Yesterday I was in a big hand with the nuts and suddenly my interest connection died. Am I being paranoid to wonder if it is possible I was hacked/or some sort of DDOS attack? This was in rush poker at Full Tilt Poker.

Yes, you're being paranoid.

Had to revisit this. Why is storing passwords in poker clients OK, but storing them in a browser without a master password (such as IE) is not?

Is it safe to use the following Chrome add-ons:

• *******
• Browser Button for *******
• Google Mail Checker Plus
• WOT
• Google Reader Notifier (by Google)
  Google Calendar Checker w/ Popup

I store most of my passwords in Chrome and in order to use Google related add-ons I need to be logged into my Google account.

Can people hack me / get my passwords via those add-ons? I'm losing it surfing websites w/o adbl0ck after using it for the last 2 years.

In a browser there is a very clear and well documented way to access stored passwords. If you save passwords in a browser without a master password, then someone with physical access to your machine could open your browser, click a few buttons, copy all of your passwords, and access your accounts on another computer.

Grabbing a password stored in a poker client is not so easy. Also, most clients require a second form of authentication such as a PIN or RSA code. The main risk comes from saving passwords in clients that do not use a PIN/RSA.

You can mitigate all of these risks by encrypting your system drive and turning off your computer when you will be away from it for extended periods.

This sounds like security by obscurity, and I find it genuinely surprising after all the open source stuff.

Once I have given the master key in Firefox, will my stored passwords be accessible to an intruder? Not via FF itself as it asks for the pw again if I want to view the stored pw's but some other way? Or does FF decrypt the passwords only as needed so they stay protected at all times, except when they're traveling from the store to the login query of a site?

I haven't come across any client that requires PIN/RSA for login (some do, or at least did require a pin at cashout), although that is an option at the biggest sites. Will using RSA make the stored password more secure or do you mean that the password is basically useless without RSA?

About crypting the hdd, let's see if I got this right: it only helps in case of physical access to my PC, which was shut down at the time?

Perhaps I wasn't clear. My last post was only concerned with possible threats arriving from physical access. Using a Firefox master password is not meant protect you if your computer has been infected by malware. If someone has gained remote access to your computer by means of malware or some other remote exploit your passwords should be considered 100% compromised. In such a scenario nothing you do can protect your passwords.

The only way to protect your passwords from malware is to not get malware.

The only way to protect your computer from threats arriving from physical access is to encrypt your hard drive and turn it off while you're away. A Firefox master password will prevent a nosy roommate/spouse/rogue friend-of-a-friend from quickly jotting down your passwords, but it's not going to prevent someone who is intent on stealing your info if they have physical access to a live operating system.

It's not. I mentioned it simply because I don't think you gain any security by typing in the password each time, but you do lose convenience. When people are inconvenienced they do silly things such as...

1. Leave the password in the clipboard after copying it.
2. Store the password in a plain-text file for easy copying.
3. Use a weak password to make it easy to type.

This will open possible security holes.


Yes this exploit is possible.

Sorry I typed that in a hurry. It should've read, "Many sites give you the option of using two-factor authentication." It doesn't make the password more secure. The password also isn't useless it's simply one part of the key that has two parts.

With all of that being said...if you're the type of person who is going to leave you're laptop powered on in some sort of public place for extended periods of time; or you live with super sketchy people; and you use clients that aren't configured to use a PIN or RSA token, you probably shouldn't store your passwords in your poker client.

My whole point is that for a poker player with a modicum of security consciousness, storing a password in a poker client is going to be no less secure than typing or copying it each time.

+1 nice job on the videos

Hy,

What software do you recommend for backup?

Also what add-ins to firefox do you recommend?

TY

I was wonder what your thoughts were on keyscrambler does it really work?

http://download.cnet.com/KeyScramble...html?tag=mncol

Make life easy for yourself and just get a Mac.

Below is the simplest secure setup. Anyone can afford it.
Big companies like Microsoft have similar internal rules.

1. Get a computer dedicated solely for poker. Format harddrive. Install you OS of choice.
2. Get an internet connection dedicated for poker only: ADSL, Optical, or Ethernet. Not wireless!
3. Get an appropriate router without(!) WiFi.
4. Setup the router, change its default password. Connect the poker machine to the router. You will be behind the router's firewall.

Follow these simple rules. Treat them seriously. They can't be ignored.
0. Ensure that only you will ever use your poker machine. Setup BIOS password if somebody else lives in your house. Windows password is not enough!
1. Don't connect any other computer to the 'poker' router.
2. Install only major well-known poker programs and scripts. Download them directly from vendor sites!
3. Don't use a flash drive (security token is exception). You never know who have used it. You, your mom, wife, or son can infect it somehow.
4. Use online-drive services to save/upload/download your hh archives, PT/HEM databases, configs, certificates.
5. Again. Remember #2. Install only trusted poker-related programs from well-known vendors.
6. Use the machine for poker & money transfer only. Play, analyze, cashout, and online bank. Use ANOTHER computer for forums/books/videos/whatever.

Personally, I have been using such setup for years.
I have never used antivirus software.
I have never found any piece of **** on my poker machine.


Another time, I will tell you how to protect the largest hole we have not discussed yet - your email.

Just wanted to ask, how safe is a poker account that has its password stored and a secondary PIN to log into it?

The password is changed every month.

Hello, have you got any advices for a good and secure e-mail box?even if they are not free.
I have heard about Hushmail and would like to know your point of view about it...

Unfortunately you've asked a question that has no answer. I can't tell you how safe your poker account is. With the information you've given, all I can say is that your account is probably safer with a PIN than it is without one.

This depends on what you mean by secure. For almost all users Hushmail offers no practical advantage over Gmail.

If you'd like to step up from Gmail, I recommend setting up a Google Apps account with your own domain. This prevents someone from using the Gmail password recovery tool. Google Apps Standard is free but you'll need to pay $10/year for your own domain name.

about the gmail password recovery thing: how easy is it to hack a gmail account that way? I see on the form that it asks for the date the account was created and the "last password you can remember."

How lenient are they in terms of acceptable answers? Like does the date have to be exact, or within a week/month?

I never submit a secondary email when I create a new email account, does that make any difference in terms of security?

I'm not sure. I haven't tested this extensively. All I can say is there is likely a non-zero chance that your account could be compromised through this.

Never submitting a secondary email address is fine. If you do have a secondary email account then you need to keep that account as secure as your primary.

I already have a gmail account. Should I set up another email address? If so what would you recommend? TKS nytim

I recommend setting up a poker-only email account. Gmail is the best of the free providers.

Basics

There is no single action you can take to achieve absolute security (the only safe computer is one that is turned off, disconnected from the Internet, and in a locked vault) and security concerns and "ease of use" are sometimes competing concerns.


~Enforce strong passwords
~In general, do not write your passwords down, and if you must, keep them in a secure place (Do not put them on a sticky note attached to your monitor for example).
~Keep your system up to date. Updates, particularly security updates, bring you the newest and latest fixes.

# Deny all cookies and add trusted sites, allowing only for session.
# Install NoScript. Again block all and add trusted sites to a white list.
# Install Safe History
# Block Ads

Programs that I suggest:

Internet browser
- Firefox
Media player
-VLC Player
Office
-OpenOffice
Crap cleaner, registry fixer, program uninstaller,...
-CCleaner
Instant messaging
-Pidgin
Zip-Rar
7-Zip
Password generator
KeePass
Mail
-Thunderbird

Make sure you have strong E-Mail password. Because if they can get access to your E-Mail then they can get into your poker account too.

Also make sure that you use Windows 7, because if you're still using XP (10 years old OS) that's a NO GO if you want maxximum security.

DNS

How to change your DNS adress?
Go to Control Panel>Network Connections and select your local network.
Click Properties, then select Internet Protocol (TCP/IP).
Click Properties.
Select "Use the following DNS server addresses" and enter:
208.67.222.222
208.67.220.220
(this is the OpenDNS adress with tons of options, also usually faster).

Use trusted sources. When downloading software, get it from a trusted source (softpedia, download, snapfiles, tucows, fileplanet, betanews, sourceforge).

DO NOT install firewall, because in the most cases is just there to eat your resources, money and your nerves. Windows built in firewall is enough.

Antivirus program is not the most important thing, but you should use it when finances are in the game Microsoft Security Essentials.

Don't download and or install cracked software, because it usually contains bad-code!

~ Even if you're not using Internet Explorer, you have to keep it up to date, because of security holes.

Cryptography

-TrueCrypt is a software application used for on-the-fly encryption (OTFE). It is distributed without cost and the source code is available. It can create a virtual encrypted disk within a file or encrypt a partition or (under MS Windows) the entire storage device (pre-boot authentication).

Enable PIN code on your poker account, also order yourself a Security Key.

Safe web browsing habits are huge can protect you from most of the potential threats.

Awesome post, vote for sticky or sticky merge or something. Really sums everything up.

There's just one additional thing which is worth the hassle imo, creating an windows user account without admin rights.
That basically prevents you from 99% of all malware and is basically the one reason why many people believe other OS than windows are so secure.

We had a discussion about that and UAC in this thread and some very simple instructions how to do it as non pc savvy user:

It's 2 minutes of work and improves your computer security tremendously.

I just did everything from the vids apart from the Untangle thing.

How does the fact that my desktop has another user (my brother, NOT admin acc) affect my poker account security? Is it dangerous if he is not as cautious as myself?

Btw thanks funkyworms. This topic is pure gold. It scares me that I've been around this long without realizing how vulnerable I was!

Edit: and is there a way to thoroughly check your system for malware? I'm thinking antivir scan, adware scan (are people still using this? Havent used it in years) and/or hijackthis

Do you mean "your passwords stored in FireFox", or really ALL of your passwords? Are, for example, the ones in KeePass in danger too then?

Just read the whole topic and I understand now that there is nothing you can do to protect your passwords, even from KeePass, once a keylogger gets on to your PC, so nevermind this last question

What are your thoughts on Sandboxie?
Any idea what the best way to set it up is?
It seems like it's only securing my internet browser (FF) by standard...

And is downloading from paid newsgroups (giganews) as dangerous as downloading from torrents?