Recently I have seen a lot of threads on this site about a player's accounts being “hacked,” and while I sympathize, I wonder how much of it they could have prevented in the first place. Don’t get me wrong, I in no way condone stealing from others--outside of a great poker move, that is. I know many of you spend countless hours researching poker, players, theories, ROI, M, the gap concept, etc., but how much time do you spend making sure you are protecting yourself from these types of thefts? It really only takes a little bit of time and in the end can save you loads of money. <READMORE>

Let start with a few terms and make sure we all understand their meaning. *

<SPAN>*Terms and definitions taken and modified for use from Wikipedia.</SPAN>

Spyware - computer software that collects personal information about users without their informed consent.
Keylogger – software used to obtain passwords and encryption keys, thus bypassing security measures. Keyloggers are widely available on the Internet.
Trojan Horse - may appear to be useful or interesting program but contains or installs a malicious program.
Virus – a computer program, which reproduces and is designed to infect or corrupt files on a computer.
Worm – A self-replicating computer program; unlike a virus it does not need to attach itself to an existing program. Worms harm networks whereas a virus harms a machine.
Backdoor – a method of bypassing normal authentication while attempting to remain hidden from casual inspection.
Encryption – the process of obscurring information to make it unreadable without special knowledge.
Pharming – an attack aiming to redirect a website’s traffic to another bogus website.
Phishing – fraudulently acquiring sensitive information such as passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
Social Engineering – the practice of obtaining confidential information by manipulating users.
Hacker - someone who exploits systems or gains unauthorized access by means of clever tactics and detailed knowledge, while taking advantage of any carelessness or ignorance on the part of system operators.

I have seen the term hacking/hacked/hacker used incorrectly quite often. A hacker isn’t necessarily a bad person with bad intentions. Put simply, someone who steals your account information and or passwords and uses it for their own gain is a thief. Legal steps can be taken against these thieves, but unfortunately, finding and prosecuting them can be tedious at best and impossible at worst.

When an account has been compromised, the most common reason is poor password selection. Passwords such as poker, money, tilt or even password1 are ridiculously easy to crack. Personally, I try to use a password that is at least 8 characters long and contains upper and lower case letters, as well as numbers and special characters. Some passwords I have used in the past (and will never use again) are B0rN2fI$h (born to fish), 4ceD2w0rK! (forced to work), 20o6W$0p (2006 WSOP), etc. These are all simple phrases to me and easy to remember. A good way to verify the strength of a password is to visit the following site: http://www.microsoft.com/athome/secu...d_checker.mspx. This page, provided by Microsoft, will rate your password complexity and tell you if your password is Weak, Medium, Strong, or Best.

What about remembering all these passwords? I don’t know about you, but I have somewhere in the neighborhood of 50 personal passwords and probably twice as many professional ones. Fortunately, I have only 4 to actually remember. I use a password manager to store and encrypt all of my passwords. Before using a password manager, I would<SPAN> </SPAN>write them down and store them in my wallet, but not anymore. Now they sit right there on my hard drive, and I store a copy on a thumb drive in case of a hard drive crash. There are many different applications you can use – do a little research and find one that’s right for you. I have used PasswordSafe<SPAN> </SPAN>http://passwordsafe.sourceforge.net/ and RoboForm http://www.roboform.com/, and I find them both to be excellent applications.

Finally, change your passwords often. The longer you keep the same password, the greater the risk of that password being exploited.

The second most common reason for a user's account to be compromised is social engineering. Social engineering is the act of getting a user to provide the information the thief wants. Whether it is providing the thief with your user id and password or disabling security functions, social engineering is one of the hardest vulnerabilities to combat. Social engineers know that most people like to be helpful, and that a kind word and a smile can get them far.

Social engineering comes in many forms, the most common of which are called pharming and phishing. Pharming and phishing are best prevented by never trusting any electronic communication. You have probably seen an email come from a popular online auction site telling you your information has been compromised and that you need to click some link to fix the problem. Clicking the link directs you to a bogus site that looks nearly exactly like the site they are pretending to be. Once you have entered your information -- generally your user id, password, and security questions -- the social engineer has total access to your account and the funds associated with that account. Always verify independently what is being asked of you. Call or email the site and verify that they want your information.

Another popular form is to send a link or file transfer through an instant messaging service or email. Again, verify with the person independently that they sent you the file or link. Maybe their account has been compromised, and the attacker is now turning their sights on you. If you’re not sure, delete the email or instant message. I would rather confirm with the sender and make them send me something twice than unknowingly turn control of my PC over to them.

Spyware/Keyloggers/Trojans – I could write volumes on these subjects, just as many before me have. Simply put, find at least 1 anti-spyware applications you like (I have 3) and use it often. Remember to update the software every time you use it so that its definitions are current.

Be careful what you download. I know the latest skin for Pokerstars with that blonde bombshell is something you just have to have today, but is it really all you are getting? Is the source trustworthy? Are you sure? Many of the little “freeware” apps we see online are pretty cool, but did you ever wonder why they are free? Maybe it is because they are getting you to download and install more than what was advertised. Once you have installed the freeware, you may have installed a backdoor into your system and around your security. That blonde may look good today, but what will your account look like tomorrow? Check it out before you download it, and run a spyware scan after you install it.

There are some pretty cool apps out there that will help you determine if a site is legit. I use Site Advisor (http://www.siteadvisor.com/). It’s abrowser add-on from McAfee that will give you a Green, Yellow, or Red light as to whether the site you are visiting is safe and what other people have experienced with it in the past. VirusTotal (http://www.virustotal.com/en/indexf.html) is a free service for scanning suspicious files using several virus engines.There are many, many more resources out there, most of which are cheap or free.

Virus and Worms aren’t as big a concern for theft as the aforementioned Spyware Keyloggers and Trojans. Viruses and Worms are more of a “look at what I can do” issue. The most profitable use for them is disrupting a company's business, rather than an individual’s. It is important for you to have virus protection and to keep your virus definitions up to date, because once you are infected with a virus, it weakens your overall security and puts cracks in your armor.

I use many resources and have subscriptions to numerous newsletters discussing information technology security. Some of the places I can recommend for research follow. Some are easier to use than others, so check them out and see which suits your needs the most.

www.pcmag.com - PCMagazine - search for security and other similar terms.
http://www.microsoft.com/security/default.mspx- Microsoft security
<SPAN>http://WindowsSecrets.com<SPAN> </SPAN>- Windows Secrets – everything Microsoft forgot to mention</SPAN>
http://www.schneier.com/blog/- A weblog covering security and security technology.
http://www.ftc.gov/infosecurity/- OnGuard Online consumer security information.
http://antiphishing.org/- Anti-phishing workgroup
http://www.mynetwatchman.com/- myNetWatchman collects, analyzes, and reports malicious access attempts to ISPs, who can then take action against the offending machines.

Take a little time to make sure you stay secure. You will almost never regret it.
</READMORE>