Internet Security and you. Some useful tips

[Darte]

Hi all,
Lately I've been hearing a lot of folks getting hacked, so I've decided to write up this little post about what you can do to maximize your security on your computer and PS3.

I've been hacked when I was playing FFXI, but I only managed to lose a couple of million on my mules. Still the thought of someone accessing my account changed the way I view Security on the internet.

Here are some tips that I've been following since that fateful day:


1: Secure your passwords
If you use the same passwords across multiple accounts, your password is as strong as the weakest link. That is, if you use the same password on a forum that has no security, and your Square-Enix account, then all that encryption Square uses is for nothing. Hackers can easily take out the weakest link and run scripts to try popular mmos / gaming accounts to get at your account. Even if 1% of all gathered passwords works, it is worth it to them. Don't be a statistic.

My Advice on this is to use different passwords along with a cipher only you may know. An example of a cipher would be something like:
GpAsswOrdE
I don't use this cipher myself but in this example, this is the password for "Game". I've capitalized the first letter of the "Game" and the last letter as well. The "Password" has all the vowels Capitilized.
This way, if the hackers get my "GpAsswOrdE" for the Game site, all my other accounts are not compromised as their scripts will simply get a login failure when tried against all your other accounts.

2: Secure your e-mail
Nowadays, hackers are targeting specific email services such as Gmail or hotmail (does anyone still use this?) Nowadays though, most email providers provide 2 step authentication processes that allow you to keep your email account secure. You can read more about googles 2 step verification system here: https://support.google.com/accounts/answer/180744?hl=en

3: Put Internet Condoms on
I highly recommend everyone install adblock and NoScript.

Adblock simply blocks all advertisments across the web. No more flashing banners for anyone! This is kind of crucial as dubious ad vendors don't screen any flash based ads and often let malware infected ads through to websites. You can find the link below and it contains download links for all major browsers.
https://adblockplus.org

NoScript is an addon for Firefox (not sure if Chrome has it) that blocks most Java and Scripts on websites that don't originate from the actual page that you are visiting. A popular way for hackers to implement keyloggers is to inject an IFRAME (which is a browser page within a website) that is 1 pixel by 1 pixel. Very small indeed, but you aren't meant to notice it. Once you visit the infected page, it invokes the script and you get infected with a keylogger that reports your every keystroke, and possibly even screen captures your desktop.
Although it can be a pain in the ass at first to learn how to use NoScript, once you learn to use it, you'll know where content on a website is coming from. Every time you visit a page, NoScript will block 3rd party scripts from running and it will inform you via a label on the bottom of the browser that they have been blocked. If you click options, it will list all the 3rd party sites trying to deliver content to the webpage you are on. If you trust the content provider, then you could allow it permanently so that future attempts at going to that site will not block content from that white listed provider. You can also allow temporary white listing, just so you can view the page properly, but know that temporary white listing only works until you close the browser.
I've been saved countless number of times by this addon. I can't count the number of times noScript informs me that it has blocked a script running from ip address. Most content providers identify themselves by name instead of an ip number, so if you see that being blocked, that is a red flag for malware.
http://noscript.net/

3: Avoid Dubious Sites
This pretty much goes without saying, but if you want to browse some strange new site, or don't want to risk infecting your computer, try browsing it on your non-gaming computer. I'd be careful on smart phones / tablets as well, as hackers are starting to target those now too.

4: Secure your Square-Enix Account
Get a Security token for your account. Get it now, no get it yesterday. This is the single most important thing you can do to prevent your account from being hacked. Most of the kiddie hackers will just attempt to hack your account via brute force. It might take them time, but they'll get through eventually. Having a randomized password attached to your account will deter all but the most determined of hackers. Have you got one yet?

5: Don't lend out your password
If you remember #2, then you should understand my reasoning here as well. Your password is as strong as the weakest link. You may want to let a friend borrow your account for whatever reason, but do you know where their computer has been? Can you trust them not to backstab you and steal your account?
All in all, this is something you must be ultimately responsible for. If you trust enough to lend out your password, only you can blame yourself for losing access to your account.

----------------

I've been following these 5 tips for a few years now since my hacking. I've not had any problems at all. The following ideas are untested by myself but I'll list them here:

1: Virtualize your browser
By creating a sandbox for your browsers, you can safely browse unknown websites. If you get infected with a keylogger or malware, they will only have access to the virtualized space your browsers are on, rendering them useless (unless you browse on them full time and use it for everything, in which case keyloggers will read your keystrokes when you are in that environment).
I don't have much info on this, but there are plenty of sandboox virtulization software out there, so if someone wants to chime in about this, please do so.


I'll try to keep this thread updated as I think of more things, but feel free to throw in some other ideas.

[ilJumperMT]

Account name and Forum username should be different

Never use password anywhere else. Example MMO website curse.com got hacked and thousands of accounts got hacked from mmos due to people using same password.