| Author |
Message |
|
Posted: Fri, 18 Apr 2008, 11:49am Post subject: SecureID on PokerStars and Other Tips from PS Security |
|
|
OLD MAN RIVER
Joined: 14 Sep 2005
Posts: 3503
WPP: 73
Location: Canuckistan
|
|
In response to concerns expressed re recent hacking at PokerStars:
"Thank you for your email. We do take your suggestions very seriously and appreciate and understand your concerns.
I can tell you that these and many other improvements you suggested are currently in development though I cannot discuss the details of these features with you because of obvious reasons.
We do have a SecureID available now for players that request it. It is an additional code that will be needed to log in to your account in addition to your password and username. I have issued this for your account and will be sent in a separate email. In the meantime, we can make some suggestions to keep your account and online privacy and security:
1. Never let the system remember any of your passwords. While systems provide this as a matter of convenience, this is the most common "hack". A password does nothing for you at all if itnever has to be entered.
2. Password-protect your Windows system so that when it goes to sleep, you have enter a password to get back in. This is security 101 stuff but almost nobody does it.
3. Always choose a strong password. Never use a word that can be found in a dictionary, and never, ever use kids names, birthdays, friends names, or a password related to the site. pocketaces is a terrible password for online poker. Good password selection can be as simple as picking a book off your bookshelf, flipping to a random page,and picking two words from it at random separated by the page number. Then bookmark the page and circle the two words in case you ever need to look it up again. Doing this just now with a novel I came up with a password of great167side.
4. Never, ever share your poker account password with anyone. You wouldn't let someone else access your online banking, so why let someone else access your poker account? Likewise, no reputable site will ever ask you to send your password for any purpose other than to actually log into the site in question. Any other time you're asked to give up your password, you're being scammed.
5. Don't use the same password in any two locations. Sure, it makes it easy to have the same password everywhere. Easy for you. Easy for hackers. You may trust the operators of this forum, but if you sign up at a forum somewhere and use the same password (and heaven forbid, the same user ID!), then you're asking for a hack. A determined hacker is willing to go to the effort to establish a forum that looks legitimate and to stick with it for a VERY long time, in order to harvest many emails, account names and passwords. Only months later will he go in for the kill, draining at once all the accounts he's managed to find.
6. Change your passwords often.... very often. 3 months is too long to keep the same password on a financial account. When changing passwords, never re-use an older password, nor any variant of it. If your last password was (as insecure as) iraisewithAA, then your next password should not be iraisewithKK or even ifold72offsuit.
7. If someone chats you up online claiming to be your close buddy who wants a loan...call and ask first. You wouldn't hand money to a stranger in a casino because your buddy Joe said he needs it, he's right over there in the Pot Limit game, honest. Don't do this online, either. If he is that good of a buddy, you have a phone number for him. Call him first.
8. Never log into Windows to play poker as "Administrator" or equivalent. Use a restricted user account to make key loggers or trojans have a much more difficult time gaining access. Yes,Windows XP Home Edition users have no choice in the matter, since every user account is by default an Administrator. Don't use XP Home to play online. Use XP Professional. 9. Windows Firewall stinks. It will not protect you, as it only blocks attacks from the outside from getting in. It does nothing to protect you from thingsthat managed to get in from communicating with the outside world. No matter how much it bogs down your system, you need a good bidrectional firewall that will alert you when software triesto access the Internet. Norton, McAfee, ZoneAlarm, Kaspersky. They are your friends, and they are not optional use one (exactly one) of them. Same for at least two good spyware scanners.
10. Virus/Trojan/Spyware Scanners only detect things they know about. It is still possible to catch a customized piece of spyware or a key logger that has never been reported to the scanner authors... and you'll never know you've been infected in such a case. Thus, exercise good judgement when deciding what to download. How much do you know about that third party HUD (heads-up display) tool? Does the author identify himself? Has it been around for a long time and used by many players without incident? Don't be the guinea pig that finds malware the hard way. Don't install downloaded software you don't implicitly trust completely... and that list should be avery short one.
11. Heres the hard one: dont play online poker on anybody elses computer. We know thats anathema to the young, mobile, hip online poker crowd. But consider this: You go to all the trouble to protect your computer and PokerStars account with the steps weve outlined above. Now you sit down at somebody elses laptop and type in your userid and password.
Thank you again for your email and for your recomendations. We appreciate your business and I hope I have made useful suggestions.
Best regards,
Bruno
PokerStars Security"
stickify this pls. |
Last edited by Warpe on Fri, 18 Apr 2008, 12:06pm; edited 1 time in total
|
|
|
|
|
|
|
|
Posted: Fri, 18 Apr 2008, 12:04pm Post subject: |
|
|
Royal Flush
Joined: 12 Dec 2003
Posts: 17159
WPP: 83
Location: Walk the Walk, Flop the Flop.
|
|
How does a SecureID offer any additional protection against someone who has comprimised my machine?
Why don't you offer RSA tokens (or a similar product from any number of other vendors)? |
|
|
|
|
|
|
|
|
|
Posted: Fri, 18 Apr 2008, 12:11pm Post subject: |
|
|
High Card
Joined: 17 Apr 2008
Posts: 2
WPP: 487
|
|
| Fnord wrote: | How does a SecureID offer any additional protection against someone who has comprimised my machine?
Why don't you offer RSA tokens (or a similar product from any number of other vendors)? |
If the Secure ID is set to be remembered on your computer, but your password isnt. It would help a bit against keyloggers. They would get your password, but wouldnt be able to login anywhere without the secure ID... which they couldnt obtain because it hasnt been typed. But I am not sure if they allow you to just set 1 to remember. And even if they did, it only helps against keyloggers, if they had a trojan they could easily obtain the secure ID with some simple API stuff. |
|
|
|
|
|
|
|
|
|
Posted: Fri, 18 Apr 2008, 4:31pm Post subject: |
|
|
4-of-a-Kind
Joined: 03 Mar 2005
Posts: 3559
WPP: 97
Location: Your place or my place
|
|
| Only allowing PCs access by mac address is dead easy, super obvious stuff that should be done. |
|
|
|
|
|
|
|
|
|
Posted: Fri, 18 Apr 2008, 4:42pm Post subject: |
|
|
High Card
Joined: 17 Apr 2008
Posts: 2
WPP: 487
|
|
| euphoricism wrote: | | Only allowing PCs access by mac address is dead easy, super obvious stuff that should be done. |
Easy, but inconvenient for alot of people. This is a bit better solution compared to the IP address, cause if you have your mac address of your laptop then you can travel without any problems. However, theres still the problem of the hacker being able to add his Mac address. |
|
|
|
|
|
|
|
|
|
Posted: Sun, 20 Apr 2008, 6:57am Post subject: |
|
|
4-of-a-Kind
Joined: 16 Sep 2005
Posts: 2989
WPP: 92
|
|
I dont understand what Fnord said so I might be repeating it but how about some kind of USB plugin (unique) key thing so you can only play on a computer when it is plugged in (in addition to the password stuff).
This would be an option so people sitting at 2NL wouldnt bother, but once you were playing high enough stakes you could apply for one or buy it from the FPP store or something? |
|
|
|
|
|
|
|
|
|
Posted: Sun, 27 Apr 2008, 12:05pm Post subject: |
|
|
4-of-a-Kind
Joined: 16 Jan 2007
Posts: 1750
WPP: 97
Location: somewhere, engaged in thoughtful abstract thinking
|
|
|
|
|
|
|
|
Posted: Sat, 17 May 2008, 2:19pm Post subject: |
|
|
Full House
Joined: 06 Jun 2007
Posts: 838
WPP: 60
Location: NS, Canada
|
|
i just got my SecureID from stars. So we should not type our ID from keyboard, right? Are there any other tools to prevent keyloggers from recording everything that i type.
i'm so scared now  |
|
|
|
|
|
|
|
|
|
Posted: Thu, 03 Jul 2008, 10:18am Post subject: |
|
|
High Card
Joined: 02 Jun 2008
Posts: 7
WPP: 53
|
|
| pokerfan wrote: | i just got my SecureID from stars. So we should not type our ID from keyboard, right? Are there any other tools to prevent keyloggers from recording everything that i type.
i'm so scared now |
You shouldn't be scared if you have a proper anti-virus/firewall. I recommend typing this "ID" this way:
1. Open wordpad.
2. Enter all numbers 0-9, and letters A-Z
3. Copy + Paste your ID digits one by one.
Just to make it EXTRA safe.
These are some nice tips, I'm thinking of buying a new computer, I heard somewhere that you can't get virusses on a Mac, can anyone confirm this true? |
|
|
|
|
|
|
|
|
|
Posted: Tue, 22 Jul 2008, 5:53pm Post subject: |
|
|
Strike 1
Joined: 14 Oct 2004
Posts: 2355
WPP: 126
Location: Texas
|
|
|
|
|
|
|
|
Posted: Thu, 04 Sep 2008, 11:13pm Post subject: |
|
|
But who will mod the mods?!
Joined: 04 Dec 2003
Posts: 5028
WPP: 106
Location: Redondo Beach, CA
|
|
| {unstickied / added to OPR Digest} |
|
|
|
|
|
|
|
|
