HACKERS

[ibruzu]

Jazira sent me a message asking me to post that she would be away from the game. Perhaps forever because somebody hacked her system. This person is using her MD account as well as her YIM account. If you see Jazira and her flag is anything other then the U.S. it is her hacker.. treat them accordingly.
I would like to add a personal side note since our friendly hacker is playing the game.......
[spoiler]Nice job you friggin scumbag!!!!! [/spoiler]Jazira works hard everyday for this game.. and you, your [spoiler] guttless prick [/spoiler] drove her away! You have done damage to all players who will ever play this game by taking Jaz out of it. [spoiler] I hope you burn slowly in hell you piece of shit!!![/spoiler]
have a nice day!

Edited May 20, 2009 by Akasha
covered bad words

[Akasha]

Her account password was changed that means someone has access to her PC or to her email.
stolen creatures or items can be tracked down and recovered, as soon as she regans full access to the email used for this acc she should contact Mur again for an other password change or email change. If its necessay the account can be banned temporarly to prevent ther abuse.

[Blackwoodforest]

[quote name='Akasha' post='31671' date='May 20 2009, 03:19 PM']Her account password was changed that means someone has access to her PC or to her email.
stolen creatures or items can be tracked down and recovered, as soon as she regans full access to the email used for this acc she should contact Mur again for an other password change or email change. If its necessay the account can be banned temporarly to prevent ther abuse.[/quote]

But how do you know if the hacker is not in same country? can´t she just tell her internet provider to show the ip adress using for example her mail program and he will be catched soon I hope.

What a [spoiler]shitbag![/spoiler] dork

[Kafuuka]

There are ways to change your ip, so tracking the ip of the cracker isn't a valid option. Even if lot's of crackers are actually script kiddies, they'll still know about those.

What email address was the new password sent to? If it is connected to her Yim, it is no surprise it became compromised that soon. If it is an other one, she should check her firewall and scan for trojans.

How strong was her Yim password, did she keep the registration mails? Did she use separate passwords for mail and MD? Did she keep other emails with passwords in them? It could be a lot more than her Yim and MD account that have been compromised. Especially if she didn't store her md password in an email and the passwords were strong (ie not something like '1234' or 'cookies'), because that would mean someone had to pry it from her computer.

[Shadowseeker]

First of all when you have the suspicion that the hacker is knowing more than one password, I'd suggest getting an Antivirus system, checking it all. Best would be to create some bootdisk with that program somewhere seperate, plug the computer off the net and run a virus scan.

Since this isn't the most serious problem i think she should just download and install a trial version and run a scan on her computer.

Kaspersky, Avast, are a few good ones to say, is she wishes protection afterwards I'd suggest using ZoneAlarm or so as a firewall.

After she has done that and still nothing shows up, then obviously her YM account/email got hacked. Try changing passwords there, making strings like §kai87f%hg (of course, don't use this now!).

[Chewett]

The "hacker" had her email so when i got mur to change the password he knew about it.

But i dont know how this person got the password in the first place.

[Liberty4life]

no offense but this is a BS

guys who do this never use accounts they got, well they use accs like rs premium, but they just dont have time to mess with some game called magicduel, if you understand what i mean, they get tons of user/pass all the time, they dont have time to use them, they sell them or share them, give away, they dont keep them, they make them public somewhere as a proof of work they have done and to show that they are capable of work so they get respect and reputation in community in which they are

only if someone actually had her as target may be using her account, but usually for stuff like this you dont have target, only if it is becoz of some personal issues, and then it isnt worth of risk, thats why i think it was done by some random guy, and someone else is now using her account

and kafuuka already said many methods, and still it isnt event half of possibilities

edit: oh so after all it was a personal thing, sry i misread it, things like that are very rare

[Kafuuka]

You don't have to be a genius to be a script kiddie and even if it was necessary, the MD community has enough smart people in it. Yes, targeting is a plausible scenario, but not the only one... there's even the remote possibility some data wasn't removed when logging out out of a public computer, and someone browsed through all the mail and then got interested in MD. The odds may be one in six billion, but hey, there is enough people on the planet to accommodate them. What is the use of guessing at this anyway?

Priority should go to determining if it was the email that got compromised or her computer. Finding out when this happened and knowing what else has been compromised.

btw,' hacker' is technically not the right word, it is 'cracker', or the pejorative 'script kiddie'.

[Liberty4life]

i more prefer word criminal

and if person knows her irl, then it could be physical access to her computer and dumping stored passwords, if was in his place, thats how i would do it (in case he knows her irl as said somewhere before)

[Kafuuka]

That is incredibly low tech, but a simple trojan would do too. Most passwords are still stored in plain text on computers. All you need to know is where to look and how to get access to your target's computer. Last time i used windows, I had to clean spyware at least once a month to get rid off all the crap. Some programs even had the nerve to include spyware in them and politely tell you about it in the eula; that giant piece of text nobody reads.

Basicly, unless Jazira used strong passwords, updated her anti virus and firewall regularly, configured them all perfectly and read all eula's, didn't open attachments, never browsed an unsafe website, used pop up and add blockers and who knows what else... there was no need for physical acces to her pc.
Actually, I doubt it would take long for me to break into my own computer, maybe a couple of days to bruteforce the user password, which would be silly since i know my own password though.

[dst]

After reading all you said Kafuuka all I want to do is throw my laptop on the window. THEN I will be sure I am safe

[Kafuuka]

[quote name='dst' post='31709' date='May 20 2009, 08:46 PM']After reading all you said Kafuuka all I want to do is throw my laptop on the window. THEN I will be sure I am safe [/quote]

advertising:
install linux; even if you aren't an expert, it still is a hundred times less likely someone breaks into it. And there aren't as many ready made scripts to crack into it.
Sadly there aren't that much games available on linux, but MD works!

[Liberty4life]

eh bruteforcing isnt effective anymore due to login cooldowns, miss password 5 times and ya have to wait 15min-1h, and if you know someone irl, easiest way is physical access, and then you do what you want and how you want but on other hand as long as you are running windows with internet connection ya arent safe (well if you have it with no internet connection that just means no data theft but your data can still be deleted)

[dst]

Kafuuka: games are the reason why I still have Vindoz . I know how linux works and other unix based systems and I totally agree that they are the best. BUT they have a major flaw as I said: few games actually work on linux

[Nex]

there is no absolute safety, but at least there are some things you can do to make it less likely/easy to crack or clutter you up:
run noscript
check hackthissite.org to get a few general pointers about security

[Liberty4life]

ah i am not in mood to check it again and complete all those challenges again, they are almost all old but yes there are some good tutorials, as for absolute safety i think that well maintained linux system shouldnt ever have security problems

@dst: get linux, install vmware and create virtual machine with it and dont give it access to internet, install windows on it, and then ya can play games safely, as for online games, most of them work on linux

anyway linux arent for gaming

[dst]

To be honest right now I need to install a vmware to put solaris on it . So whish me good luck cause I have no friggin idea how vmware will act under ^%%$%^& vista..

[Czez]

I'm still confused about something. When jazira asked me to post for her in the forum regarding dojo violators, in a very jazira-like way, her flag was still philippines. Can someone explain how this works?

[Liberty4life]

eh..... thats called double login, and it has been used before......... guy logged in with his ip address or with proxy, and while he was online, she logged in too with her american ip, so since account was online in the time of second login it kept flag from first login

edit: dst ... uh solaris nice

[dst]

Actually it's the other way around: the login takes the last flag. Trust me...I tested it several times .
So I believe he logged in after her.

[Liberty4life]

oh well same thing my point was double login

[Cain of Destruction]

I am Cain Baneheart and Jack Willow, I am the one responsible for stealing the account of Jazira. My accounts Cain Baneheart and Jack Willow is permanently banned. I am sorry.

[Udgard]

Why did you hack her account?

[dst]

Cause he wanted crits...

[I am Bored]

i a m tempted to say he hacked it out of boredom, but then again that may not be it....