For Neopets ONLY discussion.
Thu Jun 08, 2006 11:59 am
The battledome chat board at Neo and people at the IDB forums are saying there's a bad security problem right now and people are able to use cookie grabbers in neomail. I'm not positive this is true (haven't heard much yet, as night-time at Neo is rather slow), but I'd recommend changing your preferences so only neofriends can contact you, just to be safe. Apparently just reading the neomail is enough to get grabbed. And anyone who has more details, post here!
Edit: I found a post from someone who got frozen:
My account was iced because the security of it had been compromised. It appears to have been because of a CG through neomail. I'm not terribly sure.
I was warned that someone had been in my account via a messenger program. When the script ran and found that a suspicious IP had been in my account they froze it for my protection. That is what happened for sure. How they got in is still sketchy, but the most probable explanation is a cg'er.
And apparently others are receiving neomails with lines of code in them, but no one would post the code, so I dunno.
So... not sure whether this is all hysteria due to that one guy getting frozen + the code neomails, or a legitimate threat.
Thu Jun 08, 2006 1:38 pm
Well, it would be interesting to see how they would get javascript running in a neomail and actually getting the cookie past all of Neopet's firewalls to the sender.
Thu Jun 08, 2006 2:02 pm
Yeah, I'm thinking it's probably typical neoboard hysteria. One guy gets frozen, he happened to have received a neomail with some gibberish in it, and that equals OMGCOOKIEGRABBER! We'll see.
Thu Jun 08, 2006 5:10 pm
Just choose to recieve only Plain Text Neomail, you won't have any problems if it is true.
Thu Jun 08, 2006 6:52 pm
I doubt it's true.
But if it was, it's no big deal.. I don't bother with neomails much anyway.
Thu Jun 08, 2006 9:04 pm
mogster500 wrote:Just choose to recieve only Plain Text Neomail, you won't have any problems if it is true.
Err... I just tried to do this, but I couldn't seem to figure out where it was. However, aren't all neomails plain text? At least the ones I've gotten are (even the scam website one I got yesterday)... Unless my settings are already on plain text...
Thu Jun 08, 2006 9:08 pm
Hcnage to plain text under
Help => Site Preferences
Check the 8th box down
Thu Jun 08, 2006 9:23 pm
stampsyne wrote:Hcnage to plain text under
Help => Site Preferences
Check the 8th box down
Thanks! I was looking under neomail and user preferences on the neoboards main page...
Thu Jun 08, 2006 10:04 pm
If the account was accessed thru a messenger program, it sounds like somebody picked up a malicious payload while using an IM. All the IM programs are experiencing attacks lately, including AIM, MSN Messenger, and Yahoo...
Fri Jun 09, 2006 11:50 pm
SierraRaven wrote:If the account was accessed thru a messenger program, it sounds like somebody picked up a malicious payload while using an IM. All the IM programs are experiencing attacks lately, including AIM, MSN Messenger, and Yahoo...
I think that seems more likely.
Fri Jun 09, 2006 11:58 pm
kcharles wrote:SierraRaven wrote:If the account was accessed thru a messenger program, it sounds like somebody picked up a malicious payload while using an IM. All the IM programs are experiencing attacks lately, including AIM, MSN Messenger, and Yahoo...
I think that seems more likely.
That or other sites that you might think should be safe, I was image searching for a friend 4 days ago and yep, got cookie grabbed. Miraculously I didn't lose anything permanent. They did get most of my email programs that are associated with 3 of my websites, got into my gmail and hotmail accounts. Also got into my yahoo account. Who ever it was is very persisitant since I keep getting reset your password links in my hotmail.
Sat Jun 10, 2006 1:57 am
Sounds like paranoia to me. I was messing with my user look up last night and a bit of the code was off (a missing } bracket) and the error page told me about the security features to prevent that very kind of thing.
Still, if you're worried, disable neomails from non-friends. I rarely ever get them so I don't even worry about it.
Sat Jun 10, 2006 4:36 am
I wouldn't really believe this considering neopets has a large ammount of firewalls and protection but you would also need to use special codes and as far as I know they won't even work on neopets.
Sat Jun 10, 2006 6:13 am
Better safe than sorry, right?
I'd rather have plain text and avoid opening mail from strangers than lose my account.
Last edited by
Keylia on Sat Jun 10, 2006 6:16 am, edited 1 time in total.
Sat Jun 10, 2006 6:16 am
The_Real_Demi wrote:I wouldn't really believe this considering neopets has a large ammount of firewalls and protection but you would also need to use special codes and as far as I know they won't even work on neopets.
Hehe, clearly you weren't here for the last cookie-grabber fiasco where people were putting them on userlookups and in shops and getting into all kinds of people's accounts.
I agree that this time it sounds like paranoia, however. I haven't heard anything new since my original post.
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.