Wednesday, January 16, 2008

On Hacks and keyloggers

There's a lot going on in WoW and your account is more popular than ever since it represents an actual monetary value. As a result your account is a prime target for a hack or two.

And of course there's a lot wondering going on what one can do to prevent the loss of accounts. So being as innovative as I am I will simply re-list all the things you could potentially do to not be hacked ;) .

1. Pick a new browser. Whilst Internet explorer is a comfortable tool you will incur a lot less problems with a browser like FireFox. Whether there are less problems because less hackers focus on FireFox or that Firefox is simply better is a moot point. Point is that it will help protect you.
2. Don't log into the wow Forums. I know it's tempting to partake in the mindless ramblings of thousands of 12 year olds but fact of the matter is you're better off not doing it. Blizzard considers it a boon to be able to use the same credentials for the forums as well as the game, personally I think it's more of a security risk
3. Don't share your account. Don't trust your wife, don't trust your sons/ daughters, don't trust your brothers/sisters. The second you start 'sharing' your account the higher your risk of trouble is. After all you don't know if your friends computer is safe and even if they don't mean harm that'll do you no good if your account gets hacked via their PC.
4. There's a setting in WoW that allows you to save your account name which is then pre-filled when you start in WoW. This won't help much, but it'll keep you from typing your account name and thus will never show up in keylogger logs.
5. Disable scripting in your browser. Investigate the settings of your browser. You can turn off a whole bunch of things like JAVA script. Yes this will impact your browsing experience overall, so try to find the fine line of what is and what is not acceptable for your browsing pleasure.
6. Don't click links... If you really want to click a link butcher it first. More often than not you can remove anything after the first / in the link which will bring you to the main site of the link. This will at least give you some indication whether or not the thing you're looking at is part of an actual site or just some pointer to a malicious script.
7. check msconfig. msconfig (look it up if you don't know how to start it) shows all the programs that launch when your computer starts up. Google all the programs listed that you don't know and disable them all if you don't recognize them. Worst case scenario is that something stops working in which case you'll simply have to turn it back on and restart.
8. Keep your firewall and spyware scanners up to date and running. Neither do you any good if they're not up to date or not running and since most of them have automatic updaters there's no excuse not to update.
9. Stop using an administrator account. Us windows users have a terrible habit of running everything as an administrator. If you use a regular 'user' account you will more often than not be notified by the system if something requires administrator access... and administrator access is often required to be able to write a keylogger to disk. Consequent use of a user account without administrator rights can be a tremendous boost in your level of security.
10. Change your password once in a while and make sure you use lots of special characters and whatnot. The more plain a word is the more susceptible it is to a so called brute force attack.
11. Set up your firewall / router properly. Don't allow any traffic except for the traffic that you know needs to take place. This does require a bit of networking skills but see what you can do with this through some standard tutorials.
12. Via the task manager investigate running processes and google the ones you don't know. If it's unrecognized kill the process... if something stops working don't kill it next time. If everything still works find the program responsible for the process and put it out of it's misery on a permanent basis.

And now a few extras for the extremely creative / adaptive people that may or may not be that useful for you

13. Use form fillers. There are programs you can use that simply fill out information for you. You only specify once what you want entered for a specific website and the form filler will do it automatically next time you log into the site. This works because you're not using the keyboard and there's simply nothing for the keylogger to log.
14. Use on-screen keyboards. Windows has one... somewhere... but by using an on screen keyboard you're not using your keyboard so once again there's nothing to log for the evil loggers.
15. One of my personal favorites. Change your keyboard layout. If you can handle it change your keyboard layout from qwerty to azerty or even dvorak. A keyboard logger generally 'assumes' that you are using qwerty so they generally don't interpret your keystrokes correctly. Of course this will only work again stupid keyloggers (but there's a lot of those so).
16. Speech recognition software has come a long way. It's very much feasible to 'speak' your password even though this can be a hassle for complex passwords. But once again you're not using your keyboard so there's nothing to log.
17. Last but not least you can drag and drop text. If you have something typed up already you can drag the text and drop it in the corresponding text box. This doesn't always work well but it's an option that might be worth a try.

I hope this helps a little or at least gives you an idea of what can be done. In the end you have to keep your computer clean and up to date. Not only to protect your wow account but also so you can keep your dubious browsing habbits hidden.

No comments: