Giving away accounts

[Avogadro]

@argos

Okay, I understand I made it sound like "this is a simple thing" and all, but in all honesty it normally IS a simple thing. If this guy got into her computer he did it in one of three ways:
1) he got physical access to the system
2) he got her to run something that gave him access to the system, or
3) he managed to get a program on to her system using a buffer overrun or similar technique for drive-by infections.

I'd bet you money he did not do 3.

This whole "hackers can just log into the internet and go on your computer" thing is a movie plot. It normally requires physical intervention on the target computer side, 99% of the time accomplished by either tricking the user with administrator rights into making it happen or being on the machine physically. It's possible using some sort of software bug that allows code to execute on the machine, but highly unlikely. Unless this guy is some sort of super-genius and has discovered a method to buffer overrun RO, he's not likely to be sending code down to her machine. And honestly, judging by the sounds of her problem and the stuff this guy's doing, he's not. I don't know many people capable of doing things like that who are so immature. And even on the unlikely chance that he IS doing that, that's why you buy a hardware firewall and run nothing as administrator.

And if he's in the HeRO box (and really, I'm pretty sure any GM will agree that no, there are no viruses or backdoors on the HeRO server) he'd still have to find a way to get software on her machine again. Knowing someone's IP gets you virtually nothing, unless you have some reliable way of forcing code to run on their system. Think of it as your IP address is just like a street address. You can't break into someone's house just by knowing their street address.

And in case I haven't made myself clear, forcing code to run from remotely is not a trivial thing to do if you take some precautions.

Now I realize that credentially speaking, I'm not a career security professional, but I do have a degree in CS and am not just some cranky old man. But the things I recommend have proven themselves to me to prevent 99.999% of viruses and spyware from getting in, and things like not running as admin by default are the reason that, for example, it's more difficult to write an OSX virus or why Vista constantly brings up those black-screen-intervention boxes. If you have to log to admin or at least approve any software installation, it means you know what's being installed or at least means that nothing gets on without an operator knowing. And a hardware firewall. I can't say it enough. They are worth their weight in gold. All those "you'll get viruses if you put an unpatched windows machine on the internet" rumours are seriously diffused with a hardware firewall. It's not windows. It's just a firewall. Now if you want to get really paranoid, set up your wireless connection as a mac address whitelist so that NOTHING logs in without you explicitly allowing it, and in the worst case, set the firewall to respond to nothing. Not even ping. It's how our VPN at work is set up.

But what I see here is someone who is in a bind, and the obvious solution is being missed in favour of the unpleasant solution of "just give up this thing you obviously love". I just want to try and diffuse some of the despair here.