Shion Typhon
Intara Direct Action
Caldari State
92
   |
Posted - 2013.07.03 11:10:00 -
[1] - Quote
Jaqen Morghalis wrote:Mithridates VI wrote:Jaqen Morghalis wrote:Maybe if you could explain how this grievous oversight and negligence on CCP's part might potentially cause me more than a slight inconvenience, I might share your concern over this "threat" to my personal security. I'm not going to enumerate the possible attacks based on having the personal details and PSN login of another player because I don't want to give anyone any ideas. Sorry if that doesn't convince you, but I'm mainly looking to advise people who feel it significant. I still don't understand (honestly, sorry if I'm being dense). I thought you said a person could get my email address, so where are they getting "personal details" and my login password from? Without those, what's the worst they could do, send me emails? How is my email address alone enough information to be in any way useful?
Because one of those 100 internet sites / services you've signed up for with your email as your username has $hit security and allows you to reset your password w/o a second level of authentication. Then in that 1 site you've also input your date of birth or home address which is the authentication factor for 3 more sites which then .... etc etc etc. 15 steps later they're in a site/game that has your credit card saved on file and is susceptible to buying in-game currency which can be RMT'd or whatever.
Security breaches occur across a multitude of interconnections, often run by people other than the original source. You might split your emails but having your primary gaming email in the wild is rarely awesome. |
Shion Typhon
Intara Direct Action
Caldari State
93
|
Posted - 2013.07.04 02:20:00 -
[2] - Quote
Jaqen Morghalis wrote:lol, you make it sound like they can just type my email address into the magic internet box and the magic computer bots do their computer magic and PRESTO, they have full access to my entire life!
Is it possible that someone could conceivably use information from the internet to steal my identity and/or access my money?
I suppose so, which is why I do take certain reasonable precautions when conducting business online.
On the other hand, It's also possible that I could be randomly shot by a total stranger while walking down the street.
But, is it likely?
Probably not.
You should read the article by the head of security from SOE on the Planetside 2 team. Its quite interesting.
One of the factors they discussed is that most intrusion attempts on accounts on their network are not random. They don't get mass brute force attempts at cracking passwords by trying millions of alphanumeric combinations. Most of the intrusion attempts that occur show evidence of information gathering/social engineering by the bot.
So, they'll get an access attempt against a single email address then 10 different password attempts where the passwords are clearly word combinations lifted from somewhere (implying the bot is attempting to combine information about the user collected elsewhere, DOB+home city, etc etc etc or a combo phrase clearly used a password on some other site).
How many users do you think use the same password for their IGN website login, their iTunes account, their SOE/Dust login and "that cool forum about games they visit".
Answer: Lots.
Physical and electronic security are the same, they are about layers. You have a spectrum of layered measures that can be applied ranging from "nothing" to "completely ridiculous". Every time you add a layer you exclude a potential threat level and also make it harder to perform the activity in question. You stop adding security when you hit the boundary curve between likely threats and useability.
Unfortunately most people who aren't security experts and especially in the digital world usually stop a few layers short of what is required to protect themselves adequately (not perfectly). |