If you have Online Poker Accounts - YOU MUST READ THIS

[byronkincaid]

It's also possible they could guess/brute force your password - this would be far easier on a site where your display name is your user name (as they wouldn't have to figure out what that was too!)

Yeah this is a concern. Why do I need 3 or 4 passwords/codes for my bank account but only one password for my poker account?

[Bongo]

Because banks need to maintain consumer confidence so they can continue the switch to online banking and increased profits?

[thetank]

Can using the accesability options thing (where you click on an on-screen keyboard with the mouse to type) get round a trojan that logs your keystrokes?

[Bongo]

They'd probably take screen grabs too.

When the banks started using drop downs with letters in and stopping people from typing the trojan authors quickly added in screen grabbing ability.

[byronkincaid]

Because banks need to maintain consumer confidence so they can continue the switch to online banking and increased profits?

Poker sites need to maintain consumer confidence too I would have thought.

[Bongo]

When was the last time someone's poker account being hacked made the news?

[cambo]

Elsewhere, in "The Lounge", Chris Bruce warned us of a Virus/Trojan or whatever that is compromising players Online Accouts. In his case, it was at Betfair, but it applies equally to any site I suspect.

I somehow get involved in all sorts of "behind-the-scenes" stuff & I've become aware, invovled in fact as a conduit to help solve the problem, of just such a case this week.

A very well-known Online Player - almost of legendary status - has had his Account compromised this week. He's lost over £20,000.

His Computer Software & Management is supremely good, he keeps a 6 figure sum across various sites, & has as much as half-a-mill on some sites from time to time.

He took EVERY possible precaution - but the money has disappeared.

He wants to deal with this quietly, not make a song and dance, quite properly, & get the problem resolved. I cannot - & it would serve no purpose, name him, or the Site - but I don't believe EITHER party have done anything wrong. Someone, somehow, has compromised the Account.

BE CAREFUL. Please.

The Chris Bruce thread (wholy unconnected to the case I know about) is HERE.....

http://blondepoker.com/forum/index.php?topic=28484.0

just relised who this is

hopefully ull get it sorted mate gl

[kinboshi]

what I did was have a computer which ONLY had poker programs on it, no MSN/YAHOO, no surfing the web, nothing. Any of that crap was done on a laptop/seperate computer, and when I had finished playing poker, I turned the PC off and used a different one. This is pretty safe overall, and computers are so cheap these days its scandelous how sloppy the big stakes players get with computer security. How can this be exposed, techies?

I think that sounds pretty safe, the only possible way i can see a problem is if there is a program that can go accross all machines on your network for instance.
ie-program(virus or whatever) gets downloaded onto your laptop then gets to your poker pc via your network,
i dont think that can/would happen but its the only thing i can think of.
Im sure the real techheads will soon have there say

Don't network the 'poker' PC.  Have it on a separate internet connection, so it isn't connected to your other PC/network of PCs.

[Bongo]

Because banks need to maintain consumer confidence so they can continue the switch to online banking and increased profits?

Poker sites need to maintain consumer confidence too I would have thought.

How many still play on Absolute too?

I just came by to share this worrying graph:


Red: Infected files not detected by at least one antivirus engine.
Blue: Infected files detected by all antivirus engines.

From the statistics section of Virus Total (http://www.virustotal.com/estadisticas.html), which allows you to upload a file and have it scanned by 32 different Anti Virus products...

[AndrewT]

The player that Tikay mentioned has got his money refunded in full. The hacker hasn't been caught yet though, but there are leads.

[doubleup]

The player that Tikay mentioned has got his money refunded in full. The hacker hasn't been caught yet though, but there are leads.

I noticed in Tillermans blog that he got hacked as well - so clearly poker players are targets.  Organised crime have been trying to place crooks in financial services for some time and that industry is far better regulated.  Players should press for minimum security standards from sites e.gs. the ability to tick a box that would only allow log on from one poker client, concealment of account details from support staff without authorisation, safeguards against automated brute force hacking.

[Bongo]

I think some form of 2 factor authentication (example) would probably be better, I know a few people who need to use them to log in to their companies network, and I think some banks use similar things.

[doubleup]

I think some form of 2 factor authentication (example) would probably be better, I know a few people who need to use them to log in to their companies network, and I think some banks use similar things.

Yes that would be good, but obviously expensive to implement and the delay created might put off the sites, while my suggestions would improve matters more simply.  The main point I was trying to make is that there are too many accounts being hacked and the sites are clearly being negligent in their practices. 

[Bongo]

I think some form of 2 factor authentication (example) would probably be better, I know a few people who need to use them to log in to their companies network, and I think some banks use similar things.

Yes that would be good, but obviously expensive to implement and the delay created might put off the sites, while my suggestions would improve matters more simply.  The main point I was trying to make is that there are too many accounts being hacked and the sites are clearly being negligent in their practices. 

Or the users in theirs!

I'm not sure how you would (reliably) lock down access to only one machine.

Even then I imagine that it would be possible to either spoof the user's machine, or maybe even use their own machine.

If the attackers somehow have access to the site's system then I imagine they could just change the setting from that end and gain access that way.

[doubleup]

I think some form of 2 factor authentication (example) would probably be better, I know a few people who need to use them to log in to their companies network, and I think some banks use similar things.

Yes that would be good, but obviously expensive to implement and the delay created might put off the sites, while my suggestions would improve matters more simply.  The main point I was trying to make is that there are too many accounts being hacked and the sites are clearly being negligent in their practices. 

Or the users in theirs!

I'm not sure how you would (reliably) lock down access to only one machine.

Even then I imagine that it would be possible to either spoof the user's machine, or maybe even use their own machine.

The poker client could surely be easily numbered (it probably is anyway)- so the hacker would need to know that number and be able to modify a client to imitate that number and the user's password.

If the attackers somehow have access to the site's system then I imagine they could just change the setting from that end and gain access that way.

Errr the sites negligence again.