Support NeoGAF

[buizel]

Okay I haven't been downloading snow patrol or evanescence on limewire, but my android phone updated me for a calender event in the calender app to WIN AN IPHONE XS bit.ly/suckmydick or whatever .

but why

 

[kingbean]

Weird porn sites'll do that.

 

[bucyou]

you're already dead OP

 

[Tesseract]

just do a back up reset, it takes like 30 minutes total from reset to app update

fuck those hackers

 

[nocsi]

Browser probably got you to download an ical:// and your phone executed it. But, lol Android users.

 

[CSmath22]

Your only option is to drive out to the middle of the desert, and bury the phone as deep as possible, before 'they' come for you...

 

[Kadayi]

Could be worst. I had my Amazon account hacked a couple of weeks back. Thankfully Amazon realised something suspicious was going on and revoked all the orders (they bought a bunch of printable gift vouchers) but I had to nuke the site from orbit as far as my security goes. Complete fresh install of the PC, virus scans and rootkit checks through the wazoo (nothing), revoked all cards, redid all my passwords (and I use a password manager...) about 6 times, plus 2-factor verification for pretty much everything. However, after all that, apparently, it didn't stop them from trying to access the account 3 more times since (thankfully I've taken my cards off). Waiting to hear from Amazon about what's happening, and more importantly how they bypassed the 2-factor (which is a major concern), I switched from SMS to an Authenticator App and that seems to have stopped the attempts. Albeit generally useful, getting any answers from Amazon customer service has been like trying to get blood from a stone, and I've been passed from pillar to post and continually assured that the accounts team will get back to me.

 

[SLoWMoTIoN]

Okay I haven't been downloading snow patrol or evanescence on limewire, but my android phone updated me for a calender event in the calender app to WIN AN IPHONE XS bit.ly/suckmydick or whatever .

but why

neogaf titcoinmining

 

[Slings and Arrows]

I share your pain OP. I was hacked on Paypal, most likely from a scammer on Ebay who bought my product and then claimed he bought it by mistake. Cost me £40 and I had to wipe Ebay and Paypal from all my devices and close paypal for good.

No loss though. I've saved a fuckton of money from not being random shit on ebay

 

[hariseldon]

Could be worst. I had my Amazon account hacked a couple of weeks back. Thankfully Amazon realised something suspicious was going on and revoked all the orders (they bought a bunch of printable gift vouchers) but I had to nuke the site from orbit as far as my security goes. Complete fresh install of the PC, virus scans and rootkit checks through the wazoo (nothing), revoked all cards, redid all my passwords (and I use a password manager...) about 6 times, plus 2-factor verification for pretty much everything. However, after all that, apparently, it didn't stop them from trying to access the account 3 more times since (thankfully I've taken my cards off). Waiting to hear from Amazon about what's happening, and more importantly how they bypassed the 2-factor (which is a major concern), I switched from SMS to an Authenticator App and that seems to have stopped the attempts. Albeit generally useful, getting any answers from Amazon customer service has been like trying to get blood from a stone, and I've been passed from pillar to post and continually assured that the accounts team will get back to me.

Good decision going from SMS to authenticator. SMS 2FA is worthless given how easy it is to socially engineer mobile companies to steal someone's phone number. Lots of other vulnerabilities too.

 

[Constant Flux]

Could be worst. I had my Amazon account hacked a couple of weeks back. Thankfully Amazon realised something suspicious was going on and revoked all the orders (they bought a bunch of printable gift vouchers) but I had to nuke the site from orbit as far as my security goes. Complete fresh install of the PC, virus scans and rootkit checks through the wazoo (nothing), revoked all cards, redid all my passwords (and I use a password manager...) about 6 times, plus 2-factor verification for pretty much everything. However, after all that, apparently, it didn't stop them from trying to access the account 3 more times since (thankfully I've taken my cards off). Waiting to hear from Amazon about what's happening, and more importantly how they bypassed the 2-factor (which is a major concern), I switched from SMS to an Authenticator App and that seems to have stopped the attempts. Albeit generally useful, getting any answers from Amazon customer service has been like trying to get blood from a stone, and I've been passed from pillar to post and continually assured that the accounts team will get back to me.

Whoa, that's hardcore fuckery right thurr.

 

[petran79]

I use a randomly generated password. Don't have any credit cards stored. Recently they logged into my twitch account though I wonder for what purpose.

 

[Kadayi]

Good decision going from SMS to authenticator. SMS 2FA is worthless given how easy it is to socially engineer mobile companies to steal someone's phone number. Lots of other vulnerabilities too.

Indeed, either way though, it's going to be a while before I feel comfortable about even thinking about leaving my card details online with Amazon that's for sure, as I'm not entirely sure how they managed the hack truth be told.

If they'd hacked my password manager they'd have gotten up to all sorts of ass-fuckery beyond Amazon, but I have that locked down with fingerprint recognition via an authenticator, so I think that's highly unlikely (plus I've changed the MP on that a few times also, set it to country-specific, and it tracks logins). I have my emails tied to a different authenticator, and I've changed those all up (did all of this from a different PC/location also). All my site passwords are unique 20+ hashed so they're not brute-forcing matters either. Keylogger/rootkit? Well, I went deep down the rabbit hole of making sure my reinstall was thorough (downloaded the windows installer from a different PC) and removed all the partitions on the SSD before carrying out the reinstall, in case anything was lurking in those hidden start-up partitions Win10 creates. I 've run BIOS Scans and start-up scans from pretty much every AV out there and they're all coming up clean, and I'm not running any illegal software on the machine either. Any smaller software apps I've been unsure about I've run through scanners and searched online for hack reports but nothing to suggest any of them are up to shenanigans. As with anything, you can never be 100% certain, but I'm reasonably confident that at my end at least things are secure, which begs the question as to how secure things are at Amazon's end.

No loss though. I've saved a fuckton of money from not being random shit on ebay

Heh, Yesterday I almost caved and bought a Rift S through Amazon as I'm super into NMS and Dat VR experience looks compelling. The plan was to just buy with a card and then take the card off once the order went through (I did the same thing a week before for some fan cables without issue) however because they don't ship them automatically (even with Prime) I'd have had to have left the card on there until they dispatched the order which frankly wasn't worth the risk in my view so I cancelled it (II just need to resist buying one from Argos now...).

 

[hariseldon]

Indeed, either way though, it's going to be a while before I feel comfortable about even thinking about leaving my card details online with Amazon that's for sure, as I'm not entirely sure how they managed the hack truth be told.

If they'd hacked my password manager they'd have gotten up to all sorts of ass-fuckery beyond Amazon, but I have that locked down with fingerprint recognition via an authenticator, so I think that's highly unlikely (plus I've changed the MP on that a few times also, set it to country-specific, and it tracks logins). I have my emails tied to a different authenticator, and I've changed those all up (did all of this from a different PC/location also). All my site passwords are unique 20+ hashed so they're not brute-forcing matters either. Keylogger/rootkit? Well, I went deep down the rabbit hole of making sure my reinstall was thorough (downloaded the windows installer from a different PC) and removed all the partitions on the SSD before carrying out the reinstall, in case anything was lurking in those hidden start-up partitions Win10 creates. I 've run BIOS Scans and start-up scans from pretty much every AV out there and they're all coming up clean, and I'm not running any illegal software on the machine either. Any smaller software apps I've been unsure about I've run through scanners and searched online for hack reports but nothing to suggest any of them are up to shenanigans. As with anything, you can never be 100% certain, but I'm reasonably confident that at my end at least things are secure, which begs the question as to how secure things are at Amazon's end.

Heh, Yesterday I almost caved and bought a Rift S through Amazon as I'm super into NMS and Dat VR experience looks compelling. The plan was to just buy with a card and then take the card off once the order went through (I did the same thing a week before for some fan cables without issue) however because they don't ship them automatically (even with Prime) I'd have had to have left the card on there until they dispatched the order which frankly wasn't worth the risk in my view so I cancelled it (II just need to resist buying one from Argos now...).

Are you using a web-based password manager or offline? Personally I go hybrid with keepass and the file stored on my dropbox with a nice fat master password. I'm a linux user too so I'm one of those guys who's fairly paranoid about these things and reasonably techie. An interesting thing I've found is that Steam keeps sending me those emails where someone has used your password and it sends you a confirmation code (though I don't quite get how, given I use the authenticator in the Steam mobile app) and this happens even if I change my password from a linux machine (like it literally happens within hours) with a secure password. Now the thing is, there are far more attractive things than my Steam on my keepass so you'd expect those to be targetted instead, but apparently not. So I personally think the problem is at Steam's end given no amount of changed passwords (and to be clear I operate similar password hygeine to yourself) seems to help.

That's Steam and your issues are with Amazon so different organisations but maybe the same problem? One thing I do wish was more of a thing was per-site credit card details as credit card security is utter turd (I believe Apple's credit card does something along those lines) with the ability to revoke by site without having to do it on the site itself, but I could go on about piss-poor credit card security all day and bore everyone.

Re VR: Just do it. Elite Dangerous goes from boring to awe-inspiring and racing games in VR are revolutionary. I wouldn't get the Rift S though, I have a Rift and it's great, but the S has only 80FPS vs the 90FPS on the classic rift, which I reckon probably means the S would increase nausea.

 

[JSoup]

Ha, I had that same thing happen to my calendar the other day. Turns out it was a popup from a website.

 

[Kadayi]

Are you using a web-based password manager or offline? Personally I go hybrid with keepass and the file stored on my dropbox with a nice fat master password. I'm a linux user too so I'm one of those guys who's fairly paranoid about these things and reasonably techie. An interesting thing I've found is that Steam keeps sending me those emails where someone has used your password and it sends you a confirmation code (though I don't quite get how, given I use the authenticator in the Steam mobile app) and this happens even if I change my password from a linux machine (like it literally happens within hours) with a secure password. Now the thing is, there are far more attractive things than my Steam on my keepass so you'd expect those to be targetted instead, but apparently not. So I personally think the problem is at Steam's end given no amount of changed passwords (and to be clear I operate similar password hygeine to yourself) seems to help.

That's Steam and your issues are with Amazon so different organisations but maybe the same problem? One thing I do wish was more of a thing was per-site credit card details as credit card security is utter turd (I believe Apple's credit card does something along those lines) with the ability to revoke by site without having to do it on the site itself, but I could go on about piss-poor credit card security all day and bore everyone.

I use lastpass and tbh I haven't had any problems with it. I thought about maybe switching to something else, but I'm running a very tight ship on that front and there's nothing to indicate that they've been compromised. I've thought about linking a manual key also, but at the same time, I don't want to fuck myself if I lose the USB or anything. I've got Fingerprint recall/recovery on Lastpass now so unless someone chops my fingers off for the moment I should be good. Though I think we're going to hit a crisis point with this sort of thing in the long term because according to Lastpass I'm in the top 70k most secure users base on their security checks, and if I'm getting hacked.....most people I know don't even use 2 factor ....

Re VR: Just do it. Elite Dangerous goes from boring to awe-inspiring and racing games in VR are revolutionary. I wouldn't get the Rift S though, I have a Rift and it's great, but the S has only 80FPS vs the 90FPS on the classic rift, which I reckon probably means the S would increase nausea.

Yeah, I had to meet some friends for lunch today and afterwards strangely found myself standing in the queue at Argos. Downloading the setup software now (12 GB... ) Not sure how this is going to go, but fuck it. We're doing it live.

 

[hariseldon]

Kadayi - good decision on the VR. Now go get a wheel and pedals and get on some racing games. Maybe racing GAF?

 

[Kadayi]

Kadayi - good decision on the VR. Now go get a wheel and pedals and get on some racing games. Maybe racing GAF?

Having spent many years doing the motorway commute my interest in virtual driving is fairly limited, tbh. However, having just delved into the Wall-e style demo on Oculus I'm pretty impressed at the sense of space even if there is some slight screen door going on. Getting SteamVR set up at present for NMS Shenanigans later. I fear I may need to change my pants though

 

[hariseldon]

Having spent many years doing the motorway commute my interest in virtual driving is fairly limited, tbh. However, having just delved into the Wall-e style demo on Oculus I'm pretty impressed at the sense of space even if there is some slight screen door going on. Getting SteamVR set up at present for NMS Shenanigans later. I fear I may need to change my pants though

The daily commute is indeed boring, as it should be, but track days are like crack for me, the rift has done a sufficiently good job that I've been able to cut that habit right down.

Need to check out NMS at some point though I get the feeling it suffers from the same problems as Elite Dangerous in being huge and empty.

 

[Slings and Arrows]

Kadayi, are you from north or sarff of England?