| Pages: 1 [2] :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 2 post(s) |
steadyhand amarr
Royal Uhlans
Amarr Empire
750
   |
Posted - 2013.07.03 12:30:00 -
[31] - Quote
To day I learned how little people know about internet security and how damage can be done with just your email :-( |
Jaqen Morghalis
Abandoned Privilege
General Tso's Alliance
78
|
Posted - 2013.07.03 13:03:00 -
[32] - Quote
steadyhand amarr wrote:To day I learned how little people know about internet security and how damage can be done with just your email :-(
Meh, a little common sense and due caution goes a long way.
I generally don't volunteer any personal info when registering on forums and such, I rarely use my credit card online (and when I do, it's with sites that I am reasonably confident are as secure as possible), I monitor my credit card balance frequently and regularly, I use PSN Cards for PSN purchases, and I've got multiple "junk" emails, all with different passwords.
To do me any real harm, a person would need much more than just this one email address (even factoring in any other information about me that they could possibly extrapolate from it). I'm not saying it isn't possible but, to target me specifically, a person would have to be pretty determined, and spend quite a bit of time and effort to expand that one email address into something that would actually hurt me.
If they're THAT determined, then they've got a serious vendetta against me for some reason, and will probably find some other, easier, more effective and direct way to hurt me, even if they didn't have my email address.
The only other way this could affect me is if I'm just unfortunate enough to be either randomly selected, or one of many victims in some sort of mass-fraud, and the common sense and due caution that I mentioned above should protect me.
Besides, I could also get hit by a bus on my way to work, that doesn't mean I'll never go outside again.
Face it, stuff happens and, personally, I prefer not to spend my life worrying about every little thing that might possibly happen under just the right set of circumstances. You can't protect yourself from everything.
Obviously I do whatever I reasonably can to protect myself, but I'm not going to lose any sleep because someone might have access to one of my email addresses.
Living in fear is not living.
/rant |
Draxus Prime
BurgezzE.T.F
840
|
Posted - 2013.07.03 13:43:00 -
[33] - Quote
CCP Eterne wrote:I've snipped the explanation of how to do this, but I've also forwarded this on to our security team. Obviously giving people a way to farm the e-mail addresses of PSN accounts is not a good thing.
i want a signuture |
semperfi1999
Internal Error.
Negative-Feedback
557
|
Posted - 2013.07.03 14:04:00 -
[34] - Quote
Jaqen Morghalis wrote:steadyhand amarr wrote:To day I learned how little people know about internet security and how damage can be done with just your email :-( Meh, a little common sense and due caution goes a long way. I generally don't volunteer any personal info when registering on forums and such, I rarely use my credit card online (and when I do, it's with sites that I am reasonably confident are as secure as possible), I monitor my credit card balance frequently and regularly, I use PSN Cards for PSN purchases, and I've got multiple "junk" emails, all with different passwords. To do me any real harm, a person would need much more than just this one email address (even factoring in any other information about me that they could possibly extrapolate from it). I'm not saying it isn't possible but, to target me specifically, a person would have to be pretty determined, and spend quite a bit of time and effort to expand that one email address into something that would actually hurt me. If they're THAT determined, then they've got a serious vendetta against me for some reason, and will probably find some other, easier, more effective and direct way to hurt me, even if they didn't have my email address. The only other way this could affect me is if I'm just unfortunate enough to be either randomly selected, or one of many victims in some sort of mass-fraud, and the common sense and due caution that I mentioned above should protect me. Besides, I could also get hit by a bus on my way to work, that doesn't mean I'll never go outside again. Face it, stuff happens and, personally, I prefer not to spend my life worrying about every little thing that might possibly happen under just the right set of circumstances. You can't protect yourself from everything. Obviously I do whatever I reasonably can to protect myself, but I'm not going to lose any sleep because someone might have access to one of my email addresses. Living in fear is not living. /rant
Actually all this "time" you claim someone is spending...........is not true. By and large someone who had the technical skills to obtain your email from this system would not then personally try to put your information in other sites looking for a hit...they have a bot program that does all of that for them. They literally would only have to check the bot on occasion and perhaps do a couple things when its required of them by it would mostly be an automated system that your information would be put into.
So saying someone would have to spend a lot of "time" to get this information on your is just ludicrous...they dont spend alot of time on any single person. They get massive amounts of data and put them into bot programs to sift the data and collect everything they can so that they can use it or sell it to someone who wants to use it.
BTW I completely agree with steadyhand......apparently I have long overestimated the technical knowledge of gamers. It would appear that many gamers have no clue of anything regarding the computers/internet beyond....I click this button and it works and if it doesnt work then I call tech support. |
Jaqen Morghalis
Abandoned Privilege
General Tso's Alliance
78
|
Posted - 2013.07.03 14:28:00 -
[35] - Quote
lol, you make it sound like they can just type my email address into the magic internet box and the magic computer bots do their computer magic and PRESTO, they have full access to my entire life!
Is it possible that someone could conceivably use information from the internet to steal my identity and/or access my money?
I suppose so, which is why I do take certain reasonable precautions when conducting business online.
On the other hand, It's also possible that I could be randomly shot by a total stranger while walking down the street.
But, is it likely?
Probably not. |
HowDidThatTaste
Internal Error.
Negative-Feedback
2910
|
Posted - 2013.07.03 15:42:00 -
[36] - Quote
Sometimes you just got to wear the tinfoil hat. |
HowDidThatTaste
Internal Error.
Negative-Feedback
2910
|
Posted - 2013.07.03 15:44:00 -
[37] - Quote
Sometimes you just got to wear the tinfoil hat. |
Shion Typhon
Intara Direct Action
Caldari State
93
|
Posted - 2013.07.04 02:20:00 -
[38] - Quote
Jaqen Morghalis wrote:lol, you make it sound like they can just type my email address into the magic internet box and the magic computer bots do their computer magic and PRESTO, they have full access to my entire life!
Is it possible that someone could conceivably use information from the internet to steal my identity and/or access my money?
I suppose so, which is why I do take certain reasonable precautions when conducting business online.
On the other hand, It's also possible that I could be randomly shot by a total stranger while walking down the street.
But, is it likely?
Probably not.
You should read the article by the head of security from SOE on the Planetside 2 team. Its quite interesting.
One of the factors they discussed is that most intrusion attempts on accounts on their network are not random. They don't get mass brute force attempts at cracking passwords by trying millions of alphanumeric combinations. Most of the intrusion attempts that occur show evidence of information gathering/social engineering by the bot.
So, they'll get an access attempt against a single email address then 10 different password attempts where the passwords are clearly word combinations lifted from somewhere (implying the bot is attempting to combine information about the user collected elsewhere, DOB+home city, etc etc etc or a combo phrase clearly used a password on some other site).
How many users do you think use the same password for their IGN website login, their iTunes account, their SOE/Dust login and "that cool forum about games they visit".
Answer: Lots.
Physical and electronic security are the same, they are about layers. You have a spectrum of layered measures that can be applied ranging from "nothing" to "completely ridiculous". Every time you add a layer you exclude a potential threat level and also make it harder to perform the activity in question. You stop adding security when you hit the boundary curve between likely threats and useability.
Unfortunately most people who aren't security experts and especially in the digital world usually stop a few layers short of what is required to protect themselves adequately (not perfectly). |
LuckyLuke Wargan
HavoK Core
RISE of LEGION
188
|
Posted - 2013.07.04 02:31:00 -
[39] - Quote
Another check mark in my long list of CCP **** ups... |
Mithridates VI
IMPSwarm
Negative-Feedback
2047
|
Posted - 2013.07.04 06:49:00 -
[40] - Quote
CCP Stillman wrote:When we were made aware, we rewarded the reporter as per our PLEX for Snitches program.
This is true.
CCP Stillman wrote:As a part of that, we no longer include the email which it's sent to as a part of the mail. Also, technical changes were made on the backend to prevent abuse of this at a large scale. We're still actively working with them to fix this issue fully, but this is not something that gets done over night.
I'm glad to hear that something has been done to prevent large scale abuse but it's surprising to see that something like programatically removing the email addresses from historical messages is not possible. If control over the content of an email is not made possible by hosting it in full I'm afraid I don't see the point in the system used to host the messages at all.
|
|
|
|
|
| |
|
| Pages: 1 [2] :: one page |
| First page | Previous page | Next page | Last page |