Possibly CGs again.

[Dustin]

Just wanted to let you all know that the cookie grabbers have been on the trades for a couple of days, actually. Someone posted about it on the trading/auctions board on Monday I believe. So just be careful out there.

[Morningstar]

I was hit by a cookie grabber in January. And I was able to save my account. And only because I was aware that this had been happening to to others in previous days (thanks to posts here at PPT), because I was alert and fully awake when I was playing, because I am suspicious as can be (I went to a shop on the wiz and instead got directed to the front page of Neopets--it ended up being a fake front page on an offsite website with a CGer sitting on it), and because I have extremely fast reflexes during a crisis.

If you think you have gotten hit by a cookie grabber, first thing you have to do is change your password. To anything at all. Speed is the key. Because the second your account was directed to that offsite place, it took like a photo of the coding used for the password you had at the instant you were grabbed. So, don't spend your time thinking up a good password. Just get something in there fast--a combo of letters and numbers that you can remember. Or change your password by adding or eliminating an extra number/letter/symbol. And write it down! Because you are liable to forget it while your hands are shaking and you are almost in tears (like I was). And when I got hit, there were reports that this guy was faster than lightning at getting into your account. So, if he is in your account while you are doing this, it will log him out of your account the second you change that password. It is a good idea to then delete your cookies and temp files. And this is just in case there is a keylogger or something equally nasty on that offsite place. Something that can record your new password. Then after I deleted my temp files and cookies, I went back in to Neo and changed my password again.

It is a very scary thing. The important thing is to try and keep your head.

[BeDeviled]

I was hit by a cookie grabber in January. And I was able to save my account. And only because I was aware that this had been happening to to others in previous days (thanks to posts here at PPT), because I was alert and fully awake when I was playing, because I am suspicious as can be (I went to a shop on the wiz and instead got directed to the front page of Neopets--it ended up being a fake front page on an offsite website with a CGer sitting on it), and because I have extremely fast reflexes during a crisis.

If you think you have gotten hit by a cookie grabber, first thing you have to do is change your password. To anything at all. Speed is the key. Because the second your account was directed to that offsite place, it took like a photo of the coding used for the password you had at the instant you were grabbed. So, don't spend your time thinking up a good password. Just get something in there fast--a combo of letters and numbers that you can remember. Or change your password by adding or eliminating an extra number/letter/symbol. And write it down! Because you are liable to forget it while your hands are shaking and you are almost in tears (like I was). And when I got hit, there were reports that this guy was faster than lightning at getting into your account. So, if he is in your account while you are doing this, it will log him out of your account the second you change that password. It is a good idea to then delete your cookies and temp files. And this is just in case there is a keylogger or something equally nasty on that offsite place. Something that can record your new password. Then after I deleted my temp files and cookies, I went back in to Neo and changed my password again.

It is a very scary thing. The important thing is to try and keep your head.

I would like to add to this, I got cookie grabbed in early June... They got into everything I was logged into, on neopets, my msn through my msn messenger I was running at the time, my yahoo that I was running at the time, my isp mail/webpage servers (I had it on my incredimail).

As she said speed is the Key, I got grabbed the night before and didn't realize it until the next morning when I got a password change notification. Then the race was on to save my accounts as fast as possibe.

[eilu]

I read soemwhere that cookie grabbers only work in IE... is that true?

[DracolordII]

I read soemwhere that cookie grabbers only work in IE... is that true?

no, that is false, cookie grabbers can work no matter what browser you have.

[JCMidore]

I thought HTML was completely disabled in the Trading Post. Can anyone
confirm whether this scare is over or not?. As an avid trader and reseller
I am completely cohibited as far as earning daily wages. ):

[Stars_of_Night]

So when will we know when it is safe to go back on the TP? I really want to know b/c i wanted to buy some things soon

[DM was on fire!]

Tell me about it. << I dispise that HTML filter.

I don't think I'll have to worry about CGers since I have Linux, but you never know.

[dolphinling]

Hi everyone, sorry for not posting here earlier.

To reiterate, since it looks like some people haven't heard: The ONLY thing that will protect you once you've already been CGed is to change your password. Deleting your cookies will not help. Logging out will not help. You have to make it so the old cookie that they copied doesn't work anymore, and the only way to do that is to change your password.

As for this particular incident... I'm not certain how it was done, or if it was even true at all. I never actually saw it done, and I can't do my own tests on the TP because if it WORKED there's a strong chance someone would see it and either a) report me, or b) exploit it before I could get TNT to fix it.

I do see one way it might have worked, but it doesn't. Either they fixed it, or it never worked in the first place. But that way doesn't match up with what people who claimed to have seen it said. So unfortunately, I just don't know.

If anyone does get more info, just tell me and I'll look through it.

[ggagahc]

I'm half-scared (cuz I went to the TP yesterday) and half-confused. I know I'm supposed to be freaking out but I'm just a bit...curious? I don't understand how cookie grabbing works. Can someone elaborate on it? Like, how a hacker will get into your account by having your cookies? Gosh I hope I haven't been affected......-__-

[DracolordII]

I'm half-scared (cuz I went to the TP yesterday) and half-confused. I know I'm supposed to be freaking out but I'm just a bit...curious? I don't understand how cookie grabbing works. Can someone elaborate on it? Like, how a hacker will get into your account by having your cookies? Gosh I hope I haven't been affected......-__-

Basically every time you go into a website, and each time you log in the computer saves the data you used to get in to a special internet folder, this data(cookies) contains your username and password on neo and ,I think, your PIN as well as any other data you enter into your computer including real lie PINs the cookie grabbers take the data they are meant to look for and send it back to the person who is using the CG.

I don't completely understand it myself so if I am wrong someone please correct.

[shapu]

I'm half-scared (cuz I went to the TP yesterday) and half-confused. I know I'm supposed to be freaking out but I'm just a bit...curious? I don't understand how cookie grabbing works. Can someone elaborate on it? Like, how a hacker will get into your account by having your cookies? Gosh I hope I haven't been affected......-__-

Basically every time you go into a website, and each time you log in the computer saves the data you used to get in to a special internet folder, this data(cookies) contains your username and password on neo and ,I think, your PIN as well as any other data you enter into your computer including real lie PINs the cookie grabbers take the data they are meant to look for and send it back to the person who is using the CG.

I don't completely understand it myself so if I am wrong someone please correct.

Cookie grabbers only work for information that is related to logins - cookies do not store your Neopets PIN. Thus, cookie grabbers cannot get your PIN information.

Cookie grabbers also cannot get your real-life pin or any other typed-in information. They only get logins.

[DracolordII]

Thanks for the corrections shapu, like I said I didn't really understand it, but it looks like with the exception of he PINs and real-life information, I had the basic Idea.

[Pardona]

Now what I am wondering, though - me being extremely computerunwise - is the following: everytime I enter my pin, it says 'password manager can remember this password and enter it automatically the next time you log on. Would you like password manager to remember this password?' I have, up until now, always selected no as an answer, thinking this would create another cookie to be grabbed an completely invalidating the security system set up by the pin system. Is this correct?

Also - am I to fear cookiegrabbing only while trading, or even while just viewing items in the Trading Post?

[Teelie]

Using the auto-fill in feature in either IE or Firefox should not allow them to gain access to the pin number, unless they were able to gain access to your computer in a completely different way. Not possible with a cookie grabber.

Basically they would need to gain remote (by hacking or using exploits) or local (physically be there) access to your computer to access that in which case you have a much bigger problem than losing some items on Neopets. If other people can and do use your computer, it's a good idea not to use any kind of password or pin remembering functions.