• Hail Guest!
    We're looking for Community Content Contribuitors to Stratics. If you would like to write articles, fan fiction, do guild or shard event recaps, it's simple. Find out how in this thread: Community Contributions
  • Greetings Guest, Having Login Issues? Check this thread!
  • Hail Guest!,
    Please take a moment to read this post reminding you all of the importance of Account Security.
  • Hail Guest!
    Please read the new announcement concerning the upcoming addition to Stratics. You can find the announcement Here!

UO Account Security: Tips, Information, and Discussions

Orvago

Stratics' Finest
Alumni
Stratics Veteran
Stratics Legend
Ways to protect your UO Account
  1. Use a Strong Password.
    * 8 to 16 characters long consisting of Uppercase, Lowercase, and Numbers.
    * (Example: feq62PLe826k - the maximum number a password is checked for when signing into the game is 16 characters)
    * Use a password checker to make sure you have a 'strong password'. Microsoft's checker is probably the safest. That can be found Here.
  2. Change your Passwords regularly.
    * I suggest changing your passwords once a Month.
  3. Tips for keeping your password secure:
    * Never tell your password to anyone (this includes significant others, roommates, parrots, etc.).
    * Never write your password down.
    * Never send your password by email.
    * Periodically test your current password and change it to a new one.
  4. Use a private E-Mail Address.
    * Do not use this email address at ANY other web sites.
    * Do not give it out to Anyone.
    * Use it ONLY for Ultima Online.
  5. Protect your E-Mail Account too.
    * Use a Strong Password too!
  6. Protect your Account Name.
    * Do not give your Account Name to Anyone except to EA Officials!
  7. Use Caution Entering your Password at Web Sites!
    * Do not enter your Account Name at any site other that UO.com's site.
    * When you go to your Account Management or to the UO Game Code Store, go there Directly and not through any external links in emails or other web sites.
  8. Do not give your Password Out.
    * No one at EA will ask your for your Password in E-Mails, PMs, or any other fashion except for by Phone, and then only when You call them.
  9. Use a Strong Account Name.
    * When creating a New Account, for your Username, use a combination of Letters and Numbers.
  10. Be Cautions when Creating Account and Character Names!
    * Do not use your Real Name as Character Names, Account Names, and do not use your Account Name as Character Names or Account Names at any other Web Sites.
  11. Firewall & Anti-Virus helps to keep you Safe!
    * Keep your Firewall and Anti-Virus Software Up-To-Date!
    * Windows Firewall is NOT enough!
    * If you cannot afford another firewall, go download ZoneAlarm's free Firewall! www.zonealarm.com.
    * If you cannot afford an Anti-Virus Software, go download AVG's Free Anti-Virus: www.grisoft.com.
  12. Do regular Virus Scans!
    * If you think your infected, do NOT enter your password or account name until you are sure you have eliminated the Virus(es)
  13. 3rd-Party Programs.
    * Do not run any 3rd-Party Programs that are not approved. You never know what could be built into said program!
    Check Here for EA's list of Approved 3rd Party Applications.



  • If you have a weak password, change it!
  • If you use your same email address for UO on other web sites, get a new Email Address and change it with UO in your Account Manager.
  • If you have characters named after your Account Name or Real Name, soulstone their skills and delete them, or buy a Name Change Code if you can afford it.

Please everyone, do NOT trust any site claiming to be Ultima Online that is not *.ea.com - *.uo.com - *.uoherald.com - *.uogamecodes.com


Please post any other suggestions you have to add to this list and I will update it. As well as add anything else I can think of later on.


My Request to EA: Allow us to call you guys/gals up and change our Account Names if we have a weak account name or have been compromised in the past. Please!


This list has been updated on the date & time of the Edit Timestamp. Thanks to everyone who have made and will make suggestions to add to this! Knowledge is the BEST protection!


- - - - - - - - - - - - - - - - - - -


Ghost_Writer wrote the following precaution:
There has been a recent rise in blatant attempts to gain access to UO accounts. Sites are being put up specifically to target the UO player base such as the Kingdom-Reborn download site which had a Trojan, the spoof site of uoforum dot net which was intended to spoof a legit fan site uoforums.com, and this most recent uotrading site which several people are complaining of being hacked after recently signing up for.

This goes beyond the normal "protect yourself on the internet" since we are specific targets and extra effort is being put into ways to trick specifically UO players.

Do not use sites that are not well known and trusted. And never use your UO information or even the same email account you use for UO, on another site.

This post will be left as a sticky to warn everyone, however I am locking it to prevent any discussions or arguments about how people should know better. Obviously not all do so we have a responsibility as a community to try to warn them.

If you have information of a specific site that you think justifies a specific warning please PM me with the information and I will check it out and add it to this thread if warranted.

Thank you,
Ghost
- - - - - - - - - - - - - - - - - - - - - -


User Sorcon wrote the following:
Hey, Scammers are once again trying the "Unmentionable" program script to make you throw your gear on the ground at your feet.

They just hit a friend of mine on Legends. Granted, he should have never ran the "unmentionable" program, but someone posed as one of his closest friends and guildmates, told him to DL it and he did... Then fed him the script that made him throw his stuff on the ground.

Of course he bears fault in this for the "Unmentionable" program, but just a warning so that it is fresh in people's minds.
Furthermore, a user commented on why we cannot allow this program to be named:
"i think its lame we cant say it, but it clearly says if the program isn't on the approved list, you cant use it."
Yes, I do agree to some extent. However, we feel it is best to not help spread the word of illegal program names so fresh players, who may not know programs are illegal, cannot easily locate them through our site.

We want to play no part in players finding and using such programs through our site.

To Echo the last words in the above statement: "but it clearly says if the program isn't on the approved list, you cant use it."

You may find that list of Approved Programs, HERE


- - - - - - - - - - - - - - - - - - -


The following was suggested by user Highball (spell checked and reformatted by Orvago):
Hi there ...

There's a great deal going on about accounts being hacked.

One way to prevent this is having different passwords related to different sites.

Then some will ask and have in mind: What if i forget a password? Some have experienced and some use the same password.

If you forget a password, well there are ways around that nowadays since you can retrieve a new.

If you on the other hand use the same password no matter where you enter - you really ask for trouble.

Different passwords ... that's another way to deal with the hacks and no it's not at all hard to remember ...


Here's the tool:

1. You split up all the places where you need to enter a password into two groups:

  • Economically related (bank accounts and such - and where you i.e. use a credit card - net business and such)
  • All other places (Like Stratics forum)
2. For each group you pick two items in your home that you are close related to. I.e.:

  • Curtain
  • Table
3. You split up the two groups (mentioned in #1) into three groups after increase in security. I.e.

  • A. Normal sites - no added letters
  • B. Higher security needed - here you add a BIG letter in front and after the basic password itself, like A and O ... or i.e. a Q and a W - two letters that you easily can remember where they are placed on your keyboard
  • C. Highest security needed - here you add a number in front of the BIG letter + basic password + BIG letter. I.e. 1 and 2 or 9 and 0 (zero).
4. You will now be able to have six diff groups of securities from the basic to the highest level of safety.

5. Examples:
Economically related ...
Level 1: curtain (IF you want to increase security make the first letter a BIG letter like Curtain)

Level 2: ACurtainS

Level 3: 5ACurtainS6

All other ... do NOT use the same letters or numbers as in econ. relations

Level 1: table or Table

Level 2: QTableW

Level 3: 1QTableW2

6. It's quite easy actually: Pick two words related to two items you're fond of. Then pick 2 x 2 letters placed easily for you on the keyboard and pick 2x2 numbers likewise.

7. You will find that your passwords can be remembered this way and you will have six diff levels of security.

8. And FINAL ... do NOT use my examples here in the manual.

9. Good luck and you should now have made it not only harder, but merely impossible for hackers to make trial attempts of your password - and to make it even more safer - behave on the net:

10. To make it safer for you i'll give you a couple of advices concerning how to behave safer related to the net:
I. Don't ever open an e-mail from a sender you haven't in your address book already (unless it's a sender you know). Do NOT read the e-mail, do NOT open it - DELETE the e-mail and INSTANTLY !!!

II. Don't ever open attachments you don't know of - EVEN when in an e-mail from somebody you know of !!! Two methods: DELETE the e-mail instantly - and do NOT open neither the e-mail nor the attachment / or write the sender and ask for confirmation that the person deliberately attached something - and what it is - there could be an attachment that the person not added.
One way of a forewarned attachment could be that you make a deal with people you get attachments from ... you tell the person to write in the e-mail: *I have attached # of attachments* - where # is the actual and precise number of attachments, the * in front and after is a sign of a personal attachment - best if the person writes the names of the attachments themselves. This way you can see if the mail and the attachments differ !
III. Be very cautious about to whom you give out your e-mail / your ICQ / your MSN / your credit card information - and do NOT in ANY way give out a password (for NO reason !!!) - a person wanting close information has bad intentions - the only person that needs information about your password is YOU.

IV. If you receive requests from somebody on the net that would like to be added to your ICQ, MSN or otherwise - DENY. Though - if a business has been set up in UO and you agree to correspond through ICQ, MSN etc. then read the personal information about that person. If you don't find any kind of info that relates to the person you expect to make a deal with - then write a message to that person (requesting adding) and request information about where you met or why the add request has been received. If the reply doesn't match the information you have already on the person - DENY access and BLOCK the person.
It's better to loose a good UO deal than to loose your bank account or your UO account !
V. NEVER be curious about something you have received that you haven't asked for - and no ... you will NOT be the lucky one that won in a 10 mill. lottery without having paid for a ticket !!!
People don't get anything for free nowadays !
Good luck.
 

Orvago

Stratics' Finest
Alumni
Stratics Veteran
Stratics Legend
Here is EA/Mythic's "Account Security FAQ" for Ultima Online:

Part 1 of 2
ACCOUNT SECURITY FAQ

Why should I be worried about Internet security?
As with any other thing of value in everyday life, your computer, and the data kept on that computer, are subject to crime. With the Internet becoming more and more a part of every day life, it is important to understand computer crime and ways to secure your computer from strangers. This is not meant as an alarmist document, but rather as a very real way to help keep your data your own, and keep your Ultima Online account more secure. Almost everyday Origin receives a call from a very distressed person whose computer security has been breached, and often, they have had their Ultima Online characters deleted or made useless. In our effort to be open and honest and to arm you with the knowledge you need, we are going to reveal some possible ways your system can be infiltrated. To our knowledge, there is no way your computer security can be compromised through Ultima Online, however, there may be security holes created because of your involvement in the external community of Ultima Online. For instance, ICQ, Web Pages, e-mail, and third party programs can all be used to gain access to your computer. There are ways to make it more difficult for a computer crook to get into your computer, and any criminal is going to look for easy targets first, not difficult ones.
There are definitions of many words available at the end of this document.

How can a criminal get access to my computer?
Every day Origin is called by people who have had their Ultima Online accounts infiltrated. Many people believe that this will not happen to them, but sadly, these people are often victims of compromised security, many without ever knowing it. It is important to remember that security holes are not created by Ultima Online. Although you may meet a computer criminal through an Ultima Online forum, this criminal can not get any information about you through Ultima Online, other than what you offer to them. Most computer criminals will, however, be able to learn such things about you, like your IP address, through other forums including, but not limited to: Some Bulletin Boards (posts may include your IP address)
ICQ
IRC chats
Direct link Internet games
In many cases, a computer criminal does not even need to know your IP to get into your computer. See the section on Trojans for more information. Once the criminal has bypassed your computer's security, you may lose any information available on your system, including any credit card information stored, passwords to other sites, or even personal files. Reading this document can alert you to how you may be vulnerable to the efforts of these computer criminals. Hopefully it will also instruct you on how to prevent such efforts by knowing how to identify possible security problems and potential threats.

Please remember, though, that computer crooks are constantly searching for new and effective ways of gaining access to your computer, and no amount of information we could provide will be able to keep up with them. This document is meant as a service, providing you with useful information to help you make your computer more safe than it otherwise would be, but Origin can't promise you that following the suggestions in this document will make your computer totally safe from computer criminals.
What are some quick things I can do to prevent someone from getting access to my computer's files?
Although this document covers these issues in more depth later, here are some quick prevention methods:
Never accept files from someone you do not know or do not fully trust.
Never download programs from sources that do not have an address or some way of reaching a responsible party.
Always have active virus scanning on your system with the most recent scanning files.
Never give out your password to anyone.
Change your password at least once every three months.
If you have a cable connection or DSL connection, you should consider getting firewall software for your computer.
Be careful when giving out your ICQ number.
This document details the reasons for these precautions, and we urge you to read this document in its entirety.

What is the most likely way someone will break into my computer?
This may depend on you, but the most likely way people are hacked is by downloading files from a source they know nothing about, or by trusting someone they have met online. This is not to instill a sense of paranoia about who you meet online, but rather, you should know not to accept files from people you truly know nothing about. In most cases, computer criminals will send you Trojans in these files, though some malicious ones may simply send you a virus.

It seems as if computer security issues are becoming more of a problem now, why is that? As the Internet is growing and more people are on-line for longer periods of time, and with greater frequency, the risk of running into a computer criminal is also growing. Constant connections to the internet, such as cable modems and DSL modems also make your system more vulnerable, because these connections allow people to find you more easily as your connection is available for longer. Honestly, the number of easy targets increases daily on the net, as people do not use the typical rules for meeting a stranger when on the Internet.
Meeting People
Who do I trust?
Basically, it is very hard to know who to trust. Most computer criminals believe themselves to be able to "trick" others easily by gaining their trust and then ripping them off. A computer criminal generally loves nothing more than the thrill of the "kill." If it takes more than three months to gain your trust, don't think a computer criminal won't go this far. Computer criminals have lots of patience, and the longer it takes to gain your trust, the sweeter the "kill" is. The computer is their weapon of choice. A general rule to follow is trust no one you have not met in person. This seems to be a bit paranoid, but if you value your data, you should know to whom you are giving that data access. The same is true of web pages. Make sure you are familiar with the company or individual before you grant them any rights to your web browser.
How does a Computer Criminal find me?
It is important to note that no matter how anonymous the Internet may seem, you are never truly unknown. In fact, for you to connect to the Internet you must have an "address" so other systems can know where to route data. This address is called an IP address. This IP address is much like the name for your system. Each time you log on to your provider, they will assign you an IP address. If someone has your address or can find out this address, they have the first thing they need to break into your system. In order for them to be able to do anything to your system, they have to know how to contact your system directly. It is important to note that your IP address can not be obtained through Ultima Online. So how would your account be in danger? Probably through outside contacts in relation to the game.
How could someone gain my password?
There are a few different ways people might be able to gain your password to Ultima Online or any other service.
METHOD 1: If the person knows you, or knows something about you, they might be able to guess your password. The more open you are with people about what interests you and about the personal aspects of your life, the more these people will be able to guess a password you may have chosen.
Prevention: The best thing you can do is pick a random password that you will be able to remember, but that is not related to you or anything about you. Many people place numbers in their passwords to make it even more difficult for someone to guess a password. For instance: Luck0theIrish where '0' is actually a zero. Many people actually just choose a string of letters and numbers such as: a01d3th7. These are more difficult to remember, but probably the most unlikely to be guessed.
METHOD 2: Someone might be able to systematically go through a list of possible passwords given they know an account name. Really, doing this seems like a tedious task, but since the person has a computer available to them, it is not that tedious. Since there are 26 possible letters to use in a password, and only 10 numbers, they can have a program which will cycle through all 36 combinations. This would have to be done for all five to thirteen places, given the number of letter in the password, and by that time it gets pretty time consuming. Origin has made it difficult for this to be done, but we could not make it impossible.
Prevention: Although this is perhaps the most unlikely of all security holes, it could theoretically be possible to lose your password in this way. In this case, the thing that the computer criminal needs is your account name. You should guard your account name if you can; avoid making your account name something that is readily accessible. The most common example would be using the name of your main character as your account name.
METHOD 3: You may wish to consult the section on Trojans, but if someone has remote access to your system, it is very possible that they will be able to get your password if you have the password saved on your computer.
Prevention: There are two good courses of action you can take to prevent this from happening. Never leave a save password box checked. Leaving a save password box checked means the password will be stored somewhere on your local hard drive. This may make it less of a hassle every time you log into the game, but it will also make it easier for someone to get your password. If a computer criminal can gain access to your hard drive, such as through a Trojan, they will have access to your password. So you should not choose to leave the save password box checked. The second thing you can do is to make sure you have no Trojans installed on your system. Having the latest scanning software and keeping all of the most recent files for scanning will help prevent hackers from having access to your system.
Already been hacked?
My account has been broken into, now what?
If your UO account has been broken into, what recourse do you have? What you should do is contact your local authorities and report the crime. Just as your IP address identifies you, so will there be a record of the criminal's ip address that will identify him. The authorities need only get this address. A very real crime has taken place, and though it may have manifested itself through Ultima Online, Ultima Online was merely the data that was stolen. Unfortunately we can not reimburse for items lost in the game, nor can we rebuild lost characters. If your account has been broken into and everything gone, it is gone for good, and you will have to start from scratch. You are responsible for anything done on your account, intentional or not.
What can I expect if my Ultima Online account was broken into?
Many people who have their account broken into have reported some of the following:
Deletion of their main or other characters
Houses transferred to other characters
Murders committed with their characters
All items deleted from their bank and house
Their character was killed over and over with stat loss.
These are just some of things we have heard. Origin can not verify if an account was broken into or not, simply because the means are not available to us to determine that your account was definitely broken into. We will not be able to reimburse in any way for anything done to your account by a computer criminal. This is another reason why it is imperative to do everything to make your computer safe. And if someone does break into your computer and hacks your UO data, you should contact your local authorities to report this crime.
Avenues of Attack
How does a computer criminal find me?
It is important to note that no matter how anonymous the Internet may seem, you are never truly unknown. In fact, for you to connect to the Internet you must have an "address" so other systems can know where to route data. This address is called an IP address. This IP address is much like the name for your system. Each time you log on to your provider, they will assign you an IP address. If someone has your address or can find out this address, they have the first thing they need to break into your system. In order for them to be able to do anything to your system, they have to know how to contact your system directly. It is important to note that your IP address can not be obtained through Ultima Online. So how would your account be in danger? Probably through outside contacts in relation to the game.
I have heard that ICQ may allow a computer criminal to find me, is this true?
ICQ is a great way for someone to communicate with you. It is tremendously fun to use, and even helpful with Ultima Online. However, if you start to accept people you don't know into your contact list, it is possible that one of these people can get your IP address while you are both using this program. You can turn off the ability for others to see your IP address in ICQ, and we recommend always keeping this option checked. However, if the computer criminal uses a Packet Sniffer, they will be able to determine your IP address. Also, never accept a sent file from someone you do not trust implicitly. If someone is sending you a file, especially an executable file, be very certain you know what this file will do.
I have heard people who say their account was broken into because they downloaded an Ultima Online third party program. Is this possible?
Many programs exist to try to help you "get ahead" in Ultima Online. Not only can usage of these programs result in your account being banned, but they can do far worse. Downloading any of these programs and running them may have unforeseen consequences. Clever computer criminals will embed other executable files into such programs to help them gain access to your machine by placing a Trojan there.
You guys just don't want us to use third party program, so you are trying to scare us from using them by claiming they provide avenues for computer criminals. Why should we believe you?
It's true, we do wish that some third party programs were never used in Ultima Online. They give some players an unfair advantage over others, and this does hurt the game. However, it is also just as true that many of these programs install Trojans on your system. So, while it may seem like our warnings are suspect, we urge you to consider this before you download any program claiming to be helpful with Ultima Online. Remember, once a computer criminal has access to your system, it is not just Ultima Online they have access to, but everything on your computer.
I met a guy in an IRC chat channel, should I be cautious?
Chat boards are another tremendously fun way to meet people and discuss any of your favorite topics. However, just like meeting strangers on the street, you should take precautions. Never accept a file sent from anyone you do not trust implicitly. Also, remember to never give out your account information to anyone in chat, no matter how nice they seem. There is one story of a data thief who decided to enter the chat under a woman's name. He was very charming and offered to send pictures of "herself" to interested parties. These parties accepted the file, which was a self-extracting archive, and it contained pictures, but it also installed a Trojan on the recipient's machine. The poor recipients realized that they had been had, but it was too late.
What else should I be aware of?
One of the features of Windows 95, 98 or NT is the ability for you to share your files with other computers. Whether these computers are on a local area network or on the Internet, you should always make sure you are very careful about file sharing. If you have enabled file sharing, you should always make sure to password protect your hard drives.​
 

Orvago

Stratics' Finest
Alumni
Stratics Veteran
Stratics Legend
Here is EA/Mythic's "Account Security FAQ" for Ultima Online:

Part 2 of 2
Attack Forms
What is a Trojan?
A Trojan is a program which installs itself surreptitiously onto your computer. Once a Trojan is installed on your computer, it will try to run in the background, where it is very hard to determine that it is running at all. (Even a CTRL-ALT-DELETE might not be able to show you if a Trojan is running.) A Trojan, basically sets your computer up to be a server. This means that if you have an active Internet connection, the Trojan can open a port from your computer so another computer can log in. Once this other computer logs in, they have access to everything you have, and worse, they might be able to go so far as to see exactly what you are doing, even seeing what you are typing. If you are asking why this is really that bad, simply think how many passwords are stored on your computer. Even if these are stored in formats you can't read, a clever computer criminal probably can read them, or the criminal could simply copy the entire program over and just run it from their machine.

This can all happen in the background of your computer, and you would never see any outward sign of what was happening. Given the amount of normal and benign tasks that happen in the background all the time, would you really think anything was wrong if your hard drive light suddenly came on, and your hard drive started spinning? It happens all the time. Maybe your Internet connection seems to be moving at half speed. Given the data sending capabilities of high speed modems and the finicky nature of the internet, slowdowns are common. Would you think anything was wrong if you saw either of these two things? Probably not. Nor should you, and this is why it is so hard to imagine you might have one of these types of programs running in the background.

Such programs are very difficult to detect, even with virus scanners. With only a few changes, different versions of the Trojan can easily be made so as to be undetectable to the scanning software, until the scanning software is updated to account for the new version of the Trojan. A new version of the Trojan can again be released and this process can go on ad infinitum, where it is a constant race to stay ahead of each other.

It might seem that this could easily be stopped, because you would have to keep downloading new versions of the Trojan, right? Not necessarily. Just as Windows and Netscape have ways they can update themselves, so can invasive and clever Trojans. Once they have a connection to your system, the hacker can simply update the Trojan to the latest version. Remember, they have complete access to your system.

So really, the obvious question becomes, how in the heck would you ever get a Trojan. Surely you can see what you install on your system. Again, many programs that we run do things in the background that people never see, installing a program on your system without your knowledge is not difficult at all. However, it does require some action on your part. You would have to run some form of an executable program on your system. The following is an account of someone who got a Trojan on their system and lost over a year's worth of data to a computer criminal:

I was talking to this girl I met in a chat channel. We met a couple of days before, and she seemed very nice. As we talked more and more, we started to get to know each other. At this point she asked for my ICQ number. I gave it to her. A few more days passed with us making idle chit chat. Finally she offered to send me some pictures of herself. She sent them to me in a self-extracting archive, and said all I had to do was run the program and it would install the pictures onto my computer. I was so happy to get a chance to see her that I immediately ran the program and got to see pictures of "her." It turned out that they were not really pictures of "her" because she was a "he." He had built up my trust and a month later, I discovered that the file he sent included a Trojan.

Another important detail about Trojans is that they do not allow only one user to gain access to your system. There are two very common Trojans being passed around on the net at the current time. One is Back Orifice, and the other is NetBus. Both are very sophisticated pieces of programming, and both are very difficult to detect. Many "would- be" computer criminals, simply scan random IP addresses looking to see if there is a NetBus or Back Orifice connection at the other end. If there is, into that system they go. So not just one person could be accessing your files if you have a Trojan, but several.

Prevention of a Trojan being installed on your system is probably the best way to avoid the problem all together. However, there are some other tools you can use to help you. Permanent connections, such as those available to cable modems and DSL modems are the most likely targets of Trojans. If you have a permanent connection to the Internet, or you just leave your connection active a lot, you may wish to set up a firewall. A firewall will allow you to block access from certain ports on your computer. There is also a program called Nuke Nabber which allows you to monitor ports you select. Since NetBus operates over port 12345 most of the time, and Back Orifice generally operates over 31337 and 81887, you should configure Nuke Nabber or the firewall to look at these ports.
What is Packet Flooding and/or WinNuke?
A win nuke or a packet flood can be accomplished if the user knows your IP address. Basically a person will set up a program to query your computer over ICMP (Internet control message protocol) which normally uses port 0 - 11. They can also query other ports over other protocols, such as port 139 and 113 over TCP/IP. Think of this as an advanced telephone system. When you call someone, the phone rings on their end, and you also hear the phone ring. The same process on a computer is called pinging. If another computer user has your IP address, it is very much like having your "phone number." The user can ping your computer, and your computer will answer with a ping. Part of the danger of this system lies in the variance of speed between the two computers, and how fast each is able to process a reply to the ping. If another user has a very fast connection, they can ping your computer repeatedly. Your computer will need to answer each time it is pinged. Even though their computer will have to send the ping and receive an answer, your computer will have to receive the ping and provide an answer. Given the fact that they can do this over and over at top computer speed, they can cripple your Internet connection, and even cause a major slowdown on your system. Spoofing halves the workload the computer criminal's computer must do, giving it even more of an advantage of your system. Other flooding types exist, such as using the Windows stack in a WinNuke attack. This usually occurs over port 139 using TCP/IP protocol. Such an attack is uncommon because recent patches offered by Microsoft prevent this attack. Prevention of flooding can be done in several ways. One of the ways to do so is to set up a FireWall or NukeNabber to scan for and block all incoming ports vulnerable to attacks. This can limit some legitimate uses of some ports, especially on LANs, however, and may not be the most desirable solution. You may also wish to block off vulnerable ports while granting selected systems, such as your ISP, access. Many firewalls have selective filters to help you accomplish this and you should consult their documentation for vulnerable ports and how to set the software up. Many of these attacks have been reduced over time as a result of patches provided by Microsoft which enhance your internet security.
What is a Virus?
Many people know about viruses, but they do not understand how it is possible for a virus to infect their system. Basically, a virus is a program which "attaches" itself to another program. Once a program with a virus is used, the virus resides in the ram memory of your computer. Each file you access, depending on the virus, may become infected. Once you shut off your machine, the virus will be cleared off your ram, but it still remains on the infected files. If you run any of those files again, the virus is loaded into memory and is ready to infect new files. A virus may also infect the boot sector on your computer. If this happens, the virus will automatically load into memory each time your computer is booted up. It is beyond the scope of this document to define all the types of viruses, and the possible adverse affects of having a virus on your system. The main thing to remember about viruses, is that it is very important to have the most recent scanning software running at all times on your system.
I have heard your computer can be broken into through a web browser, is this true?
Many web browsers now have the ability to run programs right off the web. In fact, many of the neatest web pages include Java and Active X scripting to really show off what web technology can do. The downside of this is that a harmless visit to a site can turn disastrous without the proper precautions. You should always have your security settings high enough that you are prompted before a site tries to run an executable program on your system. Almost all of today's browsers have security built in which allow you to control this access. Backdoor programs embedded in web pages can install hidden programs onto your computer such as Back Orifice and others. Always make sure you fully trust the web site before you accept any programs they try to send you.
Definitions
What in the heck did you just say?
Background: Running in the "background" refers to an application that is running, but not readily noticeable to the computer user.

Cable connections: Cable modems are modems which use common cable connections for internet access rather than phone lines. Cable modems allow for greater bandwidth than normal phone lines. Cable modems do not require you to dial in to a service provider, though they may require a log-in. Cable connections can remain active indefinitely, however, they do require shared bandwidth. Although they are capable of high-speed, the more people in your area using cable modems can slow down your internet connection.

Client: A client is a term used for either a computer or program that will enable you to log in to a server. Clients issue requests to a server and the server will fulfill or deny the request.

DSL, xDSL or ADSL Connections: These are dedicated high-bandwidth alternatives using your normal phone line. DSL connections do not share bandwidth and are capable of very high speed transfers, up to 50 times that of a normal 28.8 connection. DSL operates using high-frequency signals over normal phone lines. Because normal phone conversation take place using low-frequency signals, much of the bandwidth available on your phone lines is not used. DSL uses this bandwidth.

Firewalls: Firewalls are security systems put in place on servers to prevent unauthorized access to ports on a computer.

Computer Criminal: For the purpose of this document a computer criminal is anyone who is trying to do something harmful to your computer.

IP address: This is the address for your computer on the internet. It tells other computers where to route information to. You will be assigned an IP address by your ISP. Most ISPs will give you a new IP address each time you connect to them. This is called a dynamically allocated IP. If your ISP has assigned you one IP which you will keep for as long as you are on their service, this is called a static IP address.

LAN: Local area network. A LAN is a group of computers linked together for the purpose of sharing files and information. Usually they are connected through a server or set of servers. LANs are set up primarily in businesses, but you can have a home LAN set up. You may be able to access the internet through a LAN, but only if one of the servers has a connection to the internet itself.

Nuke Nabber: A program which lets you monitor your ports and activity on those ports. It also has other features to help track and prevent hacking attempts.

Ping: Ping is a request sent to a computer so that the computer receiving the request will acknowledge that it is there. Think of a ping as a phone call. You make the call, it rings on your end. You know that it is ringing on their end as well.

Port: A port is like a doorway on your computer. If you have two applications running, it would not make sense for them to go through the same doorway, as it might be difficult to tell the difference between the information. So a port separates out how certain data is sent or received.

Server: A server is a computer or program which will accept requests from a client. It will then process this data and either deny the request or process it.

Spoofing: A process where the hacker need only send a ping, and does not accept your response.​
 

Orvago

Stratics' Finest
Alumni
Stratics Veteran
Stratics Legend
Below are some comments left by users in the Old Thread.

Ithilkir wrote:
I'd also reccomend using a password checker to make sure you have a 'strong password'. Microsoft's checker is probably the safest.

http://www.microsoft.com/athome/secu...d_checker.mspx
Garaba wrote:
Also,

Do not run any 3rd party program that is not approved. You never know what could be built into said program.
Llewen wrote:
I'll repost here what I've posted elsewhere.

After reading several posts from people said they have had their game accounts hacked for Ultima Online, and knowing that several of us have had problems with viruses and spyware, I thought I'd put together a thread on security best practises.

1. Keep your software up to date. This is probably the single most important piece of advice you will read here. Stay on top of updates, and as much as possible, keep everything up to date. Here is a quick list of things you will want to keep up to date.

- Hardware drivers. This might not be immediately obvious, but even hardware drivers can have security vulnerabilities. At the very least you will want to keep your drivers up to date to keep your system as stable as possible. For newer hardware, and especially video drivers, you should be checking for updates once a month. For older hardware, or hardware other than video drivers, you should be checking once every three months or so. If the software that comes with your hardware has automatic update features, use it, but don't rely on this for hardware. I have had the problem with Logitech specifically that the automatic updates didn't tell me a new version of my software had been released, so check manually at least once every three months.

Here is a quick list of drivers that you should be keeping up to date:

Chipset Drivers (for your motherboard)
Video Drivers
Sound Drivers
Ethernet Adaptor Drivers (for your lan card or nic)
Keyboard and Mouse Drivers

- Your operating system. No matter what operating system you are running, keep your operating system up to date. Any operating system released in the past few years should have a way of automatically keeping up to date. Use the feature for whatever operating system you are running and if it is on a schedule, make sure it is scheduled for a time when your computer will actually be on. You should be checking for updates at least once a week.

If you are using an old operating system that is no longer supported, such as Windows 9x/Me, it is time to switch to something else. If money, or old hardware is an issue, there are plenty of great options for Linux, that are free, that will run on older hardware. If you don't feel up to reinstalling your operating system yourself, get someone to do it for you.

- Web browser. If the web browser you use isn't updated with your operating system, make sure you keep it up to date. You really should be checking for updates to your web browser every day. Have it automatically check for updates every time you open up your browser. If you are using a really old browser, that is no longer being developed, stop using it and switch to a product that is actively being developed. There are plenty of free options for browsers that are actively being developed, there is no excuse for using an old browser. If you are comfortable with your old browser, and don't want to switch, get over it. Nothing can get you in trouble faster, and more easily, than security vulnerabilities in your web browser and any old web browser that is no longer being developed will have security vulnerabilities.

- Chat and email applications. If your email and chat aren't included in your operating system updates, make sure you keep them up to date. Again, most newer applications will have a way of keeping up to date automatically, enable those features, and if they are enabled, make sure your computer will be on at the times your update checks are scheduled to run.

- Security software. If you are using security software, which you absolutely should be. Make sure you keep it up to date. Use scheduled updates if they are available. Anti-virus software with the virus definitions should be updated daily. Other security software such as anti-spyware software should be updated at least once a week.

- Java. Keep your Java up to date. Once again, with Sun Java, on Windows, there are options for automatic updates, use them.

- Office software. Keep your word processor, spreadsheet software, etc., as up to date as possible. If it is newer, you should be checking once a month at least. If it is older, and no longer being updated, it might be time to consider switching to something newer. If money is an issue, or old hardware, OpenOffice is a top notch product, that is free, and should operate well on any system purchased in the past six years, and maybe even older systems than that. It is available for most of the major operating systems.

- Games. This isn't always possible to do, as many of us play older games that are no longer being developed, but as much as possible, keep them up to date. Any games you can play online should have automatic updates, or update notification available. If you have a game that can be played online that is no longer supported, you should consider no longer playing it online, or if you must, play it only with trusted friends, or on a lan.

2. Consider switching to a more secure operating system. If all you aren't running software that you can't do without, that won't run on Linux, you should consider switching to Linux. It is far more secure than Windows, for many reasons (I don't know about Macs). If all you are doing is basic computer "stuff", such as playing browser based games, email, chat, office software and graphics software, Linux can do all of those things, and your chances of being hacked or infected with a virus, even if you don't know what you are doing, are almost 0.

3. Switch to a safer browser. Stop using Internet Explorer, now. There is no good reason to use Internet explorer for anything other than updating Windows, and the few programs that require Internet Explorer to view content. Get Firefox and install the NoScript and Adblock Plus addons. There are millions of unsafe sites out there, and many unscrupulous advertisers would love to spy on you, and far worse. Don't argue about it, just do it. It may be a bit annoying until you get used to it, but a site operated by criminals can steal any confidential information you may have on your computer, from game account names and passwords, to credit card numbers and banking information, and all it takes is one click.

There are sites that do depend on advertising to pay for their operating costs. If you frequent such a site, and you trust them and their advertisers, simply disable Adblock for that site. However, sometimes perfectly legitimate sites can be hosting advertising for clients that are not to be trusted, without being aware that this is the case. So be careful with that, even on sites that you trust.

4. Always have your cookies on prompt, and make it your default habit not to accept them. If you find you need them, for example to access forums, or use a banking service, or shop online, simply remove the site from your list of blocked sites, reload the page, and accept the cookies. Never accept any cookie from any site unless you are certain you can trust the site, and make sure you check the domain name of any cookie before you accept it to make sure that it actually belongs to the site that you trust. Many advertisers will try to load "tracking cookies" and worse, on to your computer, so even though the site you are visiting may be trustworthy, they may be hosting advertising that is not as trustworthy as they are.

To do this in Firefox go to Tools in the top menu, then choose Options. Then choose the Privacy tab, and in the "Keep until" drop down menu, select "ask me every time". Click on OK. It will look something like this:



For Internet Explorer, do this even if it is not going to be your primary browser, select Tools from the top menu, Internet Options, choose the Privacy tab, then click on the Advanced button, then check the "Override automatic cookie handling" box, and choose the two "Prompt" options below that. Hit OK twice to get out of the options menus. It will look something like this:



To remove a blocked site in Firefox, choose the Exceptions tab, find the site in the list, and choose Remove Site. In Internet Explorer choose Sites, find the site in the list, and choose Remove.

5. Install antivirus software, and run a full scan at least once a week. As I stated above, make sure you use the automatic updates option and make sure it is updated at least once every day. I recommend avast. If you can afford it, buy the full version from them, they deserve the support. If you can't, the free version is fully functional and high quality. I have also found it more friendly to older systems. AVG is another popular free antivirus solution. I do not recommend Norton. The only virus I have ever had on my computer, was missed by a fully up-to-date Norton scan, and just about anything Norton makes these days is a resource pig.

5. Install both Adaware and Spybot and run scans with both of them at least once a week. Make sure they are fully up to date before you run the scans. Spybot's Resident SDHelper and Teatimer are also excellent features and should be updated at least once a week (when you do your scan, right? ;) ).

6. Never ever click on an email or chat link or attachment, unless you already know what the link or attachment is, and you are expecting it, even if the email or chat message comes from a friend. Also never allow anyone to add you to their contact list in chat, unless you know who they are, and you trust them.

7. Finally, use a more secure chat client. There are better choices for chat clients than any of the big proprietary chat clients, such as ICQ, AOL, MSN etc. All of these "official" chat clients come with annoying advertising, and most of them come with security vulnerabilities. I highly recommend Trillian, but there are other free options as well. The best thing about Trillian is that it allows you to access all your chat accounts with one client. Again, if you can afford to buy the "Pro" version, do it, they deserve the support. If you can't, the basic version is fully functional, and includes no spyware or advertising whatsoever.

Pidgin is another multi-protocol chat client that I highly recommend. Again, more secure and completely without any spyware or advertisements.

8. Use complex passwords for any accounts you use the need passwords. Make them at least eight characters long, and use a combination of upper and lower case letters, numbers, and symbols, if they are allowed. "5tY9Lq02" is an example of a strong password. "bunnies" is an example of an extremely weak password.

9. Never share account information such as names and passwords with anyone if at all possible, unless you completely trust that person, and are completely comfortable with losing everything in that account, including personal information. This includes friends and family. The majority of accounts that are hacked, are hacked by people that are known to the victim, either friends, or more often, family members. If you do share an account name and password with someone, make sure that you don't share that password with any other account.

9. Use a firewall. For Windows XP and better there is an acceptable software firewall included with the operating system, make sure you use it. If you are running an older version of Windows, it is time to make the switch, either to Windows XP or Vista, or to Linux if your hardware can't handle XP or Vista. Linux comes with a firewall as part of the operating system, all you need to do is install a gui, such as GuardDog, to set it up.

If at all possible also use a hardware firewall. If you only have one computer at home, and are connected to the internet directly through your modem, you shouldn't be. Go out and buy a router. You can find simple basic routers for $50 US or Canadian, or less. If at all possible get a wired router. If you must use a wireless router, make sure you secure it properly. An unsecured wireless network is like leaving your house completely unlocked with all your doors and windows wide open with a big sign on your lawn saying, "Please come in and help yourself, I won't mind!" and then going on a six month long vacation.
An update on #5 here:
5. Install both Adaware and Spybot and run scans with both of them at least once a week. Make sure they are fully up to date before you run the scans. Spybot's Resident SDHelper and Teatimer are also excellent features and should be updated at least once a week (when you do your scan, right? ;) ).
Adaware and Spybot are no longer compatible with each other. Running a Spybot scan when Adaware's automatic processes are running may result in erroneous scan results. If you use both of the latest versions of these programs, you will need to shut down ALL of Adaware's running processes completely before loading Spybot Search & Destroy to ensure that your scan results are not misinterpreted.

Also, see this Knowledge Base article:
LavaSoft AdAware

If you have the AdAware option to scan inside archives enabled, AdAware may find files in the Spybot-S&D folder. Spybot-S&D does not contain any spyware, but it creates backups of everything you fix (until you remove those backups from the Recovery list), and AdAware complains about these backups. You can safely ignore these backups found by AdAware.
Also, be aware that the two programs called "BulletProof" and "TrekBlue" are illegal hacks of Spybot, as reported in this article:
The black sheep in the anti-spyware business: BulletProof and TrekBlue

While many people in the anti-spyware sector are doing this mostly because they are dedicated to security and privacy, there are always a few black sheep trying to make quick money using the fear of many users.

Two such black sheep are BulletProof Soft with their Spyware and Adware Remover and TrekBlue with their SpywareNuker.

Both products are based on a hacked version of the Spybot-S&D database. Evidence for this is very clear as Spybot-S&D contains some entries to determine such theft. These entries are wrong entries, some detecting things that do not really exist, some detecting minor threats under the wrong name, etc. These tricks are absolutely harmless to the normal user of Spybot-S&D, but do clearly identify a stolen version of the Spybot-S&D database. Both products mentioned above detect exactly the same 'mistakes' the Spybot-S&D database contains.

I am in contact with two attorneys to sue these two companies. I recommend that you use neither of the two programs mentioned above. Using them is a copyright infringement!!! (and in addition you won't get more than with Spybot-S&D, as they are based on older Spybot-S&D databases)

Another interesting thing: there is someone 'spamming' at download.com: Spybot-S&D and AdAware have received thousands of negative feedbacks with the same text (CNet is removing them constantly), but the BPS Remover has gotten more than 10.000 positive feedbacks from the same name and the same text.

A discussion about this has been started at our old support forums (link removed on August 25th, 2006 since the old forum is no longer available).
 

Orvago

Stratics' Finest
Alumni
Stratics Veteran
Stratics Legend
Last updated: 08.18.2008

Helpful Hints to Help Keep Your Accounts and Computer Secure

Passwords

  • Always use different passwords for forums, paypal, ebay, uo and email.
  • Never use passwords that have anything to do with you or your life, such as the names of family members, pets, birth dates 'etc.
  • Never give your passwords out. Even if you trust someone 110%, your password is only protected as much as their computer is. Even if they are completely trustworthy, it doesn't mean that their computer is secure and you can get hacked that way too.
  • Make passwords alphanumeric and upper/lowercase. Do not use common words. The best passwords are 16 characters long, can not be found in a dictionary, and contain lowercase and uppercase letters and at least one number.
  • Never store your password information on your computer. If you are worried about forgetting it, store it on a piece of paper and keep it in a very secure place. Never put your account information near your computer or in plain sight such as on the wall, on the desk etc - especially if you use a webcam.
Helpful Password Resources:

Third-Party Programs, Websites and Files

  • Never download any third-party programs or accept files unless you absolutely, 100% trust the source, especially for UO. This is just asking for someone to hack your UO account or worse. If someone sends you a link, again don't click it unless you trust the source as it can contain harmful items or drive-by downloads.
Install and Maintain Anti-Virus Software.

Regularly Remove Spyware from your Computer

  • If you or any other users of your computer regularly surf the internet or download shareware software, chances are you are going to get your fair share of what is called spyware. Spyware is a general term applied to software applications that essentially gather information about your actions and report them back to the company. It is not only an invasion of your privacy, but the running applications can increase lag on your computer and as such, it may effect how smoothly UO runs for you.
  • Make sure the programs you install don't contain adware. Many freeware programs do include adware. It's how the publishers make their money. If you're not sure, read the license agreement carefully (these are usually shown directly or through links as part of the installation process). Also, check the publisher's Web site very carefully. If you're still not sure, search Google Groups for the name of the program and the keywords adware or spyware. If you don't find any postings about it, then you're probably OK.
  • Install a pop-up blocker to prevent adware and spyware pop-up windows. Much spyware installs after you click a deceptive link in a pop-up browser window. Install a pop-up blocker, and you won't even be tempted to click those links. My two favorite pop-up blockers are completely free. The first is the new MSN Toolbar. The second is the Google Toolbar. Pop-up windows are annoying time wasters anyway, so you'll thank yourself later.
Install and Maintain a Firewall.

  • A firewall helps protect your computer by preventing unauthorized communication to and from your computer while you are connected to the internet. "Port-scanning" is very common and most don't realise that they are even being scanned for weakness or openings in your defense.
  • If you are using Windows XP, there is sometimes a very basic firewall included - but it's not enabled by default. I would strongly recommend a second one as well for added security since Win doesn't check outgoing traffic from your PC.
    • To activate the firewall in Windows XP:
      • - Go to "Start"
      • - Go to "Settings", then "Network connections"
      • - Select your Internet connection
      • - Click on "Properties"
      • - Click on "Advanced"
      • - Check the box in the "Internet Connection Firewall" section
Helpful Links

  • Firewall Leak Tester
  • Never ever except files from anyone. Offer Several sites to upload pics. "Print Screen" button, open up paint in win, "Ctrl-V" keys to paste the image.
Do not ignore Operating Systems updates.

  • Everyday unsavory people are looking for loopholes and get access to your computer. The operating system is a critical part of your computer and is the base of operations for the software on your computer. Do not wait for media reports on updates, often times these are delayed. It's wise to check weekly, preferably daily, for updates on the operating system's website for critical security updates.
Protecting your email.

  • Some viruses can infect your system without you clicking on attachments by executing in the message preview window. Many viruses can cause your sensitive information and documents to be transmitted to millions of people. While the preview window is a handy feature, it's safest to turn it off.
    • To turn off the preview window in Outlook Express:
      • -Select "View" on the Menu Bar
      • - Select "Layout"
      • - Uncheck "Show Preview Pane"
    • To turn off the preview window in Outlook:
      • - Select "View" on the Menu Bar
      • - Select "Preview Pane" if it's not already greyed out
      • - You may need to repeat this for each top level mail folder
  • It is always a good idea to have several emails and preferably a special one you use just for your UO accounts. Remember someone having your email address is the first step they need to getting access to it. If they don't know the email address, they can't attempt to crack your password.
  • Check your email regularly. Some free email services will, without warning, close your email account if it goes inactive for a long period of time. Guess what happens after it is closed. That's right, the name can go back into the choice pool for someone else to choose when they register.
  • Always use all false info when registering a free email such as name, birth date, etc. Any secret questions used for password retrieval.. never put real-life info in them. All it takes is someone getting to know you and asking you where you were born in small talk to get a shot at your secret answer. Make sure your answers are complicated, several words long and nothing to do with the real answer. Find a safe place not on your computer to save this info if you ever need it.
Helpful Email Resources:




Safety Tips for Conducting In-Game Business

  1. First and foremost. If someone offers you a trade, gold or $ that is too good to be true.. most likely it is. Scammers will often prey on the greed of their victims in hopes of lulling them into a incautious state with the desire to make such a good deal.
  2. Always Check the Window Contents = No matter how many times the trade window is opened and closed. Do it every single time. Don't feel rushed. If the other party is trying to get you to hurry when you are checking it, don't. Often times scammers will try to pressure you to just click and seal the transaction.
  3. Always ask them to open backpacks to make sure the right items are inside. When possible ask them to take items out of the bag.
  4. Always check items by clicking them and paying attention to the title. There are many rares and such in the came that look similar to common items. Even if you checked it the first time, if the window is closed and you have to reopen it.. check it #2 as well.
  5. Double check the 0's. This can be tricky as they tend the 0's can blend together, especially if you have a lot to look through. If it is a deal for multiple items, try to break the deal down into smaller transactions if you have a hard time with the 0's. With commas now in place, this should be something to worry less about. However, it is always best to double check, for the eyes can play tricks!
  6. Never remove any clothing, wearables, weapons, spellbooks, etc after a trade until you check your item count. Usually you can do this by single clicking on your backpack and seeing how many items you are carrying. The items in your paperdoll, often do *not* apply to your item count. So if you have 125 items in your bag and you take something off, guess what.. it can fall to the ground. It is a common tactic of scammers to attempt this by offering you something to 'try on', asking if they can see something in the trade window from your paperdoll, or asking you to put something on your character so they can see it and thus removing something else to do so. These are usually attempted after a trade, asking you to hold something for them, etc... so please be careful.



Spoofed Emails and Websites

Spoofing, also known as phishing (pronounced "fishing"), is a type of deception that attempts to steal your valuable information such as account passwords, credit card numbers, etc. Most commonly this is done via email that attempts to get you to visit a website that resembles the official one. Spoofed emails will play on your insecurities, fears and greed. They will often use certain key phrases or information to coax you into visiting their website. Here are some ways to help identify spoofed emails and keep your information secure.

  • If they ask you to verify your account.
    • Businesses should never ask for your account password via email - this includes UO, Stratics and practically any internet business. If anyone ever asks you to send your account info or visit their website and log in to your account. DO NOT USE THE LINK. Open a new browser and hand-type the url in or call them directly to inquire to the status of your account.

  • Ultima Online Payment and Billing
    • Inside the United States dial: 1-866-543-5435
    • Outside the United States dial: 1-650-628-4306
    • Hours of operation are Monday – Friday 8:00am to 5:00pm PST
Note: The numbers above are for payment, billing, and general account updates only. All other questions should be addressed on the EA Customer Support Website
  • Some identification tips on spoofed websites.
    • You should never follow an emailed link!
    • For education purposes though... Do not rely on the url in the browser window, that can be faked. Often times, there will not be a small lock indicating the screen is a secure website. Also if you click the properties of the graphics, many times they will not be uploaded on the real domain's servers and thus providing another clue.



Definitions of Useful Terms

  • Adware - software that displays advertisements on your computer. These are ads that inexplicably pop up on your display screen, even if you're not browsing the Internet. Some companies provide "free" software in exchange for advertising on your display. It's how they make their money.
  • Anti-Virus Software - Protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or allow spammers to send email through your account.
  • AV - See Anti-Virus Software.
  • Cookie - A small data file that is stored on a user's local computer for record-keeping purposes and which contains information about the user that is pertinent to a Web site, such as user preferences.
  • Denial-of-Service (DoS) - An attempt by a malicious (or unwitting) user, process, or system to prevent legitimate users from accessing a resource (usually a network service) by exploiting a weakness or design limitation in an information system. Examples of DoS attacks include flooding network connections, filling disk storage, disabling ports, or removing power.
  • Drive-by Download - Software that installs on your computer without your knowledge when you visit certain websites.
  • Filter - Software that screens information on the Internet and allows the user to block certain kinds of content such as adult sites or pop-ups.
  • Firewall - hardware or software that prevents hackers from using your computer to send out your personal information without your permission.
  • Hacker - someone who exploits security holes in technology for any purpose.
  • Identity Theft - when an unscrupulous person uses your personal information to successfully impersonate you online, by mail, over the telephone, or in person.
  • Keystroke Logger - A device or program that records each keystroke typed on a particular computer.
  • Phishing - (pronounced 'fishing')when Internet fraudsters send emails or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims. Alternate name for Spoofing.
  • Spoofing - when Internet fraudsters send emails or pop-up messages to lure personal information (credit card numbers, bank account information, Social Security number, passwords, or other sensitive information) from unsuspecting victims. Alternate name for Phishing (pronounced 'fishing').
  • Spyware - software that sends your personal information to a third party without your permission or knowledge. This can include information about Web sites you visit or something more sensitive like your user name and password. Unscrupulous companies often use this data to send you unsolicited targeted advertisements.
  • Virus - Code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or data.
  • Worm - Self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. A worm can take harmful action, such as consuming network or local system resources, possibly causing a denial of service attack.
 

Harlequin

Babbling Loonie
Stratics Veteran
Stratics Legend
Also be careful of the info you post in forums and social websites like facebook etc. Including screenshots/pictures/videos that may reveal your account name/email/system login name (eg screenie of c:\documents and settings\john doe tells people you are called john doe and that's the first thing hackers try to logon as)

If you don't want to read all the info above, then just remember 1, the most important rule of all:

Make it virtually impossible for people to link your email to your UO account

1) Never use the same email that you registered in your UO accounts page for anything else
2) Never reveal it on forums, to friends, over icq/facebook etc
3) Avoid using your name for this email address or choose an easily guessable address. eg my name on the boards - "Harlequin" is in no way connected to my uo account/email. I don't even chars called Harlequin. Harlequin's email addy doesn't have the words Harlequin in it. On top of that, I hide my email addy whenever allowed.
 
Top