RSI accounts are being hacked, ships stolen - use the two-step-authentification!

[AstroSam]

I've just read it on german SC boards as well as on pages of german newspapers(!): RSI is being attacked currently by hackers. These attacks seem to be massive, first accounts have been stolen and/or emptied.

So please make sure to
- use a password with a high secure level (8 signs at least, small and capital letters, numbers and special characters)
- change your passwort periodically
- activate the two-step-verification/authentification which is offered by RSI since July 2016

Cheers!
Sam

 

[Thalstan]

Great Public Service Announcement! This type of attack never does anyone (the game, the players, the community) any good.

 

[AstroSam]

Additionally, one regarding tube by a user which account was "hijacked":

View: https://www.youtube.com/watch?v=2lcyEs9YVpg

 

[Varku]

This is how you create a strong (but easy to remeber) Password:

Source: https://xkcd.com/936/
And even more Important do NOT use the same Password for different Services.
The Days where they just try random Passwords for random Usernames are long gone.
Currently the path of Attack goes more like this:
Gain Access to a Database which contains the combination of Username and Password.
(You can buy such Databases on the Internet, or you run/attack a Forum(most User driven Sites have poor Security)...)
Use this specific combo from Username & Password (try it with small modifications like upper and lowercase...) to gain Access to other Services.
and profit. Bonus Points for gettign Access to the E-Mail Account.
(Can be used to reset the Password and you can sell it to a Spam-delivering-network)
There are alot of People who use the same Password for to many services.
Don't be one of them. Don't be vulnurable to this simple attack.


PS: @Admins pls tell me that this Forum uses salty Hashes(add a user-specific String before the Password Hash is calculated) to secure our Passwords

 

[Gumbi17]

I like that ...I'm going to share it!

 

[AstroSam]

Thanks a lot! :)

 

[Lexicon]

Two-step auth is set up.

...am I weird for setting that up by default? Even this place I log into through Steam, which I have two-factor auth setup through. Fuck, if I could do two-factor auth on my phone (fingerprint and retina scan), I would...

 

[Varku]

Two-step auth is set up.

...am I weird for setting that up by default? Even this place I log into through Steam, which I have two-factor auth setup through. Fuck, if I could do two-factor auth on my phone (fingerprint and retina scan), I would...

actuly biometric Data is not that hard to copy, and i wouldn't rely on it to secure my stuff. (The Chaos Computer Club showed that it's possible to copy a Fingerprint based on a Photo of that finger. (They used a Smartphone to take that Picture from ~20m distance) and this was several years ago...)

 

[AstroSam]

Agreed. Nothing like different, crypted passwords as mentioned before, best case changed periodically.

 

[Lexicon]

actuly biometric Data is not that hard to copy, and i wouldn't rely on it to secure my stuff. (The Chaos Computer Club showed that it's possible to copy a Fingerprint based on a Photo of that finger. (They used a Smartphone to take that Picture from ~20m distance) and this was several years ago...)

That requires a lot of targeted effort.

The odds that a stranger is going to pickpocket my phone, take a picture of my hand, and crack his way into my phone - before I have access to a computer and remotely wipe it through AirDroid or Google - is pretty slim. The odds that a stranger is going to specifically want access to my accounts badly enough to track me down and do the preceding is even slimmer.

The point of biometrics is not to be uncrackable. The point of passwords is not to be uncrackable. The point of civilian encryption is to be too annoying to be worth the time, because there is no such thing as perfect security.

 

[Varku]

That requires a lot of targeted effort.

The odds that a stranger is going to pickpocket my phone, take a picture of my hand, and crack his way into my phone - before I have access to a computer and remotely wipe it through AirDroid or Google - is pretty slim. The odds that a stranger is going to specifically want access to my accounts badly enough to track me down and do the preceding is even slimmer.

The point of biometrics is not to be uncrackable. The point of passwords is not to be uncrackable. The point of civilian encryption is to be too annoying to be worth the time, because there is no such thing as perfect security.

well, i can totaly agree on that. Horay, a good day to be a pain the Ass!

PS: haven't called my Provider this week, something is wrong. I should call him now.
It's not an easy job to be a happy Customer.

 

[Bruttle]

Good catch there Sam. It makes me glad I went with the 2-step a while back. I am usually fairly paranoid about these things since most of my family is in IT. They let me know all the latest paranoia inducing facts. Like the fact that there are between 300 and 400 million new malware produced every year. Or, that most hackers (over 90% of all hacks) are dependent on bugs that have existed for over a decade. Or, that it takes up to 6 months for a new piece of malware to be identified and added to your antivirus for removal.

Don't be afraid to write down your passwords either. I know that the old school of though is that you NEVER write it down, but in today's cybersecurity world, your password is far more at risk virtually than it is in person. So make something stupid complex. Make it even more complex for your wifi. Then write it down and enjoy a much higher level of security. IF someone breaks into your home, it will be for your jewelry or other valuables. They won't give a single thought to a random sticky note on your desk.

Please note, this advice is for personal passwords only. Please don't go violating your company's policy based on this statement.