My Account Was Hacked And I've Been Suffering For It.

thats a bad "install" not a reason not to protect our information on file, i mean how many people use their real creditcard ?
not using captcha and having the login name, makes it way to easy to have a program run passwords ?

* i never tried it , but im not sure if it even blocks the login after a certain number of bad pw's ?

It is, and it is a pain in the rear - the use of captchas has basically prevented automated access to one's transaction records. Captchas provide no additional security to an account and should _not_ be used for logins - they are meant to prevent automated _registrations_.

They provide security by requiring that a human do the logging in, instead of a script simply trying password combos until successful. Captcha has never kept me from my own account information, commenting on a blog or anything else.

Yes, true, it prevents automated access. Which is fine, I don't want automated access of any sort to my account in the first place, unless it's through my bank, paypal or myself. I don't need a script to do my banking for me, thanks.

My vote goes to "Keylogger".

It could be SO easy to install! Whether by "drive-by" or tricking you into installing it. It's not like a crafty individual couldnt rename it to some innocuous name, letting you set yourself up, then have it appear as if the "program you 'think it is'" doesnt work.

So, back to this threads subject of having your account hacked, how will captcha prevent somebody who's stolen your password from doing whatever they want with it?

.

.

It doesnt prevent someone from getting in with a stolen password. It prevents brute-force password guessing via scripts. A keylogger will not be stopped by captcha.

To stop someone with a stolen password, you'd need a verification question of some sort I think, and even that's not a guarentee if the thief happens to know you.

I download a password cracker once to run against my oracle databases at work to see how many users had too simple of passwords. I ran it against a few of the complex passwords that I use on different personal and administrative accounts. For each of my passwords, I cancelled the routine after it had run for 48 hours without cracking the passwords. Out of 8 of my passwords, I only had one cracked in less than 48 hours and that one took 42 hours.

Very few hackers are going to go to those extremes to crack an SL password.

ah, Very Happy to hear they have


.

What, they won't work that hard for $1000L?

Come on, that's like four whole bucks!

Broken, broken, broken:
http://en.wikipedia.org/wiki/Captcha#Circumvention

Especially where relay attacks are concerned.


The only type of logging in you would stop are basic website logins, and temporarily at that. libSL and recompiled clients would avoid most login captcha implementations in a pinch.

That is, unless it's thousands of accounts harvested in a small amount of time....

We had that sort of problem back when people were signing up free accounts to game stipend payments. Large volume of accounts plus small payoff equals much larger payoff in aggregate.

Could have happened from your puter also nerver NEVER goto a url mentioned in game or on and SL blog or fourm always type it in manually never click ANY link even one provided by the Lab.
O and change your password each week different days.
and really importand get AVG its free and the best anti virus out there.

.

The lesson here is to make sure that you use a different password for SL than the one you use for your favourite hentai tentacle rape yaoi porn sites - just in case.

The site I go to is free access. No password needed.

So if you can't read the bloody mangled captcha well enough to log in, you're screwed until you can get someone to answer the phone. Not useful. I had an email server that routinely forced me to guess at three captcha phrases before it logged me in. Didn't matter if I got it right - three tries, no less.

That's not a good way to enforce security. It's just code wanking.