Tue Feb 21, 2006 11:28 pm
Oh, wow, I even did a Snow Faerie Quest this morning, too. Thanks for the heads up, everconfused and mogster.
Wed Feb 22, 2006 12:57 am
I think I may have encountered a CG in a shop yesterday. I'm not sure if it was or wasn't, but I changed my pw and deleted cookies and all that just to be safe.
I was using the SSW and there was a codestone priced at 1337. I thought that was kind of weird but went for it anyways. When I got to the shop it was gone, thought I missed it. Refreshed on the SSW, and it was still there. I still had the shop open so I brought up the source code and saw some hidden text within the shop.
First there was a src link with cg.html at the end of it, and then a little message. It was something like Dear TNT you have serious XSS (I think that's right) flaws. It had some name, and some email, and said that if they wanted info on fixing it to contact them, because they've tried to contact TNT, but they won't listen or something.
My account is ok still, this happened last night. I put everything in a PIN protected area. I was thinking of alerting TNT that my account may be in danger, but they'd probably take that the wrong way and freeze my account thinking there's a problem with it...
I was using the SSW and there was a codestone priced at 1337. I thought that was kind of weird but went for it anyways. When I got to the shop it was gone, thought I missed it. Refreshed on the SSW, and it was still there. I still had the shop open so I brought up the source code and saw some hidden text within the shop.
First there was a src link with cg.html at the end of it, and then a little message. It was something like Dear TNT you have serious XSS (I think that's right) flaws. It had some name, and some email, and said that if they wanted info on fixing it to contact them, because they've tried to contact TNT, but they won't listen or something.
My account is ok still, this happened last night. I put everything in a PIN protected area. I was thinking of alerting TNT that my account may be in danger, but they'd probably take that the wrong way and freeze my account thinking there's a problem with it...
Wed Feb 22, 2006 2:25 am
Kaebel, I think I would report any information I was able to get from that source code. The username, that message with the email, etc. Tell them that you took proactive steps - had pin on everything, changed your password, cleared everything, etc. and that you were able to access your account today with no problem, that your email is correct.
Yes, they still may freeze to protect you, but they appear to be working doubletime to get peoples' accounts back ATM.
Just an fyi, this was posted on premium earlier by a staffer. So, they are not taking this lightly and they are working on solutions.
Information you may have, Kaebel, may help them to fix the problem and find the people responsible for this. To me, that's pretty big!
Yes, they still may freeze to protect you, but they appear to be working doubletime to get peoples' accounts back ATM.
Just an fyi, this was posted on premium earlier by a staffer. So, they are not taking this lightly and they are working on solutions.
Headed into a meeting to discuss "plan B" for the CG'ers since it's pretty obvious that "plan A" isn't doing the job.
Information you may have, Kaebel, may help them to fix the problem and find the people responsible for this. To me, that's pretty big!
Wed Feb 22, 2006 2:38 am
everconfused wrote:Just an fyi, this was posted on premium earlier by a staffer. So, they are not taking this lightly and they are working on solutions.Headed into a meeting to discuss "plan B" for the CG'ers since it's pretty obvious that "plan A" isn't doing the job.
Information you may have, Kaebel, may help them to fix the problem and find the people responsible for this. To me, that's pretty big!
This sounds like great news. Heck. It is great news. Thanks for the heads up EC. Keep up the great work. You've been the one keeping me calm during all of this with your nice updates. Thanks gain.
account froze
Wed Feb 22, 2006 3:46 am
hi everyone.was using my account last night ok.was sent a scak mail.reported it and got them shut down.got another about an hour later.reported it and got them shut down as well.went onto neopets this morning,my account was working fine,came home from work this evening and my account was froze.WHY???sent mail to neopets to get unfrozen.when i try to log in it says i may have been scammed or someone may have gotten into my account>OH I Hope not.Iam a very honest and clean player and just thinking of all my hard earned items gone makes me sick!did this happen to anyone else at all today.I constantly cleart my cookies and change my password almost daily.paranoid mabye.still waiting for TNT to reply.Any idea how long that takes?What are my chances of getting my items back?HELP!
Wed Feb 22, 2006 4:23 am
Oh Sky! I only pass along things that I see, hear or read in hopes that it will stop someone from trying to wiz snipe, etc. and lose their account. And then usually only after I've thrown a pillow across the room and have a chance to calm down. This whole thing just makes me so upset and angry to see these people with nothing better to do with their time than try to steal from others.
Band, have you been to any usershops, especially those with very cheap items, like codestones? If you have and you got a blank page or the shop didn't have the item but it still shows up on the shop wiz, then there's a good chance you were cookie grabbed.
As far as I know there is no way for this to happen via neomail. If that were possible, just about all of use would have lost an account by now.
The best thing for you to do is, if you've already filled out the form, is to wait for TNT to contact you. I am sorry that you were yet another victim.
The only thing I can think of to try to protect ourselves is - use the PIN that TNT has provided for us, and use that everywhere possible. Don't go to usershops, especially ones with items priced "Too good to be true", stay away from userlookups or just about anywhere a user can edit a page. When you log out of Neo or anywhere, clear everything. Don't go to any off-site links anyone on Neo may give you.
Finally, if you must shop, etc. and use windows - open Notepad and write a list of long, combination Upper and lower case letters and numbers - save that. Have your user pref page open in another window or tab; have your current password in the space provided. Copy one of the passwords on your notepad and quickly paste that into the 2 spaces provided and change that password. Make a note in the notepad of which password you're using.
I only pass along things that I see, hear or read in hopes that it will stop someone from trying to wiz snipe, etc. and lose their account. And then usually only after I've thrown a pillow across the room and have a chance to calm down. This whole thing just makes me so upset and angry to see these people with nothing better to do with their time than try to steal from others.
Band, have you been to any usershops, especially those with very cheap items, like codestones? If you have and you got a blank page or the shop didn't have the item but it still shows up on the shop wiz, then there's a good chance you were cookie grabbed.
As far as I know there is no way for this to happen via neomail. If that were possible, just about all of use would have lost an account by now.
The best thing for you to do is, if you've already filled out the form, is to wait for TNT to contact you. I am sorry that you were yet another victim.
The only thing I can think of to try to protect ourselves is - use the PIN that TNT has provided for us, and use that everywhere possible. Don't go to usershops, especially ones with items priced "Too good to be true", stay away from userlookups or just about anywhere a user can edit a page. When you log out of Neo or anywhere, clear everything. Don't go to any off-site links anyone on Neo may give you.
Finally, if you must shop, etc. and use windows - open Notepad and write a list of long, combination Upper and lower case letters and numbers - save that. Have your user pref page open in another window or tab; have your current password in the space provided. Copy one of the passwords on your notepad and quickly paste that into the 2 spaces provided and change that password. Make a note in the notepad of which password you're using.
Wed Feb 22, 2006 4:36 am
This scares me so bad. I'm doing all my shopping on the trading post now thinking it's a safe idea, because as far as I know CGing isn't possible on there, and decided to look up the price of an Eyewich and a Ghost Wrap. I saw them extremely underpriced- average was 20-25k and these were 1,200. Without thinking, and in my greed, I had gone to the shop and bought them only to run to the user pref page two seconds later. I changed my password quick and everything is fine 8 hours later.
Out of curiousity do I need to delete my cookies after I change the pass? I haven't, and didn't, and am wondering whether if it was a CGer instead of what I figured to be a mispricer if my account would have been.. Well.. dead by now.
Out of curiousity do I need to delete my cookies after I change the pass? I haven't, and didn't, and am wondering whether if it was a CGer instead of what I figured to be a mispricer if my account would have been.. Well.. dead by now.
Wed Feb 22, 2006 4:57 am
You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...
Wed Feb 22, 2006 5:39 am
mattjcasey wrote:You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...
That would completly ruin Spotlights, Userlookup contests and a lot more though. Guilds, roleplaying, fancy lookups to push your pet aside from being just another average. :\
Wed Feb 22, 2006 9:37 am
I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.
Wed Feb 22, 2006 10:52 am
About reporting the info that I found. I'm sure TNT already got to it because a few minutes, eh maybe five, after I did everything to my account to make it safe, I refreshed on the SSW. The username/item was still there, still there, still there, then gone.
I think I still have the username, although I'm sure it's a hacked account. *goes to check* ERROR : Sorry, nothing with the name '*tooknameout*' exists. Please try again!
Yup, they got it. The post I made earlier, I was at school. At home I have the text that I found still posted in an IM
Does that sound familiar to anyone?
I think I still have the username, although I'm sure it's a hacked account. *goes to check* ERROR : Sorry, nothing with the name '*tooknameout*' exists. Please try again!
Yup, they got it. The post I made earlier, I was at school. At home I have the text that I found still posted in an IM
-TNT, if you are reading this, this is Infamous*letters/#takenout*. You have major XSS flaws. Want to get rid of them? Contact me, it's not like I haven't tried to contact you. Infamous*letters/#takenout*@gmail.com
Does that sound familiar to anyone?
Wed Feb 22, 2006 6:39 pm
ira_7700 wrote:I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.
Ira, I don't know anything about going to another site, but with the Neo thing, people who have been grabbed have been used to spread the cg - whoever taked the account has been known to put a cg in the victim's shop or lookup or both.
And the cg code has been typed in white font, meaning if you think for a minute that you've been to a page, even if you've changed your password, then cleared everything, it's a very good idea to go to your lookup, shop, gallery, pet description and highlight your entire code. Anything weird will show up when highlighted. Then you can delete it.
Kaebel, it could be him, it could be one of his "friends", it could be someone else just using that name.
Wed Feb 22, 2006 8:08 pm
I miss Linux more and more. <_<
Wed Feb 22, 2006 8:32 pm
Dusket wrote:mattjcasey wrote:You know, things would be a heck of a lot easier if Neopets just got the clue and disabled all HTML, Javascript, ect ect and just allowed basic text or BBCode style commands...
That would completly ruin Spotlights, Userlookup contests and a lot more though. Guilds, roleplaying, fancy lookups to push your pet aside from being just another average. :\
Would you rather have a cool userlookup or a safe account? As someone who likes to make their userlookup/petpage/pet lookup look cool with graphics and such I'd rather not be able to do that (temporarily or permanently) than lose my account because I stumbled upon a CG.
Wed Feb 22, 2006 9:07 pm
Dusket wrote:Out of curiousity do I need to delete my cookies after I change the pass? I haven't, and didn't, and am wondering whether if it was a CGer instead of what I figured to be a mispricer if my account would have been.. Well.. dead by now.
No. Once you change your password, your old cookies are no longer valid.
ira_7700 wrote:I'm sorry if i've missed it, but I want to know something. Does visiting a site with the cg code make you a "spreader"? Or does the person just get your password and steal stuff from your account.
In order to become a "spreader," what happens is that the person who runs the cookie grabber must access your account and insert the cookie-grabber scripting or referrer or whatever into your shop or user lookup. At that point, you are a spreader.
My two cents? TNT should ban all links in shops except to other shops. They should ban all html in shops except "font," "a href" and "img."