Wed Dec 20, 2006 2:30 pm
Has anyone heard any more about this?
Cranberry is in touch with a TNT programmer, isn't she? Cranberry, if you read this, could you possibly talk to you contact, see what's going on with this? Are they working on it? Are they gonna tell us when they've fixed it? Or can they at least tell you so you can tell us?
I really want to be able to shop again!
Cranberry is in touch with a TNT programmer, isn't she? Cranberry, if you read this, could you possibly talk to you contact, see what's going on with this? Are they working on it? Are they gonna tell us when they've fixed it? Or can they at least tell you so you can tell us?
I really want to be able to shop again!
Any news?
Wed Dec 27, 2006 8:45 pm
Just bumping this up - is there any word yet if the problem has been dealt with and fixed, preferably in a permanent way? This having to only use the trading post and auctions is really irritating!
Thu Dec 28, 2006 2:20 am
It's been way too long and I'm not bugging a programmer now. But considering Mr. Insane was working on it on the very first day people reported problems, I'm sure he fixed it... I mean, once TNT knows there's a security problem, they're not going to let it go on. They probably don't report it in the news because by the time they have the next news update ready to go, the problem is gone... and announcing that there was a cookie-grabbing problem but they fixed it would just scare all those thousands of people who don't properly understand what cookie grabbers even are.
Also, people tend to blow these things WAY out of proportion. One or two people get cookie grabbed and post about it on the neoboards, everyone else starts thinking hundreds of accounts are getting stolen, and it turns into this huge deal where everyone's terrified to do anything for days and days afterwards.
Also, people tend to blow these things WAY out of proportion. One or two people get cookie grabbed and post about it on the neoboards, everyone else starts thinking hundreds of accounts are getting stolen, and it turns into this huge deal where everyone's terrified to do anything for days and days afterwards.
Sat Dec 30, 2006 1:08 am
I accidentally went on to someone's user look-up last night.
I've lost my account.
I filled out the form, do you have any idea how long it will take for them to get back to me?
Edit: Oh jeez I'm an idiot; I changed my password right after going to the user look-up and forgot.
Is their a way to unsend the form? Man I feel horrible now.
I've lost my account.
I filled out the form, do you have any idea how long it will take for them to get back to me?
Edit: Oh jeez I'm an idiot; I changed my password right after going to the user look-up and forgot.
Is their a way to unsend the form? Man I feel horrible now.
Sat Dec 30, 2006 9:41 am
bone garden wrote:I accidentally went on to someone's user look-up last night.
I've lost my account.
I filled out the form, do you have any idea how long it will take for them to get back to me?
Edit: Oh jeez I'm an idiot; I changed my password right after going to the user look-up and forgot.
Just out of curiosity... how do you forget you changed your password?
Sat Dec 30, 2006 5:15 pm
Rachel wrote:Just out of curiosity... how do you forget you changed your password?
I paniced when I realised I went to someone's user look-up after all this talk of cookie grabbers. I haven't changed my password in over a year, so I paniced again when my old one didn't work.
Yes, I'm stupid. I know. I feel horrible.
Sat Dec 30, 2006 6:12 pm
I thought that didn't sound right after seeing no visible uproar in the neoboards. 
Re: CGs out in full force again?
Sun Dec 31, 2006 10:31 pm
A "Cookie Grabber" can't get your cookies from other sites, I promise you.lothwe wrote:I'm not concerned about my accounts, I'm concerned about my cookies from other sites.. possibly containing personal information.. etc... *bites lip*
Re: CGs out in full force again?
Sun Dec 31, 2006 10:32 pm
Some kinds can.littlemac wrote:A "Cookie Grabber" can't get your cookies from other sites, I promise you.lothwe wrote:I'm not concerned about my accounts, I'm concerned about my cookies from other sites.. possibly containing personal information.. etc... *bites lip*
Sun Dec 31, 2006 10:34 pm
That is basically the issue, yes. There are so many ways to insert Javascript (and therefore bad code) into a page, that it's very hard to filter.mazil wrote:Mm, I dunno. I'm guessing it's the degree to which they allow us to personalise our pages. I think anywhere where a user is able to insert something into an HTML page is vulnerable, and it'd be so difficult to filter through all the HTML and CSS and pick out whether something's dodgy or not.
Well, MySpace had a very famous exploit a while back. Ironically enough, Neopets had the exact same hole. (They eventually fixed it)I wonder if sites like MySpace or LJ have similar security issues? (since they allow personalisation of pages too) I know LJ had one a few months back ... I guess it's nowhere near as tempting for people to hack into accounts on those sites though.
Re: CGs out in full force again?
Sun Dec 31, 2006 10:36 pm
kcharles wrote:Some kinds can.littlemac wrote:A "Cookie Grabber" can't get your cookies from other sites, I promise you.lothwe wrote:I'm not concerned about my accounts, I'm concerned about my cookies from other sites.. possibly containing personal information.. etc... *bites lip*
I'm speaking strictly about Javascript cookie grabbers, as those are the only ones you will find on Neopets.
So, to clarify, a javascript cookie grabber you find on neopets cannot access your other cookies.
Sun Dec 31, 2006 10:38 pm
Your password's strength is basically irrelevant to cookie grabbers, as they are not trying to guess your password.VeXeD wrote:I'm always paranoid about cookie grabbers. I rarely visit pet/lookup pages and only visit user shops when I need something (restocking/quests). Plus my passwords/PIN#'s are very hard to guess.... even for people that know me well.
At least that way I feel safe when there are CG scares. You can never be completely protected, but you can at least be prepared.
Re: CGs out in full force again?
Sun Dec 31, 2006 10:40 pm
Sorry.But that is true,java cookie grabers can only get your Neo cookies.littlemac wrote:kcharles wrote:Some kinds can.littlemac wrote:A "Cookie Grabber" can't get your cookies from other sites, I promise you.lothwe wrote:I'm not concerned about my accounts, I'm concerned about my cookies from other sites.. possibly containing personal information.. etc... *bites lip*
I'm speaking strictly about Javascript cookie grabbers, as those are the only ones you will find on Neopets.
So, to clarify, a javascript cookie grabber you find on neopets cannot access your other cookies.
Sun Dec 31, 2006 10:44 pm
Short Answer: No.MagicalMystery wrote:My main question is, is there any obvious smptoms of being 'Grabbed?
Long Answer: No. Not until you lose your neopoints at least.
No, it's not true, unless the script writer did something horribly wrong.I heard that if you're 'Grabbed you're automatically logged out, is this true?
Just Neopet's cookies. Furthermore, regardless of how many are taken, your computer will not crash.Is it just Neopian Cookies or all Cookies? I think all of the Cookies my Computer has would crash someones if they all appeared at once ...and my Mum would kill me.
No.Would a Windows 98 crashed if it was 'Grabbed?
Re: CGs out in full force again?
Sun Dec 31, 2006 10:45 pm
Do you mean Java or Javascript? (They are two VERY different languages.)kcharles wrote:Sorry.But that is true,java cookie grabers can only get your Neo cookies.littlemac wrote:kcharles wrote:Some kinds can.littlemac wrote:A "Cookie Grabber" can't get your cookies from other sites, I promise you.lothwe wrote:I'm not concerned about my accounts, I'm concerned about my cookies from other sites.. possibly containing personal information.. etc... *bites lip*
I'm speaking strictly about Javascript cookie grabbers, as those are the only ones you will find on Neopets.
So, to clarify, a javascript cookie grabber you find on neopets cannot access your other cookies.