Quantcast

Jump to content


Photo

Neopets Security Warning [Resolved]


  • This topic is locked This topic is locked
No replies to this topic

#1 Waser Lave

Waser Lave

  • 25516 posts


Users Awards

Posted 16 November 2015 - 08:51 AM

*
POPULAR POST!

PVs1BxK.png

 

Update: Apparently this has been resolved!

 

http://www.neopets.c...date=2015-11-16
 

SECURITY UPDATE from TNT: In order to address some of the concerns and comments made by our players from this past weekend, please be aware that a recent security update was made to better optimize your experience on the site. Let us start by reassuring all of you that it is important to us that our Neopets users are able to run flash apps and games on our site safely. And because of that, we have restricted access through Flash from non-Neopets sites. If you run a Neopets fan-site and this new restriction breaks something on your site, please feel free to contact us through our support channels for further information and instructions from our team. Thank you!

 

 

 

 

I think this one is serious enough to warrant an official announcement.

 

On Neopets and a few related websites (including the Neopets subreddit as well as here via PMs) there have been several recent attempts to use XSS (cross-site scripting) vulnerabilities which are currently active to steal Neopoints and items. The method used to do this so far has been to either embed or link to websites which host a malicious flash file which then exploits this vulnerability.

 

To avoid this there are several steps you should take, instructions and discussion can be found here (these links are fine):

 

http://www.neocodex....eware-everyone/ (thanks fiasco817)

https://www.reddit.c...ty_in_the_wild/

 

Essentially, you should consider blocking Flash by using your browser settings or an extension such as NoScript (this link is fine too, there are plenty of other similar extensions for different browers if you google them) and also avoid following links from anybody you don't know and trust. This includes any instances here if somebody PMs you or makes a thread/post containing a link which will take you to a website you don't know (hover over the link to check where it goes). Especially so if it's 'something.weebly.com' which I've noticed is being used quite a lot by these people but the same goes for any other web hosting site. You should be fine to still play Neopets' flash games.

 

If you have any doubts about a link you've seen then you can PM a staff member or report the post and we'll check it out for you. Here's the list of people you can contact if you have any concerns/questions:

 

@Strategist

@Emily

@Swarley




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users