Pink Poogle Toy Forum

The official community of Pink Poogle Toy
Main Site
NeoDex
It is currently Thu Nov 14, 2024 11:50 am

All times are UTC




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject:
PostPosted: Sat Feb 19, 2005 3:48 pm 
PPT Trainee
PPT Trainee
User avatar

Posts: 610
Joined: Wed Oct 13, 2004 3:30 pm
I don't see why some of you are "happy" about the code being taken away. For those who might now know, the reason the code was put into place is because there were programs that were constantly attacking the login page guessing a ton of passwords. And the programs were working.

The code stopped all of this. Making accounts much safer from programs attempting to gain access.

Also, someone mentioned that they'd want the username and password on the same page. Considering how fast someone may login without noticing anything like a peculiar URL, it's how all of those fake login pages worked so well. ;)


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 5:02 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Sun Feb 20, 2005 4:11 am
Location: New Jersey/ U.S.A
Personally, I'm quite glad they've gotten rid of it. I'm getting tired of entering a code in, just because they think I'm a robot! Hmph! :evil:


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 5:15 pm 
PPT Trainee
PPT Trainee
User avatar

Posts: 697
Joined: Wed Jun 30, 2004 3:43 pm
Location: Co. Limerick, Ireland
Tizzy wrote:
Personally, I'm quite glad they've gotten rid of it. I'm getting tired of entering a code in, just because they think I'm a robot! Hmph! :evil:


It's actually to protect your account. Not cause they thinks you a robot so. :roll:


http://alienaisha.blogspot.com
lol


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 5:20 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Sun Feb 20, 2005 4:11 am
Location: New Jersey/ U.S.A
In that case...I want the code back too!


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 5:26 pm 
PPT God
PPT God
User avatar

Posts: 1962
Joined: Thu Jun 03, 2004 1:47 am
Location: Shenkuu
Hmm, I wonder if they're going to bring the code back eventually? They're probably updating the system or something. o_O


Image
Set by Moogie


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 5:29 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Sun Feb 20, 2005 4:11 am
Location: New Jersey/ U.S.A
Yes, they could be doing that. Alot of things haven't been working at all today.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 6:22 pm 
PPT God
PPT God
User avatar

Posts: 1294
Joined: Sat Jun 05, 2004 11:25 pm
Location: My Evil Lair! Seriously...I do have one!
Gender: Female
well I'm happy its' been taken away for the moment. I had forgotten the password to my two spare account, and I us a combination of 3 passwords and numbers at the end and it's hard to keep rearanging and doing the secruity code too.

I was able to get one of my accounts back, will have to wait an hour for the other one but I'll remember it's password one of these days lol

I do hope they bring it back, but for now, it was nice to figure out some forgotten passes!


Image~My Neko Set!
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 6:36 pm 
PPT Toddler
PPT Toddler
User avatar

Posts: 249
Joined: Mon Jun 14, 2004 4:03 am
I was just logging on and saw this post...I thought I fell for a scam login page or something :P


Top
 Profile  
 
 Post subject:
PostPosted: Sat Feb 19, 2005 9:02 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Sun Feb 20, 2005 4:11 am
Location: New Jersey/ U.S.A
Next time just check the URL and make sure it's Neopets.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 3:46 pm 
Honorary Member
Honorary Member
User avatar

Posts: 497
Joined: Mon May 31, 2004 8:19 pm
Location: a state of perpetual shock
Tizzy wrote:
Next time just check the URL and make sure it's Neopets.


Actually, that doesn't always work.

In Firefox, for example (along with, most certainly, Opera and Safari... don't know for sure if IE is vulnerable to it, but I'd assume it is), URLs can be spoofed disturbingly easily. There's an exploit that uses alternate character codes to force a false URL to display. You can also make it look very similar to the correct letters, which is enough to fool a casual glance.

Read more about that here: http://www.shmoo.com/idn/homograph_old.txt and especially noteworthy is the suggestion they have for how to check a URL:
Quote:
There are a few methods to detect that you are under a spoof attack. One easy method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert, to see if it's using a punycode wrapped version of the domain (starting with the string 'xn-'.
(see also http://www.shmoo.com/idn/ , which has a working example of a spoofed url so you can see if you're currently vulnerable).

Alternately, Firefox and Internet Explorer users can install the Spoof Stick extension, which will display the real url of the site you're on in giant letters of the color of your choice in the toolbar. I highly recommend it. You can download that here: http://www.corestreet.com/spoofstick/


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 3:51 pm 
PPT Toddler
PPT Toddler

Posts: 110
Joined: Sun Feb 20, 2005 4:11 am
Location: New Jersey/ U.S.A
Really?! Thanks iconoplast! Hmm, I guess I'm stumped now. We just have to hope the code comes back.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 3:53 pm 
Beyond Godly
Beyond Godly
User avatar

Posts: 3602
Joined: Sun Sep 05, 2004 1:23 am
Location: Set by Stampsyne. Thanks!
iconoplast wrote:
Tizzy wrote:
Next time just check the URL and make sure it's Neopets.


Actually, that doesn't always work.

In Firefox, for example (along with, most certainly, Opera and Safari... don't know for sure if IE is vulnerable to it, but I'd assume it is), URLs can be spoofed disturbingly easily. There's an exploit that uses alternate character codes to force a false URL to display. You can also make it look very similar to the correct letters, which is enough to fool a casual glance.

Read more about that here: http://www.shmoo.com/idn/homograph_old.txt and especially noteworthy is the suggestion they have for how to check a URL:
Quote:
There are a few methods to detect that you are under a spoof attack. One easy method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert, to see if it's using a punycode wrapped version of the domain (starting with the string 'xn-'.
(see also http://www.shmoo.com/idn/ , which has a working example of a spoofed url so you can see if you're currently vulnerable).

Alternately, Firefox and Internet Explorer users can install the Spoof Stick extension, which will display the real url of the site you're on in giant letters of the color of your choice in the toolbar. I highly recommend it. You can download that here: http://www.corestreet.com/spoofstick/


Interesting, that is the first time I've heard of that. Guess the internet is even more insecure than I thought... :roll:

ADDIT: The spoofstick thingy takes up a lot of window space though. I think the best bet would be to be wary if you suddenly reach a log-in page unexpectedly. Anyone would know that something is up if you click on something in a user shop and is suddenly required to log in.


<img src="http://img.photobucket.com/albums/v379/qanda/qandalitsiggy.gif" alt="Image hosted by Photobucket.com">


Last edited by Qanda on Sun Feb 20, 2005 3:56 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 3:53 pm 
Honorary Member
Honorary Member
User avatar

Posts: 4587
Joined: Mon May 31, 2004 6:33 am
Location: Being PWNED
Gender: Female
If they did take the code away to 'fix it' it could be because sometimes you couldn't tell which letters were which! I know on more then one occasion where I thought I was typing the correct code, but I wasn't because the c looked like a g or the l like a 1.
But maybe i'm just blind.


Image
Evisceration is a sign of respect.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 4:07 pm 
Honorary Member
Honorary Member
User avatar

Posts: 497
Joined: Mon May 31, 2004 8:19 pm
Location: a state of perpetual shock
Qanda wrote:
ADDIT: The spoofstick thingy takes up a lot of window space though. I think the best bet would be to be wary if you suddenly reach a log-in page unexpectedly. Anyone would know that something is up if you click on something in a user shop and is suddenly required to log in.

You can resize Spoof Stick in the options, and move it around a bit (at least in Firefox... haven't tested it in IE, because I really only use that to check compatibility for my website). (= I'll admit, though, it's a lot less obtrusive on large screen resolutions (sometimes I forget that not everyone is on 1600 x 1200 like I am). And part of the reason I recommend it is that Neopets isn't the only place that you're vulnerable to that sort of thing. The most common targets are probably ebay and paypal, although large banks are bretty commonly attacked in that way as well. But hey, that's why I gave multiple solutions as to how to check URLs.

And inrun, you're not the only one who had that problem. I always sort of assumed that when I needed to log back in for some reason it would usually take me 2-3 tries to get a code I could read. It just never bothered me much, because I almost never log out... it's a luxury of being the only one allowed within 3 feet of my computer without being smacked with a dead fish. :D


Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Feb 20, 2005 4:11 pm 
Beyond Godly
Beyond Godly
User avatar

Posts: 3602
Joined: Sun Sep 05, 2004 1:23 am
Location: Set by Stampsyne. Thanks!
iconoplast wrote:
And inrun, you're not the only one who had that problem. I always sort of assumed that when I needed to log back in for some reason it would usually take me 2-3 tries to get a code I could read. It just never bothered me much, because I almost never log out... it's a luxury of being the only one allowed within 3 feet of my computer without being smacked with a dead fish. :D

I've had problems with security codes too; Neopets' ones weren't too bad, but a I've seen a few sites with horrendous ones in which the letter look like writhing maggots in the process of metamorphosis.

And I have the luxury of my own personal laptop, which I password-lock whenever I wander 3 feet or more away from it. 8)


<img src="http://img.photobucket.com/albums/v379/qanda/qandalitsiggy.gif" alt="Image hosted by Photobucket.com">


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 57 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 118 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group