With any luck maybe they'll finally disable html in usershops and we won't have to deal with all those mall banners and Geocities style layouts
NOOOOOOOOOOOOOOOOOOOOOOOO!
Posted 05 July 2010 - 04:45 PM
With any luck maybe they'll finally disable html in usershops and we won't have to deal with all those mall banners and Geocities style layouts
Posted 05 July 2010 - 05:09 PM
Yessss I did. Cross site scripting wont work. It needs to be executed on the neopets.com domain.
Posted 05 July 2010 - 05:16 PM
I will interpret this answer to say
"Yes xwee, don't leave your neopets account logged in 24/7 and log out of it so as to prevent the CG from doing its work."
Thanks iArgue for clarifying this for me. ^,^
Cross site scripting wont work <--- I knew this
Posted 05 July 2010 - 05:33 PM
Posted 05 July 2010 - 05:33 PM
Posted 05 July 2010 - 05:41 PM
Posted 05 July 2010 - 05:56 PM
Posted 05 July 2010 - 06:15 PM
Concern was brought up by Noit telling us to log out and back in to reset our session.
I interpreted it to mean that logging out would prevent the cookies from stealing account information.
I wanted to know if being logged in at all times would make it so that my account was vulnerable or since I hadn't typed a pass then I shouldn't be worried.
Do you now see why I kept insisting my question went unanswered or am I just not being clear enough about my confusion/question for anyone to make any sense of. If so let me explain it the simplest way possible.
I asked if not ever logging out of neopets put my account at risk.
If that's not simple enough, then I'll just have to hope for the best.
Posted 05 July 2010 - 06:17 PM
Posted 05 July 2010 - 06:41 PM
Yeah, it can be anythingMost likely a usershop but can't it also be userlookups and pet page. Pet pages especially because you have so so much freedom there right? I don't know I've never made a pet page.
Posted 05 July 2010 - 06:53 PM
Edited by coqs, 05 July 2010 - 06:54 PM.
Posted 05 July 2010 - 07:03 PM
Posted 06 July 2010 - 02:32 AM
The vulnerability -is- in the user shops.
Yeah, it can be anythingp
Posted 06 July 2010 - 06:09 AM
Posted 06 July 2010 - 06:11 AM
Just wondering if i am using auto trainer and it buys a codestone from a shop with a cookie grabber will it be able to grab the cookie? Since if thats so what can i do to prevent it other than putting pin on everything
Posted 06 July 2010 - 06:18 AM
Posted 06 July 2010 - 06:23 AM
Waser i've read the thread and i don't actually know how the auto trainer works so i don't know if it runs the javascript on the picture when buying items from the shop wizard. So can you please tell me if it can cookie grab and i know they take it from the web browser but Auto trainer can be used to browser sync plus it can be used to save user password so i was wondering if they can steal that information with the cookie grabber?
Also. Do not worry about our programs that use User Shops.
Our http wrapper does not execute Javascript(Or any other language), and thus is safe from any form of exploit again it.
Posted 06 July 2010 - 06:33 AM
Edited by Nonygirl, 06 July 2010 - 06:29 AM.
Posted 06 July 2010 - 06:36 AM
Argh, wtf. Noscript is driving me nuts.
I have no idea how to configure this. Can anyone tell me what the bare minimum settings are that I need to prevent cgers in neopets shops =/ Noscript is going crazy blocking all sorts of stuff. Is it just java I need to block?
Posted 06 July 2010 - 06:38 AM
If you're having trouble with NoScript usually just pinning everything on your account will be good enough to prevent anything being taken. If everything is pinned then even if you are CGed they won't be able to do anything like stealing your items or taking NP out of the bank.
Posted 06 July 2010 - 06:39 AM
Well see here's the thing, my emails to find my pin (I have a pin?) are bouncing and I can't figure out how to unblock the stupid emails so I have to wait until tomorrow to send yet another one, so I don't have a pin right now =/
Meh. I guess I just won't buy anything for a while.
Posted 06 July 2010 - 06:43 AM
If you're using Abrosia it'll be fine anyway because none of the programs run javascript.
Posted 06 July 2010 - 07:05 AM
Posted 06 July 2010 - 06:31 PM
Posted 06 July 2010 - 08:50 PM
I've never used a user shop before so I don't think this will effect me.
0 members, 0 guests, 0 anonymous users