Tue Jan 17, 2006 6:43 pm
I have been on the Beauty Contest board for the last two weeks-ish advertising my Krawk and look what I missed. Oh well. Better for me.
One person has been able to outsmart TNT every holiday weekend they've been gone since (Christmas?), while I don't like what they've done and how they've screwed innocent people over in the process. I have to say I'm glad it was some attention seeker instead of a more serious threat or a bigger group of people.
Question! Sorry if this was already addressed before but I missed it if it was and was curious...
When these CG get your cookies, do they take ALL of your cookies or just your Neopets related ones? Because if it takes all of your cookies I'd be more worried about my e-mail, Ebay and Paypal accounts than my Neopets accounts.
And dolphinling gets my vote for king of the internet
One person has been able to outsmart TNT every holiday weekend they've been gone since (Christmas?), while I don't like what they've done and how they've screwed innocent people over in the process. I have to say I'm glad it was some attention seeker instead of a more serious threat or a bigger group of people.
Question! Sorry if this was already addressed before but I missed it if it was and was curious...
When these CG get your cookies, do they take ALL of your cookies or just your Neopets related ones? Because if it takes all of your cookies I'd be more worried about my e-mail, Ebay and Paypal accounts than my Neopets accounts.
And dolphinling gets my vote for king of the internet
Tue Jan 17, 2006 6:48 pm
Nefasturris wrote:
Question! Sorry if this was already addressed before but I missed it if it was and was curious...
When these CG get your cookies, do they take ALL of your cookies or just your Neopets related ones? Because if it takes all of your cookies I'd be more worried about my e-mail, Ebay and Paypal accounts than my Neopets accounts.
I've heard it depends on your browser; that they can potentially grab non-Neopet cookies through IE, but that some browsers (like Firefox) have done something with their cookies so that only the sites that made them can access them. Or something like that (I'm not as computer savvy as I probably should be).
I'd like confirmation as well, because I'm also concerned for my other accounts.
Tue Jan 17, 2006 6:57 pm
Here's my question.
If a hacker does snag more then just Neopets cookies and uses those off site cookies like from Paypal; eBay; etc, is there a way that we as players can hold TNT accountable for not keeping their site safe for surfing?
I was always under the impression from TNT that their site was always safe to use. If they say this, wouldn't they be liable legally to keep it that way for those who use their site for free and pay through Premium?
If a hacker does snag more then just Neopets cookies and uses those off site cookies like from Paypal; eBay; etc, is there a way that we as players can hold TNT accountable for not keeping their site safe for surfing?
I was always under the impression from TNT that their site was always safe to use. If they say this, wouldn't they be liable legally to keep it that way for those who use their site for free and pay through Premium?
Tue Jan 17, 2006 7:00 pm
cheshyr1 wrote:Here's my question.
If a hacker does snag more then just Neopets cookies and uses those off site cookies like from Paypal; eBay; etc, is there a way that we as players can hold TNT accountable for not keeping their site safe for surfing?
I was always under the impression from TNT that their site was always safe to use. If they say this, wouldn't they be liable legally to keep it that way for those who use their site for free and pay through Premium?
I'm not sure... I'm thinking TNT copuld take 2 approaches to that. On one hand, they're not forcing you to go there. So just like when you go anywhere on the web, it's possible that you will meet up with something/one malicious. So it's kind of your part to make sure you odn't. On the other hand, if they get credit card information from Premiums, or from people who go to PayPal, eBay, Amazon... then they're dealing with holes in their site that allow others to get access to real, hard cash. So I mean, it's a risk going on there and most people would know that... but it's starting to get into real-world issues, and I think TNT would take the blame for something like that (or I'd hope so!)
Tue Jan 17, 2006 7:03 pm
Morningstar, I'm sorry you had to go through that. That you went back to the shop and then to the lookup is alot more than I would have done. So, you cleared everything, changed your password each time. Did you also change the password to your email, just in case?
What I was told was that there were? (still are floating around because of how many accounts were taken?) 2 of these things - one you get a popup for and one you don't - meaning you could be grabbed "silently" unless you're closely watching the loading information at the bottom of the page.
These kiddies get NO respect from me. They're all just c&p something that was made. The name infamous is allegedly the one who made at least one of these things, kaos hosted it until supposedly too many people got hold of it and were trying to break it down - then a password was put on it. Ironic, no? Protecting something that already was or is in too many places, that is so harmful. Last night someone was, I believe, impersonating an "old school" hacker, which caused even more panic.
Maybe this started as a way to show TNT that there were vulnerabilites. Didn't stay that way, did it. And it wasn't done the right way. Taking accounts to prove a point? How many people lost their accounts, how many will either not get them back because of the terrible things posted on boards by these people or get an empty account back.
This latest mess was supposedly retaliation against TNT because kaos had started a 'clean' account and was going to play 'fair' and TNT iced him, so he decided to go for total chaos. Well that worked, chaos has been caused. There is NEVER a good reason to do something like this. How many people don't go to the boards and don't know this happened and thus are vulnerable (just like dupe day and the other cg incidents) - and think about those who share computers or otherwise don't clear everything after sites are visited. Premium accounts were taken, ss of their information was posted. NP and pets at the least were being sold on the "black market".
Saturday night there was someone on the BDchat who did something to the board - said it was a "test", posting asking if anything odd had happened. Yes, something did - the DFM pteri popped up for a few seconds and "stuck". They said there's some kind of weakness with the boards. Coincidence? Quite possibly. But one more thing that should be looked at.
How much trust has been lost. Alot. A member was grabbed, then their guild was taken over and a cg put on the front page. Domino effect - people go to their guild to see if they can help, ask questions and they're grabbed and the cg possibly put in their shops and/or lookups. Yes, some people have gotten accounts back, but those seem to be the "big" players.
Slime Lord, I kind of "get" what you've said, but why destroy members' accounts wantonly to get the point across. Yes, Neo does have too many holes and problems. Yes, there's no reason they couldn't have and shouldn't have been fixed a long time ago. That I place in TNT's lap. That said, they do work hard on the site, they don't just sit around eating bonbons. I think the site needs taking down and everything and anything that can be changed should be worked on until it's secured, or at least as secure as one can make anything on the internet these day. I know, build a better mousetrap and you end up with smarter mice. If they don't have them, TNT needs to hire some white (or black) hats to go through their site and system to find and fix any holes or vulnerabilities.
As to the mod who's account was taken - it probably was a report and of course they will go to the page to see what is going on. At the time, I was told there was no way to protect yourself - not disabling js, jscript or adblock with FF. Plus disabling js is against the rules.
These scriptkiddies, and IMHO, the people who were cheering them on, making appreciation boards and the like all deserve to be gone. The ones responsible need to be caught and prosecuted. Age means nothing when you're talking about fraud, theft, disruption of a business, accessing peoples' emails and who knows what sensitive, RL information and doing what with it. Selling intellectual property for real money - and avoiding taxes. There are ways to prosecute. They just have to find them. And I hope they do. Otherwise, this will just keep happening. What's next? You know this isn't the end until everything customizable is completely cleared, all the holes fixed - not patched but fixed - and these I can't say what I really think they are - people caught and taken out.
What I was told was that there were? (still are floating around because of how many accounts were taken?) 2 of these things - one you get a popup for and one you don't - meaning you could be grabbed "silently" unless you're closely watching the loading information at the bottom of the page.
These kiddies get NO respect from me. They're all just c&p something that was made. The name infamous is allegedly the one who made at least one of these things, kaos hosted it until supposedly too many people got hold of it and were trying to break it down - then a password was put on it. Ironic, no? Protecting something that already was or is in too many places, that is so harmful. Last night someone was, I believe, impersonating an "old school" hacker, which caused even more panic.
Maybe this started as a way to show TNT that there were vulnerabilites. Didn't stay that way, did it. And it wasn't done the right way. Taking accounts to prove a point? How many people lost their accounts, how many will either not get them back because of the terrible things posted on boards by these people or get an empty account back.
This latest mess was supposedly retaliation against TNT because kaos had started a 'clean' account and was going to play 'fair' and TNT iced him, so he decided to go for total chaos. Well that worked, chaos has been caused. There is NEVER a good reason to do something like this. How many people don't go to the boards and don't know this happened and thus are vulnerable (just like dupe day and the other cg incidents) - and think about those who share computers or otherwise don't clear everything after sites are visited. Premium accounts were taken, ss of their information was posted. NP and pets at the least were being sold on the "black market".
Saturday night there was someone on the BDchat who did something to the board - said it was a "test", posting asking if anything odd had happened. Yes, something did - the DFM pteri popped up for a few seconds and "stuck". They said there's some kind of weakness with the boards. Coincidence? Quite possibly. But one more thing that should be looked at.
How much trust has been lost. Alot. A member was grabbed, then their guild was taken over and a cg put on the front page. Domino effect - people go to their guild to see if they can help, ask questions and they're grabbed and the cg possibly put in their shops and/or lookups. Yes, some people have gotten accounts back, but those seem to be the "big" players.
Slime Lord, I kind of "get" what you've said, but why destroy members' accounts wantonly to get the point across. Yes, Neo does have too many holes and problems. Yes, there's no reason they couldn't have and shouldn't have been fixed a long time ago. That I place in TNT's lap. That said, they do work hard on the site, they don't just sit around eating bonbons. I think the site needs taking down and everything and anything that can be changed should be worked on until it's secured, or at least as secure as one can make anything on the internet these day. I know, build a better mousetrap and you end up with smarter mice. If they don't have them, TNT needs to hire some white (or black) hats to go through their site and system to find and fix any holes or vulnerabilities.
As to the mod who's account was taken - it probably was a report and of course they will go to the page to see what is going on. At the time, I was told there was no way to protect yourself - not disabling js, jscript or adblock with FF. Plus disabling js is against the rules.
These scriptkiddies, and IMHO, the people who were cheering them on, making appreciation boards and the like all deserve to be gone. The ones responsible need to be caught and prosecuted. Age means nothing when you're talking about fraud, theft, disruption of a business, accessing peoples' emails and who knows what sensitive, RL information and doing what with it. Selling intellectual property for real money - and avoiding taxes. There are ways to prosecute. They just have to find them. And I hope they do. Otherwise, this will just keep happening. What's next? You know this isn't the end until everything customizable is completely cleared, all the holes fixed - not patched but fixed - and these I can't say what I really think they are - people caught and taken out.
Tue Jan 17, 2006 7:04 pm
Officer 1BDI wrote:Nefasturris wrote:
Question! Sorry if this was already addressed before but I missed it if it was and was curious...
When these CG get your cookies, do they take ALL of your cookies or just your Neopets related ones? Because if it takes all of your cookies I'd be more worried about my e-mail, Ebay and Paypal accounts than my Neopets accounts.
I've heard it depends on your browser; that they can potentially grab non-Neopet cookies through IE, but that some browsers (like Firefox) have done something with their cookies so that only the sites that made them can access them. Or something like that (I'm not as computer savvy as I probably should be).
I'd like confirmation as well, because I'm also concerned for my other accounts.
These particular people are only taking Neopets cookies. As for whether they could take others in IE, I don't know. IE has so many security holes it's hard to keep up with them all.
For now at least, you can consider all your non-neopets stuff safe.
In terms of actually getting this fixed, I have an unfortunate lack of updates.
I'm not sure why it's not fixed yet, as I have confirmation that the message was passed on and they do know about it... meh.
(And, um, king of the internet? That's a little much. Maybe I can be a minor duke.
)
Tue Jan 17, 2006 7:12 pm
psyco_chick32 wrote:I'm not sure... I'm thinking TNT copuld take 2 approaches to that. On one hand, they're not forcing you to go there. So just like when you go anywhere on the web, it's possible that you will meet up with something/one malicious.
True. I'm trying to remember if there was something about that in the Terms and Conditions on signup. Anyone have Terms and Conditions handy?
psyco_chick32 wrote: On the other hand, if they get credit card information from Premiums..
This is what I am really worried about.
Tue Jan 17, 2006 7:12 pm
cheshyr1 wrote:Here's my question.
If a hacker does snag more then just Neopets cookies and uses those off site cookies like from Paypal; eBay; etc, is there a way that we as players can hold TNT accountable for not keeping their site safe for surfing?
I was always under the impression from TNT that their site was always safe to use. If they say this, wouldn't they be liable legally to keep it that way for those who use their site for free and pay through Premium?
No. They're protected from any liability for that sort of thing by the T&C.
T&C wrote:DISCLAIMER AND LIMITATION OF LIABILITY
THIS SITE AND ALL MATERIALS CONTAINED ON IT ARE DISTRIBUTED AND TRANSMITTED ON AN "AS IS" AND "AS AVAILABLE" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW, NEOPETS DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. NEOPETS DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SITE OR MATERIALS WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THIS SITE OR THE SERVERS THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. NEOPETS DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OR THE RESULTS OF THE USE OF THE MATERIALS IN THIS SITE WITH REGARD TO THEIR CORRECTNESS, ACCURACY, RELIABILITY, OR OTHERWISE. THE ENTIRE RISK AS TO THE QUALITY, ACCURACY, ADEQUACY, COMPLETENESS, CORRECTNESS AND VALIDITY OF ANY MATERIAL RESTS WITH YOU. YOU (I.E., NOT NEOPETS) ASSUME THE COMPLETE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION. APPLICABLE LAW MAY NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.
TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, NEOPETS, ITS AFFILIATES, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, REPRESENTATIVES, AND THIRD PARTY PROVIDERS TO THE SITE WILL NOT BE LIABLE FOR DAMAGES OF ANY KIND INCLUDING, WITHOUT LIMITATION, COMPENSATORY, CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL OR SIMILAR DAMAGES, THAT MAY RESULT FROM THE USE OF, OR THE INABILITY TO USE, THE MATERIALS CONTAINED ON THIS SITE, WHETHER THE MATERIAL IS PROVIDED OR OTHERWISE SUPPLIED BY NEOPETS OR ANY THIRD PARTY.
NOTWITHSTANDING THE FOREGOING, IN NO EVENT SHALL NEOPETS HAVE ANY LIABILITY TO YOU FOR ANY CLAIMS, DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT, TORT OR OTHERWISE) EXCEEDING THE AMOUNT PAID BY YOU, IF ANY, FOR ACCESSING THIS SITE.
Tue Jan 17, 2006 7:13 pm
dolphinling wrote:Officer 1BDI wrote:Nefasturris wrote:
Question! Sorry if this was already addressed before but I missed it if it was and was curious...
When these CG get your cookies, do they take ALL of your cookies or just your Neopets related ones? Because if it takes all of your cookies I'd be more worried about my e-mail, Ebay and Paypal accounts than my Neopets accounts.
I've heard it depends on your browser; that they can potentially grab non-Neopet cookies through IE, but that some browsers (like Firefox) have done something with their cookies so that only the sites that made them can access them. Or something like that (I'm not as computer savvy as I probably should be).
I'd like confirmation as well, because I'm also concerned for my other accounts.
These particular people are only taking Neopets cookies. As for whether they could take others in IE, I don't know. IE has so many security holes it's hard to keep up with them all.
For now at least, you can consider all your non-neopets stuff safe.
In terms of actually getting this fixed, I have an unfortunate lack of updates.
(And, um, king of the internet? That's a little much. Maybe I can be a minor duke.
Ah, for sure one of the accounts that was taken last week (they have gotten it back) was using FF, is a premium member and their premium cookies (I think they'd been using their neomail - with a different password) were taken. That was an account that ss of their premium user information was passed around on at least one forum. What other information was gotten I don't know. So it's not necessarily "just" Neo cookies.
I do thank you dophinling for trying to help and for passing information on to your sources. I hope they take heed and get good, secure fixes in place.
BTW, what is salting the cookies. I saw that phrase bantered around as a way to help protect us.
Tue Jan 17, 2006 7:17 pm
dolphinling wrote:These particular people are only taking Neopets cookies. As for whether they could take others in IE, I don't know. IE has so many security holes it's hard to keep up with them all.
For now at least, you can consider all your non-neopets stuff safe.
In terms of actually getting this fixed, I have an unfortunate lack of updates.
(And, um, king of the internet? That's a little much. Maybe I can be a minor duke.
That's good to know, if I had to worry about non-neopets cookies I think I might have quit Neopets. Its one thing to effect Neopets, but when it involves a site that has a lot more information on me than Neopets allows its not worth the frustration of "Cookie grabber? Crap, now I have to go change ALL my passwords... again..."
Tue Jan 17, 2006 7:26 pm
Thank you, Erin and psyco_chick. 
That's what I was looking for. TNT covered their bases when it comes to protecting themselves.
Couldn't agree more. I also think Neopets needs to close down a few days to get things sorted out.
That's what I was looking for. TNT covered their bases when it comes to protecting themselves.
everconfused wrote:Slime Lord, I kind of "get" what you've said, but why destroy members' accounts wantonly to get the point across. Yes, Neo does have too many holes and problems. Yes, there's no reason they couldn't have and shouldn't have been fixed a long time ago. That I place in TNT's lap. That said, they do work hard on the site, they don't just sit around eating bonbons. I think the site needs taking down and everything and anything that can be changed should be worked on until it's secured, or at least as secure as one can make anything on the internet these day. I know, build a better mousetrap and you end up with smarter mice. If they don't have them, TNT needs to hire some white (or black) hats to go through their site and system to find and fix any holes or vulnerabilities.
Couldn't agree more. I also think Neopets needs to close down a few days to get things sorted out.
Tue Jan 17, 2006 7:31 pm
dolphinling wrote:For now at least, you can consider all your non-neopets stuff safe.
In terms of actually getting this fixed, I have an unfortunate lack of updates.
now THAT kind of angers me. Why don't they just shut the site down until they can fix it??Thank you so much for the updates... even the update about not having much of an update is good, because it shows that at least somebody (if not TNT) is working hard at this.
dolphinling wrote:(And, um, king of the internet? That's a little much. Maybe I can be a minor duke.
DOLPHINLING FOR MINOR DUKE OF THE INTERNET!
Well
Tue Jan 17, 2006 7:33 pm
Slime Lord, I kind of "get" what you've said, but why destroy members' accounts wantonly to get the point across. Yes, Neo does have too many holes and problems. Yes, there's no reason they couldn't have and shouldn't have been fixed a long time ago. That I place in TNT's lap. That said, they do work hard on the site, they don't just sit around eating bonbons. I think the site needs taking down and everything and anything that can be changed should be worked on until it's secured, or at least as secure as one can make anything on the internet these day. I know, build a better mousetrap and you end up with smarter mice. If they don't have them, TNT needs to hire some white (or black) hats to go through their site and system to find and fix any holes or vulnerabilities.
I just want to make sure everyone knows i'm not defending his actions, or aruging against anyone on my posts (Not in reply to you Ever, this is just outloud)
I also can't agree more. I do think they need todo something like this and fix these blasted holes. But, I must say to my knowledge (like I stated), I haven't heard anyone loosing any thing out of their accounts. A couple of my guild memebers have been CG'd and got Neomails from Kaos saying "hey just letting you know I grabbed you", and that was it. Nothing more nothing less (and mind you they're a bit..wealthy.)
But yes, TnT Needs todo this and needs to stop worrying about these damn promotions and toys and doing crappage for people they've made deals with and worry about the people who PAY THEM daily.
Us.
Tue Jan 17, 2006 7:34 pm
Respect for criminals? That is just twisted, seriously. Need an example?
Guy shoots four people, but he's an excellent marksman and you run around telling everyone you respect his marksmanship.
Does anyone NOT see how twisted that is? Someone like this, perfectly willing to wreak havoc, disrupt peoples lives, deserves no respect for ANY reason.
When it comes right down to it I really enjoy Neopets, and if my account were destroyed I would just start over. Someone like this will not keep me from my favorite place to relax. It would be difficult to lose everything, that's for sure, but in the end they can't steal your friends or your way of life on Neopets.
Worried about them stealing important cookies? Clear your cookies before playing Neopets so that the only cookies then can steal for sure are just your Neopets ones.
Guy shoots four people, but he's an excellent marksman and you run around telling everyone you respect his marksmanship.
Does anyone NOT see how twisted that is? Someone like this, perfectly willing to wreak havoc, disrupt peoples lives, deserves no respect for ANY reason.
When it comes right down to it I really enjoy Neopets, and if my account were destroyed I would just start over. Someone like this will not keep me from my favorite place to relax. It would be difficult to lose everything, that's for sure, but in the end they can't steal your friends or your way of life on Neopets.
Worried about them stealing important cookies? Clear your cookies before playing Neopets so that the only cookies then can steal for sure are just your Neopets ones.
Tue Jan 17, 2006 7:44 pm
Q wrote:Respect for criminals? That is just twisted, seriously. Need an example?
Guy shoots four people, but he's an excellent marksman and you run around telling everyone you respect his marksmanship.
Does anyone NOT see how twisted that is? Someone like this, perfectly willing to wreak havoc, disrupt peoples lives, deserves no respect for ANY reason.
When it comes right down to it I really enjoy Neopets, and if my account were destroyed I would just start over. Someone like this will not keep me from my favorite place to relax. It would be difficult to lose everything, that's for sure, but in the end they can't steal your friends or your way of life on Neopets.
Worried about them stealing important cookies? Clear your cookies before playing Neopets so that the only cookies then can steal for sure are just your Neopets ones.
I don't think you see where I am coming from with what I have said. I have respect for him because of the extent he is going to show them what they need todo to PROTECT us from people who want todo real harm to US. Do you get where I'm coming from?
Lets say Person A is Kaos. Persona A is grabbing cookies and causing havoc, by going to extreme measures to prevent Person B (criminal, looking for important information on a friendly site) from getting information which could be harmful to us. Person A gets a bad wrap for doing something ~possibly~ rather helpful in the long run, despite the chaos it's creating.
I wish he could do this another way, but he is really protesting and taking drastic measures and prevent this from doing REAL harm to users, and showing TNT how easy this is todo.