Piu

Introduction/Background Hi, I'm Piu. Some here know me, most here however do not. I used to be a e-mail hacker, back in 2008, and let me tell you, your RuneScape account and email account are both more vulnerable than you think it is. Until in 2010, I've got myself into some legal troubles, and had to stop my online theft. By composing this guide and sharing my knowledge as an ex-hacker with everyone else here in TIF, I hope to pay off for the things I did to the online community many years ago. What you can expect in this guide you will find almost no other site. I won't be here to tell you what phishing links are, and what they do, and what you should do when dealt with one. I expect readers of this guide to minimally know their security basics. E-mail Security: In this section I will be covering on how to keep your e-mail safe, for people using Gmail, Hotmail and Yahoo. Usually there are 3 ways to recover/break in an email account:"Send my password to secondary email" Security Question Customer Support In my experience in hacking, Hotmail accounts are the most vulnerable and have terrible account security and a flawed recovery system. As such, I will be using Hotmail as an example throughout the guide. "Email me a reset link" Usually when trying to break in an account, this method would seem obsolete to hackers. But how this can turn into their favor is that they will get to know your secondary email. Before sending the confirmation mail, Hotmail/Yahoo will show you a partially censored email of the one they are sending the confirmation mail to. So if my secondary email is [email protected], it would show as Pi******@Hotmail.com. Usually people use the same username logins for different domain emails, so it's pretty easy to guess based on the first 2 characters. What this means is that if the hacker fails to break in the primary email, he has a secondary email to break into. In my experience, secondary emails are dormant and rarely logged into, as such, the recovery process and details required is much less compared to an active email account. What you should do: - Create different usernames for your secondary and primary account. (e.g. [email protected] & [email protected]) - Log in your secondary email account frequently, or at least once in awhile. Security Question: Hotmail and Yahoo tend to have stupid guessable questions as their security questions. People in real life with malintents would easily break into your email account if your security question isn't guarded correctly. I won't be here to give tips and such to have to a strong security questions. Instead, I'm telling you - verify your phone with your email domain. On Hotmail, this can be done by clicking on "Options" on the top-right corner of the screen, and scrolling down to "SMS." Now, what this does is that in the recovery system, if you have a phone linked to your email account, the security question option for recovering an account would instead be replaced by a "Send a code to my mobile phone" as shown below. That way, hackers don't even have a single chance in infinity to crack your account with the second option. Customer Support: This is one of the most favored method of breaking in an account by many hackers, due to the flawed recovery system of Hotmail and Yahoo accounts. When someone chooses to recover an account via the customer support option, they will be faced with this page http://img834.imageshack.us/img834/9621/watpy.png (Image is quite large, so I decide to leave it in a link) As you can see, simple things such as your first and last names, birth date, country & region and previously sent emails are included in the recovery system. These information are easily social engineered and researched on certain websites (which I will not name), even if the person does not know you in real life. What you should do: I wouldn't recommend anyone to put in their actual birth date and full name for their email addresses. These can be changed by clicking on "Profile" on the drop down menu on the top right corner (hotmail). Also, do not reply emails sent by people whom you are not familiar with, as the reply message and recipient's email can be used in the recovery process. Other security measures:*IMPORTANT* 1. Search for the word "Password" in your e-mail search box. Delete any emails that contain passwords which you used to sign up for other things, i.e. YouTube, Groupon, Blogger etc. In my experience, these passwords people use are either 1. Their current RuneScape password or 2. A previous password they used. Even if it's a previous password, you run the risk of your RuneScape account being recovered. You'd be surprised how many emails that contain passwords in your inbox. 2. Search for the word "Jagex" in your e-mail search box. You will find either of the two:Loyalty points Billing information Delete all the emails related to the above. Loyalty point mails include your display name at that current time, which is crucial information that can be used to recover your RS account. Billing information emails contain the full information of your membership purchases, from date of subscription to the transaction ID code. This is very, and I emphasize VERY vital in a recovery process, holding up to 15-20 of the 60 points required to pass a account recovery. WORK IN PROGRESS

So smuggled Dungeoneering items work for the baby troll?

I was bored, so from the tiny pixels you left out, I managed to fix the puzzle and find out each player's name. :D

It's funny because I have no lag and FPS issues whatsoever. Maybe you should consider getting a better computer if you haven't upgraded yours recently, you can't expect Jagex to keep up with the graphics but be held down by lower-end computers. I'm still on a GT9500 GFX card and I can support almost maximum graphics with 50 FPS, my other computer is on a GTX550-Ti and it runs everything smoothly, so I don't see why people are lagging FPS-wise. There are options for lower graphics aswell. If you lag on FPS, why not try lowering them? Ping lag-wise, I'm from Asia and the lowest ping I can get on a server is 250. It doesn't disrupt my gameplay. You're from the UK, so I'm not sure what causes you to lag.

That's not the point. He's trying to point out that although $2 is a small amount compared to other things, it causes a larger impact on a percentage of people than most of you here claim it to be.

Support for Kim. :D Now you don't have to bug me to dungeoneer when I'm away. Just curious, do Jagex actually read suggestions here?

I'm not sure about you, but all my the IP addresses of devices in my house end in different numbers. For instance, the one I'm currently on ends with a 55, my brother's computer ends with 50 and my iPod's IP address ends with a 52.

I was just asking what type of passwords would be more difficult to decrypt/unhash?

Of course not. Personally, I know the encryption method they use for their passwords, but I would assume they won't want it publicly known.

Thanks for the answers, guys. :D

Well, as you know, most of the sites you see on the internet are vulnerable to all sorts of database breaches. Although they use several encryption systems (Most commonly md5 with two salts, Tip.It uses that.), they can be bruteforced with several wordlists, most commonly the rainbow table. I'm just wondering, what sort of passwords would be more difficult to decrypt using said tables? A mix of words like horsecowman? Or mix of random letters and numbers like a3j1mdc? Thanks.

Try to bandstand less by fletching when watching videos, etc. Aiming to max, but I doubt I'll get there by 2012. Always could make good progress in a year though. Happy new year, everyone.

*Bold is for what I used. I'm not saying they're better, but should be a general outline of what people usually use for Jad, since my equipments are based on like 5 videos and 3 guides. Also bring a prayer renewal for Jad. I've never tried Ganodermic before, but it should be pretty good because of the mage soak.

Kah bah gee, Iglw! Everything looks nice so far. :D I'd like to see some of your short stories though, you were always a good writer. I really enjoyed reading your 'Battle For The Patch!' (or whatever it was) novel alot.

Good man, Piu. :thumbup: :thumbsup: Stile is faster, regardless open gate or closed gate.

Use the stile.

Some xp lamp dupe I presume.

1 post seemed fishy. But thanks. :)

It's pretty interesting. Never seen a live PK commentary before. Keep up the good work. :)

It is. I already uploaded a photo of all the altars being aligned from west to east.

Played some games with EoE today. Came up with a cute outfit:

When i box staked i got scammed couple times. Wonder if that's what you mean it's not "total random". nope I mean that theres other hidden mechanics like PID out there that only a few people have realized. The actual dice rolls involved in combat are random. However, things like PID, kiting, attack styles, etc. can be abused to shift the odds in your favor. Nope its not random :lol: theres just more to it then you realize. Theres a reason some players win boxes 60-70% of the time and others lose more often, and its not luck of the draw. Not to mention that there's a 'glitch' from a semi-recent quest that helps boosts your stats in boxing stakes (although effects are miniscule). Add that to PID, and some other stuff that I may not know off, staking is just as bad as dicing it.

CF's new slayer gear. :D /troll

Open your console. :)