the "free wi-fi" at the hotel I'm staying at, and will be using my personal hotspot while away.

Pickins, you're killing me!!! I'm a Java development manager :), but I deffinatelly hear ya on java security concerns, but the JRE/JDK 1.7x has proven pretty secure =) just make sure you upgrade when it asks you =). Funny comment though, the business trip I'm going to is the anual Java One conference LOLOLOL! I'll HAVE to bring this up!
#6 Sep 17 2013 at 6:23 PM Rating: Excellent
***
3,530 posts
First I make my password something so complicated I can barely remember it.
Then I get a security token.
Then I kind of rub the security token on my ****, you know, so nobody else wants to touch it.

Been working perfectly for almost ten years.
____________________________
"... he called to himself a wizard, named Gallery, hoping by this means to escape the paying of the fifteen hundred crowns..." (Machen 15)

"Thus opium is pleasing... on account of the agreeable delirium it produces." (Burke para.6)

"I could only read so much for this paper and the syphilis poem had to go."
#7 Sep 17 2013 at 6:33 PM Rating: Good
24 posts
KaneKitty wrote:
First I make my password something so complicated I can barely remember it.
Then I get a security token.
Then I kind of rub the security token on my ****, you know, so nobody else wants to touch it.

Been working perfectly for almost ten years.


Lol! But a good point here (not the **** thing) I just thought of. If SE is STILL using DX9, they are likely still using NTLM for authentication. Having a "long" password, of 15 characters, will eliminate the possibility of a reverse hash. Time to make my password 15 + characters (and watch they are using Kerberos or better lol...)
#8 Sep 17 2013 at 6:53 PM Rating: Excellent
**
438 posts
I wasn't gonna get a token, but seeing all the people in the cities who are now nothing more than bots, I bought one immediately. It should be in the mail soon. It's as if these players have been assimilated by a Chinese Borg.
____________________________
Star Swirl on Behemoth AKA Best-hemoth AKA The Cool Kid's Table----60AST, 60WHM, 60SCH/SMN, 60BLM, 60MNK, 38 PLD, 34DRG, 31NIN, 27MRD
FFXI- Derpypony on Asura
Check out the Dream Network, a Twitch.tv community for XIV fans, featuring notable streamers like Mr. Happy, MTQcapture, Rahhzay, and Slyakagreyfox! http://dreamnetwork.tv/forum/index.php
Then maybe check out myself, EquestriaGuy, on twitch at http://www.twitch.tv/equestriaguy


#9 Sep 17 2013 at 7:02 PM Rating: Excellent
**
576 posts
thatguy9927 wrote:
Thanks guys!!! Actually, I did not think about the "free wi-fi" at the hotel I'm staying at, and will be using my personal hotspot while away.

Pickins, you're killing me!!! I'm a Java development manager :), but I deffinatelly hear ya on java security concerns, but the JRE/JDK 1.7x has proven pretty secure =) just make sure you upgrade when it asks you =). Funny comment though, the business trip I'm going to is the anual Java One conference LOLOLOL! I'll HAVE to bring this up!


As a software dev (mostly .Net), I have no problem with in-house java apps or those that are run server-side. I just don't trust the JRE to run 3rd party apps/applets safely. IMO, Oracle has really dropped the ball after they took over for Sun.

FWIW, I uninstalled Java from all my machines at home and my dev workstation several months ago, and haven't missed it (other than for Dells crappy DRAC controller app). Should I encounter something that I need that requires it, it's a quick install. In the mean time, I'm not susceptible to any number of zero-day exploits that may be in the wild. (http://java-0day.com/)
____________________________
FFXI, Siren: Pickins BST99.:~:.BLM75.:~:.RDM56
FFXIV, Siren: Miss Pickins - Builder of the Realm
#10 Sep 17 2013 at 8:51 PM Rating: Excellent
24 posts
Pickins wrote:
thatguy9927 wrote:
Thanks guys!!! Actually, I did not think about the "free wi-fi" at the hotel I'm staying at, and will be using my personal hotspot while away.

Pickins, you're killing me!!! I'm a Java development manager :), but I deffinatelly hear ya on java security concerns, but the JRE/JDK 1.7x has proven pretty secure =) just make sure you upgrade when it asks you =). Funny comment though, the business trip I'm going to is the anual Java One conference LOLOLOL! I'll HAVE to bring this up!


As a software dev (mostly .Net), I have no problem with in-house java apps or those that are run server-side. I just don't trust the JRE to run 3rd party apps/applets safely. IMO, Oracle has really dropped the ball after they took over for Sun.

FWIW, I uninstalled Java from all my machines at home and my dev workstation several months ago, and haven't missed it (other than for Dells crappy DRAC controller app). Should I encounter something that I need that requires it, it's a quick install. In the mean time, I'm not susceptible to any number of zero-day exploits that may be in the wild. (http://java-0day.com/)


I have .net guys in the group too =)
Regardless of your language, you'll enjoy this hit on Java!
javaapocalypse!!!!!!!!!
http://youtu.be/E3418SeWZfQ
#11 Sep 17 2013 at 8:59 PM Rating: Good
Needs More Smut
******
21,262 posts
mmmm java

I'm kind of sad that I'm an analyst for a team that's working in .NET and a few other things and not Java, because I can fiddle around a bit in Java myself (had to get through 2nd semester of Java server-side for my master's degree in Internet programming.)

That video was hilarious.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
#12 Sep 17 2013 at 10:05 PM Rating: Good
Avatar
*
87 posts
All of the above plus.

Run a full scan of your laptop before you head out on your trip. Also you can download Malwarebytes http://www.malwarebytes.org/ and run an additional scan of your laptop.

If your feeling really paranoid there is also Superantispyware you can also install http://www.superantispyware.com/.

A layered defense is the best defense.

AV software is going to be a matter of preference so here's a link to AV-Comparatives. http://www.av-comparatives.org/comparatives-reviews/ You can decide for yourself which AV best suits your needs.

Have a fun trip. Smiley: grin
____________________________
Forever peeking up skirts.
Gungii

RDM75, WHM38, BLM37
Level 81 Cooking
Level 19+4 Fishing

#13 Sep 17 2013 at 10:30 PM Rating: Decent
Scholar
***
1,824 posts
KissMyPixel wrote:
The funniest of these emails was for a Diablo 3 account for a game I never purchased = all I did was create a Battle Tag for the forums.

I never played WoW, and received multiple e-mails about my WoW account being compromised and how it would be closed if I didn't respond. If you get any kind of e-mail from someone claiming to be from SE, contact support desk through the game or official forum.
#14 Sep 17 2013 at 10:34 PM Rating: Excellent
Scholar
Avatar
48 posts
PSN :p
#15 Sep 17 2013 at 11:30 PM Rating: Default
3 posts
I always read these threads, and every time I walk away shaking my head.

As the boxing adage goes, 'the best way to take punch is to not be there when it lands'. I have practiced this for almost 30 years of computing (hello bbs phone bill - i still hate you). I have ONCE had a breach bad enough that it required a restore, I think that was Win Millennium era.

IT is my career field, I work with advanced database administration and biz intelligence software. I work at all levels of the stack from database, to applications and hardware, as well as systems administration in Linux(RHEL, OEL, Solaris, hpUX, etc) and Windows (Desktop, Server, Exchange, Sharepoint, etc). I am far from a 'casual user'.

Essentially, don't frequent sites that participate in illegal things - that's kind of a no brainer and typically the first rule people violate - either with intent or out of curiosity. Those sites serve one purpose, to engage in illegal activity - esp. via your information.

Next, if you MUST engage in such things (you adult material crowd, not that I would ever engage in such behavior, of course) - learn how to create an environment that DOESN'T get infected. The old days used to require tightening browser settings; turning off Java/ActiveX, etc. These days, there is ZERO excuse to not use something like Chrome Incognito or similar tech.

Also, free stuff like Spybot Search n Destroy has kept me virus free for over a decade.

I may be in the minority, but I have never used anything like Kaspersky, AVP or whatever flavor of "security guard" crap they are pushing. Fixing almost anything usually requires turning it off anyways!

Doing things like turning off java just doesn't make a lot of sense for the average user - there is nothing inherently 'evil' about java, you can just as easily be infected with ASP content, PHP injections and 'Browser Addon stuff' like the stupid tool bar junk that everyone pushes (oddly, incl. java or Adobe, forget which).

Learn how to use the tools you have, knowledge is power. Sorry about wall of text, but have added to these mental notes for decades now..lol
#16 Sep 18 2013 at 1:32 AM Rating: Decent
Scholar
**
356 posts
Can you use the FFXI security token for your FFXIV account?
#17 Sep 18 2013 at 4:47 AM Rating: Decent
Scholar
26 posts
Yes, well you should since it's just a SE security token and not game specific.
#18 Sep 18 2013 at 5:06 AM Rating: Good
Scholar
**
787 posts
Maintain a dedicated gaming rig with nothing else installed on it.

* No Java.
* No Adobe Acrobat Reader.
* No Adobe Flash.
* No MS-Office
* No Web Browsing of any sort.
* Stop using the same account name & password between MMORPGs.
* If the MMORPG offers a key token device/software, use it.
* Stop clicking on posts with external URLs for the various forums for your MMORPG.
* Maintain a premium AV Software and schedule daily scans.
* Use common sense.

Edited, Sep 18th 2013 7:07am by rubina
#19 Sep 18 2013 at 6:53 AM Rating: Good
**
438 posts
My token came in the mail yesterday. That was really quick, 2-3 days max from when I ordered.
____________________________
Star Swirl on Behemoth AKA Best-hemoth AKA The Cool Kid's Table----60AST, 60WHM, 60SCH/SMN, 60BLM, 60MNK, 38 PLD, 34DRG, 31NIN, 27MRD
FFXI- Derpypony on Asura
Check out the Dream Network, a Twitch.tv community for XIV fans, featuring notable streamers like Mr. Happy, MTQcapture, Rahhzay, and Slyakagreyfox! http://dreamnetwork.tv/forum/index.php
Then maybe check out myself, EquestriaGuy, on twitch at http://www.twitch.tv/equestriaguy


#20 Sep 18 2013 at 8:36 AM Rating: Default
3 posts
rubina wrote:
Maintain a dedicated gaming rig with nothing else installed on it.

* No Java.
* No Adobe Acrobat Reader.
* No Adobe Flash.
* No MS-Office
* No Web Browsing of any sort.
* Stop using the same account name & password between MMORPGs.
* If the MMORPG offers a key token device/software, use it.
* Stop clicking on posts with external URLs for the various forums for your MMORPG.
* Maintain a premium AV Software and schedule daily scans.
* Use common sense.

Edited, Sep 18th 2013 7:07am by rubina


Welcome to the stone age of computing. I think I use almost all of those things in conjunction with gaming - no MS-Office means no EVE =)

I think I will also say, I have to maintain tokens and other half-baked security stuff for my customers, but I don't see one customer getting hacked while the customer with out the stuff doesn't. We make an effort to practice responsible IT methods. (see my rant about the same above)
#21 Sep 18 2013 at 8:59 AM Rating: Decent
**
576 posts
I'm on a coffee break, so I only have time to respond to these two points:

harvash wrote:

Essentially, don't frequent sites that participate in illegal things - that's kind of a no brainer and typically the first rule people violate - either with intent or out of curiosity. Those sites serve one purpose, to engage in illegal activity - esp. via your information.


It's almost as dangerous to frequent MMO related websites. Lots of people have been hacked via ads that contain malicious code. The website itself doesn't have to be shady for you to be at risk.

Quote:

Doing things like turning off java just doesn't make a lot of sense for the average user - there is nothing inherently 'evil' about java, you can just as easily be infected with ASP content, PHP injections and 'Browser Addon stuff' like the stupid tool bar junk that everyone pushes (oddly, incl. java or Adobe, forget which).


IMO, installing JRE makes little sense for the average user as client side java is becoming less and less relevant. Closing one more attack vector (that most people don't use) is a good thing, regardless of the other ways one may be attacked.
____________________________
FFXI, Siren: Pickins BST99.:~:.BLM75.:~:.RDM56
FFXIV, Siren: Miss Pickins - Builder of the Realm
#22 Sep 18 2013 at 9:04 AM Rating: Good
Needs More Smut
******
21,262 posts
Ad-Block! Smiley: schooled

It is dangerous to visit MMO websites that are no longer being maintained. One of the primary vectors of viruses for FFXI for a long time was Vana'diel Atlas.
____________________________
FFXI: Catwho on Bismarck: Retired December 2014
Thayos wrote:
I can't understand anyone who skips the cutscenes of a Final Fantasy game. That's like going to Texas and not getting barbecue.

FFXIV: Katarh Mest and Taprara Rara on Lamia Server - Member of The Swarm
Curator of the XIV Wallpapers Tumblr and the XIV Fashion Tumblr
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 65 All times are in CST
BrokenFox, Callinon, Lyrailis, Theonehio, Anonymous Guests (61)