A Strange New Scam?

[Nefasturris]

I'm a bit surprised Neopets isn't taking action now. This has the potential to grow into a major security risk.

Especially for Premium users since there is important information you can get through that.

[Tyrannitar]

I'm a bit surprised Neopets isn't taking action now. This has the potential to grow into a major security risk.

Especially for Premium users since there is important information you can get through that.

Neopets just left for New Years Holiday and even updated the news earlier so they can leave earlier.

... Anyone else feel ditched?

In the Editorial it says that there's a HUMAN patrolling the boards all the time, but if there's actually a HUMAN then why can't they pass on that there's an evil hacker out to cause an apocalypse upon Neopets?

[Nefasturris]

Neopets just left for New Years Holiday and even updated the news earlier so they can leave earlier.

... Anyone else feel ditched?

In the Editorial it says that there's a HUMAN patrolling the boards all the time, but if there's actually a HUMAN then why can't they pass on that there's an evil hacker out to cause an apocalypse upon Neopets?

I'm sure there is someone there trying to do something now. I mean, Holiday or not, if there is a serious enough problem people will return to handle it since it involves Premium.

If Neopets just lets the problem go and someone gets the personal information of a Premium user and causes problems with it, can't Neopets get in legal trouble?

[Skynetmain]

I'm a bit surprised Neopets isn't taking action now. This has the potential to grow into a major security risk.

Especially for Premium users since there is important information you can get through that.

Neopets just left for New Years Holiday and even updated the news earlier so they can leave earlier.

... Anyone else feel ditched?

In the Editorial it says that there's a HUMAN patrolling the boards all the time, but if there's actually a HUMAN then why can't they pass on that there's an evil hacker out to cause an apocalypse upon Neopets?

Maybe TNT is implying that we need to enact some sort of vigilante justice. Now everyone raise your pitchforks and torches and join me on a planetwide hunt to find and ring up that evil hacker/cracker!

[Kess]

Maybe we can google up his home address and go to his house and give him a stern talking to out behind the woodshed, if'n ya know what I mean.

[Fiddelysquat]

Right now he's on the boards, seriously considering calling it quits and becoming a White Hat as a New Year's resolution. *crosses fingers*

[Skynetmain]

Right now he's on the boards, seriously considering calling it quits and becoming a White Hat as a New Year's resolution. *crosses fingers*

First, White Hat?

Second, if he/she/it really had any compassion, he/she/it would do us all a favor, turn his/her/itself to the Feds, and start sniching on other like him/her/it.

Last, does this mean we have to call off the lynching?

[Fiddelysquat]

White Hat: Hacker that hacks for the GOOD of others. For example: vigilante justice, finding flaws in programming so they can be reported to the webmaster and fixed, etc.

[acerimusdux]

Tristin, the guy who had the biggest account hacked (user XXXX), apparently like a billion np account, has been on the boards saying that he saw it happening, had the account frozen, and went back in his bowser history, found the cookie grabber, and sent a copy to someone at neopets, and they've blocked it.

The guy claiming to be the hacker had been saying that some people including this guy who had been hacked were using firefox/mozzilla, but Tristan was saying he had been using IE at the time, and that he thought firefox was safe.

It's hard to know what to believe on those boards. But, while I've seen these guys talking smack on the boards a few more times, I don't think there have been any "giveaways" lately. Which makes me suspect they haven't been able to get into any new accounts. I wouldn't let my guard down just yet, but it may be that the problem that allowed the cookie grabber was already corrected a few days ago. Which might also account for that "new year's resolution" someone mentioned above.

[Trick]

I hope it is all over, but like you I'm keeping my guard up for now. Of course with tnt they never admit there is a problem and so never tell us when something has been fixed ¬_¬

Heh, I was pricing my shop and had to avoid snapping up all the bargains I saw - it just ain't worth it at the moment.

[Animatronic]

Neopets just left for New Years Holiday and even updated the news earlier so they can leave earlier.

... Anyone else feel ditched?

In the Editorial it says that there's a HUMAN patrolling the boards all the time, but if there's actually a HUMAN then why can't they pass on that there's an evil hacker out to cause an apocalypse upon Neopets?

Fair enough they SHOULD have sorted this out whenever and if ever it was brought to their knowlege. Maybe they could have even dissabled shop html and likewise with updating pet pages and other editable pages.

But I certainly don't blame them for leaving early to celebrate new years. They have lives too...

Also I do believe there IS a human patrolling boards most of the time. Although I also believe it is only one human. Hence the reason offensive boards stay up for so long without being deleted.

There may or may not be anyone to watch the site now however. I myself can't even access the site properly due to lag today...

Either way, I'm not going to any lookups, pet pages, descriptions or shops for the time being.

[Moonlight Flower]

TNT wouldn't leave the site totally unmonitered. They just don't have the staff there to work on new updates and content. There's probably just a minimal crew of moderaters and support for things like the boards, userlookups and stuff.

Otherwise, once ONE person found out the mods weren't around.. there'd be chaos. Moreso than this, too. XD

[acerimusdux]

It looks like the WMF vulnerability in all Windows systems is going to be a big deal.

http://it.slashdot.org/it/06/01/02/1153 ... 01&tid=218

http://isc.sans.org/

I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice - unregister shimgvw.dll and use the unofficial patch.

They are recommending that anyone who uses any kind of Windows system follow the following instructions:

To unregister the DLL:

* Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

And then download & install this patch:

http://handlers.sans.org/tliston/wmffix_hexblog13.exe

[Moon]

Wow, this is really scary to hear. I guess I'm not going to shop in user shops, not view other lookups, go to petpages, etc. until this becomes safer. I don't want anything to happen to my account. ;__;

[Pardona]

Ok, this may be really late - but yeah, pretty scary to hear. Now I have a question (and don't kill me if it has been asked before): if this 'cracker' uses a cookie grabber, wouldn't it just be the simplest solution to change your password and NOT make a cookie of it? ie simply log in each time? There simply wouldn't be a cookie to grab, if I'm correct, no?

Also - I still believe in good intentions, but reading these 5 pages has made me pretty paranoid - earlier tonight, a user named 'the_andromeda_galaxy' (I have neomailed with this person before, she seemed pretty friendly) gave me a 'Maraqua 1.4 WC Piece', saying they paid 99k for it a couple of months ago, but

its hard as hell to sell x.x

So, how about it? Is my solution a good one? Should I be suspicious of this person? Thanks for any replies.