Watch where you click!

[Fango]

Watch out for websites phishing login details from you!

Ok, First off, I'm not in any way saying that i have seen this done on the forum, or that anyone is doing it! However we all know there are some people out there that don't have the morals that most of us do.

Its possible for you to have your passwords and information stolen from you when visiting sites, they can either give you a cookie that will provide them with keystroke made by you, or take passwords out of your saved history.

The forum currently allows images that have links attached, and just plain old Click Here links. These obviously take you off site and take you somewhere else. This is normally fine, but be careful, dont enter your personal data on any site that isn't stargateworlds.com or one that you know you can trust.

If you suspect that you may have been phished, clear all cookies, history and saved passwords, and then change your passwords.

To help prevent this further, you could get an internet security program, there are lots out there (I personally use Norton). This will inform you if anything strange takes place, and allot of them store your usernames and passwords in a safer way that IE or Firefox will.

If you want more information on phishing and the effects of it, check it out on wikipedia.

http://en.wikipedia.org/wiki/Phishing

or for more safety info check out SnakeCharmers post here.

click... if you dare. muahahaha.

[Trollbasher]

Quote:

Originally Posted by Fango

Watch out for websites phishing login details from you!

Ok, First off, I'm not in any way saying that i have seen this done on the forum, or that anyone is doing it! However we all know there are some people out there that don't have the morals that most of us do.

Its possible for you to have your passwords and information stolen from you when visiting sites, they can either give you a cookie that will provide them with keystroke made by you, or take passwords out of your saved history.

The forum currently allows images that have links attached, and just plain old Click Here links. These obviously take you off site and take you somewhere else. This is normally fine, but be careful, dont enter your personal data on any site that isn't stargateworlds.com or one that you know you can trust.

If you suspect that you may have been phished, clear all cookies, history and saved passwords, and then change your passwords.

To help prevent this further, you could get an internet security program, there are lots out there (I personally use Norton). This will inform you if anything strange takes place, and allot of them store your usernames and passwords in a safer way that IE or Firefox will.

If you want more information on phishing and the effects of it, check it out on wikipedia.

http://en.wikipedia.org/wiki/Phishing

or for more safety info check out SnakeCharmers post here.

click... if you dare. muahahaha.

These forums are fairly safe they are monitored 24/7 by mods cm's devs and everyone else,
but as mentioned by CM's dont give your details to anyone this is still a good thread and reminds people of this.

[Drapan]

Wow, I vote that all future threads of this kind has *A.. lick" in the topic name, please?

No offence.

Quote:

...they can either give you a cookie that will provide them with keystroke made by you...

I'm pretty sure that doesn't exist, Please prove me wrong (No, really, I want to know).

[Trollbasher]

Quote:

Originally Posted by Drapan

Wow, I vote that all future threads of this kind has *A.. lick" in the topic name, please?

No offence.

I'm pretty sure that doesn't exist, Please prove me wrong (No, really, I want to know).

In that case i suggest you read the stickies Beta Registration Guides

And yes they do exist there are millions of them keyloggers trojans and everything else, especailly if you have broadband they download stuff without you even realising, never download anything that is not oficail and even then be wary, 99% of all bots hacks cracks and everything else are trojans or keyloggers to steal your accounts.

[Fango]

Yeh, I hate to feel like I'm insulting peoples intelligence, but if it saves one person from getting phished then it will have done its job.

I know the forums well looked after the community guys seem to be doing a killer job, but phishing sites can be deployed relatively quickly and take some time to notice. It wont hurt to have people look out for themselfs and not let all the mods do it for them.

god, do i reek of arrogance today or what, haha.

As for *** Licking, I read through the Beta Registration Guides page and thought there was something missing on password phishing, just adding it in there.

Im pretty sure that warldofwarcraft.com used a keylogger, im no coder tho, so i may be wrong. I know for sure that trojans and keylogging viruses are out there, and can be hidden in an mp3 or video download.

[Drapan]

Ok, I've got a feeling you misunderstood me, What I meant was that I'm pretty sure that Key loggers inside Cookie's doesn't exist.

Other means of deploying key loggers on client exist, of course.

Quote:

Yeh, I hate to feel like I'm insulting peoples intelligence, but if it saves one person from getting phished then it will have done its job.

Agreed

[Trollbasher]

Quote:

Originally Posted by Drapan

Ok, I've got a feeling you misunderstood me, What I meant was that I'm pretty sure that Key loggers inside Cookie's doesn't exist.

Other means of deploying key loggers on client exist, of course.


Agreed

Have you ever run a program like Ad-Aware ? there are thousands of others that just the one i named, have you never seen them name cookies as Critical threats ?.
A cookie is basically a tracking program it gathers information for the website it belongs to, some just keep your login details so you dont have to log into the website everytime you visit it, the mojority though gather a lot more info.

[Drapan]

Quote:

Originally Posted by Trollbasher

Have you ever run a program like Ad-Aware ? there are thousands of others that just the one i named, have you never seen them name cookies as Critical threats ?.
A cookie is basically a tracking program it gathers information for the website it belongs to, some just keep your login details so you dont have to log into the website everytime you visit it, the mojority though gather a lot more info.

I'm well aware what a cookie is and I've run Ad-Aware and similar programs more times then I can remember. Again, What I was saying was that I do not believe that a key logger cookie exists or a cookie that... Let me quote

Quote:

...a cookie that will provide them with keystroke made by you...

Assuming the OP meant to say "keystrokes" or "every keystroke" (Or similar), Which is how I interpreted it, I don't believe such cookies exist. Sure, Some cookies might open the door for such software but that's a whole other story.

Edit: As I mentioned earlier I'm not 100% sure so prove me wrong if possible.

[sirspongy]

Or stop clicking on the pr0n links...

I joke about this because in all my time on the interwebnet I have never encountered a phishing link or website. I am confident in my detection skills and my track history is proof. Maybe I am just lucky but I am a very paranoid person by nature. I would still recommend a diligence like Fango suggests. Just because I have never encountered a phishing site does not mean I will not in the future so still be weary, just in case.

[serathe]

It's also good to make sure your OS, browser and Antivirus are all kept up to date. Theres plenty of ways to get bad things on your system. The ones that hit a majority of systems are when they are usually out of date.

There was a recent one that plagued some MMO's http://www.abcnews.go.com/Technology...ory?id=4441255

Taking advantage in a JavaScript vulnerability. Personally I use firefox with the NoScript plugin.

Definitely make sure you keep all your stuff up to date.

[Raevix]

Quote:

Originally Posted by Fango

Watch out for websites phishing login details from you!

Ok, First off, I'm not in any way saying that i have seen this done on the forum, or that anyone is doing it! However we all know there are some people out there that don't have the morals that most of us do.

Its possible for you to have your passwords and information stolen from you when visiting sites, they can either give you a cookie that will provide them with keystroke made by you, or take passwords out of your saved history.

The forum currently allows images that have links attached, and just plain old Click Here links. These obviously take you off site and take you somewhere else. This is normally fine, but be careful, dont enter your personal data on any site that isn't stargateworlds.com or one that you know you can trust.

If you suspect that you may have been phished, clear all cookies, history and saved passwords, and then change your passwords.

To help prevent this further, you could get an internet security program, there are lots out there (I personally use Norton). This will inform you if anything strange takes place, and allot of them store your usernames and passwords in a safer way that IE or Firefox will.

If you want more information on phishing and the effects of it, check it out on wikipedia.

http://en.wikipedia.org/wiki/Phishing

or for more safety info check out SnakeCharmers post here.

click... if you dare. muahahaha.

I am suprised trollbasher didnt mention that this has nothing to do with "beta" so belongs in the general forums or off topic forums

Its good info tho

[Trollbasher]

Quote:

Originally Posted by Raevix

I am suprised trollbasher didnt mention that this has nothing to do with "beta" so belongs in the general forums or off topic forums

Its good info tho

It has everything to do with beta it is reminding the testers about possible threats, if you had any knowledge of beta testing you would know this is relevant.

[Fango]

Quote:

Originally Posted by Raevix

I am suprised trollbasher didnt mention that this has nothing to do with "beta" so belongs in the general forums or off topic forums

Its good info tho

I think it's perfectly relevant info. Have you not read about the hundreds, if not thousand of people being targeted specifically for thier MMO username and passwords. incoming beta will no doubt ramp up attempts.

You are right serathe and sirspongy, being vigilant and keeping up to date are two of the best ways to tackle this. I have never been a victim of fishing, but know of many people that have due to not having their wits about them while using social networking sites, or browsing game forums.

[Trollbasher]

Quote:

Originally Posted by Drapan

I'm well aware what a cookie is and I've run Ad-Aware and similar programs more times then I can remember. Again, What I was saying was that I do not believe that a key logger cookie exists or a cookie that... Let me quote



Assuming the OP meant to say "keystrokes" or "every keystroke" (Or similar), Which is how I interpreted it, I don't believe such cookies exist. Sure, Some cookies might open the door for such software but that's a whole other story.

Edit: As I mentioned earlier I'm not 100% sure so prove me wrong if possible.

What they Are talking about by a keylogger or keystrokes is to log what you type for your user name and password, its pointless logging what you type once you are in the game, and as i said earlyer that is the main use of a cookie to log what your username and password is so you dont have to log into websites everytime, virtually every single cookie is a keylogger, so yes as i said before they do excist.

[psycho dude]

Surf the web without flash, javascript, activex and enable a phishing filter. That keeps you relatively safe, of course don't download random crap along. But of course in case you're really paranoid nothing is as safe as just unplugging your system from the internet .

[Drapan]

Quote:

Originally Posted by Trollbasher

What they Are talking about by a keylogger or keystrokes is to log what you type for your user name and password, its pointless logging what you type once you are in the game, and as i said earlyer that is the main use of a cookie to log what your username and password is so you dont have to log into websites everytime, virtually every single cookie is a keylogger, so yes as i said before they do excist.

Ok.... Let's get technical then.

A key logger is software that provides a 3rd party with every keystroke made by you, either in real time over an network and/or internet connection, at a set time and date or whenever there's internet connection available. There's even hardware key loggers which can either be built in to your keyboard or attached to the keyboard cable.

A cookie on the other hand is, to put it simply, a data file containing information regarding the specific site used to authenticate you so to the server and to give you access to members only functions. On some sites they save customised settings. Cookies can also be used to track whatever websites you visit.

If you haven't understood the difference yet:

• Keylogger
  • Records every keystroke made by you
  • Is either hardware or software installed on your computer
• Cookie
  • Saves login details for you so you don't have to login yourself
  • Saves website customisation options
  • Could be used to track what websites you visit
  • Is a data file stored on your computer

Cookies is only used in web browsers so they can't steal your beta login from your [SGW] client, although the could take it from another site that you happen to use the same login/password. This is easily avoidable though, Just use a good password... Oh and by the way it's not really realistic that someone will steal your beta info this way even if it's possible.

[Idlemind]

A keylogger can easily be deployed to a target machine by use of linking to an offsite site using active x or vbscript to deploy a keylogger. As Fango is simply stating to watch what you click I dont see any harm in warning others, especially with the younger and more inexperienced of the community. And seeing as a small percentage tend to have inadequate security these types of attacks can take place.

Quote:

...they can either give you a cookie that will provide them with keystroke made by you...

Fair enough this is something that wouldnt be worth your time worrying about as cookies are non-exe the only what they could be harmful were if they were injected with a script and then executed on the target with use of the above attack. However this would be pointless..

The chance of using cookies to steal your beta account would next to none, unless they sent beta account info via board pm's which they wouldnt do.

[dshipp82]

I think the point we need to understand here is someone is trying to offer wise and free advise to those who don't know about this kind of stuff. Doesn't matter if he/she is not technically 100% correct, the basic message is still exactly the same, so stop trying to bash them, flame them whatever, just accept the advice, say thanks, if you already know about it, add more info or don't post, if you don't know about it, listen to his advice, it is wise.

Thanks for the advice, i'm hoping it won't be needed to save anyone's account, but if it does, well done.

dshipp82

[Raevix]

Quote:

Originally Posted by Trollbasher

It has everything to do with beta it is reminding the testers about possible threats, if you had any knowledge of beta testing you would know this is relevant.

Ohh its like that is it....

Ok ill bite. ( ill make myself sound important like you always do) I'll bet you I have more beta testing experience than you do. Do you want to measure e-peens? and im not just talking games here. Lets dive into the world of beta testing software for nuclear support systems, Maintenance reporting tools, Problem reporting and resolution appelets etc, written in linux oracle and pearl.

I never said the info wasnt relevant, in fact I do believe i said it was good info, but seeing as it is a forum account security issue it should probable been poster under general forums. But in the end im not a mod so its not up to me just my opinion, and nowhere was i rude like you were. you have a nack for ruffleing peoples feathers in these fourms maybe its time for you to rethink what kind of person you portray yourself to be.

Have a nice day

[Idlemind]

Quote:

Originally Posted by Raevix

I am suprised trollbasher didnt mention that this has nothing to do with "beta" so belongs in the general forums or off topic forums

Its good info tho

I do agree with you here, but I think Fango's intentions were simply to warn possible beta testers, so in a way he has got the right TA.

[SGC1969]

I have warned people over and over about this yet some are still stupid and click on anything. My sister actually fell for one of those scams one time and it ended up costing her (well she was able to resolve it) alot of time and money to fix it.

[Fango]

I love how seriously people are taking this, and all the flaming going on.

I made this post to inform the not so well educated users out there about something that is a potential threat, and that happens A LOT on other mmo's. I was not making this post so you could pick holes in the technical details of what I said, the point was to inform people that clicking a link when not being vigilant or properly protected can result in personal loss. A message I think holds nothing but good intentions. If you want to sit there and bash me, go ahead, but your only making yourself look arrogant to other forum members.

peace out.

[Idlemind]

Quote:

Originally Posted by Fango

I love how seriously people are taking this, and all the flaming going on.

I made this post to inform the not so well educated users out there about something that is a potential threat, and that happens A LOT on other mmo's. I was not making this post so you could pick holes in the technical details of what I said, the point was to inform people that clicking a link when not being vigilant or properly protected can result in personal loss. A message I think holds nothing but good intentions. If you want to sit there and bash me, go ahead, but your only making yourself look arrogant to other forum members.

peace out.

I ain't flaming you man, nothing wrong with trying to help others.

[Drapan]

Quote:

Originally Posted by Fango

I love how seriously people are taking this, and all the flaming going on.

I made this post to inform the not so well educated users out there about something that is a potential threat, and that happens A LOT on other mmo's. I was not making this post so you could pick holes in the technical details of what I said, the point was to inform people that clicking a link when not being vigilant or properly protected can result in personal loss. A message I think holds nothing but good intentions. If you want to sit there and bash me, go ahead, but your only making yourself look arrogant to other forum members.

peace out.

Definitely nothing wrong with trying to help others, as long as you don't spread incorrect information.

[Mellissandria]

I use Keyscrambler myself, as well as AVG and Adaware.

Even with all this, one of my Gaiaonline accounts got hacked. Then again, it's a frequent target of the 4channers, something I don't see happening here (knocks on wood). Given THAT password, I suspect they used brute force...and the password has been retired...for good! It's also possible that I might have accidentally hit a clone site created for phishing by accident, since that is what the Gaia account was hijacked for...

Right now, it's in blocked status, while their forensic team looks over the area and makes sure there aren't any little bugs left in there....