Hacks still happening . . .Follow

I tried to log in yesterday after work. Was ready for a long weekend of FFXI. Logged in used the popup keyboard thing were you enter your password with your mouse, I always use this in case of keyloggers. Next thing I know " Incorrect Playonline ID or Password" >< so I try again..."Incorrect Playonline ID or Password" WTF!!! So I try again "Your Account has been lock due to three incorrect password entries" GD IT I'VE BEEN HACKED!!!

Now I have a few good items and a little nest egg of gil but most of my stuff is Rare/EX. I have the normal Pld gear, Joytoy, jelly ring, AF boots, IR gear, but nothing that would make me stand out from any other pld. I've been back a total of 3 days and got hacked. The last time I played prior to this was back in Feb. and the only FFXI sites that I visit is ffxicyclopieda, and Allakhzam.
I'm also not even in a linkshell yet seeing as how I've been gone for six months. All I've been doing is Campain battles to check out how union works.

I'm hearing that I'm not the only one so hopefully a roll back is in the works for all of us. I play on Kujata btw.

As someone who was hacked last week and waiting for SE's internal "investigation" to conclude before they approve my rollback... it has been over a year since I changed any billing information, more then a handful of years since I logged into the Community site, no one knows my login info/password and my pc is completely virus/malware/greyware/keylogger free.

The fact that PC, PS2 and Security token holders have all managed to have their accounts compromised recently... I say ANY account information changes (password or billing or otherwise) should require their support peoples to contact the account holder via phone or email (email requiring account holder to contact SE) and live/verbal communication required for ANY info to change.

Who came up with the concept of making changing your password "easy" anyways? It should take a god damn act of congress to get a password or billing information changed.

My current opinion is obviously heavily influenced by the fact I have a locked account waiting for SE to decide if they are going to restore my account pre-compromise... i'll stop this post now before I just start *********


Edited, Sep 6th 2009 12:50am by drogier

Is anyone outside of SE gathering this "hacked info" anywhere to find a common ground to all the hackings?

So we're all making this up for kicks?

More like there is some common and key aspect to ppl being hacked. It is not something that can happen to anyone and is most likely not precise. HNM ls may be targeted because their website can be messed with, but this isn't a process where a hacker logs in, finds a character he wants to steal, then steals it...

Right, the algorithm is generated at SE's end based on the key on the back of your token. (Which, if SE's servers really were hacked and that info got out, would still need to be decrypted. There is no evidence this has happened yet, thank goodness.)

You push the button, it spits out a number.

You enter this number to log in. SE's algorithm backwards computers the last 50 numbers, and if at least one matches, you are allowed in. Someone on BG did the math; a new number is generated every 32 seconds - 32 x 50 = 1600 seconds, or 26.666~ minutes.

However, if one of those 50 has been used, it will not be accepted a second time.

Hackers have a 1 in 20,000 shot at getting a working one time password number.

Even IF the token wasn't one-time usage (which, as others have said, tested, and proved, it is), your method of "protection" is still about as absurd as any I've seen. Anyone who thinks they need to clean their system daily just shouldn't be on the internet; it's about as absurd as saying you need to fill up your car's gas tank every single time you go to the store. "Oh, but I MIGHT get in a traffic jam so bad that the car idles too long and runs out of half a tank of gas!" You've better odds of winning the lottery, or getting struck by lightning. It's not that dangerous, for &*#@'s sake. Stop trying to freak people out into spending hours of computer time in a fruitless effort to keep their computer "clean".

This is absolute twaddle. I agree with you that MS is more targeted, but the notion that this somehow makes them more secure is nonsense. Don't post things as 'facts' unless you can back them up.

First of all, bugs and security flaws tend to get fixed faster in open source projects due to the fact that there are large numbers of people able to look at the problem and contribute time and effort to fixing it.

Secondly, your assertion that Microsoft issues updates more frequently due to being the target of frequent attacks is completely incorrect. Microsoft is hampered by its fixed-cycle of updates (monthly, on 'patch Tuesday', the second Tuesday of every month. 'Patch Tuesday', amusingly enough, is followed by 'Exploit Wednesday', when malware authors have the longest time-until-update, and potentially new holes introduced by the update to play with).

IE was left stagnant for years after the demise of Netscape, and became riddled with holes and legacy crap. It's improved with IE8, certainly - but the security issues during that period were certainly more to do with the actual quality of the product than they were to do with 'targeting the most popular choice'.

This link is a reasonably good example of the differences between the two browsers in terms of critical security flaws (there's a follow-up article which is a good example of the FUD/history distortion Microsoft tries whenever issues like this get raised in the press).

CAVEAT to the above: people advocating Firefox as the safer choice are generally correct, but often neglect to mention that it only really shines in terms of security when configured well. Firefox + NoScript set up correctly is probably the single best security feature you could have while browsing the web, but Firefox out of the box isn't inherently vastly more secure than IE out of the box these days.

Edited, Sep 7th 2009 1:44pm by KisharBlack

In addition to NoScript and AdBlock+, I also use the free version of the KeyScrambler addon. The developer claims that it will encrypt keystrokes at the driver level, so that any keyloggers will only end up with garbage. The Premium version (which is about $45) also works on WoW and other online games.