Forums

General Betting

Welcome to Live View – Take the tour to learn more
Start Tour
There is currently 1 person viewing this thread.
CLYDEBANK29
03 Nov 09 18:31
Joined:
Date Joined: 10 Jan 02
| Topic/replies: 13,454 | Blogger: CLYDEBANK29's blog
After watching Watchdog this week and seeing hackers logging in to email accounts in wifi hotspots it was clearly just as easy for them to hack into your Betfair account.

Banks have added security so that you are asked for different digits of your password or pin number and Ing Direct whom I have an account with have gone a step further where a numbered keypad appears on your screen which you click on rather than enter the numbers via normal keystrokes. Should Betfair do something similar?
Pause Switch to Standard View Should Betfair provide greater...
Show More
Loading...
Report Innocent Bystander November 3, 2009 6:32 PM GMT
Warnings for courtsiders and snipers being sent out in the morning :0
Report dk1986 November 3, 2009 6:38 PM GMT
They should definitely provide an on-screen keyboard as an option for signing in, if you so desire to activate it in, say, the 'My security' menu. The security-conscious can have it; the 'speed and ease' users can continue to log in as usual.
Report Hopeless bettor November 3, 2009 6:40 PM GMT
No, if people are using un encrypted wi-fi to access sensitive websites that is their problem, not Betfairs.

99.99% Of hacked accounts can be attributed ignorance of security on the account holders part, in my opinion. Most of the people who had their accounts hacked on email logged into spoof sites - their fault.
Report The Betfairy November 3, 2009 6:41 PM GMT
Definitely. It's something I requested a long time ago. Everyone should have the option to select enhanced login security.
Report bf trader November 3, 2009 6:47 PM GMT
a long time ago i set my betfair account security settings so it could only be accessed from the UK.

Recently when reviewing my online security i realised this was no longer active on my account. I've no idea why and my best guess was some kind of upgrade related issue.

If you have set country access up yourself in the past and not checked it recently I suggest you do.
Report CLYDEBANK29 November 3, 2009 8:01 PM GMT
It's clearly a growing problem and it's in Betfair's interest (like it's in the bank's interest) to prevent fraud. With the banks, as a customer, you are protected and your funds reimbursed in the event of fraud. As far as I know there is no such policy with Betfair, so for me personally I'm much more concerned with security on here.
Report DanDruff November 3, 2009 8:05 PM GMT
Makes fekk all difference to me - anything they find they can keep lol
Report Eldrick November 3, 2009 8:18 PM GMT
bf trader,

i just checked country restriction status and it does look like they have changed the page where you can choose this

it no longer even makes sense to me how the page works, it's gibberish now
Report hazel November 3, 2009 8:45 PM GMT
yes
Report sethmorley November 3, 2009 9:09 PM GMT
I checked with Firefox + Firebug: username and password are sent over ssl. I think it's enough.
Report unitedbiscuits November 3, 2009 9:22 PM GMT
Yes Clydebank. I used an internet cafe. After they switched to Firefox, my login password was found by another user. This was used two days later 100 miles away to take £5,000 from my account by transferring that sum into exchange games and losing that on one hand of poker. Naturally, once Betfair told me they weren't liable, I went to the police for redress. It went nowhere. Obviously, Betfair knew who "won" my money, but never volunteered that info to the police (to be fair, the police would barely have known to do with the info anyway).

I appreciate that Betfair must indemnify themselves against two people conspiring in the way I have described above but all the circumstantial evidence over time showed that I was the ripped off party. It didn't help that Betfair handled my case through an investigator based in Malta.
Report Mr Magoo November 3, 2009 9:26 PM GMT
sethmorley, you are badly mistaken. Sure, your username & password are sent encrypted, but from then on the rest of it is unencrypted. This means that anyone can eavesdrop on you betting and could easily steal your logged-in session, placing bets on your behalf.

You'd be mad to use Betfair over wifi in a public place.

Betfair *should* run the whole of their website encrypted and protected, but they won't because they'd have to buy some more computers to handle the extra work. And it's only our money and accounts that are at risk, not theirs.
Report lippy November 3, 2009 10:01 PM GMT
Very interesting united busquits.

Im so paranoid i always close down my computer before leaving the house , just incase a burgler came in and logged onto my account and blew my cash

Last year i went on holiday and was also too paranoid to log onto bank accounts or betfair from a cybercafe. Looks like that paranoia was in fact good sense
Report quietgenius November 3, 2009 10:06 PM GMT
*Looks like that paranoia was in fact good sense

Typical reaction from a delusional schizophrenic ;)
Report SHAPESHIFTER November 3, 2009 10:27 PM GMT
I have a Bank Of Scotland account for my business.

They use a authentication system that changes my password.....every 60 seconds.

http://www.net-ctrl.co.uk/articles/14/1/RSA-SecureID-Two-Factor-Authentication-For-Business/Page1.html?gclid=CPbjyYb9750CFU0A4wodGnYrLQ

Betfair could easily integrate this into their system for accounts above "X" amount.
Report Coachbuster November 4, 2009 10:51 AM GMT
lippy ,

but how would they have got uniteds account password details from the internet cafe ?
Report SHAPESHIFTER November 4, 2009 11:02 AM GMT
key logger.
Report Hopeless bettor November 4, 2009 11:19 AM GMT
Last time I went into an internet cafe (a long time ago mind) there were at least 10 login details to gmail / yahoo / other sites saved with passwords, which I could have used

Which brings my back to my original point - don't use un secure / public places to log into sensitive sites. I would never log into any sensitive site using a internet cafe. I even have a separate email account for use in such paces, because if they can read your email they can get your passwords (easier). Easy to say after the event but it's pretty naive thinking an internet cafe is going to be secure.

I'm not paranoid either it is just sensible.
Report The Betfairy November 4, 2009 11:22 AM GMT
Re the key loggers: That's exacly why most banks ask for selected character from a secondary password - normally in the form of a dropdown list. That way the user does not actually press any keys.

Betfair should definitely consider implementing something like this. I wouldn't take too much development effort either.
Report hazel November 4, 2009 11:25 AM GMT
What is more worrying is that it is possible to log in to someone elses account even if they use secure encryption from their own home PC.
Report Coachbuster November 4, 2009 11:25 AM GMT
so it begs the question i guess , how safe is this site if you only use it from home using your own pc ?
Report Coachbuster November 4, 2009 11:26 AM GMT
is that so hazel ? ...
Report hazel November 4, 2009 11:27 AM GMT
yes it is possible coach
Report roger_moore November 4, 2009 11:28 AM GMT
Lippy - why the hell would a burgular break into your house, turn on your pc, then place bets on your account, that even if they won, he couldn't do anything with? He could only withdrawal the money back to your bank account?
Report Coachbuster November 4, 2009 11:47 AM GMT
Hazel ,sorry i meant is it poss for someone to access your account even if youve never set foot inside an interent cafe ?

I had someone use my credit card details the other week ,but atleast there i take the card out of the house for it to be scanned i guess
Report Hopeless bettor November 4, 2009 11:51 AM GMT
Yes it is. Your pc could be hacked/virused with a key logger ?
Report Fred! November 4, 2009 12:08 PM GMT
I wouldn't even log into my bank using the family PC.

Despite being told over and over and over and over, other users click on things they shouldn't click on and download / install "free" stuff.
Report hazel November 4, 2009 12:31 PM GMT
Coach the answer is yes it is possible
Report hazel November 4, 2009 12:32 PM GMT
i would add that no key logger is neccessary
Report Coachbuster November 4, 2009 12:44 PM GMT
cheers hopeless and hazel :)
Report I am the one and only223 November 4, 2009 12:46 PM GMT
Betfair could identify your main PC with a cookie or whatever and then have something to generate extra random one-use passwords which you could print out. If you used a PC which doesn't have the cookie then it would ask for one of the extra passwords.

So even if someone used a key logger in an internet cafe, they couldn't get into your account.
Report unitedbiscuits November 4, 2009 1:04 PM GMT
In my case the £5,000 was transferred to the Australian Wallet first, that sum being the limit on my Aussi account, for some reason. I've never played on the games site but I understand there is no security at all between these accounts.
Report Moon Light November 4, 2009 1:07 PM GMT
In principle it is possible to get your password using an antenna from outside the house, unless you have a MIL-STD network installed. If you have large sums, it's worth investing in the military hardware, I should think.
If you use an API-based product, your network traffic is fully encrypted. All large players should use this exclusively.
Report Moon Light November 4, 2009 1:10 PM GMT
It's also worth making the best use possible of the limited security features BF provide, eg loss-limits.
Report hazel November 4, 2009 1:14 PM GMT
Moon Light it is still possible for someone to log in to your account even if your use API
Report Eldrick November 4, 2009 1:22 PM GMT
some of the bf security features don't work at the moment, country restriction log in for example is not functioning properly at the moment

i emailed bf and got a one line response a bit like this: "omg, how thick are you - you just click this"

followed up by me sending them screenshot showing them there was nothing to click on

eventually followed by someone else at bf telling me it really doesn't work, and i was right
Report Moon Light November 4, 2009 1:23 PM GMT
Combination of API, military-grade PC and adequate anti-burglar protection should give a degree of security.
I suspect, Hazel, that you are referring to a hazard I'm not aware of. Could you explain, please?
Report hazel November 4, 2009 1:29 PM GMT
Moon Light it would be irresponsible of me to go into detail, but just as the 5 second delay could have been beaten then trust me it is possible to beat betfair's login security.
Report Fred! November 4, 2009 2:07 PM GMT
oh you big tease
Report Moon Light November 4, 2009 2:38 PM GMT
Loss limits can be set within My Account-My Profile-Player Protection
You can limit transfers to Exchange Games and Casino.
Arcade limits have to be set within Arcade.

I know of at least one other instance of Exchange Games being used to steal from a BF a/c other than unitedbiscuits.
Report lippy November 4, 2009 4:09 PM GMT
[i]
roger moore 05 Nov 01:28
Lippy - why the hell would a burgular break into your house, turn on your pc, then place bets on your account, that even if they won, he couldn't do anything with? He could only withdrawal the money back to your b
ank account?[/i]

Because most of them are morons who would do it for the fun of it.
Not saying it probable , but best to plan for a worst case scenario
Report lippy November 4, 2009 4:10 PM GMT
besides i did say thats why i didnt leave it on. If i had they wouldnt of needed to turn it on
Post Your Reply
<CTRL+Enter> to submit
Please login to post a reply.

Wonder

Instance ID: 13539
www.betfair.com