Forums

Say Neight to hackers!

Quick find code: 14-15-400-66078606

of 5
Anon_420
Oct Member 2018

Anon_420

Posts: 36Bronze Posts by user Forum Profile RuneMetrics Profile
Ok so following the events of my previous post i will try to update the idea i had of implenting a new security option that dont require internet connection and that it will ensure full safety of any runescape account by any means of hacking

This post is intendended to debate if is a good option or a bad option and why. And over all is personally intended to be read by mods and jagex technician so i ask to everyone that is reading to express your opinion.

For the people that comes and read this you may say "by being smart you cant get hacked" "by having pin auth and not giving your info you cant get hacked" well let me tell you Congratulations for your true feeling of safety, now lots of people dont care your opinion lots of people dont care about safety, and thanks to that we are giving away money to hackers, saying it briefly and clear Jagex is giving money to the hacking industry, why i say jagex? because they are the ones to ensure my safety because i pay them to play this game and because its their job to prevent hackers of getting THOUSANDS of real CASH thanks to what i will list here

Before that, lets talk about numbers, 50k people play for sure daily just osrs, and its the game i play so i will just talk about that numbers, so, between 10 and 20 accounts gets hacked daily with an average of 2b profit per day. we are talking about that a normal hacker using whatever method is gaining about 1500 to 2000 dollars per day just by setting a video or a hided link. that without taking in consideration runescape players...

I have recognize the most important ways to get hacked and/or get your account stolen. each of this methods are of common knowledge and i will list them here:

1° phishing links via twitch facebook reddit
2° malware software downloaded via facebook reddit
3° third party clients with little to no protection and/or fake plugins

Now lets list the security options jagex offers
A) Bank Pin
B) Authenticator
No sera Plucho?

25-Jan-2019 12:04:06

Anon_420
Oct Member 2018

Anon_420

Posts: 36Bronze Posts by user Forum Profile RuneMetrics Profile
Now lets talk about the actual defense that security offers against the three common ways of hacking.

If you put your info in Option N° 1, im sorry but the attackers already is on your account and you have lost everything.

If you download malware software the attacker may be watching your screen so a bank pin wont prevent you losing your items, the authenticator may prevent their access UNTIL they learn how to access your email because at is stated here:
The authenticator is not a Jagex product. is supported by the email account of the user so im sorry again you have lost all your items.

Third option, apply the same as stated to the 2° option.

So again i have come to a solution i think it will prevent every option stated above, and i will of course make clear that is not mandatory, same as pin and auth, you can have it or not is just a plus, of course it will take money to jagex, time, and probably it wouldnt be easy, but its the only way to ensure hackers dont get money thanks to jagex and/or users with poor security.

Solution: Enable a phone number option to recieve a notification everytime someone try to access your account. How would this work and how would jagex recognize a possible hijack? Easy if i had logged everyday from the same devices and suddenly one day it has an acces from 2000km away of my devices THAT is 99% sure to be a hijack THE WHY is not relevant at this people all that matters is ensure my security.

So how is this mecanism working?.

When a person/attacker try to log in i will recieve a phone notification VIA SMS that an unrecognize log in has been detected, it would ask me if i recognize this log from X location and that to procced i should tap
HERE
. Previous option was that it may give me a random generated code but people dont seem to like that idea...
No sera Plucho?

25-Jan-2019 12:05:43

Anon_420
Oct Member 2018

Anon_420

Posts: 36Bronze Posts by user Forum Profile RuneMetrics Profile
Now that i explained that method lets test its security.

Option 1, I by whatever reason didnt realize it was a phishing site and introduce my pass and bank pin into a phishing site, by enabling the new option, when the attacker try to log in i will be suggested by jagex my acount has been breached and i of course would realize its a phishing site but since i didnt authorize all my items are safe

Option 2, i download some malware and sadly an attackers can see my email my pass my pin etc, but when they try to log in to change password or to steal items, what will happend? automatically i will recieve a message to my phone that notify me of that. so all my items are safe.

Option 3, im seeing a plugin that offers double xp throught thrid party client of my choose so i will give it a try, oh.. it was false they now have access to everything, but wait thanks to having sms confirmation enabled my items are safe because i didnt recognize the log.

As you see with this option every account items are safe when my foolishness have expose my data.

Why this has worked?
Because it doesnt work with internet because the attacker can have access to my email to my screen to my keyboard, but they cant hack Orange Vodafone or whatever provider your have.

So finishing up, of course its my fault if i click bad links, download fake stuff, or use not authorized clients, but is jagex duty to protect me from my own foolishness because thats why we pay the membership, to be able to play wheter im an idiot a super smart or just some really normal person unware of internet dangers...

Well thats all, i hope everyone reads everything and say their opinions and of course the idea could need improvent so i would love that with the help of all we can make Gielienor safe again, and of course prevent hackers to gain insane amounts of money throught stealing people items.
No sera Plucho?

25-Jan-2019 12:11:12

Tuffty
Jan
fmod Member
2003

Tuffty

Forum Moderator Posts: 135,009Ruby Posts by user Forum Profile RuneMetrics Profile
Hackers needs to stop getting money through RuneScape users.


They will when people stop clicking on links that promises goods for RuneScape like Double Exp Weekends for Old School when there is no such thing. Also clociking links that promises 200m gp for a comment of a fake website. Also watching Streams where people say they are quitting and to click the link to add a comment to win goodies.

Until people learn to STOP clicking links and adding all your details then hackers will still be here making millions of people.

Moral of the story is
STOP
clicking links and adding account details!

Unlocked on request.

Also popped my reply from the other thread onto this 1. ;)
Comprehensive Account Security
What did one eye say to the other eye? Between you and me something smells.

25-Jan-2019 12:15:26 - Last edited on 25-Jan-2019 16:05:24 by Tuffty

Anon_420
Oct Member 2018

Anon_420

Posts: 36Bronze Posts by user Forum Profile RuneMetrics Profile
thanks Tuffty, i will quote my last words from last thread to follow the disccusion and debating of option

Original message details are unavailable.
everyone is closed to the fact that everything is fine that everyone is protected... but as i said before hackers are gaining more than 50.000 us dollars worth probably in bitcoins thanks to this "fine system" now is that fair? think about ONE YEAR 600.000 DOLLARS of pure gains are "GIFTED" to hackers thanks to the actual security system,,

why you would allow that to happend? just because impoving security may take a lot of work?

"yes because the auth works" Does it? dont you all see those numbers? thousands of hundreds of cash going to hackers because the actual security system is made for "smart" people

we need security for the common people the user that goes to work come home play 2 3 hours maybe with luck and wonders unsafe on the internet>>>> this is the normal average gamer the one that takes cash of their job salary to play this game even if its 2 hours a day(with luck)
No sera Plucho?

25-Jan-2019 16:11:27

Transcendent
Jun Gold Premier Club Member 2010

Transcendent

Posts: 34,831Sapphire Posts by user Forum Profile RuneMetrics Profile
I want to point out just as with Authenticator, you need an internet connection to enter an SMS code, so either one would require an internet connection to work.

If you don't click links on social media or associated with videos, and don't enter your Authenticator code except to log into the game, no one except you and Jagex will be able to access your account.

If you can remember the real forums never asks for your Authenticator code, then you will know any forums that asks for your Authenticator code is a fake Phishing site, since the real forums doesn't ask for the Authenticator code.
Hi.

25-Jan-2019 16:20:00 - Last edited on 25-Jan-2019 16:21:21 by Transcendent

Kikoskia
Aug Gold Premier Club Member 2017

Kikoskia

Posts: 56Iron Posts by user Forum Profile RuneMetrics Profile
Transcendent said:
I want to point out just as with Authenticator, you need an internet connection to enter an SMS code, so either one would require an internet connection to work.

If you don't click links on social media or associated with videos, and don't enter your Authenticator code except to log into the game, no one except you and Jagex will be able to access your account.

If you can remember the real forums never asks for your Authenticator code, then you will know any forums that asks for your Authenticator code is a fake Phishing site, since the real forums doesn't ask for the Authenticator code.


You put it as good as I could ever do so.

There are already many ways to protect your account from being compromised and they are very effective. More often than not, accounts are compromised due to following questionable links to phishing sites and imputing credentials into them that give people access to your account. There's also the instances of people telling those they think they can trust their login details, something that also shouldn't be done.

The authenticator is not a complicated to set up and use, neither is creating a strong password. As for phishing attempts, three things are important to remember:

1) If something looks too good to be true, it probably is.
2) Jagex will not ask for your autheticator code to access the forums.
3) If something claims to direct you to an official Runescape site but it's from a questionable source, don't follow that link. Go instead to the official website and try to find the information there.

I don't think more needs to be said, really.

25-Jan-2019 16:49:51

Dark Gaia
Mar Member 2019

Dark Gaia

Posts: 12,664Opal Posts by user Forum Profile RuneMetrics Profile
Hackers are a valueble asset. They teach idiots how to think twice.

You clicked on a dangerous link then it's your own fucking fault. Next time don't do it and thank the hacker for showing you that trusting strangers on the internet can and likely will backfire on you spectacularly.

You followed their advice and went to Makemeapmod.tk?

Your fault.
Now this is what I call a brilliant signature

25-Jan-2019 17:27:38 - Last edited on 25-Jan-2019 17:30:05 by Dark Gaia

Anon_420
Oct Member 2018

Anon_420

Posts: 36Bronze Posts by user Forum Profile RuneMetrics Profile
ok i see your opinion, lets do nothing, everything is fine, i will keep working 8 hours 5 days a week for 1000 euros, and let hackers gain half million dollar thanks to foolish users, thats ok, "everything is fine that how things are meant to be"

maybe you all dont realize but your way of thinking is supporting illegal bussines.

i dont think you all read that if someone has access your email auth is useless, and if your account was created after 2010 your email is your username, and because most of the people arent that paranoid to have several email accounts and several passwords, it would be really common that your password is the same or similar in both sites, so again AUTH wont protect your ITEMS in that case.

i dont really have that much time to search when the authenticator was set and why, but im sure at that point lot of people said the same thing, "uhhh do we need to dowload an application? you just dont give your bank pin and you are safe" yet we have one and know at the year 2019 hackers have learn to pass throught it maybe not the 100% of cases but just doing it to the 5% is making them rich.

Maybe yes in 10 months 1 year 2 years SMS verification will again be easy to get throught but at that point new ways shoudl be implemented because TECHNOLOGY MUST EVOLVE

10 years ago i would had never thought by clicking a webpage someone could turn my internet connection off, now is as easy as buying alcohol being a minor, shoudl it happend? NO what it does and what are we going to do? IMPROVE
No sera Plucho?

25-Jan-2019 17:34:35

Dark Gaia
Mar Member 2019

Dark Gaia

Posts: 12,664Opal Posts by user Forum Profile RuneMetrics Profile
In the case of RS: Make a custom email just for your account and don't talk about it. Won't exactly have a fun time hacking a account if you don't know the email it's registered too unless you hack in to Jagex or Google.

If they do manage to do that then it's on their asses, ain't it?

If people CBA making a unique Email for their game account(s) then that's their own problem.
Now this is what I call a brilliant signature

25-Jan-2019 17:42:23

Quick find code: 14-15-400-66078606Back to Top