So... this is where we came up to...
(/me lights up a cigar and takes a deep puff)
It seems that more and more of you keep having problems about some people
cracking your
second-life account passwords, emails IM software and so on. (mostly around
bloodlines). And for
some universal law that is about to be broken I ... I ...
(*frowns*)
... well lets just say that I must be extremely drunk or completely out of my mind to be writing the following as if it would even be worth to try to ¨teach¨ something to these people but then again even intelligence goes on vacation for a few minutes sometimes.
I will probably hate myself and all this post tomorrow, but then again do i like anything ? .... so
equilibrium will be maintained.
Note: If you do not understand any or the linked terms/words; click them to know its meaning. And send this to other people, specially bloodlines people
First: You have to understand that these people are
NOT hackers. They are simply
script kiddies or at most;
crackers which in other words mean untalented, dumbass, dirty people who use specific
software tools that were made by experts in a devious way .
Second: If you run
windows you have a lot to worry starting by the way the operating system is constructed to the way it is by set default and then how it is administered and ending on how the market want it to be vulnerable.
If you Run a MAC (
UNIX) or
Linux well .. you are by default much more protected while maybe having to worry
(if you are a MAC dumbass - *BSD does not include dumbasses) with some
rootkits for
Unix /
Linux and assuming that you are not a
noob) you can skip everything else that i will write bellow because if you know how to use it you have brain starting by the fact that you use it.(
*bsd/
linux)
As for
MAC users .. you might still glance your eyes around since most of you have no idea how your system works. And windows users you definitely NEED TO READ IT.
Are you still reading ? *damn* you must not be a bloodlines player !!
Third: The security of an operating system relies in 2 things.
The
software used and and how it is
administrated and
keep in mind that no matter how well the operating system is managed by having the latest anti-virus the latest firewall and the latest security updates, it will still be as weak as the human factor behind it and that's where
social engineering comes in and all your
I.T noob expertize goes down the drain.
While i will try not to cover here methods that allow a
cracker to obtain what he wants i will have to refer to some.
Make sure you understand the linked words and expressions. The following may contain ¨wording¨ that may not be simple to most computer users and if you are a noob windows computer user... well just do what i say for you own good and shut up because i don't have the time to explain you people why it should be done the way i say.
1: A few basic rules about creating MORE secure passwords.
Never create a password that uses a name/word that is something related to you. Such as family names, favorite stuff, personal stuff (even if only you know it) and so on. So NEVER use personal stuff to define your security methods but if you are dumb enough to do it; then make it complicated to be found or figured out.
Turning it into:
Du/\/\B@5$ not only
makes it harder to crack with specialized software as even to figure out by someone else; even if you tell to some
social engineer that you are a dumbass and that is your password. On top of it the
encryption goes up to
80 bit.
(now you are a dumbass with style)
Never use the same password for more than one record/login. If you do and that record/login gets compromised; the first thing the attacker will do is to try rely on your human weak factor and use it to try your other accounts.
Preferably you should also use a different email for each account/record/login. Some email services will allow you to create email alias for your main email account If not, create a new email.
Do NOT MIX your personal email accounts with hobbie stuff. If you have a business SL avatar keep it away from any kind of conflicts.
If your
second-life password is 16 characters long make it worth the size. The more variety of characters you use the better (
letters, numbers, symbols). If you do it less than
128 bits; then REDO IT ! Same is valid for any other type of logins/records.
(always go as high as you can with encryption bit rate)
Storing passwords in your browser, SL viewer and internet applications is dangerous by default and if you use
internet explorer for that, then you should get all of them stolen.
You deserve it!
If you are going to store passwords on a browser make sure of 2 things.
- You don't use that browser for anything else other than to have your password stored there for fast login access
- Make sure that the browser will ask you to insert a master password for you to use it first.
For example use something like
opera for saving secure passwords and lets say
firefox for regular browsing.
Make sure you do not allow cookies on that secure browser that you don't known what they are and have browser always to delete it's latest activity records soon as you close it.
Always use secure
https:// when creating accounts or access your accounts in any site if they provide secure logins.
Storing passwords on your
second-life client viewer is
NOT SAFE either even if the only thing you see there is [***********] . The password is stored in a specific file that can be easily
decrypted and obtained.
It can even be obtained by others from your SL viewer !
And if you use something like:
--login Avatar Name to fast connect to the grid; that means storage of the password in
clear text.
(even easier to obtain no matter how high is the quality or complexity).
Second-life client viewers:
There is an
endless amount of sl viewers (and more) out there, some almost
open source, (lets not confuse with
freeware) others less
open source but most are copies from others.
Are they good ? Well sure they work and they sure work in ways that most of you don't know. Ever heard about that
one viewer that was great for griffing ? How about that one that was awesome to evade bans ? The list is long and quite a lot of these viewers have ¨
hidden secrets¨ and vulnerabilities that can and
ARE USED either by the creators of by those viewers or by those that found about the secrets and
backdoors.
And for what ? For your
SL account (lets not talk about RL
identity theft too)
. Nothing comes free online unless is truly
open source and clean from methods of obtaining information from the people that use it.
The same goes for all those ¨dark¨ tools and attachments that some dumbasses like to use around to play with fire. Sooner or later you will get burned. They can and are used against you.
Use the official and approved SL viewer by
LL (way less chances of security problems) or if you know how to build, modify or inspect the source code of one; then do it yourself from the official source code.
(read this)
While the official viewer/client that
LL provides
is not fully open source it does allow to inspect and build your own modifications to do what all others do if you know how.
As for all you
emerald lovers... well... if i was you ... i would stick with the official one.
Attachments and scripts in world:
The more free they are the more likely you are to pay in some way (for most of the cases). Do not accept anything from anyone that you don't know even if it looks like a landmark
(specially around bloodlines - you will get bitten sooner or later) and if it is a landmark; ask for the
slurl address instead.
Scripts can also spy you and this means connect to places that you don't know to provide the scripter with whatever info he/she wants from you. The only way you can be sure of whats happening is by performing
traffic analysis (
sniffing) on your own connection to see what it is going on.
Do not buy stuff around cheaper than what the official place sells it
such like bloodlines products (
YOU WILL be scammed sooner or later!!) When you buy... try to buy from reputable name
( i am not defending bloodlines here)
Secure communication in world:
Move your chat to
something like skype (skype is not the best! its just an example) which provides
encrypted communication and by using a second chat channel apart from Second-life to be in touch with in-world people; the chances of being successfully spied are
VERY VERY slim to none.
Someone gave you some program to install on your operating system:
(
Unix and for sure
Linux users can skip this)
DO NOT install it ! Ask for the
URL of that software for you to see what it does.
Microsoft Windows users do not accept .executable files from your SL
friends specially if you are a woman and he is a guy. And if you are a guy and you are taking it from a woman, then you are thinking with your penis and you deserve any possible the dirty outcome.
There are methods that allow any dumbass to create and bind a
trojan executable inside of a regular software application that will even disable or get your
firewall,
anti-virus and other protection software alike; ¨
numb¨ allowing him/her them to access your system without you knowing.
This will allow them to plant
keyloggers which will
record EVERYTHING you type and see; even if its complex passwords like:
Du/\/\B@5$ if you type them manually
.
Using your accounts at someone else's place:
Well.. if you do that and the other person performs
traffic analysis (
sniffing) there and even uses
keylogger on his/hers system to fish you or for his/hers own security; then you will be fished.
Important note: If the other person has some problems with
LL regarding their in-world douche bag activities; once you login from their
hardware and static ip; YOU WILL be under close attention too and in some cases your account will be suspended if needed or if your deepshit buddy got his suspended.
IT WILL ! Do not doubt !
Using wireless:
If you use some else's wireless you are in it to get fished like the above example of
using your accounts at someone else's place if the wireless owner wants too.
(unless you VPN or SSH tunel to your trusted remote computer)
If you use your own wireless; make sure you use it with
encryption of at least 128 bit to 256 bit
(or higher) and
wpa*-psk.
Wep keys can be
cracked in 5 minutes and even some
wpa*-psk. are vulnerable to certain kinds of attacks but at least
wpa*-psk. will make life way harder for ant attacker to the point if quitting on the attack.
Use a
cable as much as possible. It´ s faster !! and
more secure starting from your neighbor.
(maybe you have one that hates you or thinks you stink) or some
second-life bloodlines war driving stalker ex-deepshit.
There is much more to say about all this but if you survived until now (which is mind blowing since you are not reading gossip); here goes some good tips as options to secure yourself.
Some security advices:
One of the best software applications out there to create extremely secure passwords and
encryption them on file. This means that even if the attacker gets the file; he/she wont be able to read it. You can copy and past passwords in "shadow" mode and hide them from the database menu preventing
keylogger screenshots or remote monitoring spy technical methods.
It is a very full featured application with all sorts of secure options.
If you need to access stuff like home banking ina very secure way use a
linux live cd.
In short a
linux live cd runs a linux operating system from a cd or dvd.
You DO NOT need to install it! Simply run the cd when the computer reboots and load it.
Social engineering:
Some simple reading about the subject can be done from a well known master of it by the name of
Kevin Mitnick. Easy reading;. Soft stuff for the noobs.
(no gossip girls...) (The art of deception).
More complex readings regarding the subject and computer security can be done from
Bruce _Schneier (website) (this one goes for *
nix users mostly)
Now for the elite computer users:
To finish all of this you can always use your custom build SL viewer on your *
nix box running a SCSI
true-crypeted file system with usb fingerprint ID boot system after bios password settings and grub 256 (or more) bit password prompt logging in with a restricted games user provided with only 1 to 3 OS process for your user on a system that is protected by iptables, snort, and tcp dumped by something like wireshark. If you have to go online and you are not using your box, simply connect to it remotely through VPN or SSH 4096 rsa encrypted tunnel by user@ip and forwarding X if wanted using a live cd.
(i am not even going to bother to add links to those last lines)
Now that i lost 100 pounds sweating while writing all of this ...
(/me *spits the rest of the cigar out*)
.... and now that i have pretty much ruined my reputation in-world with this post i hope you all ignore it and get your accounts cracked because you deserve it for being dumb by choice and if i see you in-world; there is only 2 ways that thing can end....
and in both of them YOU die ...
*frowns hard*
... /me lights up another cigar ...
... damn noobs ....
