From the Hackers point of view

[linko50]

this is not meant as a post about how to anything, this is meant as assistance, i am curious, there are allways people coming in here after being hacked, and stating that they were hacked, but they never say how or anything.

I would like a few people to say "if they were a hacker" how they would do it,
do not state any names of programs, or specifics that would help anyone who would be a hacker, just a vague statement that is a realistic way.

the goal in this is to let people who are unaware of how people do it to better prepare themselves, and their computers for breaches. because like it or not, all of our belongings in this game and whereever else we may roam, are valuable to us. Some are even worth something irl if you take that route.....

 

[Sarphus]

I think a lot of the true "hacks" involve getting someone to download a keylogger and using the data from the keylogger to get their account name and password.

You can do a few things to help protect yourself from these hacks.
1. Don't click links in IM
2. Don't click links on msg boards
3. Keep your OS up to the latest updates using windows update
4. Uninstall your JRE if you don't need it for something. The JRE is pretty much wide open to a plethora of attacks such as buffer overruns.
5. Use anti-virus software and make sure you keep it updated with the latest virus definitions.

There's more you can do, but these basic steps should keep you relatively safe.

 

[christy1221]

I wish I knew how they hacked into mine. they got seven accounts and one had not been logged into in over a year so I don't think a keylogger did it. They all had different passwords and some had different email addresses. I hadn't clicked on any links so who knows how they did it.

 

[Desperado_SE]

Social engineering, plain and simple. Get to know someone fairly well (enough to develop thier trust in you) and most will readily give you thier account names and passwords. While it is just my opinion and nothing that I can prove, I personally believe most of the hackings that are mentioned here are from this method.

 

[Sarphus]

Social engineering, plain and simple. Get to know someone fairly well (enough to develop thier trust in you) and most will readily give you thier account names and passwords. While it is just my opinion and nothing that I can prove, I personally believe most of the hackings that are mentioned here are from this method.

Also very true... The best way to get someone's password is to ask for it.

 

[Tomas_Bryce]

Posting your account email on Stratics (or anywhere else) is a great way to exponentially increase your chances of getting hacked.

 

[Omnicron]

Probably through your email account. If people are smart enough they can get all the information they need about your, "secret hint" from the various places you post on the web. Myspace is a huge place to gather information on potential "marks." People seem to have a way of filling out all the stupid surveys and putting ALL their personal info out there. A half assed "hacker" can get your info that way and gain access to your personal email and get account names and pass's/\.

 

[linko50]

Have to mention, one thing i noticed the other day, i was on myspace, and i got a comment, a random one but from a close friend, it was an advertisement type comment but about the game, i was about to click on it, but then i realized htat they didnt play the game, so i looked into it, this is what happens when you click it...

1. click the picture/add and it takes you to what looks like the homepage for myspace, only you are not logged in. It wants you to log in, and you are assuming that you just meed to log in, or back in...

2. when you log back in it takes you back to the screen you were at before, normally i guess you would go about your day not knowing anything.

what this does is it logs your username and password and then it has access to your myspace, and probably whatever else you use that password for, such as email, or games.....

 

[Omnicron]

I dont click ANYTHING people send me. Hell when my wife sends me those silly glitter messages on myspace, I dont click them sumbitches either.

 

[Alrich]

phishing websites are another big one, which happens alot on places like myspace (ever clicked someone's pictures link or such and suddenly you have to relog into myspace?) 95% of the time, you enter that info, and someone just phished your email and a password from you.

That compounded on the fact that people use similar passwords for everything. Extremely dangerous. But even if not all they need is your email and they get more tries to get at your information.

Its just as funny as a big exploitation at file sharing programs like limewire and kazaa, etc. So many people just share everything on it, do a search for passwords.doc or accounts.doc (xls, txt, etc) and you could be absolutely amazed at how stupid and thoughtless some people are.

Finally a last and more archaic way of it, if someone has your login name, they can simply script a dictionary program and common passwords list to try millions of common combinations. This doesn't work so well due to account lockout timers and the such but still possible to a degree. Pick passwords that are more secure. (tonyspizza bad, t0nYsp122a, you just reduced the risk of someone simply guessing your password to next to impossible)

 

[Llewen]

I posted this thread a short while ago, which seems to have been widely ignored...

Other than, of course, to have someone accuse me of being a hacker...

 

[love2winalot]

Well, there is always the old fashion way. Make up a name that is most likely someones account name. And just start typing in different passwords. If your account name and pass word go together, then you should change it. 1+1=


and if 2 is your password, then that is just to easy.

 

[linko50]

lol, when i very first started uo, in 1998 i found one that was down like that, i never did anyhting with it, but it was nameuser and the password was wordpass, lol.....

omg,...... does that make me a hacker!

 

[Loqucious]

4. Uninstall your JRE if you don't need it for something. The JRE is pretty much wide open to a plethora of attacks such as buffer overruns.

Ummm............what is a JRE?

 

[Alrich]

JRE = Java Runtime Environment.

used for alot of web based applications. If you use it make sure it is kept up to date (though I REALLY wish SUN would end its partnership with Google...) just make sure to uncheck that crap known as google toolbar from installing.

If you don't use it (honestly you probably don't, unless you are on a workstation for job or such) just uninstall. weeee.

 

[Llewen]

If you don't use it (honestly you probably don't, unless you are on a workstation for job or such) just uninstall. weeee.

Java is used for a ton of online stuff. You probably do need it. But definitely do not install the Google toolbar, or any other toolbar, and use Firefox with noscript and make it your habit to block scripts unless you know what they do, and if you unblock for a site, remember that you don't need to unblock scripts for the advertisers on that site.

 

[Alrich]

Java yes, JRE, no.

You can run java web**** without JRE being installed.

JRE actually downloads and runs applets on your pc. Java just reads them.

 

[Spiritless]

You can run java web**** without JRE being installed.

Err, no you cannot. You are obviously confused about how Java works.

The Runtime Environment contains the Virtual Machine and class libraries necessary to execute Java programs. You need a JRE installed on your computer to run Java applications. Web-based programs execute Java apps by using a browser plugin which interacts with the runtime environment.

Also, for the record, there are currently no security advisories against the latest version of Sun Java. You don't need to uninstall Java. If you didn't use it, it wouldn't be installed in the first place.

 

[linko50]

any other ideas?