Pink Poogle Toy Forum

The official community of Pink Poogle Toy
Main Site
NeoDex
It is currently Fri Nov 15, 2024 9:50 am

All times are UTC




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 116 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next
Author Message
 Post subject:
PostPosted: Tue Feb 21, 2006 11:28 pm 
PPT God
PPT God
User avatar

Posts: 1873
Joined: Sun Jan 01, 2006 9:50 am
:o Oh, wow, I even did a Snow Faerie Quest this morning, too. Thanks for the heads up, everconfused and mogster.


Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 12:57 am 
PPT Student
PPT Student
User avatar

Posts: 328
Joined: Tue Aug 31, 2004 11:40 am
Location: Washington
I think I may have encountered a CG in a shop yesterday. I'm not sure if it was or wasn't, but I changed my pw and deleted cookies and all that just to be safe.

I was using the SSW and there was a codestone priced at 1337. I thought that was kind of weird but went for it anyways. When I got to the shop it was gone, thought I missed it. Refreshed on the SSW, and it was still there. I still had the shop open so I brought up the source code and saw some hidden text within the shop.

First there was a src link with cg.html at the end of it, and then a little message. It was something like Dear TNT you have serious XSS (I think that's right) flaws. It had some name, and some email, and said that if they wanted info on fixing it to contact them, because they've tried to contact TNT, but they won't listen or something.

My account is ok still, this happened last night. I put everything in a PIN protected area. I was thinking of alerting TNT that my account may be in danger, but they'd probably take that the wrong way and freeze my account thinking there's a problem with it...


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 2:25 am 
Beyond Godly
Beyond Godly
User avatar

Posts: 3041
Joined: Thu Jun 03, 2004 5:27 am
Location: at the late night science fiction picture show
Kaebel, I think I would report any information I was able to get from that source code. The username, that message with the email, etc. Tell them that you took proactive steps - had pin on everything, changed your password, cleared everything, etc. and that you were able to access your account today with no problem, that your email is correct.

Yes, they still may freeze to protect you, but they appear to be working doubletime to get peoples' accounts back ATM.

Just an fyi, this was posted on premium earlier by a staffer. So, they are not taking this lightly and they are working on solutions.

Quote:
Headed into a meeting to discuss "plan B" for the CG'ers since it's pretty obvious that "plan A" isn't doing the job.


Information you may have, Kaebel, may help them to fix the problem and find the people responsible for this. To me, that's pretty big!


Image Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 2:38 am 
Honorary Member
Honorary Member
User avatar

Posts: 5276
Joined: Mon Sep 12, 2005 3:45 pm
Location: Los Osos, CA, USA, Earth, Sol System, Milky Way Galaxy
Gender: Male
everconfused wrote:
Just an fyi, this was posted on premium earlier by a staffer. So, they are not taking this lightly and they are working on solutions.

Quote:
Headed into a meeting to discuss "plan B" for the CG'ers since it's pretty obvious that "plan A" isn't doing the job.


Information you may have, Kaebel, may help them to fix the problem and find the people responsible for this. To me, that's pretty big!


This sounds like great news. Heck. It is great news. Thanks for the heads up EC. Keep up the great work. You've been the one keeping me calm during all of this with your nice updates. Thanks gain. :hug:


Image
Set by Cukupan
Ohayo Nippon every Sunday at LW
I *heart* R
I'm on a boat like a boss


Top
 Profile  
 
 Post subject: account froze
PostPosted: Wed Feb 22, 2006 3:46 am 
Newbie
Newbie

Posts: 24
Joined: Tue Dec 06, 2005 10:53 am
Location: Canada
hi everyone.was using my account last night ok.was sent a scak mail.reported it and got them shut down.got another about an hour later.reported it and got them shut down as well.went onto neopets this morning,my account was working fine,came home from work this evening and my account was froze.WHY???sent mail to neopets to get unfrozen.when i try to log in it says i may have been scammed or someone may have gotten into my account>OH I Hope not.Iam a very honest and clean player and just thinking of all my hard earned items gone makes me sick!did this happen to anyone else at all today.I constantly cleart my cookies and change my password almost daily.paranoid mabye.still waiting for TNT to reply.Any idea how long that takes?What are my chances of getting my items back?HELP!


Roses are red, violets are blue, I'm a schizophrenic and so am I

**need a premium invite ? I have 17 left. Neomail me. Neopets Username : bandkfennell**


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 4:23 am 
Beyond Godly
Beyond Godly
User avatar

Posts: 3041
Joined: Thu Jun 03, 2004 5:27 am
Location: at the late night science fiction picture show
Oh Sky! :hug: I only pass along things that I see, hear or read in hopes that it will stop someone from trying to wiz snipe, etc. and lose their account. And then usually only after I've thrown a pillow across the room and have a chance to calm down. This whole thing just makes me so upset and angry to see these people with nothing better to do with their time than try to steal from others.

Band, have you been to any usershops, especially those with very cheap items, like codestones? If you have and you got a blank page or the shop didn't have the item but it still shows up on the shop wiz, then there's a good chance you were cookie grabbed.

As far as I know there is no way for this to happen via neomail. If that were possible, just about all of use would have lost an account by now.

The best thing for you to do is, if you've already filled out the form, is to wait for TNT to contact you. I am sorry that you were yet another victim.

The only thing I can think of to try to protect ourselves is - use the PIN that TNT has provided for us, and use that everywhere possible. Don't go to usershops, especially ones with items priced "Too good to be true", stay away from userlookups or just about anywhere a user can edit a page. When you log out of Neo or anywhere, clear everything. Don't go to any off-site links anyone on Neo may give you.

Finally, if you must shop, etc. and use windows - open Notepad and write a list of long, combination Upper and lower case letters and numbers - save that. Have your user pref page open in another window or tab; have your current password in the space provided. Copy one of the passwords on your notepad and quickly paste that into the 2 spaces provided and change that password. Make a note in the notepad of which password you're using.


Image Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 4:36 am 
PPT Toddler
PPT Toddler
User avatar

Posts: 241
Joined: Fri Jan 20, 2006 5:11 pm
This scares me so bad. I'm doing all my shopping on the trading post now thinking it's a safe idea, because as far as I know CGing isn't possible on there, and decided to look up the price of an Eyewich and a Ghost Wrap. I saw them extremely underpriced- average was 20-25k and these were 1,200. Without thinking, and in my greed, I had gone to the shop and bought them only to run to the user pref page two seconds later. I changed my password quick and everything is fine 8 hours later.

Out of curiousity do I need to delete my cookies after I change the pass? I haven't, and didn't, and am wondering whether if it was a CGer instead of what I figured to be a mispricer if my account would have been.. Well.. dead by now.


Quote:
Image How come in the TCG: Darkest Faerie edition there's a Yellow Gallion, but no such option to paint your Gallion this colour exists?.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 4:57 am 
PPT Toddler
PPT Toddler

Posts: 135
Joined: Fri Feb 18, 2005 3:07 pm
You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 5:39 am 
PPT Toddler
PPT Toddler
User avatar

Posts: 241
Joined: Fri Jan 20, 2006 5:11 pm
mattjcasey wrote:
You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...


That would completly ruin Spotlights, Userlookup contests and a lot more though. Guilds, roleplaying, fancy lookups to push your pet aside from being just another average. :\


Quote:
Image How come in the TCG: Darkest Faerie edition there's a Yellow Gallion, but no such option to paint your Gallion this colour exists?.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 9:37 am 
PPT Student
PPT Student

Posts: 347
Joined: Fri Sep 09, 2005 7:47 pm
I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.


:peace:


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 10:52 am 
PPT Student
PPT Student
User avatar

Posts: 328
Joined: Tue Aug 31, 2004 11:40 am
Location: Washington
About reporting the info that I found. I'm sure TNT already got to it because a few minutes, eh maybe five, after I did everything to my account to make it safe, I refreshed on the SSW. The username/item was still there, still there, still there, then gone.

I think I still have the username, although I'm sure it's a hacked account. *goes to check* ERROR : Sorry, nothing with the name '*tooknameout*' exists. Please try again!

Yup, they got it. The post I made earlier, I was at school. At home I have the text that I found still posted in an IM

Quote:
-TNT, if you are reading this, this is Infamous*letters/#takenout*. You have major XSS flaws. Want to get rid of them? Contact me, it's not like I haven't tried to contact you. Infamous*letters/#takenout*@gmail.com


Does that sound familiar to anyone?


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 6:39 pm 
Beyond Godly
Beyond Godly
User avatar

Posts: 3041
Joined: Thu Jun 03, 2004 5:27 am
Location: at the late night science fiction picture show
ira_7700 wrote:
I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.


Ira, I don't know anything about going to another site, but with the Neo thing, people who have been grabbed have been used to spread the cg - whoever taked the account has been known to put a cg in the victim's shop or lookup or both.

And the cg code has been typed in white font, meaning if you think for a minute that you've been to a page, even if you've changed your password, then cleared everything, it's a very good idea to go to your lookup, shop, gallery, pet description and highlight your entire code. Anything weird will show up when highlighted. Then you can delete it.

Kaebel, it could be him, it could be one of his "friends", it could be someone else just using that name.


Image Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 8:08 pm 
Way Beyond Godly
Way Beyond Godly

Posts: 8715
Joined: Sat Jun 05, 2004 9:10 pm
Location: Cleveland, Georgia
Gender: Female
I miss Linux more and more. <_<


Image


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 8:32 pm 
PPT Student
PPT Student

Posts: 401
Joined: Sat Dec 31, 2005 9:56 am
Location: Other Side of Humanity
Dusket wrote:
mattjcasey wrote:
You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...


That would completly ruin Spotlights, Userlookup contests and a lot more though. Guilds, roleplaying, fancy lookups to push your pet aside from being just another average. :\


Would you rather have a cool userlookup or a safe account? As someone who likes to make their userlookup/petpage/pet lookup look cool with graphics and such I'd rather not be able to do that (temporarily or permanently) than lose my account because I stumbled upon a CG.


Top
 Profile  
 
 Post subject:
PostPosted: Wed Feb 22, 2006 9:07 pm 
Moderator
Moderator
User avatar

Posts: 3739
Joined: Mon May 31, 2004 5:58 pm
Location: Idiotville
Dusket wrote:
Out of curiousity do I need to delete my cookies after I change the pass? I haven't, and didn't, and am wondering whether if it was a CGer instead of what I figured to be a mispricer if my account would have been.. Well.. dead by now.


No. Once you change your password, your old cookies are no longer valid.

ira_7700 wrote:
I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.


In order to become a "spreader," what happens is that the person who runs the cookie grabber must access your account and insert the cookie-grabber scripting or referrer or whatever into your shop or user lookup. At that point, you are a spreader.

My two cents? TNT should ban all links in shops except to other shops. They should ban all html in shops except "font," "a href" and "img."


Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 116 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 46 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group