78 replies to this topic

[iomega]

With any luck maybe they'll finally disable html in usershops and we won't have to deal with all those mall banners and Geocities style layouts

NOOOOOOOOOOOOOOOOOOOOOOOO!

[Xwee]

Yessss I did. Cross site scripting wont work. It needs to be executed on the neopets.com domain.

I will interpret this answer to say
"Yes xwee, don't leave your neopets account logged in 24/7 and log out of it so as to prevent the CG from doing its work."

Thanks iArgue for clarifying this for me. ^,^

Cross site scripting wont work <--- I knew this

[iargue]

I will interpret this answer to say
"Yes xwee, don't leave your neopets account logged in 24/7 and log out of it so as to prevent the CG from doing its work."

Thanks iArgue for clarifying this for me. ^,^

Cross site scripting wont work <--- I knew this

/sigh

[Xwee]

Concern was brought up by Noit telling us to log out and back in to reset our session.
I interpreted it to mean that logging out would prevent the cookies from stealing account information.
I wanted to know if being logged in at all times would make it so that my account was vulnerable or since I hadn't typed a pass then I shouldn't be worried.

Do you now see why I kept insisting my question went unanswered or am I just not being clear enough about my confusion/question for anyone to make any sense of. If so let me explain it the simplest way possible.

I asked if not ever logging out of neopets put my account at risk.

If that's not simple enough, then I'll just have to hope for the best.

[Noitidart]

Gosh kids. Lol.

[Xwee]

Sorry Noit, I don't mean any disrespect or insult to anyone, but I would like to know if I am at a greater risk since I almost never log out of my account or if I am fairly safe as having never logged out there isn't availability to my pass and such. I don't know how well or what CGs do, but will logging out at least once a day make my account safer is really all I want to know.

[Noitidart]

No sweat. I understand everyones paranoia, and I got a good laugh out of your discussion with argue. I love you both so much.

Anyways to reitterate and maybe explain a little more: Yes logging out will help as every time you log out your session expires. If you were CG'ed it doesn't matter as they have an old session which will no longer work. Be sure to add that pin in case they get into your account before you log out.

[iargue]

Concern was brought up by Noit telling us to log out and back in to reset our session.
I interpreted it to mean that logging out would prevent the cookies from stealing account information.
I wanted to know if being logged in at all times would make it so that my account was vulnerable or since I hadn't typed a pass then I shouldn't be worried.

Do you now see why I kept insisting my question went unanswered or am I just not being clear enough about my confusion/question for anyone to make any sense of. If so let me explain it the simplest way possible.

I asked if not ever logging out of neopets put my account at risk.

If that's not simple enough, then I'll just have to hope for the best.

Your account is only at risk when you visit a usershop thats infected with a Cookie Stealer. Thats it. So if your logged into neopets while browsing neocodex, your safe. If your logger in while visiting a user shop, you are not safe.

[Noitidart]

Most likely a usershop but can't it also be userlookups and pet page. Pet pages especially because you have so so much freedom there right? I don't know I've never made a pet page.

[iargue]

Most likely a usershop but can't it also be userlookups and pet page. Pet pages especially because you have so so much freedom there right? I don't know I've never made a pet page.

Yeah, it can be anything

Usershops are just the most common.

[coqs]

oh fuck I was using my sister's acct to snipe because she has SSW, now I'm paranoid... thanks for the warning *goes to change her PW and add a pin on everything*

Edited by coqs, 05 July 2010 - 06:54 PM.

[Xwee]

alright then I'll log out before I begin a FQ since that's usually when I DO enter shops and as for petpages I rarely view them unless I know the person well. The only other time I view shops is if they have something I want.

I do wish that TNT will disable editing privelages and make shop styles available like they do sidebars so that the person can select a layout available without all the nonsense of extra images. Though after I worked so hard on my look up its sort of a shame if they do it.

Surely they won't remove petpages, since so many people use them for RP characters, but if they remove all then that one goes too. (Another I worked hard on.. and there are so many guides that can be linked directly to a petpage.. Maybe they'll make it so that we can only do text edits or something, and block tags except for br and p...

[artificial]

The vulnerability -is- in the user shops.

Yeah, it can be anythingp

Derp.

[devil669988]

Just wondering if i am using auto trainer and it buys a codestone from a shop with a cookie grabber will it be able to grab the cookie? Since if thats so what can i do to prevent it other than putting pin on everything

[Waser Lave]

Just wondering if i am using auto trainer and it buys a codestone from a shop with a cookie grabber will it be able to grab the cookie? Since if thats so what can i do to prevent it other than putting pin on everything

Try reading the thread.

[devil669988]

Waser i've read the thread and i don't actually know how the auto trainer works so i don't know if it runs the javascript on the picture when buying items from the shop wizard. So can you please tell me if it can cookie grab and i know they take it from the web browser but Auto trainer can be used to browser sync plus it can be used to save user password so i was wondering if they can steal that information with the cookie grabber?

[Waser Lave]

Waser i've read the thread and i don't actually know how the auto trainer works so i don't know if it runs the javascript on the picture when buying items from the shop wizard. So can you please tell me if it can cookie grab and i know they take it from the web browser but Auto trainer can be used to browser sync plus it can be used to save user password so i was wondering if they can steal that information with the cookie grabber?

Also. Do not worry about our programs that use User Shops.

Our http wrapper does not execute Javascript(Or any other language), and thus is safe from any form of exploit again it.

[Nonygirl]

Argh, wtf. Noscript is driving me nuts.

I have no idea how to configure this. Can anyone tell me what the bare minimum settings are that I need to prevent cgers in neopets shops =/ Noscript is going crazy blocking all sorts of stuff. Is it just java I need to block?

Edited by Nonygirl, 06 July 2010 - 06:29 AM.

[Waser Lave]

Argh, wtf. Noscript is driving me nuts.

I have no idea how to configure this. Can anyone tell me what the bare minimum settings are that I need to prevent cgers in neopets shops =/ Noscript is going crazy blocking all sorts of stuff. Is it just java I need to block?

If you're having trouble with NoScript usually just pinning everything on your account will be good enough to prevent anything being taken. If everything is pinned then even if you are CGed they won't be able to do anything like stealing your items or taking NP out of the bank.

[Nonygirl]

If you're having trouble with NoScript usually just pinning everything on your account will be good enough to prevent anything being taken. If everything is pinned then even if you are CGed they won't be able to do anything like stealing your items or taking NP out of the bank.

Well see here's the thing, my emails to find my pin (I have a pin?) are bouncing and I can't figure out how to unblock the stupid emails so I have to wait until tomorrow to send yet another one, so I don't have a pin right now =/

Meh. I guess I just won't buy anything for a while.

[Waser Lave]

Well see here's the thing, my emails to find my pin (I have a pin?) are bouncing and I can't figure out how to unblock the stupid emails so I have to wait until tomorrow to send yet another one, so I don't have a pin right now =/

Meh. I guess I just won't buy anything for a while.

If you're using Abrosia it'll be fine anyway because none of the programs run javascript.

[Nonygirl]

If you're using Abrosia it'll be fine anyway because none of the programs run javascript.

Yea I've noticed that seeing as you guys have had to repeat it like 5 times in this thread haha.

[devil669988]

I see thanks waser i didn't notice those posts

[kittycat]

I've never used a user shop before so I don't think this will effect me.

[pabs123]

I've never used a user shop before so I don't think this will effect me.

wow how is that possible no quests, pet training, BD items, faeries, gallery, collections, packrats, or anything?