Hacked diablo 3

[Clueless]

Those programs like 1password seem a bit scary to me...one program has all of your info...hack that, and you have it all. The weak link seems to be that you still have to enter your password for that program, which if hacked, opens the door to the grand vault. It's also difficult to put my faith in one program which, to be honest, could be just as flawed as anything else that gets hacked as far as I know. Seems that those types of programs would be the biggest targets for hackers since the reward would be the greatest.

 

How does a person without that level of computer knowledge really know that they can trust a program like that?

[Sky]

There's no need to use a program to help you with your passwords, and, honestly, I wouldn't recommend it.

With there being a ridiculous amount of ways to avoid detection by av or mw software, you never know what

the software is doing with your passwords. For example, you can bury a key logger inside of an embedded

class function, and two major av tools like mcafee and norton won't detect it, since that's not one of the methods

they look for - in great part to the fact that it's not optimal. What the software designers don't remember to

realize is that any method which hides an effect that the end-user isn't aware of or doesn't want is optimal.

There's a sharp contrast in difference between the programmers designing the av or mw software and the

ones who actually write the viruses/malware (which to say is really just a subset).

I, for one, did in fact release a virus that I wrote back in 2008 to my campus during a class project to demonstrate

the weaknesses in av/mw software, as well as to expose the password safety crisis. Even with the campus aware

of the virus, and ITT security technicians watching for it, it managed to slip into the systems undetected. This is

to say that because two programmers never think alike, there's no way to guard against every virus; every method

used to develop a virus. The goal if writing malicious code is either educational or harmful, and often both are

intertwined, as I would write code sets that would be rather harmful, but still release it to my campus in order to study

it further.

Unfortunately, one major problem with AV/MW software is they often attempt to convey each other as viruses themselves

as they employ methods of malicious-type to detect malicious code in files, but also because companies want the end-user

to think that one piece of software is a virus, in order to cut out competition. You also see this with software like mcafee and

norton. With that being said, they can't update their definitions as fast as new malicious code is developed.

 

My second statement also was "true" and not "mostly true." I don't expect you to understand the field because it's a field that

requires years of investment to scratch the surface of, but the jist is that they required users to download a virus in order to

retrieve the information they required. In other words, it helps to reflect that "end-user stupidity (or stupid curiosity)" is often

the leading cause to why a major network system is compromised.

What I'm saying is this: As long as you don't download a virus, it doesn't matter if the blizzard database is cracked, and the

first id string is taken - without access to the second string (on your phone, most likely) , they won't be able to access your data.

 

A lot of the reason I use my own line-breaks is, as a programmer, I often employ my own methods of code writing, as part of

my signature, but also because I don't often employ the use of white space because, when writing private software, I

don't intend on it to be easily readable to other people, and compilers ignore white space.

 

The only network that you can be completely sure that your password is safe on is the one in your brain. Everyone should know that

using software like 1password is a child asking to have his network compromised. I can say without performing research on the software

that someone has cracked that software already. Programs like that are crackers dreams come true, with shiny, flashing arrows, and sirens

pointing at it.

 

So the answer for you, clueless, is they can't trust a program like that. And you shouldn't. There's no reason to ever make it clear to anyone

where your password is stored, or that a certain string is a password to begin with. There's really no reason to even trust attachments you find

online, either. You never know if the packets were intercepted before they arrived, which is relatively easy to do, especially on googles network.

Consider that the next time you open an email attachment in gmail

[Clueless]

Good info, thanks.

 

Too bad that there isn't a program that can be trusted, it sure would be convenient. I have about 20 different accounts that I would consider important, and memorizing a solid password for each is pretty much impossible for my pea brain, lol.

[ZeroDamage]

Forget 1password. Lastpass.com is free and multiplatform. Been using it for a few years.

[Garychios]

Thats because AV and all software sold is a reactive approach with a database to tell it what to do. I am a 18 Year IT Engineer for a fortune 10 company (Retired since 2005). I have developed over 100 million dollars annual in software security for my old firm. I have written articles in information week and I have seen the Russians, Chinese, Koreans and every country on the planet try to hack us over and over. I also worked in DC from 1995-1998 as a systems analyst for the govt (that is most I can say) and worked on things like virus issues. All viruses are detectable! Simplest way to explain it is they all create processes and threads in any OS.

 

Its bad admins or bad builds that allow amateur hackers to get in. Schools are the worst as everyone at a school is learning and has no clue.

 

I can tell you, the guy complaining about getting hacked probably has big issues with the computer or a very bad friend.

[stutters]

I don't expect you to understand...

 

 

ps, "If you can't explain it simply, you don't understand it well enough."

[TheLaw]

Thats because AV and all software sold is a reactive approach with a database to tell it what to do. I am a 18 Year IT Engineer for a fortune 10 company (Retired since 2005). I have developed over 100 million dollars annual in software security for my old firm. I have written articles in information week and I have seen the Russians, Chinese, Koreans and every country on the planet try to hack us over and over. I also worked in DC from 1995-1998 as a systems analyst for the govt (that is most I can say) and worked on things like virus issues. All viruses are detectable! Simplest way to explain it is they all create processes and threads in any OS.

 

Its bad admins or bad builds that allow amateur hackers to get in. Schools are the worst as everyone at a school is learning and has no clue.

 

I can tell you, the guy complaining about getting hacked probably has big issues with the computer or a very bad friend.

I was not really complaining per say but more of a warning to other's here; and as for the really bad friend i have there IRL friends two that have not logged on in over a month and other fellow GC members as my friends so that was not the problem.

[ZeroDamage]

Those programs like 1password seem a bit scary to me...one program has all of your info...hack that, and you have it all. The weak link seems to be that you still have to enter your password for that program, which if hacked, opens the door to the grand vault. It's also difficult to put my faith in one program which, to be honest, could be just as flawed as anything else that gets hacked as far as I know. Seems that those types of programs would be the biggest targets for hackers since the reward would be the greatest.

 

How does a person without that level of computer knowledge really know that they can trust a program like that?

 

LastPass is safe to use. This is the one place that you use one really long password or passphrase which is better IMO.

 

How does LastPass work? All of the decryption takes place on your local machine and not on their servers. All of your data is encrypted, hashed, and salted meaning if someone were to hack them, they would not be able to just grab your information without first having your password. Your password could still be brute forced if it were weak. You can also use dual authentication using a phone app for LastPass.

 

Simply put, I would not use them if I did not think it were safe to do so. All of the decryption work is done on your computer and no their servers. That says a lot about their service right there.

Edited July 9, 2012 by ZeroDamage

[Sky]

Any password can be brute-forced. How long it takes simply depends on the simplicity of the password.

Personally, I've a long list of accomplishments that I can't list here, other than to say, I worked for one of

the CCTF's in Ohio while in University.

I've written my own malicious code that's designed to create a new angle on the field, and doesn't follow

the same formulae of existing viruses, malware, spyware, etc.

 

With explaining something a simple way to people, it's best explained similarly to how I have to explain

to the other people at my company who don't know anything about programming. Often, any explanation

goes over their head. The only explanation they generally understand is how you'd explain it if you were

explaining it to a child.

 

The general rule is anything can be cracked. It's similar to Geology in that all it takes, really, is time and

pressure. Companies have claimed to have perfect systems, but the truth is there's no such thing as

a perfect system. What are the odds of being caught when one person takes on an entire infrastructure?

Pretty damn good. Especially for the crackers who get full of themselves - because they go back for

a second round, and often tell themselves "It worked last time, I'll outsmart them again," but the problem

is, they're waiting for them, and they get caught.

 

Yes, you may be able to crack the mega security, but yes, most likely, you're going to get caught.

 

 

Myself, I chuckle out loud when I hear about a sixteen year old posting somewhere that he has 20 firewalls

running on his system, and that no one can hack him! Realistically, the idea behind risking it all to get into

a sophisticated system is weighed against the possible benefits of doing so. If someone wants Joe Smith's

personal information, they'll shoot out a phishing email, which is more likely than attempting to straight up

hack into your computer network.

 

I've done my deeds and developed my own cutting edge software, my own Malicious code protection tools

and my own firewall. And, while, more likely than not, I don't have anything that anyone would want, the

source code is sitting out in the open in the case that a.) anyone tries to get in, and b.) anyone is successful.

 

My favourite hobby as a programmer, though, is finding novice programmers who are starting to find an

interest in sql, and it's various variants, and purposely performing injection attacks.

I even posted a database which was open to injection attacks as part as a plugin in l4d2, and not to my surprise,

other plugin developers didn't even notice. People learn the basics, but forget to establish a solid footing in them,

and then don't bother to learn any of the advanced techniques.

 

The problem associated with this is comparable to what our currently education system is like. The software engineers

graduating, and I confidently say that it doesn't matter if they graduated from Yale or a community college, don't know

anything. In fact, when I switched my major to software engineering, my first class was a 600 level course, and students

were the type of programmers that we call "Copy Pasters"

 

They take existing code, copy and paste it, and change a few lines. They can't write anything from scratch, and when you

tell them to, they freeze up, and have no clue what to do.

Now consider what would happen if these programmers went out into society and "developed" our latest cutting edge

software. Oh, wait, that's exactly what is happening. Consider, then, when you look at version 1 of something, and then

compare it to version 10, that a.) it looks the same, and b.) when you RE it, the code looks relatively similar.

 

I still stand that the only safe place to store your passwords is the computer in your brain. Sure, it can be hacked by using

a mixture of certain pharmaceuticals, but, hey, the likelihood of that happening is "in your dreams only."

 

The other thing I often find humorous is reading the "ZOMG I WAS HACKED BLIZZARD" posts in diablo 3, by people who

don't understand what a database is, or that blizzard logs everything. Everything.

 

About me, though, I've worked as a consultant for several large firms - and I can't honestly tell you more about it.

There is, of course, a sharp contrasting difference between people who have seen the hackers movie, and think they're a

hacker, people who can't tell you the difference between a hacker and cracker (but can copy and paste the wikipedia definition)

and of course the difference between amateurs, professionals, script kiddies, and... wait for it... script kiddies.

 

Yes, we all admit, Netbus was pretty cool, but so was telnet. Actually, telnet was everyone's dream come true, and the fact that

IRC is still up in full force, and not nearly as secure as people think it is, is still a pretty amazing item.

 

Don't get me wrong, it's awesome to see someone open up WinNuke, or use code that was written by one of many of us to

perform their dirty deeds, or the humorous events going on with facebook and mark zuckerburg's profile page.

But, personally, the thing that I fell out of my seat laughing at the most was the "Zomg they're stealing my session ID" crap that

some dumb kids posted about. The scariest part in a developers thought pattern is when someone posts that they were hacked

and how they were supposedly "hacked" and a bunch of dumb people who don't know their left from their right rally together and

go "Oh, yeah, that happened to me, too!"

 

I mean, geeze. I just don't know what to say about it anymore. I mean, I'm waiting for the day when passwords are required to be

at least 16 characters long. We all know that's quickly approaching. Unfortunately, that won't stop people from using passwords

like abc123abc123abcd

 

 

Edit:

 

I realize I went really off track with this response.

I wanted to actually say that there's a sharp difference between being hacked and what's really going on with diablo 3 accounts

that become compromised, or anything else for that matter. Television, the media, and stupid people lacking general knowledge

on the subject have been tossing the word and similar phrases around too loosely.

 

 

It's comparable by example to that fellow who was streaming a live playing of Diablo 3.

He had 5,000 viewers, got disconnected, typed his password into the email box next to his email.

It's the same password he used for EVERYTHING and several viewers used it to log into his wow account, empty everything

as well as his diablo 3 account, and he told everyone he was hacked.

 

So, it's being hacked for me to accidentally post my login information and gary to turn around and log into my account with it?

Please.

 

I want to see people change their posts to "Sorry, I didn't get hacked, I'm just stupid."

Edited July 9, 2012 by Sky

[stutters]

ve3tit, this hacker vs. cracker thing has been alive since at least the early 90s. it's not going to change, which is why most hackers have started referring to their line of work as computer forensics.

[samurai nightling]

lol this post has strayed a bit, eh?

[lousiest]

good info i'm learning a lot

[boiler]

This seems relevant to the discussion:

 

[utube]a6iW-8xPw3k[/utube]

Edited July 9, 2012 by boiler

[Sky]

Boiler, sad but true.

 

You could go into an office, sit down at someone's locked terminal, and based on their login name, you'd have a 90% chance to successfully log in using the top 10 most commonly used passwords.

And if they didn't work, try the login name. And, yes "password" is a password on the top 10 list.

Another common password is the longest word that can be spelled using only the right hand side of the keyboard.

[Xterminator]

Thankfully (knock on wood) I've never had any account hacked. I used to have 1 generic password for everything but as the years progressed I started to segregate all my various accounts. My most important accounts such as online banking and e-mail and such I selected unique passwords. Lesser things like online gaming and web-sites a different password all together. For gaming i've adopted characters and numbers for my password. Some of my passwords are up to 14 characters long. Some are as short as 8. I vary everything and if I have to change a password, I try not to make a pattern.