swedishfriend wrote on Aug 4, 2013, 12:29:
Any company's site can be hacked. It isn't a matter of the target caring or how much security they use. It is a matter of does someone with enough skills want to hack it or not.

This is incorrect, it is not a foregone conclusion just based on desire or time. Many of the bigger site hacks have been accomplished through social engineering and poor security practices. Most gaming companies do not have an adequate IT staff or budget, many even outsource hosting to companies who resell and have numerous security holes in software for compatibility sake on their hosting platforms.

There are many simple practices which can minimize both risk and trap attacks once they come in. Most companies simply don't want to spend the time or money to do that because they know consumers will tolerate this.

Any company's site can be hacked. It isn't a matter of the target caring or how much security they use. It is a matter of does someone with enough skills want to hack it or not.

Slim Ram is my real name, I use it on the only e-mail service that I have. Also, once a month I spam all my financial data to 1000 random porn sites. Also I usually rent a billboard near my place and I put my name, social security number, address, and phone number on it. My psychiatrist told me that I use to be too paranoid so I chose to open up a little, sooooo you think I went too far maybe?

eRe4s3r wrote on Aug 4, 2013, 04:40:
Having my own mail server and dmain is one of these things I have planned to do.. but never got around to. In the end it's all insecure given the spying done...

Well yeah, unless you encrypt everything, which is a massive pain.
But the idea is to stop normal hackers, not government ones

It's on!

Having my own mail server and dmain is one of these things I have planned to do.. but never got around to. In the end it's all insecure given the spying done...

My gmail is gunk (pun!) mail account.

I'd guess this is an ego stroker more than for nefarious criminal activity (though I'm not familiar with the sites in question).

Going to a lot of trouble to protect your accounts on random message boards and gaming sites isn't worth the effort if they don't lead to anything of value to you. Just keep a junk e-mail account for signing up to that sort of thing, use the same password for all of them, whatever. There's something to be said for not bothering to remember your password at all, just use the "forgot password" interface all the time and just protect your e-mail login. Save your effort and memory for important accounts.

Dmitri_M wrote on Aug 3, 2013, 20:18:
I rely on the fact that I'm one in a billion and that I have very little to steal.

If its one of those chinese or russian hackers, they don't care. Even a little is a lot to some of them. In addition, when hundreds or thousands of accounts stolen, they only care about the totals, not any individual amount.

I rely on the fact that I'm one in a billion and that I have very little to steal.

Still sounds complicated...I just have all my email go to my Hotmail and then it's forwarded to my Gmail...simple...

'Yeah, but, Rigs, those are two participating partners in the NSA Prism program.'

WHAT?!


=-Rigs-=

eRe4s3r wrote on Aug 3, 2013, 18:43:

Dev wrote on Aug 3, 2013, 17:35:
I use unique emails and unique passwords at all sites I sign up for

Wha... how does that even work? I am signed up on like 200 sites.. how do you manage that mess? With email you would need new passwords for each new email addy... sounds like a huge hassle..

I mentioned a bit of it in the previous post.

The idea is that you have ONE email account with ONE password. No need to remember passwords. And OMG it would be a pain to setup a new email account for every one, so no. Just 1 real email.
Then there's a domain that forwards your email. So you gave out an email like bestbuy@forwardingemailthingy.com and give out one like bluesnews@forwardingemailthingy.com
Lets say your real email is RealEraseraccount@gmail.com
Then that domain forwards all those emails to your real email box, such as the gmail I mentioned above. If best buy sells your email, you block that one off from ever getting to your email anymore, but the bluesnews one would still go through. They never know your real email address. Any emails you need to send that are "from" that unique email, you can sent them through the forwarding email which can also scrub the headers that it was originally from so they still won't know your real email even if they look at the headers.

You can easily setup something like this with your own domain and simple email box (I wonder if a raspberry pi $25 computer would work for something like that), or you can use one of the free services that does something like this.
More info here:
http://en.wikipedia.org/wiki/Disposable_email_address
There's a few of the sites that do this free linked there, with varying features.
Although it refers to them as disposable, I consider it more like disable-able. As in I use mine for as long as I want, then if one gets leaked, I disable it.
Disposable would be like that 10 minute email option I linked below, which I don't use, but some people prefer.

This comment was edited on Aug 3, 2013, 19:20.

Dev wrote on Aug 3, 2013, 17:35:
I use unique emails and unique passwords at all sites I sign up for

Wha... how does that even work? I am signed up on like 200 sites.. how do you manage that mess? With email you would need new passwords for each new email addy... sounds like a huge hassle..

Slayblaze wrote on Aug 3, 2013, 16:58:
Yep, been doing it that way for years. In fact my "online identity" is a complete fabrication, with only my closest friends being able to tie the "real me" to my online persona.

So you put pictures of a car up with plates in the picture that isn't actually yours? Whose car and plates are those then? Also your/his reflection is very clear in the two bumper shots

This comment was edited on Aug 3, 2013, 18:19.

I use unique emails and unique passwords at all sites I sign up for. That way if something is breached its only the one site. The unique emails also lets me determine if someone sells or leaks their email list, and I can block off those emails that have leaked. The emails are from a free email forwarder that all get forwarded to my real email, there's a few of these kinda things.
I don't use this one since I dont like the time limit but here's an example of a disable email, if you are signing up for something that you don't care if you ever get any more email from them beyond the activation one:
http://10minutemail.com/

For the passwords, if you aren't using the same password anywhere (do this at your peril since this means you are at the mercy of the LEAST secure site you've ever signed up for which is often a forum, if someone can pair your one password with your one email they can often get into things like your bank or paypal), you are likely using a password program to store them. Thats what I do. Storing them in a plain text file isn't very secure.
There's a free open source password program called http://keepass.info
There's mobile versions and a chrome extension to integrate into the browser, etc.

Yup. This is why i use a junk email account for these kind of things...even with Blues

Fantaz wrote on Aug 3, 2013, 14:13:
I don't give my personal info to most sites any more. Consider using an alternate e-mail address and login that isn't tied to your name or identifiable personal info.

Yep, been doing it that way for years. In fact my "online identity" is a complete fabrication, with only my closest friends being able to tie the "real me" to my online persona. Not even my family knows.

*Especially* my family, as they are the most insecure nooblets on the planet.

Guess Crytek clamps things down from now on - wake up call!

Fantaz wrote on Aug 3, 2013, 14:13:
great way to start the day, being worried my personal info is in the wrong hands. thanks Crytek!

I don't give my personal info to most sites any more. Consider using an alternate e-mail address and login that isn't tied to your name or identifiable personal info.

Acleacius wrote on Aug 3, 2013, 15:29:
Here's hoping they fix the crappy games at crytek

Seems like the game sites aren't affected at all - this was likely an attempt to steal financial information and/or possibly game assets from developers licensing CryEngine.

Rigs wrote on Aug 3, 2013, 15:18:
You know, this hacking bullshit is getting old! Seems like these little cock(sucking)roaches are getting in everywhere...The thing is that this can't continue, something major is going to happen. Watch for the obligatory US knee-jerk response to 'protect the citizens'...by shutting the Internet off...

Pretty much what I was alluding to here:
Evening Legal Briefs