• Welcome to The Wilderness Guardians - OSRS Clan - PvP, PvM and More - OSRS Mobile Clans.
 

Someones been trying to get to my account

Started by Mochacho456, January 10, 2012, 10:46:46 PM

Previous topic - Next topic

Mochacho456

Doing everything they can too.

I was at work today when i got a call from someone who said that they were talking to me on facebook, but knew it wasn't me. Lo and behold someone had managed to get in and was talking to certain people looking for details about my runescape / email accounts. They were requesting help from people to answer my "secret questions" and whatnot to gain access to my email, which would hopefully allow them to enter my runescape account. I managed to thwart this and reset many of my passwords and whatnot.

Anyone know anything about this?

Randy

That's weird. Go on Facebook -> Account settings -> Security -> Active sessions and you can see where you have logged on



I am the one who bends!
WG for 7+ years

Mochacho456

This was earlier today, i changed the password and recovery on facebook.

Dorcha3377


Mojo

run a check for keyloggers on your computer perhaps.
New WG Forums

[spoiler]

[spoiler=Awards and Older Sigs]











[/spoiler]

Flame Outlaw

The biggest thing I can tell you is to make sure you use capital letters, numbers, and symbols in your passwords. Doing that would pretty much null and void brute force hackers..




Join date : June 2006 Left : March 2007 Rejoined : October 2009


Mochacho456

Quote from: Flame Outlaw on January 11, 2012, 02:38:49 AM
The biggest thing I can tell you is to make sure you use capital letters, numbers, and symbols in your passwords. Doing that would pretty much null and void brute force hackers..

Obviously you don't know how brute force hackings work.

Quikdrawjoe

Hackers are looking to recover old inactive accounts with large amounts of wealth by using recoveries.  They recovered Chessy018's account from information gleaned from Facebook, Youtube, interviews etc.  Obviously someone knows your account is worth a lot and you're inactive.
Former Tip.It Super Moderator, LND Legionnaire, WG Elite Guardian

Tip.It and WG Real Life Meeting Attendee

Keith

All I can think of would be to change everything that someone may have knowledge of, other than that I wouldn't worry about it too too much

Vephy


Brent147

Proud to have served as the leader of the Wilderness Guardians.


Mochacho456

Whoever it is, is still at it. They messaged my mother asking for details regarding the recovery questions on my email account.

Mochacho456


Bam

how can we be sure it's rly you moch  :wtf:



hi :)


Flame Outlaw

Quote from: Mochacho456 on January 11, 2012, 03:07:58 AM
Quote from: Flame Outlaw on January 11, 2012, 02:38:49 AM
The biggest thing I can tell you is to make sure you use capital letters, numbers, and symbols in your passwords. Doing that would pretty much null and void brute force hackers..

Obviously you don't know how brute force hackings work.

QuoteIn cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data.[1] Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the encryption determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognise when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.

Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.

So next time, be a dick to someone else that is trying to help you.




Join date : June 2006 Left : March 2007 Rejoined : October 2009


Vio

Simple deterrent to this. Make your recovery answers long-ass jumbles of letters and numbers. Write the answers down (Don't save them on your computer) and hide the paper somewhere.

Mochacho456

Quote from: Flame Outlaw on January 13, 2012, 03:52:15 PM
Quote from: Mochacho456 on January 11, 2012, 03:07:58 AM
Quote from: Flame Outlaw on January 11, 2012, 02:38:49 AM
The biggest thing I can tell you is to make sure you use capital letters, numbers, and symbols in your passwords. Doing that would pretty much null and void brute force hackers..

Obviously you don't know how brute force hackings work.

QuoteIn cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data.[1] Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

The key length used in the encryption determines the practical feasibility of performing a brute-force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute-force attacks can be made less effective by obfuscating the data to be encoded, something that makes it more difficult for an attacker to recognise when he/she has cracked the code. One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it.

Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one.

So next time, be a dick to someone else that is trying to help you.

All possible combination's, making symbols, numbers and capital letters obsolete. I work in network security. There are 9 terabyte rainbow tables out there.

The best protection against brute force is a long ass password that can't be guessed.

Flame Outlaw

#17
I work for the government maintaining communications, providing network security, and detecting system vulnerabilities. While a long password is great, having them all lowercase letters defeats the purpose. Passwords with all lowercase letters are generally tried first. The best combination is a long password with lower case, upper case, symbols, and numbers.




Join date : June 2006 Left : March 2007 Rejoined : October 2009


JC

Don't forget RS passwords aren't case sensitive :3
To strive.
To seek.
To find.
And not to yield.

Mark



I set the standard.

Checkley

#20
Quote from: Mochacho456 on January 11, 2012, 03:07:58 AM
Quote from: Flame Outlaw on January 11, 2012, 02:38:49 AM
The biggest thing I can tell you is to make sure you use capital letters, numbers, and symbols in your passwords. Doing that would pretty much null and void brute force hackers..

Obviously you don't know how brute force hackings work.

Facebook or hotmail isn't vulnerable to brute force. They have a security code so bots can't mass attempt passwords. Numbers and symbols wouldn't help however if they where.

Brute Forcing is the lowest form of hacking and very little sites allow their users to be vulnerable to it. Chances are you have been Dox'd and somebody has been able to recover to some extent.

Fix your security by making ALL security questions as secure as your password. Use more than one email. The email address you use for facebook should NOT be the same as the email you use for WG forums or Runescape.

Hacker could be somebody on a Facebook account which you have added a while ago. Giving them access to any important information over a period of time. 


To hack a facebook you need to have access to the email address or the account would be locked for 24 hours before the attacker would have access to it.