Ok so im now paranoid about email hacks after reading all about this last night and this morning.

What steps can you take to make sure your email is safe. Is a crazy password like 38473hfhufy@##$ safe enough or should other precautions be taken

use keepass

was aboutn to it saw your post few minutes ago in othert section about it, so keypass makes it near impossible to hack into email accounts right?

the answers to the security questions are usually the weak point

no it just makes it so you never have to type a password or know it yourself...

it just creates a password that is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx in the database and then you copy paste it from there...

you have to have a "master password" to log into to keypass but from there its just cut and pasting xxxxxxxxxxxxxxxxxxxxxx to the login box...

seems pretty secure against keyloggers... I have never had to actually type my passwords for my email or any poker accts on my computer...


I don't know about hack proof tho, but i dont know how they could get around it...

Here's what I gathered from reading a number of different posts in the forums.

- If there is a keylogger on your computer then the password is immaterial, they are going to be able to get at your email account and more.

- It seems that a lot of the accounts that have been hacked have been from aol, hotmail or gmail. There are also programs on the internet to help people hack these accounts. Not sure if they work or not.

- I also recall reading speculation that one of hackers had some kind of back door access to aol accounts.

- The RSA token on stars seems to be a way to defeat the hackers.

This topic has been discussed in the past so do a search for advice from people much more knowledgeable than me.

I dont know much about hacking but I dont see how a keylogger could circumvent keypass

could be wrong tho

Always make sure your security question is impossible to answer. Example: Who is your favorite celebrity? Answer, "Noodles05193".

As far as I can tell, almost every case has involved email being hacked first. In my case, I'm pretty sure the guy wasn't even looking for poker sites. He just stumbled upon an email I got from ub with my screenname, and to request a new password from ub, all you need is the email address.

I'm not sure about the other sites, but I think in general, hacked email = hacked poker sites. So be super-careful about protecting your email account.

Mrwalken did you have a keylogger on your computer or was your email hacked another way ie easy pword

yes keylogger. according to some people in other threads, that is the explanation 99% of the time.

1. Don't use rubbish (free) Anti Virus like AVG. Buy something like Kaspersky Internet Security.

2. NEVER EVER use Hotmail or any other web based email for important stuff like banking or poker accounts.

3. A super strong password is essential.

4. When entering your password use virtual keyboard (if you have Kaspersky Internet Security) if not type it in parts using the mouse to move the cursor.
ie: type hfhufy (move cursor with mouse to start) type 38473 (move cursor with mouse to end) type @##$. You can vary how you do this from day to day.

5. Don't use AIM or similar progs. If you do be very careful.

what do you feel is a more secure form of email than "web based" ones like gmail or hotmail?

To be honest I dont really know how it works... would a program like thunderbird make it so you can only look at your email from YOUR computer or something like that?

I'm just looking for the same advice as OP. How does this keylogger get into your computer? I have Norton Internet Security (latest version) and run a full system scan every day. Also, Norton keeps all my passwords so I never have to write them out while sigining into poker sites etc.

link to virtual keyboard download please

I'd be interested to hear what ppl advise for types of email accounts as well. If you run it through something like comodo so the emails are more secure (but doesn't change the account security) is something like hotmail fine?

I'm not really that worried about keyloggers, as everything i use is filled in by autoform (email, online banking etc) and login to pokersites is "remembered" - from what i understand keylogging doesn't work unless you physically enter the password.

I use On-screen keyboard that comes with Windows XP.

You can simply access it by clicking Start - > All programs -> Accessories -> Accessibility -> On-Screen Keyboard.

Enjoy.

But, I don't really understand, how come AIM is a threat and you don't recommend using it? Same goes with MSN then, I assume? Thanks.

any chance any of the victims downloaded some type of hud or poker addon that possibly was compromised?

Make sure nobody knows your poker email address.

Yea, I sometimes wonder too. No offense to creators or anything, but all these little things, PokerStove, Stox software, Spadeeye and whatsoever - I guess it wouldn't be hard to code in a keylogger after months or years of usage (to win trust). Again, I am not saying these programs are or can be a threat, I am using them myself and I appreciate the effort - but just in general. Makes you think.

You can always run them on a seperate PC, or within a virtual machine (VMWare/VirtualBox).

Your firewall should go ape**** if those programs need the internet.

Use the POP email account that your ISP supplies. I assume you get that as standard in the States as we do in UK.

I forgot one other thing. NEVER install dodgy versions of Poker software (Poker Tracker\Holdem manager etc) - that's just asking for it.

Read any "I GOT HACKED THREAD" and most are something to do with downloading something someone sent them through a chat programme. Or their chat client got hacked first and the rest just followed.

This point might not be as good as some of the others in this thread but I think it can still be useful advice:

Have a separate email address devoted to each poker site. Do not use that email address for *anything* other than communicating with the poker site's support. Don't use it to register on any forums, or make an MSN account (or AIM, never used it so no idea if that's possible) or have anyone know that address except the poker site.

Far from foolproof (if you get keylogged you're ****ed automatically for instance), but a good idea nonetheless.