Security considerations

Moderators: Citadel Overseer, Media, Liaison Team

User avatar
Dr Brad
KoA Alumni
KoA Alumni
Posts: 11697
Joined: Thu Jan 15, 2009 8:44 pm
RSN: Dr Brad
Location: near Washington, DC, USA
Contact:

Security considerations

Post by Dr Brad » Wed Aug 01, 2012 1:57 pm

Source: RSOF Clan Leader's Forum (Authored by Forum mod: Archaeox)
Uncle Arch's Security Corner

Some of the dangers
---------------------------
It's a dangerous ol' world out there, and if you're not careful, even something simple can lead to your computer being infected with a keylogger or worse.

* Visit a website that uses banner ads provided by another company... and there's a risk that an infected banner ad will use a script to infect your computer. This has happened in the past even to respectable Fortune 500 companies, and well-known web portals!

* Visit an RS-related scam site or gold-selling site... and there's a high risk that the site owner is using scripts to infect your computer. This shouldn't be a surprise - the people who run such sites are criminals (as a minimum they're breaking their contracts with Jagex, and many are involved in international credit card fraud).

* Use your RS login details on any other website, and there's a danger that either the owner is logging them, or that the site is compromised by a hacker who will steal them. You may trust the site owner... but you have NO WAY of verifying their back-end site security! (This has happened on popular fansites in the past!)

* Click on a malicious weblink or open a file sent to you by someone else, and there is a risk of infection.

* Download any software at all, and there's a risk that it carries a malicious payload (heck, even one of NASDAQ's executive tools got hit like this recently...).

* Your IP address can be revealed by using IRC channels, or through voice chat servers hosted by the dishonest. This in turn can make you vulnerable to Denial of Service attacks and even direct hacking.

So you need to be careful!

Preventative measures
-----------------------------
To help protect yourself, you can do the following:

* Install a script blocker on your browser, and learn how to use it (NoScript for Firefox is a good example).

* Install an advert blocker on your browser, to block malware-infected adverts (e.g. AdBlock Plus for Firefox). [*cough* you'll need to leave the RS site unblocked to stay within the game rules]

* Make sure you have a proper antivirus and firewall; learn how to use them, and update them regularly. Choose an antivirus that includes link checkers for popular search engines (e.g. AVG or McAfee).

* Get some anti-malware software as well, learn how to use it, and update it regularly. MalwareBytes and Spybot Search & Destroy are good examples of this type of software.

* Keep your operating system fully patched.

* Set an RS bank PIN!

* Don't open attachments if you don't know what they are, and scan before opening if you think you *do* know what they are.

* Don't visit scam sites, RS gold sites etc., even if it's "just to see what they look like". It's an unjustifiable risk.

* Don't download RS-related software (clients, bots), many are laced with malware.

* Don't use easy-to-guess passes, PIN or recovery questions. Make them unique to you.

* Never, ever share pass or recovery question info with anyone else. And make sure they don't use information that you have made available on social networking sites!

* Never give out the email address you registered for RS with. Use a disposable address instead.

* Use different passes for EVERY site you use! Try to use different login names too.

* Don't write your passes down - someone will find them, however secret you think your hiding place is... You have a brain, use it!

* Change your passes from time to time (as long as you are SURE you have no infection when you do!)

* Your login name and your in-game (screen) name don't have to be the same! Changing your screen name can confuse potential hijackers

What to do if your account is hijacked
-------------------------------------------------

Step I: find the keylogger

* Update your antivirus program
* Update your anti-malware program
* Come OFFLINE and run your antivirus and anti-malware programs. Anti-rootkit scans may need to be done manually (e.g. in AVG), so check!
* Use the task manager (press CTRL, ALT and DELETE simultaneously) to identify any remaining unknown processes. There's plenty of information online to help you work out which ones are genuine, and which are fake (even if they look genuine!)
* If you still didn't find anything, use online antivirus checks such as those provided by Trend Micro, Kaspersky Labs, Symantec, McAfee etc. (remember that some malware can disable or effectively hide from your own antivirus!)

Step II: recover the account

ONLY do this once you have identified and removed your problem, or you will just be open to hijacking again!

* Recover the account if necessary
* Change the pass
* Get a new bank PIN
* Reset your recovery questions

On the road - RuneScape away from home
---------------------------------------------------
One of the good things about RuneScape is that it is entirely browser based - there's no need to buy and install a copy of the game online or in a shop first. This also means that, in theory, you can log into the game from anywhere you happen to be.

While this is all very wonderful, there are major security issues that need to be considered.

* When logging in from someone else's computer, you are relying on their security, which may not be good enough. You have no way of telling if someone else's computer is infected with malware, keyloggers etc.

* Computers in Internet cafes etc. often log all the activity that takes place on them - including logins and/or keystrokes. There is no such thing as a secure public use computer.

* WiFi connections can *easily* be spoofed in public places by someone looking to steal credit card and website login details from others (it just needs a spoof front page, a laptop and a powerful signal - demonstrated on TV by 'The Real Hustle', where a $3000 fraud took under 45 minutes).

* Logging in from anywhere near other people increases the risk that they will just see what you type! No extra tech required...

Unless YOU control the security of a computer, it is a risk to trust your login info to it. Simple as that.
Image
Image
morituri te salutant

User avatar
Dr Brad
KoA Alumni
KoA Alumni
Posts: 11697
Joined: Thu Jan 15, 2009 8:44 pm
RSN: Dr Brad
Location: near Washington, DC, USA
Contact:

Re: Security considerations

Post by Dr Brad » Wed Aug 01, 2012 2:01 pm

Someone in the forum commented:
1) All the virus and malware checks should be firstly done when you're not connected to the Internet

2) Something I posted on someone's post -

@Ctrl+Alt+Delete to open the Task Manager, click on processes and then start checking each of the name (for example wlcomm.exe) over the Internet.

Usually the trojans/viruses etc. have the similar names to any Windows process (for example iexplore.exe is Windows Internet Explorer but iexplorer.exe is a a malicious program).
Image
Image
morituri te salutant

User avatar
syfyqueen
Posts: 1350
Joined: Sat May 12, 2012 6:51 pm
RSN: Syfyqueen
Location: Florida

Re: Security considerations

Post by syfyqueen » Wed Aug 01, 2012 4:41 pm

That's one of the reasons I don't click on any vids peeps post on forums. They may have posted them in corruptedness but those things might still have something nasty hidden on them, lol.....
Last time I went on RS high scores page within a day someone tried to hack my entire computer through a false "infected" report. I had to take my laptop back to "off the shelf new" so I lost EVERYTHING! I also had to cancel 2 credit cards I attempted to use to "buy" the program to uninfect the compter. Thank God I called Asus Tech Support and they told me what was going on. I had Norton and couple of other "protection" programs. They somehow came through a back-door. I wasn't the only one that happened to from going on the RS high scores page. I will never ever go back on that page.
Now I have a new laptop so I'm keep my fingers, toes and everything else crossed that never happens again.
ImageImage
Image

User avatar
Twirlindana
Site Admin
Site Admin
Posts: 2713
Joined: Mon Jul 18, 2011 8:39 am
RSN: Twirlindana
Location: Italy

Re: Security considerations

Post by Twirlindana » Thu Aug 02, 2012 7:57 am

I resolve all my problems by wearing a foil paper hat. It's marvelous!. No really, to be serious, my levels of paranoia are reaching newer heights... :-S
"I'm no hero. I put my bra on one boob at a time just like everyone else" - Tina Belcher
ImageImageImageImage

User avatar
Cally Raven
Site Admin
Site Admin
Posts: 6102
Joined: Tue Aug 02, 2011 10:06 am
RSN: Cally Raven
Location: Bolton

Re: Security considerations

Post by Cally Raven » Thu Aug 02, 2012 8:02 am

I resolve all my problems by wearing a foil paper hat. It's marvelous!.
You do this too Twirl? And I thought I was the only one ;)

Seriously tho, things are getting scarier regarding computer safety, I seem to do nothing but scans these days :cry:
Image
Image]
Image
Image
Image
Image

tanked as
Posts: 11
Joined: Thu Jul 19, 2012 12:31 am
RSN: Tanked As

Re: Security considerations

Post by tanked as » Thu Aug 02, 2012 10:29 am

Might have to start doing that aswell haha

User avatar
Dima
Clan Member
Clan Member
Posts: 980
Joined: Thu Apr 03, 2008 5:00 am
RSN: Dima
Location: Israel

Re: Security considerations

Post by Dima » Fri Aug 03, 2012 10:27 pm

Twirlindana wrote:I resolve all my problems by wearing a foil paper hat. It's marvelous!. No really, to be serious, my levels of paranoia are reaching newer heights... :-S
Arr. Articles like these... Need a PHD in computer science to play Runescape these days. Might as well resort to wearing a condom on my head each time I log in (equivalent to NoScript).
The best practice is common sense. If you're trying to login to RS and the website has a banner that sells Persian wives (for example), you obviously dialed the wrong number.

About logging in on public wifi by the way, that's mostly untrue. Runescape, as well as many billing-related services use an encrypted connection. Meaning, while someone can read everything you send on wifi, they can't make any sense of it.
Image
I had an awesome signature, but the internet went bankrupt.

User avatar
Dr Brad
KoA Alumni
KoA Alumni
Posts: 11697
Joined: Thu Jan 15, 2009 8:44 pm
RSN: Dr Brad
Location: near Washington, DC, USA
Contact:

Re: Security considerations

Post by Dr Brad » Fri Aug 03, 2012 11:39 pm

DeeKay wrote:Might as well resort to wearing a condom on my head each time I log in...
condom-head.jpg
condom-head.jpg (25.61 KiB) Viewed 17531 times
Image
Image
morituri te salutant

DoctorDRAG0N
KoA Alumni
KoA Alumni
Posts: 2031
Joined: Thu Oct 07, 2010 10:13 pm
RSN: DoctorDRAGON
Location: Indianapolis Indiana USA

Re: Security considerations

Post by DoctorDRAG0N » Sat Aug 04, 2012 4:28 am

ROFL Brad!
Thanks for the tips :D

User avatar
Dima
Clan Member
Clan Member
Posts: 980
Joined: Thu Apr 03, 2008 5:00 am
RSN: Dima
Location: Israel

Re: Security considerations

Post by Dima » Sun Aug 05, 2012 10:18 pm

Glad to provide the incentive. o_O
Image
I had an awesome signature, but the internet went bankrupt.

User avatar
I San I
Posts: 55
Joined: Sun Jul 22, 2012 4:03 pm
RSN: I San I

Re: Security considerations

Post by I San I » Sun Aug 05, 2012 10:27 pm

I will have to check out spybot. I got norton 360 and don't do anything on my computer but runescape. i do updates continually.But now i'm worried. I am not very computer savvy.

User avatar
Deep_Pain
KoA Alumni
KoA Alumni
Posts: 6986
Joined: Wed Dec 05, 2007 6:00 am
RSN: Deep Pain
RSN2: Choose Life

Re: Security considerations

Post by Deep_Pain » Mon Aug 06, 2012 11:05 am

Spybot was one of the best tools available a few years ago, I still use it, but am not on top of such things anymore, probably some equally good tools out there.
Image
Image
Image
Image

It is said that your life flashes before your eyes just before you die. That is true, it's called Life.

Sloggish
KoA Alumni
KoA Alumni
Posts: 282
Joined: Sat Jan 31, 2009 9:45 pm
RSN: Sloggish
Location: Philly- but Scottish!

Re: Security considerations

Post by Sloggish » Mon Aug 06, 2012 11:33 am

Great info TY All! Brad- I have suggested many times to not wear that condom on your head in public- just not a good look for you! I'm with you ISanI- worried & none too savvy.

malex
Posts: 84
Joined: Thu Feb 11, 2010 3:01 pm
RSN: LuckySphere
Location: Romania
Contact:

Re: Security considerations

Post by malex » Wed Nov 21, 2012 6:36 am

I just use facebook login and have my facebook account protected with sms authentication. Almost impossible to beat that.
Once you link your account to facebook login, just change your password to a long unmemorable one.

User avatar
Jimmy13
Clan Member
Clan Member
Posts: 437
Joined: Tue Jan 21, 2014 7:41 pm
RSN: GenThyFool
Location: England!

Re: Security considerations

Post by Jimmy13 » Wed Jun 04, 2014 7:24 pm

Well i can also give some help on computer security and ways to keep password safe, also i can help clan members computers get infected or compromised from malware, viruse, ransome ware and so on :) so feel free to inbox me if your having a computer issue oviously give head up in game im happy to help :) btw awesome post brad :D
Image
Image

Post Reply