Guest Post: "Hacked?" Not exactly... Malicious Code and Facebook.

♌Lovely♌Poisoner♌ Sez:  Welcome to our first guest post by my BBE (and RL hubby), Fehu!  Please do yourself - and all of us - a favor by being a conscientious Facebook and internet user; don't click on everything everyone sends you, or allow any and all apps every permission they request!  Be careful and smart; don't become just another link in the malware chain!

If you get this, don't click!.

 
Every so often there is a new wave of people getting hit with malicious code.  Being that I reverse engineer malware and analyize network traffic for a living, I am going to share a very brief word about how to avoid this. There are really only a few ways to quickly identify potential malicious code and avoid it.
 
An introduction to the life span of (most) malware:  The malware is created.  It is released.  It effects a few people.  Admins and security savvy users start to take notice.  Patches are developed, accounts are hardened, and malware is removed (from the users that follow instructions!).

Tip 1.) The time it takes for most malware to raise a flags and inspire a few reports is often very short. Don't be an early adopter of an application/software that you haven't known about for at least a week. Naturally this is not bulletproof, but it will prevent getting compromised by eager amateurs.

Even malware (including viruses/worms) has limitations. In most cases regarding facebook, it has several limitations. Typically, malware or its author has to trick a user into clicking a link or install an application; it doesn't magically appear. Most malware (that doesn't exploit a software vulnerability) will only have the same rights of the user that was tricked into executing it. When it comes to facebook, there are granular security settings that "jail" an application so it can only perform the actions that you explicitly allow.

Tip 2.) Take few seconds to look at the various permissions that the application you are thinking of installing is asking for and if you don't know what that permission is, google it or flip through facebook's copious privacy settings documentation. It is truly eye opening to see the things that you might allow with a hasty click.

A large number of malware authors spend about 99% of their time crafting the devious (fun) portion of their code and about 1% on their delivery method. Many malware authors just play the law of averages and figure if they ask a million people: "Will you click this?", at least a few hundred/thousand will (and they do) so why should they bother, for example, proofreading their text (which was probably something that anyone can tell was simply run through Google Translate without being checked) or spending time creating images, etc?  (After all, by the time the victim sees their trojan app's text/images, it's too late anyway.)

Tip 3.) Don't use applications that use wording that looks like it was poorly translated or content that appears thrown together. Again, there is no silver bullet for malware but you can prevent getting tricked by impatient amateurs, who comprise the lion's share of malware authors.

Tip 4.) Figure out whose opinion you trust regarding malware/security and ask for help. If you don't know anyone, look for admins.

If you feel you have been hacked/compromised, and cannot determine the source of the problem well enough to undergo a better-tailored cure, consider the below the best possible advice even for a BAD breach (I call it "Facebook Malware Penicillin!"):

1.) Change the password on the email account that you use to login to Facebook.

2.) Change the password on your Facebook account (not the same password as your email!).

3.) Look through your application permissions and edit permission - or remove! - applications that look sketchy (poorly designed, translated, etc.) or that are asking for information or permissions it has no place asking for (as well as the applications that you simply no longer use).

• Go to "Account" in the upper right-hand of Facebook, at the end of the blue bar.
• Select "Privacy Settings."
• Under "Apps and Websites" to the lower left, select "Edit your settings."
• In the top "Apps you use" area, select "Edit settings" or "Remove" (both take you the same place).
• Select "Edit Settings" or "Remove" (the "x" to the right-hand side) for the apps you want to edit/remove.

But don't remove VDS!  ;-)

4.) Touch base with admins or other security geeks that you trust.  Describe your situation to someone with expertise in security and coding.  Be able to explain clearly what the problem was and what steps you've taken so far.

Facebook Tip: Using Your VDS Game Feed

Always seem to be draining slaves when you should be squirting (that sounds weird...), or too late for rage and energy shout-outs? 

Your News Feed in Facebook is a great way to keep up with your friends and clannies' posts, but it lists all kinds of FB activity, and lists things out-of-order to show first the things that have had the most activity, even if they were hours ago.  If you want to stay on top of what's going on at any given moment in-game, you need to learn how to use your VDS game feed in particular.

To the left-hand side of your Facebook page (most of the time; not when you're viewing profiles), you'll notice a list of groups and apps and whatnot under your name, pic, and basic tools (messages, events, etc.).  It is here that you will see "Games" (at times it might say "Game Requests").  Clicking this will open your Game Feed, showing you posts from games you play ONLY, and in chronological order with the most recent at the top of the screen.  (If you have lots of apps, you might need to click "More" to reveal it.) 

Click to Enlarge.

Then, you simply click the blue "Vampires: The Darkside" link (towards the top, under "Game Stories," to the right of "All Games") or select "Vampires: The Darkside" from the drop-down menu and you will see only VDS posts in chronological order with the most recent at the top.  Re-click that blue "Vampires: The Darkside" link at the top to refresh.  (I like to right-click and open the game links in a new tab so that I can always keep my VDS feed open.)  Sitting on your VDS game feed will show you everything that's going on with all your clannies as it's happening in real time, so you can collect quickly off shout-outs, be johnny-on-the-spot with squirts (ew) and otherwise "Like" posts and congratulate your friends on their brutal kills and other accomplishments!

Click to Enlarge.

Quick Note: A Tribute

LovelyPoisoner as Tiger Lily; Click to Enlarge.

In honor of VDS elders Pan and Wendy
who have done so much for the Northmans!

On Groups, Loyalties, and VDS

Pardon me if I take a strangled route to make my point here... or if I end up without having made much of a point at all...

Part I.

Something many people find, even lament, when they've really gotten involved in VDS, is that there seem to many factions that have developed, and that these factions don't always get along....  It can be perplexing to step into a game and start to realize that people have a past, that there can be complex social webs to navigate as you become more involved in the community.  Better-structured groups, such as families, may develop "enemies," and some people prickle at the thought of being asked to understand and respect that there is a past, usually a conflict, that simply came before your time (more on this later).  It can be even more perplexing to feel yourself a target, to be attacked repeatedly, unrelentingly, from all fronts it might seem sometimes, because of who your allies are, because of who your family is, because of who your sire is.  As a Northman, I've been sat on by vamps tiers above me for days, given "special attention" when I appear on the fight list, and seen a lot of vitriol directed at me and mine.

Here's the thing I try to remember, though, when someone suddenly feels themselves to be a target of these faction-based dynamics, losing friends, losing clan, being attacked, what-have-you.  First, it will pass.  Second, when it all comes down to it, I think we all (I speak here to those of us who've been around long enough, or gotten involved deeply enough with a group) have simply taken our licks - fair or not - for who we're allied with.  But, as much as possible, I try to take it in stride.  I try to maintain my loyalties, to earn and maintain my confidences, and seek to build, not destroy, my relationships.  And here is why.

The development of sometimes-opposing clans/families/groups (or simply those groups who develop a relationship, or history, or who don't see eye-to-eye) seems a natural development in a fight-based game.  From a social perspective, this isn't really a loner's game - it encourages you to form alliances (501 clan!), and this leads rather naturally again to the development of loyalties.  I believe in loyalty, and in working to strengthen, rather than weaken, these bonds.  Given the social structure ("siring" and whatnot) of VDS, in some respects it's also natural for the groups that develop to be, to varying degrees, essentially hierarchical.  Regardless of whether or not that's how you think "real life" works - or whether you'd want it to! - it's nevertheless part of the fun of the mythos, the fantasy, and the structure of our beloved VDS, stemming entirely predictably from, and faithfully to, most larger vampire mythos out there in the world.  You start small, you are taken under someone' wings, you grow, learn, and rise, and maybe, one day, you become a mentor yourself.

Following this vein of thought, I can tell you that I believe in loyalty to the regents who've mentored me with patience and affection.  It takes a lot of work and time to mentor a baby vamp (let alone over 500 of us...) in VDS.  I may not know the details about every past fight my regents have had with everyone who's decided they "hate Northmans," but I don't really care to know the details.  In part, it's because it's none of my business, and it would be naive to think I can somehow referee or judge it after-the-fact.  In part, it's because I don't need my family to justify themselves to me, and because I don't expect them to be perfect or have unblemished pasts.  I also won't try to justify anyone's particular past acts to an enemy who thinks they can confront me with some scandalous knowledge about my regents - firstly, it's not my place to attempt to fight their battles, or to somehow try to apologize or account for their actions, and it would be pretty presumptuous and disrespectful to try; secondly, it's simply beside the point.  I will tell you that they've always shown me kindness and compassion, that they've worked hard to help me, and that I'm proud to be their childe.

Tutorial: Getting Started/Introduction

THE COUNCIL Left you a comment: We welcome you to the Darkside. The key to this game is UNDERSTANDING how to play. This is not a standard clicking through missions game to get to where you want to go. The Darkside is about combat, skill point allocation and learning about utilizing your bloodline to its fullest potential. For additional in-depth information and to ask gameplay questions- you will find our official group button on your in game home page. Join Us at the Sanctuary of Knowledge and ask questions. We love to help! 

Introduction: What is VDS and what is it about?  Vampires The Darkside (VDS) is a vampire-themed game you play as an application on Facebook.  You must have a Facebook profile to play it.  (It's taboo to discuss this, but the fact is that many players have a dedicated Facebook profile for VDS and/or other games.  This is, of course, not necessary, and, in fact, Facebook frowns upon it, but it's fair for you to be aware of this option prior to your beginning a game such as VDS.)  The goal of the game is to build a strong, fierce - and, in my opinion, well-regarded, respected, and/or feared - vampire.  Your vampire is built by earning experience points (XP) by doing Missions and participating in Fights against other players' vampires, strategically placing your skill points as you level, strategically and intelligently buying Slaves (which will provide you with blood, which is currency in the game) and Powers (which strengthen your vampire, but might cost blood to maintain, referred to as their cost of "upkeep"), managing your bloodflow, building a strong clan (your network of other real-life-players whose vampires you can ally with), and more.  Apart from the many layers of strategy in game-play, much of the appeal of VDS in my opinion is also the fun, (mostly) friendly, and interesting community of players that has arisen around the game.  This social element can be very rewarding!


Before You Begin:  If you get a chance to, you might want to choose your sire. Your "sire" is the player who first invites you or brings you into the game (in vampire mythos, the term refers to the vampire who first bites you and turns you into a vampire!).  You will be known as that person's "childe."  Ideally, you want a sire who knows the game fairly well and is able/willing to assist and advise you.  If you enter the game without having been "invited" by a player, you will be assigned a "Trinity" sire - Lilith, Andilaveris, or Caine.  These are not "real" players.  However, stress not!  If you end up with a disinterested or unhelpful sire, or with a Trinity sire, many players will often volunteer to help or even "adopt" you!  Also note that you will be the bloodline your sire is; you cannot change it (without leaving the game entirely from the Council page and coming back in as a new vamp with a new sire).  If your sire is a member of a sub-bloodline (there are presently only two, the House of Letalis, and the House of Northman), you will be of that sub-bloodline as well.   

For example, if you want to become my childe (hint hint!), I would be your sire, and you would be of the Varaco bloodline and of the House of Northman like me. 

Remember, you must be a "VDS virgin" (i.e. have never entered the application) and have cleared out and deleted any VDS invites from others you've received (or, as mentioned, have deleted any previous VDS account you've made via the Council page) to choose a sire.

Basic Tips for Beginners:

• When you first join, you can choose (and, later, you can change) your "sect" - it dictates which "meter" refills the fastest - your rage, energy, or blood.  To change it costs 15 FP (see my page on the Council).  (There can be some element of strategy to choosing/changing your sect at various levels or points in the game, depending on your short- or long-term goals.)
• Learn about the strategy of applying your skill points early on!  You cannot re-allocate them later!!! 
• "Clan" is the number of Facebook friends you have who play VDS and whose VDS vampires have teamed up with yours in the game. When you first begin, VDS gives you 250 essentially-imaginary clan.  One of your primary goals in the first 20 or so levels in the game should be to get 501 real clan - actual flesh-and-blood players who can assist you (in various ways) as you play.  Make this a priority early on.
• Right away, start some of your longer term goals.  
• Choose a Trinity alignment and begin filling your black blood vials.  See my Trinity/Black Blood Tutorial.
• Focus your Essence.  See my Essence tutorial.
• Bank your blood often!  You can Bank in Town.  Banking costs 10% of your blood, but it means that you won't lose blood in fights.  Make sure you bank before trying to Attack an opponent you might lose against (and definitely bank before attacking the Trinity; again, see my other post for info on the Trinity). 
• Buy your first slaves as soon as you can to start building your bloodflow.  Always buy slaves in units of 10, because their price increases as you buy.  (Beyond 50-60 of each kind of slave, you might find them no longer really worth buying more of, due to their high cost at that point.)  New and better slaves are unlocked every 7 levels.
  
• Info on Symbols 
• Info on Powers Calculation  (Many people have their sire, or adopted sire, or another experienced player, perform these "powers calculations" for them until they learn to do them themselves!  Check your powers at least at levels 13, 20, 25, 30, 35, 45, 55, 60, 65, and 70.  I am happy to personally help House of Northman players with their powers checks.)
• How to make those pretty icons/symbols in your Sanctum message or in Sanctum comments.
• FYI, if you accidentally block someone from writing on your sanctum wall in VDS, the only way to fix it (as of this writing) is to send an email to support@kwaaisoftware.com appraising them of the situation.

Tutorial: Focusing Your Essence

Focusing your Essence is a relatively new feature in VDS, and a fun way to get interesting rewards for returning to the game daily.  You will need to focus approximately once every 24 hours - for up to 30 days - to reap these rewards.

On your Home page in VDS, right towards the top of the page, you will see the third button is "Focus Essence":

Clicking this button brings you to your Sphere of Dark Essence.  It will be, at first, basically black/empty in the center.  Below the Sphere click, Focus Essence:

Doing this will add a small amount of purple "essence" to the sphere, the level of which will raise every day you click.  You will get a little box declaring that you focused, which you can publish to your wall.  You will not be able to focus again for 24 hours (after which you'll have 24 more hours to focus next), but you can always click "Focus Essence" to learn how long you have until you can make your next focus (if only Trinity assist requests did this!).  It takes 30 days to fill the sphere completely, but you will be offered opportunities to cash out your already-focused essence periodically prior to that time.  In theory, better rewards come to those who wait.

Importantly, however, this is a reward for DAILY play; if you fail to return, your sphere RESETS, and you must begin all over with an empty sphere!

Many types of rewards are granted through this process.  Favour points, rare powers, consumable items, a special Dark Orb Sanctum, and - it has been rumored - maybe even skill points, can be earned this way.

Ooooooo Preeetty.....  Click to Enlarge.

Click to Enlarge.

Northmans Hit 500!

The Northman family has hit our goal.  

Having sired 500 childe under Eric, the family will have its own minor bloodline, or House, a subset of the Varaco bloodline, and a special glyph.  

Congratulations to Lisa and Eric,
and to all my VDS brothers and sisters!!!

(Wanna celebrate with us?  Get your Northman 500 pic badge!)

UPDATE (2/18/11; the day of Eric and Lisa's wedding): Bloodline created! Check it out!

Click to Enlarge