First of all, let’s explain why security is needed:
- Protecting personal stuff
- Protecting logins
- Protecting others
That is a very small list but covers most things. Now, let’s start off with an explanation why you should protect your PC against hackers and other malicious intruders.
2. Personal stuff
Everyone has personal stuff on his or her computer. It could be email account passwords, bank account numbers passwords for online money transactions, logins for websites, logins for FTP’s, logins for school or work, or many other things. When someone has “hacked” your computer, he or she has access to all information I just mentioned, can send mails as you,can use your bank account, work account, and all other stuff you use on your PC. For all intents and purposes, the person completely controls your PC. Additionally, the hacker can view the files which you have on your harddisk, your personal pictures, your personal letters, windows passwords, backup files etc. etc.
How can you protect this? There are a few things you can use to prevent people from accessing your pc:
- Use a firewall.
- Hide your host on IRC. (On QuakeNet, auth with Q and set mode +x)
- Use an Anti-Virus program.
- Do not open links you don’t trust.
- Do not give power to people you don’t trust completely. This applies most to IRC, but also can apply to computer access, passwords, itc.
- Do not execute strange scripts and codes on IRC, especially ones containing “decode”.
- Do not open files that you didn’t ask for. Even if you know the person, it could be a virus.
Many people have a lot of logins for a lot of different things. How to protect them on your hard drive has been explained above, but how to protect them online is another story. ClanBase uses the QID system and a cookie system; the QID system is based on a encryped variable in the URL of your browser which includes your playerid and password (NOTE: this means that it transfers it in a moderately secure way, but efficient). When someone else uses your QID he or she is logged in as you and can abuse your account or do anything they want with it. First of all, you should be aware of this and whenever you post an url from ClanBase somewhere you should never include your qid. Then there is the cookie system which is only available for CB Crew at the moment. A cookie is a file on your harddisk or in the memory of your pc that contains a few variables for sites, in this case it does for example include your QID, but since you don’t see the QID in the URL of your browser, you can never paste it in irc or somewhere else, so it’s more secure. There are a few bad sides, using a cookie with a public proxy server can result in everyone going to www.clanbase.com automatically logging in as you without needing your password. Another bad thing is you always need to login first before you can use the cookie in a IE window – when you open a clean window you can’t use your cookie.
Then there is the Q auth for QuakeNet. For your account on QuakeNet, you need a login as well and for a lot of people it is a sport to get the Q auths from other people and break into them, usually in an attempt to steal channels. When someone has your Q auth, he has access to all channels you are in and he can pretend to be you while he actually is someone else – and not someone you want. To protect your Q auth never execute scripts (especially those containing $decode!). Also, NEVER click on links from people you don’t know or don’t trust. A .jpg file online can also be a script which catches your Q auth password, so be very carefull with that (NOTE: this is covered in a recent Internet Exploder update).
Then there are overtake crews. X-Cr3w is an example of that, but a lot of people use the same system. Sometimes this can be seen when your Q account is hacked:
[13:37] Taro:#Clanbase- Warning: Lamer(firstname.lastname@example.org) authed with your password. Recover it with /msg #Recover@Password.Quakenet.org username password
When you execute this you will send your password to someone else who will use it to abuse your account. This is a fake version of the real Q “someone is authed as you” message. NEVER EVER believe this message, even when it says to do it to Q’ or ‘Q’ or ‘Q-’. Only trust such messages when they come from Q@CServe.quakenet.org, and nothing else. The same thing can be applied to sending files. Sometimes someone will attempt to send you a worm, virus, Trojan horse, or harmful Trojanic script.
4. Other people
Now I will explain something which is very important. A lot of people say they don’t care when someone hacks their PC. That is okay with me, as it is your own problem whether or not you are hacked, but when you do this you. An example which really happened: someone queried me and started talking to me about personal stuff I talked about in a previous personal private query with another admin. Nobody could have ever seen that. This person says he likes the post on the bobo/crew forum on ClanBase I made and agrees with me. Of course, I ask him which account he is using, as I can see from his QuakeNet account he is using the account of someone – let’s call him John – and also the account of John on ClanBase. At this moment, I change the CB password of that admin and within two seconds he can show me the new QID. The person disappears and a few days later I see him again. He tells me which accounts/PC’s he has access to. He has also compromised the PC’s of three CB Admins and the QuakeNet login for 1 admin. He also explains that he can view all files on the hard drives of the admins and also see the private IRC logs the admins have with other people. he even saved the logs to his own PC. Why do I mention this? My PC has a Windows XP firewall running, a Norton Firewall running, Norton AntiVirus running, Norton Internet Security running, and I use a bouncer for IRC which hides your host and also a vhost to hide the ip/host from the bouncer (NOTE: some bouncers are fake and anyone can see whatever you say through a bouncer if they have access to the bouncer computer – beware fake bouncers). You can’t protect a PC for 100%, but I think this is 99.99%. As I learned, it is important to keep your operating system updated (the hackers got in via a WinXP vulnerability) and make sure to avoid hackers. Not all hackers are brilliant or anything as the media may show them, but they are not idiots, either. Always run a firewall, antivirus program, and keep your passwords and everything private. You cannot be completely secure, but it is the best you can do.
Eat your lima beans, Johnny.