= My friend who do crazy thing in [Taiwan] SRO =** Any comments you see surrounded by 2 stars lie the beginning of this line are my comments and not part of the original posting**
This Guide was NOT written by me. I just copied and pasted.
Moderator: I say this message deserves a sticky. I certianly don't need to take the time to post or write this - but - I am, for everyone's good. Many people can benefit from my advice - this deserves attention.This is real insight into the problem. I did this for your users, and ALL users of SRO. I also did this to reassure a few people that my intentions were NOT bad, and I do NOT intend to wrong them.
I've noticed a rash of hackers running about SRO - and truthfully, it pisses me off. I was confronted by one in-game, warning me to "watch out and don't try to offend the wrong people."
Yeah, right.
Well, the guy didn't know who he was dealing with. My curiosity was sparked. So - a few days ago - I set out to test my skills once more, it's been a long time ... but hey, once they're there - they're there for good. If you care to get an idea of what I am & what I do, this sums it up:
I picked a few people. I ravaged their accounts. I gave them back when I was done. Why, why do all of this when you don't need to? Why waste so much time when you have nothing to gain? Do you want to know how long I've spent doing this?
Account 1: 10 minutes
Account 2: 6 minutes
Account 3: 5 minutes
Account4: 1 hour ( This guy was a L70+, 33 years old - and a *programmer* no less. I dug up his secret question, I prepared a dictionary attack. If I wanted this guy's account - it was mine. I'm not about to go as far as bruting someone's account. But, I can. I left him alone.)
Account 5: This guy was smart. His snotty posts on boards pissed me off... I had a tough time digging up info on him. Lucky for him - he didn't publicize an e-mail address... except for one that he did not use as his login.
*Gasp* e-mail address.
Let me shed some light on this "hacking" we're all hearing about. Most everyone online, even the so called "bad" people in-game, are pretty good folks. I really - after getting to know people - haven't found a single person I did NOT like. There ARE people that I do not like - and that's braggards, script-kiddies, and goldfarmers. So you want to know what I'm going to do today? I'm going to potentially destroy the SRO account hacking problem. I'm going to let YOU know how THEY do it. Why? Because when you KNOW how people can DO something, you also can figure out HOW TO STOP IT. This is especially true when you _ARE_ the security hole.
Here we go:
HOW a SRO account gets hacked & stolen
1- A victim is picked.
2- Find their username
3- Find their e-mail address
4- OwnedYour secret answer is irrelevant at the moment.
Your password does not matter. Once they have your username and e-mail, your account is theirs. So, I'd like everyone to take a moment ... and think of how you can correct this problem......
YES!
You need to treat your E-MAIL ADDRESS as your new SRO PASSWORD - DO NOT USE YOUR USERNAME(S)
You need to use a STRONG password on top of this. Use at least 8-10 characters, numbers AND letters. DO NOT USE A WORD IN A DICTIONARY.
People _CAN_ figure out your secret question. One person ... took "birthplace" as a question on their account.
I found out the user's country.I pulled up a list of the 10 major cities in that person's country. (towns & villages don't have hospitals). They were born in city #4. Account is hacked.
Another person - they listed their pet as their secret answer. So, I searched for their username - and an animal. Found their pet's name. Account is hacked.
Are you following a trend here?
The more you post online, the more information there is about you, the easier it is for people to "hack" your account. Yes, this *IS* what hacking *REALLY* is. Taking all of the facts you have available. Building on them. Finding out more information. Building on it ... keep building ... build more ... until you have the answer. My success rate was 80% in taking accounts I set out to take - using my head alone, and NO hacking tools, NO programming, NO cracking.
Let me sum this up for you, in a SHORT list of things you should keep in mind to safeguard your account from someone like ME.
1- Strong password. Press random keys on your keyboard, or use a password randomizer.
2- RECORD YOUR PASSWORDS. Write them down, that way you can use STRONGER passwords.
3- TREAT YOUR E-MAIL ADDRESS LIKE A PASSWORD. Use a NEW e-mail for ALL of your SRO accounts. Under NO circumstances should your username be in your password.
4- Don't fill in public profiles. People use them to hack your account.
5- Don't use the same username to post on boards as you use as a login. Can't stress this enough. That's 50% of your account lost.
6- Search for your OWN information on google. Anything you find - DON'T EVER USE IT AGAIN. This information is now INSECURE.
7- Watch out for XFIRE accounts. They show how much of a PRIME TARGET you are. (1K hours+ logged into SRO? You've got a fat account.)
If you've made a mistake with your account, DON'T PANIC. You can still save it - even if it has been compromised before.
Change your e-mail to something completely out of the ordinary. Something you've never used before.
Make it NOT a word, or a combination of 2 words and some numbers - the longer it is - the harder it is to figure out.
Change your actual name. Use the same fake name for _all_ of your logins.
When you set your passwords - don't be afraid to combine things. If your old pass was dog133 - change it to a combo of words plus numbers: car133bird331 - dumb as it looks - is a GOOD password VS a brute force attack. It's simple for you to remember, and it's HUGE when a scriptkiddie goes to attack it.
Nobody can advise you like someone who is REALLY into security. Joymax's security is shoddy. They suck. You have to take measures for your own good. You've just gotten advice from someone who's pretty good. I won't say I'm one of the best - as there are many better than me. Hey, give me credit - at least I'll admit it.
[ PS: About those guys who claim to break into Joymax's databases: 100% bull. I read that "chat with a hacker" - the guy either bruted or engineered. Trust me on that.]
Good luck everyone. I sincerely apologize to anyone whose account I've gotten into. You know who you are man. I hope you can forgive me. I took 1 global of yours - if you want the dime back, I'll send you a quarter.
I've also tried to give Joymax some of my own insight on their problems. You want to know what they say?
Nothing. They don't give a **** about anyone. Keep that in mind.
**As I said at the top of this article, this is my own input. Getting hacked and having your money, character, items stolen is a real threat. I read this article and felt it should be shared. Some other advice I would give to readers is: 1. Don't give out personal information to anyone you don't know ( I mean in person, not someone you know in the game) and even then, limit what information you give out. 2. Make sure the person's char name is exact... I've seen attempted scams where a person will create a character with 1 letter or number changed (i.e. from Infinity to Infinite)... I know it doesn't seem likely most would fall for this, but I've seen it happen; 3. My last piece of advice is simple - DO NOT GIVE OUT YOUR ACCOUNT OR E-MAIL INFORMATION FOR ANY REASON UNLESS THEY CAN VERIFY THEY ARE A JOYMAX EMPLOYEE BEYOND A DOUBT. (So many people will try to impersonate Joymax employees through in game chat, e-mail, etc.; just make sure you know who you are talking to before you give out information. I have been playing this game for almost 3 years, and haven't been contacted by Joymax 1 TIME, I seriously doubt 99.9% of users would get contacted by a real Joymax employee)**
** I did not write this article, and the forum I read did not give credit to the author.**
No comments:
Post a Comment