Online Game Security

[Knightcrawler]

Anytime you download something, look at the destination URL when you mouse-over it to see if it's what you expect. If you're trying to download a song, or a torrent, or a picture, etc. and it's an .exe or .msi file or whatever, then it's clearly a trap.

Besides these days, if you have a cellphone, twitter, FB, google+, etc, etc, etc, etc all your personal data is already in the hands of every ad agency on the planet.

Then don't use them.

[General_Armchair]

Fun fact, mousing over links can trigger some XSS attacks.

[1N4001]

Fun fact, mousing over links can trigger some XSS attacks.

That's what Noscript is for.

http://www.upi.com/Top_News/World-News/2011/03/18/Iran-gets-one-up-on-online-dissdent/UPI-31301300484633

Yes, it's a joke.  Deep packet inspection will win every time and it's becoming an increasingly popular feature to put on gateways.

DPI will not directly reveal your identity. Unless your apps leak DNS requests or somesuch, Tor is reasonably save. Of course Tor will do you no good when end up using unencrypted connections or untrusted hosts and DPI catches those. If it comes to that, the smartest thing you can do is chain a VPN to the Tor exit node.

[Mitchpate]

DPI will not directly reveal your identity.

When Iran scans a packet, they get both a destination and source address.  That's regardless of the application used or the encryption you have.  Your physical identity may not be obtainable but if a country is willing to use deep packet inspection on their entire populace I don't really think they'd be too concerned about kicking down a door and arresting everyone in the house just to get the one they're after.  Even if you're bouncing off a node, they would at least be able to track it to that.

VPN tunnelling or some other form of fully encrypted TCP connection would be the safest way to avoid that it places heavy assumptions on believing that governments can't already inspect packets using the type of encryption you choose.  I wouldn't want to gamble my life/freedom on the hope that a despotic regime is incompetent.  They're usually not when it comes to state security.

[Mattk50]

TOR-network.

TOR is a joke.

I beg to differ. Tor is very useful to maintain anonymity, and as our Merkan friends proved time and time again, anonymity is an invaluable asset.
Another useful aspect is accessing foreign content. Youtube censoring itself? Pandora restricting itself to Merka? Use Tor with US exit nodes!
Of course, you can forget gaming over it. That would be madness, and it's totally not what it was designed for.

http://www.upi.com/Top_News/World-News/2011/03/18/Iran-gets-one-up-on-online-dissdent/UPI-31301300484633

Yes, it's a joke.  Deep packet inspection will win every time and it's becoming an increasingly popular feature to put on gateways.

What this was, was the ability to tell if someone was using Tor, not see what was actually in it. It was fixed the next day. GG.

[Mitchpate]

Yes, it's a joke.  Deep packet inspection will win every time and it's becoming an increasingly popular feature to put on gateways.

What this was, was the ability to tell if someone was using Tor, not see what was actually in it. It was fixed the next day. GG.

It certainly was not fixed the next day.  All Tor did was change the system so it was less vulnerable to Iran's filter policy.  The vulnerability can't be fixed without changing the way Tor immitates SSL traffic.

2011 was a very bad year for Tor, almost every aspect of it was blown wide open.  Expect to see governments start to exploit the "bad apple attack" in 2012.  That attack actually does reveal the user's IP address and the full contents of the packet.

[General_Armchair]

Fun fact, mousing over links can trigger some XSS attacks.

That's what Noscript is for.

You know that, and I know that, but do you really think the guy worried about being hacked through a computer game knows about Noscript?

[CGB [Blackthorne]]

Keeping this thread alive because tech security interests me immensly ^_^

Not that anybody cares, but I've stopped using TOR because I don't trust it anymore. I used to use it in combination with FoxyProxy (Firefox plugin) to access region locked video steams on a number of sites. After the whole TOR darknet (never used it myself) got blown wide open I figured that it was probably not a "safe" thing to use any more. Those guys had a lot more to hide than I did and it didn't save them. I figured that using TOR would probably draw more attention rather than protect me in any way.

I'm a tech noob so my "logic" is probably flawed but that's my line of thinking anyway.

For a quick solution, using a VPN and some sort of encryption would probably work fine. As with all things, you have to tailor the methods involved to your own needs. If you are doing something naughty then you might need a bit more protection than that, lol.

One thing I really WISH I could get around is my ISP's download rate limit for torrents. If anyone has any tips in that regard, I'm all ears... Not really security but meh...

[est1895]

Does anyone here use Outpost Firewall Pro?  What Total Security software out there do you think should I buy?  Total Security meaning the best you can get, for no security is absolute.

[Waffnuffly]

Does anyone here use Outpost Firewall Pro?  What Total Security software out there do you think should I buy?  Total Security meaning the best you can get, for no security is absolute.

Don't spend money on a software firewall. That's not going to do you much good. Just leave Windows firewall on, leave your hardware firewall on in your modem or router, keep your OS and software patched, use an adblocker addon for your web browser to block malicious ads (or just all ads period, because really, all ads are malicious on SOME level, haha) and mainly, don't be dumb and open attachments in email messages until you are absolutely sure you knew you were getting a file from a trusted source. And the file extension is logical (no jpg.exe).

[Mattk50]

comodo internet security is free with a premium version you can upgrade to. The free version is enough to gaurantee complete security if you set it to do so. It includes a firewall, sandboxing antivirus, and is generally a very good security suite to have.

'I also have malwarebytes downloaded, but for preventing infections in the first place, comodo is a good choice.

[CGB [Blackthorne]]

PCTools Spydoctor works wonders on spyware and malware but you need to purchase it. I highly recommend it though. It's way better than anything else I've tried and also works on a lot of common viruses.

It's not a substitute for a propper virus scanner though.

[kryobig]

I remember a few cases where someone was hacked because he was playing a game.

Back in the day, some people used to get hugely upset when someone with ISDN joined a QWTF server. At the time when practically everyone was using 56k and 33k or even 14k modems were not rare, dual-band ISDN, which gave 128 kbits of bandwidth was seen as a huge and unfair advantage.

Most of the time when someone was playing Quake, he could also be found with the same nick on Quakenet irc network, and by using whois command it wasn't very difficult at all to find the IP address of that player.

So people posted the IP address to some IRC channel and asked people to ping him. A couple of 56k users could very easily flood an ISDN connection with ping requests. This kind of DDOS attack was of course mostly harmless and wouldn't extend past dropping that player from the game.

But at the time, consumer firewalls were practically non-existent, which made it possible for users with more malicious intents to easily break into the players' computers through remote desktop connections and such.

Of course, all this happened about 15 years ago, and is pretty much unheard of today.

[Mitchpate]

Don't spend money on a software firewall. That's not going to do you much good. Just leave Windows firewall on, leave your hardware firewall on in your modem or router, keep your OS and software patched, use an adblocker addon for your web browser to block malicious ads (or just all ads period, because really, all ads are malicious on SOME level, haha) and mainly, don't be dumb and open attachments in email messages until you are absolutely sure you knew you were getting a file from a trusted source. And the file extension is logical (no jpg.exe).

This sums up modern Windows security pretty well.

The Windows Firewall is often more advanced than commercial software firewalls.  The problem is most users don't know how to access it.  Do a start search for "windows firewall with advanced security."  You'll be surprised just how powerful the build-in version is.

[ELH_Vivicector]

I was using Outpost Firewall. Quite good program, very reliable. I was using Outpost Security Suite. One of the best protection suites available.