Over the next few days I will be changing somethings on my blog. Some of those you can look forward to are:
Bullets (w00t)
Gear ratings
Stats for specs
Pawn / RatingBuster scales
Raid guides and more Heroic guides
Enchants for DPS Death Knights
Build specific glyphing for Death Knights
I just joined a new guild tonight that raids a lot more than my previous one. This will help me get some raid guides up as a lot of my community has asked for guides for Naxx, and Vault.
This is a reply to WoWHead’s Blog post about Security. I posted this on their website as well and I wanted to post it here as well.
Before we starting talking on how to prevent account comprising we need to know how someone can steal your information. The information above is correct but there is more to that. First let me say that I am an IT Systems Administrator working on getting a BS in Network Security.
First, you need to have your firewall up to date with all firmware updates. This helps you a lot more in security as it is very easy to steal a packet or frame from a resource using packet/frame analyzing tools. I will not mention any here. Make sure that you only allow ports from trusted companies like Bliizzard. Do a little research on Blizzard’s websites to find out what ports Blizzard uses in their games. They also have tutorials on how to set up your Routers / Brouter for port blocking and how to use your software from port blocking as well for Windows, and Mac using programs like ZoneAlarm, and BlackIce.
Second make sure your not using any programs in the background that can obtain a backdoor leak from your computer. These are called Trojans and they are hidden in your system most likely as a JavaScript file some where in your Cookies area. This makes it a point to delete your cookies every time you exit your browser. This will help keep your system safe from any want to be attackers. If there is a backdoor leak on your computer, any hacker can find his / her way in and corrupt any data you might have.
Third and I can not stress this enough. Test out your system before somebody breaks in. If you can find a leak within your security settings, anybody else can to. So do yourself a favor and test your system out. Put a virus on your system (nothing too dangerous for testing) and see how your Anti virus protector picks it up. Same with port blocking and firewall schemes. There are many tools on the net that can help you with this.
Fourth, install some kind of Network Monitor on your computer. It can be from Microsoft even with their Network Monitor that is bundled with their Windows 2003 Server Software. This will help you analyze your packets and see where you are most vulnerable. Once you find that information do more research to find out how to help your system out. Also install all security updates either from your Anti virus, OS, or any other security source.
Fifth, turn off your guest account. If you find that this is on after you have turned it off more then likely someone got into your system. This is a good test to see if you have been hit with anything including a DDOS attack or been a victim of packing sniffing. Also use a browser that is more secure like Firefox, Opera or Chrome over Internet Explorer. While IE (8 beta 2) is great, it is still less secure than Firefox or Chrome.
Some other tips:
- Change your password every 14 days. For most packets to be sniffed out it can take up to 10 days before someone has a good size log on everything that you have done on the Internet. During this time the hacker is or has tried to get into your system. Changing your password every 14 days is a good step.
- Make sure your password is lengthy. Windows recommends 6 characters. Most websites want 8. Try for something in the 12-15 character range. The longer the password, the harder it is to crack. Also use a combination of letters, numbers, alphanumeric letters, and symbols. A common way is to test your password after you made it. If you can’t remember it without looking at it after you made that’s a good thing.
- While this tip might be a little extreme. Right down your MAC (Media Access Control) address that is found on your NIC (Network Interface Card). It is a long number, but this makes your computer unique to the Internet. It is also how you obtain an IP Address from your ISP. If someone was packing sniffing, he / she can alter your MAC address and give you an APIPIA (Automatic Private IP Address) that will not let you access the Internet, and you would have to go through the hacker’s Internet where he will sniff you because the only way out is through his / her Default Gateway. If you think you have been a victim of an attack see if your IP Address has changed. One way is through command line (CMD at run) and using the ipconfig command if your on Windows or Linux / Unix to see what your current IP address is. If you find you have been a victim of an attack your best source is to contact your ISP as they have security experts that can do packet tracing to find out how you were sniffed out.
My final bit of advise is if anybody wants in they will do anything they can to get in. Does not matter how secure your network is. If they want to pinghammer you to death to where your bandwidth is dead they will. Our packets do not allow for that much security (IPv4), but with IPv6 coming to most ISPs and networks really soon the more secure it will be. Having 10.0.10.100 is easier for a hacker then something in hexadecimal (a-f, 0-9, 45 characters long)
Sorry for making this so long. It is a lot of work to protect yourself from hackers. Cyber crime is huge. You are in luck as more security is on the way in IPv6. Some ISPs have already installed IPv6 into their network. Many who have will of sent you an email or some kind of notice that they have upgraded their security of their network. This means they upgraded to IPv6. If you wonder, I am not a hacker but they teach a lot of this stuff and how to stop it in our security courses and also working as a System Administrator your #1 thing to do for a network is secure the data.
Hello my readers and fellow bloggers,
As the new year approaches I have a plan to make this blog bigger than it is now. From the stats that I am getting, my Death Knight blogs are the most popular. I thank Blizzard for allowing Death Knights into to the game so that users can see how good they are. I plan on releasing more Death Knight information in the coming days and weeks ahead. Seeing that my DPS post for Death Knights is extremely popular I plan on making a better version of that along with the stats that Death Knights need.
I also plan on writing more guides on every Heroic Instance in Northrend. I should have one on the Violet Hold in a few days and I’m changing some terms around as well as Gun’drak and other instances. The only ones I will not have any information up for a while will be Halls of Lighting and Halls of Stone. I have only been to these places a few times and I know I am not knowledgeable enough to write a guide on the bosses in there yet.
Other plans include how to play as a Shadow Priest and a Restoration Druid. Both of these will follow in a few weeks. Both areas will have rotations, and example talent builds.
By the end of 2009 I would like to see a lot of my guides get more popular other than my Death Knight ones. While I understand that almost everybody is creating a Death Knight, there are other classes in the game that need just as much attention as Death Knights. My instance guides right now are not very popular, but I plan on working those out better to make them more popular.
Also look forward to some other DPS classes and I will finally work on some tanking classes in the near future as well.
Everybody have a great New Year and we will see you in 2009.
PS: If you would like to leave a suggestion please do by posting a comment. I do plan on getting a web form soon that will send me a private email, but I am still working out the kinks of the script with WordPress.
I want to take a timeout from posting and wish all my viewers a Merry Christmas, and a Happy New Year. I hope your holidays are just as good as mine.
Frostmoon
