Club Penguin Fan Universe:Hacking Defenses

Since there has been talk about hackers and the like lately, thought I'd give you guys some insight on how to secure your accounts;

Brute Forcing
Brute Forcing is one of the most common ways to get one's password. Brute Force consists of guessing a password (usually via a software) using every word/letter in the dictionary until the correct password is found. Used if hacker suspects target of having a weak password.

How to Counter Brute Force Attacks

 * If you have a simple password (flower, gorilla, happy etc.) then I suggest to change it immediately. The more simpler your password is, the greater chance brute forcing has of finding it.
 * A very good program to counter brute forcing is Online Password Calculator. You simply click on the things your password may consist of, and it calculates the time it will take for a brute force attack to find your password.

Phishing
Phishing will work if the target is gullible enough. What phishing consists of is creating a website (usually under free webhosting domains) that disguise themselves as a trustworthy website. If target falls for the website and enters their accountname and password, it sends an e-mail to the hacker's email address telling him/her their information. Phishing mainly relies on social engineering and the gullibility of users.

How to Counter Phishing

 * Always look carefully at a URL. Example; www.clubpenguinfanon.wikia.com is this site's name. Phishing sites have stuff like www.ripway.clubpenguinfanon.com etc.
 * Be sure to google a site's name if thinking of visiting a site. If the search shows results that look the same, don't go there.

Social Engineering
Social Engineering is not a hack at all, and requires no software. Social Engineering is mainly using cunning talk and psycology to convince target to give them their personal information, passwords, credit card numbers etc.

How to Counter Social Engineering

 * NEVER give your passwords and personal info to ANYONE. Not even your mom, your dad, your brother, your sister, Towley, Colonel Sanders, Jerry Springer, Oprah, a site administrator, ANYONE.
 * If you suspect someone is using social engineering techniques on you, tell them nothing. Simple question you need to ask yourselves; why would this person want my personal information?

DDOS (Distributed Denial of Service) Attacks
DDoS attacks depend on getting the DDoS client to run on a wide range of machines. The usual trick is to package it as a "Trojan horse", an innocent-looking but secretly malicious program that unsuspecting people will run. Once a Trojan is activated, one of the first things it typically does is register its presence somewhere, usually by sending TCP/IP packets to a well-known destination.

How to Counter DDOS Attacks

 * Go to Microsoft's security bulletin website]. Download all the pertinent patches you don't already have installed.
 * Configure your firewall to block (or, better, ignore) traffic on any port you don't actually need. If you don't know which ports should be open for particular services, see Microsoft Knowledge Base (KB) article
 * Review the TCP/IP hardening settings described in Security Considerations for Network Attacks Apply them to any server which is exposed directly to the Internet.

Unfortunately, protecting your machines against attacks can be difficult because attackers keep changing their modus operandi. It's simpler to prevent your computers from becoming zombies and contributing to the DDoS problem. A few simple steps that you can take now will do the trick:


 * Protect your machines against compromise. If your machines don't get Trojans on them in the first place, they won't act as DDoS participants.


 * Don't run attachments/programs you get from unknown or untrusted sources. Be careful with programs that come from or claim to come from -- club penguin cheating sites, adult sites, and the like. If you're running Windows 2000 or Windows XP, never use the Administrator account, or any account with similar privileges, for routine tasks. Having a Trojan is bad; it's worse when that Trojan runs with administrative privileges.


 * Use antivirus software. The major antivirus vendors are all very good at quickly producing updates when a new Trojan is released in the wild. Diligent use of these tools will help keep your machines clean, particularly if you use them to scan new files before you execute them. I recommend Norton, Trend Micro Internet Security, and McAfee.

General Tips

 * If you have set your passwords as "Remember me" then delete it. Hackers can backtrack your information - they can backtrack that too. Best way to remember your passwords is to write it down somewhere safe.
 * Be sure to keep your password nice and long so that there's a greater protection. Having a combination of lower case and upper case letters, along with numbers, is a good way to protect your account. Be creative when thinking of a password, but always make sure its easy to remember, and write it down.

Comments

 * Hopefully this has helped some people  [[Image:PhotoshopIcon.png|This user is a Rollback]] Bugzy Talk 12:18, 25 May 2009 (UTC)