|
Warpe
|
04-18-2008, 07:49 PM
Post subject: SecureID on PokerStars and Other Tips from PS Security
|
#1 (permalink)
|
|
Moderator
Join Date: Sep 2005
Location: Canuckistan
Posts: 3,905
|
|
In response to concerns expressed re recent hacking at PokerStars:
"Thank you for your email. We do take your suggestions very seriously and appreciate and understand your concerns.
I can tell you that these and many other improvements you suggested are currently in development though I cannot discuss the details of these features with you because of obvious reasons.
We do have a SecureID available now for players that request it. It is an additional code that will be needed to log in to your account in addition to your password and username. I have issued this for your account and will be sent in a separate email. In the meantime, we can make some suggestions to keep your account and online privacy and security:
1. Never let the system remember any of your passwords. While systems provide this as a matter of convenience, this is the most common "hack". A password does nothing for you at all if itnever has to be entered.
2. Password-protect your Windows system so that when it goes to sleep, you have enter a password to get back in. This is security 101 stuff but almost nobody does it.
3. Always choose a strong password. Never use a word that can be found in a dictionary, and never, ever use kids names, birthdays, friends names, or a password related to the site. pocketaces is a terrible password for online poker. Good password selection can be as simple as picking a book off your bookshelf, flipping to a random page,and picking two words from it at random separated by the page number. Then bookmark the page and circle the two words in case you ever need to look it up again. Doing this just now with a novel I came up with a password of great167side.
4. Never, ever share your poker account password with anyone. You wouldn't let someone else access your online banking, so why let someone else access your poker account? Likewise, no reputable site will ever ask you to send your password for any purpose other than to actually log into the site in question. Any other time you're asked to give up your password, you're being scammed.
5. Don't use the same password in any two locations. Sure, it makes it easy to have the same password everywhere. Easy for you. Easy for hackers. You may trust the operators of this forum, but if you sign up at a forum somewhere and use the same password (and heaven forbid, the same user ID!), then you're asking for a hack. A determined hacker is willing to go to the effort to establish a forum that looks legitimate and to stick with it for a VERY long time, in order to harvest many emails, account names and passwords. Only months later will he go in for the kill, draining at once all the accounts he's managed to find.
6. Change your passwords often.... very often. 3 months is too long to keep the same password on a financial account. When changing passwords, never re-use an older password, nor any variant of it. If your last password was (as insecure as) iraisewithAA, then your next password should not be iraisewithKK or even ifold72offsuit.
7. If someone chats you up online claiming to be your close buddy who wants a loan...call and ask first. You wouldn't hand money to a stranger in a casino because your buddy Joe said he needs it, he's right over there in the Pot Limit game, honest. Don't do this online, either. If he is that good of a buddy, you have a phone number for him. Call him first.
8. Never log into Windows to play poker as "Administrator" or equivalent. Use a restricted user account to make key loggers or trojans have a much more difficult time gaining access. Yes,Windows XP Home Edition users have no choice in the matter, since every user account is by default an Administrator. Don't use XP Home to play online. Use XP Professional. 9. Windows Firewall stinks. It will not protect you, as it only blocks attacks from the outside from getting in. It does nothing to protect you from thingsthat managed to get in from communicating with the outside world. No matter how much it bogs down your system, you need a good bidrectional firewall that will alert you when software triesto access the Internet. Norton, McAfee, ZoneAlarm, Kaspersky. They are your friends, and they are not optional use one (exactly one) of them. Same for at least two good spyware scanners.
10. Virus/Trojan/Spyware Scanners only detect things they know about. It is still possible to catch a customized piece of spyware or a key logger that has never been reported to the scanner authors... and you'll never know you've been infected in such a case. Thus, exercise good judgement when deciding what to download. How much do you know about that third party HUD (heads-up display) tool? Does the author identify himself? Has it been around for a long time and used by many players without incident? Don't be the guinea pig that finds malware the hard way. Don't install downloaded software you don't implicitly trust completely... and that list should be avery short one.
11. Heres the hard one: dont play online poker on anybody elses computer. We know thats anathema to the young, mobile, hip online poker crowd. But consider this: You go to all the trouble to protect your computer and PokerStars account with the steps weve outlined above. Now you sit down at somebody elses laptop and type in your userid and password.
Thank you again for your email and for your recomendations. We appreciate your business and I hope I have made useful suggestions.
Best regards,
Bruno
PokerStars Security"
stickify this pls.
|
|
|
Play for FREE and practice your game at...
Join the FTR Poker Forum to disable these banners and start posting!
|
|
Fnord
|
|
Moderator
Join Date: Dec 2003
Location: I'll Do You Like A Truck
Posts: 19,204
|
|
How does a SecureID offer any additional protection against someone who has comprimised my machine?
Why don't you offer RSA tokens (or a similar product from any number of other vendors)?
|
|
|
|
Bailey9999
|
|
Join Date: Apr 2008
Posts: 2
|
|
Quote:
|
Originally Posted by Fnord
How does a SecureID offer any additional protection against someone who has comprimised my machine?
Why don't you offer RSA tokens (or a similar product from any number of other vendors)?
|
If the Secure ID is set to be remembered on your computer, but your password isnt. It would help a bit against keyloggers. They would get your password, but wouldnt be able to login anywhere without the secure ID... which they couldnt obtain because it hasnt been typed. But I am not sure if they allow you to just set 1 to remember. And even if they did, it only helps against keyloggers, if they had a trojan they could easily obtain the secure ID with some simple API stuff.
|
|
|
|
euphoricism
|
|
4-of-a-Kind
Join Date: Mar 2005
Location: Your place or my place
Posts: 3,610
|
|
Only allowing PCs access by mac address is dead easy, super obvious stuff that should be done.
|
|
|
|
Bailey9999
|
|
Join Date: Apr 2008
Posts: 2
|
|
Quote:
|
Originally Posted by euphoricism
Only allowing PCs access by mac address is dead easy, super obvious stuff that should be done.
|
Easy, but inconvenient for alot of people. This is a bit better solution compared to the IP address, cause if you have your mac address of your laptop then you can travel without any problems. However, theres still the problem of the hacker being able to add his Mac address.
|
|
|
|
Pelion
|
|
4-of-a-Kind
Join Date: Sep 2005
Posts: 3,206
|
|
I dont understand what Fnord said so I might be repeating it but how about some kind of USB plugin (unique) key thing so you can only play on a computer when it is plugged in (in addition to the password stuff).
This would be an option so people sitting at 2NL wouldnt bother, but once you were playing high enough stakes you could apply for one or buy it from the FPP store or something?
|
|
gabe: Ive dropped almost 100k in the past 35 days.
bigspenda73: But how much did you win?
|
|
Jack Sawyer
|
|
4-of-a-Kind
Join Date: Jan 2007
Location: Old School
Posts: 2,535
|
|
Quote:
|
Originally Posted by euphoricism
Only allowing PCs access by mac address is dead easy, super obvious stuff that should be done.
|
mac addresses can be spoofed
on a related note, here is an interesting article for all
http://arstechnica.com/guides/tweaks...sx-windows.ars
|
My dream... is to fly... over the rainbow... so high...
Quote:
|
VHS is like a book and a book is like a stack of kindles.
|
|
|
pokerfan
|
|
4-of-a-Kind
Join Date: Jun 2007
Location: NS, Canada
Posts: 1,731
|
|
i just got my SecureID from stars. So we should not type our ID from keyboard, right? Are there any other tools to prevent keyloggers from recording everything that i type.
i'm so scared now 
|
|
|
|
Bradley
|
|
3-of-a-Kind
Join Date: Jun 2008
Location: Leveling myself at the low stakes tables
Posts: 73
|
|
Quote:
|
Originally Posted by pokerfan
i just got my SecureID from stars. So we should not type our ID from keyboard, right? Are there any other tools to prevent keyloggers from recording everything that i type.
i'm so scared now |
You shouldn't be scared if you have a proper anti-virus/firewall. I recommend typing this "ID" this way:
1. Open wordpad.
2. Enter all numbers 0-9, and letters A-Z
3. Copy + Paste your ID digits one by one.
Just to make it EXTRA safe.
These are some nice tips, I'm thinking of buying a new computer, I heard somewhere that you can't get virusses on a Mac, can anyone confirm this true?
|
|
|
|
lolzzz_321
|
|
NO YOU
Join Date: Oct 2004
Location: My ice is polarized
Posts: 2,794
|
|
http://www.snoopfree.com/PrivacyShield.htm
|
Quote:
|
Originally Posted by Roid_Rage
Sounds like vodka redbulls are pretty popular. How is this mixed, made?
|
|
|
Xianti
|
|
Administrator
Administrator
Join Date: Dec 2003
Location: facebook.com/xianti
Posts: 5,289
|
|
{unstickied / added to OPR Digest}
|
|
|
|
Jack Sawyer
|
|
4-of-a-Kind
Join Date: Jan 2007
Location: Old School
Posts: 2,535
|
|
I just stumbled upon KeyScarmbler.
The PRO version apparently encrypts everything.
The free version encrypts Firefox, IE and Flock webbrowser keystrokes.
http://www.qfxsoftware.com/index.html
|
My dream... is to fly... over the rainbow... so high...
Quote:
|
VHS is like a book and a book is like a stack of kindles.
|
|
|
Jack Sawyer
|
|
4-of-a-Kind
Join Date: Jan 2007
Location: Old School
Posts: 2,535
|
|
and another great article
http://www.pcworld.com/article/14939...downloads.html
|
My dream... is to fly... over the rainbow... so high...
Quote:
|
VHS is like a book and a book is like a stack of kindles.
|
|
|
triumphant cracker
|
|
Straight
Join Date: Aug 2008
Location: IN A VAN DOWN BY THE RIVER!!!!
Posts: 184
|
|
Good password selection can be as simple as picking a book off your bookshelf, flipping to a random page,and picking two words from it at random separated by the page number.
that is such a great idea .
|
|
|
|
|
|
|
|
Bump. I was just thinking about this the other day. Wouldn't PS be responsible for lost funds if THEY are the ones to ultimately fail to protect it? Kind of makes me want to keep no more than a few buyins on PS at a time. 
|
|
|
|
drmcboy
|
|
DrButtInski
Administrator
Join Date: Aug 2004
Posts: 9,565
|
|
they can't be responsible for your PC
they offer RSA tokens now, if you have money enough to be worth stealing they are super cheap
|
|
|
|
atikabo
|
|
One Pair
Join Date: Jul 2009
Location: Philippines
Posts: 20
|
|
Thanks for the info Warpe, I was enlightened by your article regarding password. From now on, I will see to it that my password is secured and hack free. Thanks again and may the force be with you always.
|
|
|
|
Aaron
|
|
High Card
Join Date: Mar 2010
Posts: 2
|
|
Hi you can also try to use ProteMac Keybag can store your keystrokes and recover them weeks later.It's really good prog.
|
|
|
English
Deutsch
Español
Français
Italiano
Nederlands
Pусский
Svenska
02-11-2012, 09:04 PM Tennessee worries that Online Poker could reduce State Lottery revenues
Linear Mode
