Pink Poogle Toy Forum

I agree with TNT silencing the masses. People screaming "hackorz!?!>!!!!!11" simply worsens the problem, worries people needlessly, and makes people who need not be concerned at all get hysterical.

They've fixed the vulnerability that the CGer was using, so there's no need for people to "protect" themselves right now. (Unless the kaos guy has engineered a completely different code, which is unlikely.) It's in the player's best interest to just shut their traps and move on in, or else there will be more suspensions.

Was suspended for 24 hours, not just a mere 4.

"The ONLY means by which a user can have an account stolen is when they inadvertently or intentionally gives away their password." "

I understand that neo may never have been hacked, but What i am against is this quote. ^^^^^. We did not give away our password. We gave away our cookies....

Some guy claims he was frozen for that offence...
--------------------------------------------------------------
"I do understand why they want to cover this up, but that doesn't mean I shouldn't be mad at them. It's in their best interests to cover it up (their short-term best interests, at any rate.) It's in the players' best interests for word to get out."

Well said. And i think that neo themselves should also have told us in the news about this new "scam".

And
*Newsflash*!. If TNT claims that the accs are unable to get in without the user givin gout the pw , Then they must have locked all those boards and posted all the vulgarities on the boards themselves! Oh my.....


I would still regard Cgers as giving away cookies, not giving away ur pw...

A warning would have done. I did not exggrate the situation. I merely said
somethng along the lines of "Neopets claimed that accounts cannot be accessed without the user advertatly or inadvertatly <-(Sp). Yeah right -_-" "
Snak Edit: Please don't dbl post. If you have something to add after you've posted (and noone else has after you) just edit that last post of yours!

Cookies are your password. They're the stored version of that password which is logged onto your computer. By taking your cookies, they're taking your password.

Yes, but in that quote TNT seems to be making the claim that there is no way for someone to get into your account without your telling them the password -- either deliberately for some reason, or because they're tricked you into giving it away by claiming to be TNT or whatever.

The implication is that unless you've "messed up" no one can get into your account and as long as you're careful not to give your password away, you're safe.

This is simply not true, as the infamous "password sending" incident and CGs make clear. This weekend your account could have been broken into simply by visiting the wrong shop -- and during the send password incident, TNT gave people's passwords away themselves.

I agree that spreading wild rumors on the Neoboards should be a suspendable offence, but spreading factual information should not be. It is important that users be able to get factual information about incidents like these to protect themselves, and if TNT doesn't plan to fulfill its responsibility to protect its users, it should at least not hinder others from doing so.

I'd like to point out the use of the word 'inadvertently.' Getting cookie grabbed, whether you like it or not, is inadvertently giving away your password. No one was hacked. Hacking is more complicated than that. Everyone just needs to stop jumping down TNT's throats. >_<

Watch. If TNT actually gets hacked, they'll redefine "hacked" to mean that someone broke into Neopets headquarters with machine guns and took over the company. Then they can still claim they've never been "hacked."

This is all like arguing over what the definition of "is" is: hiding behind technicalities. By saying they've "never been hacked" and that people can only access your account if you "give away your password" TNT is implying that all instances of hacked accounts are due to user error (for which TNT is not at fault) and not due to holes in their security system (who which they are.) This is untrue. Allowing cookie grabbers to be posted TO THEIR WEBSITE is a security hole for which TNT is responsible. Sending out a users password to anyone who asked is a security hole for which TNT is responsible.

I don't blame TNT as for the security holes themselves -- they seem to have fixed them as soon as they could. (That said, clearly they COULD make the site much more secure and for some reason don't... I mean, when is the last time your bank account was cookie-grabbed?) I can and do blame them for witholding information from their users which would allow users to keep themselves safe, and I CERTAINLY blame them for punishing users who try to fill in for what I see as their lapse.

As an aisde, as long as we're splitting hairs, I think it's arguable as to whether being CG-ed constitutes inadvertantly giving out one's password. If I understand how these cookies work, the password is not recoverable from them by the CG-er: the person with your cookie doesn't know your password and couldn't (say) help someone else log into your account without sending them your cookie, or log into other accounts that happen to have the same password. What they have is the cookie: the bit of information that tells the Neopets server who you are and that you're logged in, rather than the password itself.

And when the Neopets site itself was giving out people's passwords -- that's clearly not an example of people giving out their passwords, inadvertantly or otherwise.

I frankly don't think it matters. As I said, you can split hairs all you want: I think TNT's obligation to keeping users safe extends to telling people what they should be doing when there are problems with the site -- or at the very least, not preventing others from doing so. This doesn't have to be done in an alarming manner: simply advising people on the news that they're having some problems with shops, user lookups, and petpages and that people should avoid visiting same until things are fixed would be sufficient. Hiding behind hair-splitting to fulfilling what I see as their reponsibility is unacceptable to me even if technically correct.

The semantics don't matter. TNT doesn't want a bunch of uninformed people causing hysteria on the neoboards, which is understandable. It's as simple as that.

That's about as likely as a McDonalds Paintbrush being Released - they would have to stoop so low that it would be unimaginable...

Not trying to beat a dead horse but there is one thing I really don't understand, and I would really just like clear answer (because I kind of favor the other side on this one)

While I can understand how random user posting panic boards like "ONG!!!111 they CGED ur credit card info! the no where u live! u can't hide!!11" is a VERY bad thing, I really don't understand how a quick, small spot in the news saying, "we had a little problem, its all fixed now, play on people!" Is bad? I don't think they would even need to mention a cg or anything of that nature, I am sure "Small Glitch" would be great. I guess I can't understand how that could be bad publicity. I would think it would probably kill off a fair amount of the speculation boards. On the flip side I can understand how not speaking of it on site, but screaming about it off site might look a little strange...

I took a class in PR for my Mass Comm major, and I just really really don't understand this point of view, and if its gonna be my major I probably better understand both sides. The first case we study was on a major drug chain releasing bottles of pain medication that contained a poison and actually killed people. They are still a giant today because the head of their PR jumped up and said Wait, return this we cant believe our security didn't catch this let us help make this better. We also learned about several companies who aren't around today from sweeping the ugly under the rug. I am not saying Neopets will close on acount of this, I just want to understand why you think it would be such a bad move PR wise.
(sorry about any spelling in advance)

Yes, TNT should definitely put the rumors to rest with a short explanation in the news. They don't have to go into it in any detail, but they should at least say that there were some glitches recently and they've been fixed. But this topic was about people being warned for "spreading the truth" on the neoboards. I know a few people were posting accurate info, but a lot of them were just freaking out and spreading wild rumors, which does no one any good, so I can understand why TNT shut down those threads and warned the starters. And they didn't freeze anyone, so I don't see why it's a big deal, really.

The neoboards tick me off. Someone posts, worried about Kaos, and the people just go report happy on them for spreading "false rumors". The cookie grabber scare is REAL, and Neopets shouldn't punish people who are only trying to help others.

I agree that that's understandable, and I approve of it.

TNT apparently also doesn't want well-informed people telling people accurate information on the Neoboards, or (apparently) putting accurate information on petpages.

That's also understandable -- it looks bad to the sponsors -- but I don't approve of it.

It's doubly unacceptable to me because the T&C doesn't specifically say that warning other users about problems on the site is a freezable offence. And I have heard that people have been frozen for putting up a petpage giving information about the cookie grabber -- we've been discussing it on NC. True or not I have no way of knowing. :shrug:

Edit: Frankly, I think information would CALM the hysteria, not create it. Remember how many people were freaking out about the possibililty of being CGed from the News page? If TNT had been as forthcoming as dolphinling, people might have understood this was impossible and not gone nuts.

I agree, I feel bad for the ones who were posting accurate information and were warned. But TNT really can't allow some users to talk about a subject while not allowing other people to mention it. They have to either allow everyone to discuss it (which leads to the uninformed people spreading rumors and causing hysteria) or ban everyone from discussing it. It's easier and makes more sense to do the latter. And I can see clearing petpages, because if a bunch of info gets out about how people are doing this, more annoying little script kiddies might decide to "stick it to the man" and commit some copycat crimes.

I highly doubt this much thought went into it. I think while all of this was giong on, TNT was trying to figure out more ways to put McDonald's items in EVERY SINGLE SNOW FAERIE QUEST. Either that, or they were at home celebrating Martin Luther King Jr. day. And by the way, I think Kaos could have chosen a more creative name than that. After all, that was the name of a boss in Donkey Kong Country 3 AND the villain syndicate in Get Smart. Come on. Can anyone say, "cliche?"

Cookies store your password... yes.

But in MD5. You'll need a decoder to actually get your password.

Again, the moderator was not 'hacked'. She simply ran across a CGer with no protection whatsoever.

All the events play out from there.

Though I usually avoid the neoboards like a plague, I was rather active during this event. Why? Because I was also spreading information and how to prevent this. Why wasn't I suspended/frozen?

Correct information and correct terminology is the key here.