| Pages: [1] 2 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Justus Imperius
   |
Posted - 2006.01.08 00:58:00 -
[1]
Edited by: Justus Imperius on 08/01/2006 01:01:39
Some people have put forth the idea, with the recent knowledge of the Windows JPEG/whatever exploit, that a keylogger could have been hidden inside some forum siggies. And the hacker could have gotten our pwords through this. Is this possible?
Or does CCP know for certain that it was their database that was hacked. If they can come out and say THEY were the ones who were hacked then this would probably reduce a good bit of fear.
Also, why were some accounts reset but not others. My 1st account I made in 03' was reset, yet my accounts I made in 04' were not. Does it have anything to do with the age of the accounts? Maybe the hacker went for older accounts expecting the most loot out of them?
|
Embattle
|
Posted - 2006.01.08 01:09:00 -
[2]
I hardly doubt having this many topics on the same subject with a lot of guess work always appearing throughout the topic is likely to easy any ones fears.....the fact is everyone will have to wait until CCP decide to make an official announcement.
-----------
Back to the boring....because I be naughty. |
Oi Poloi
|
Posted - 2006.01.08 01:10:00 -
[3]
I don't know what happened but I too feel that only older accounts got their password reset. I got 2 corp mates who joined at or close to launch day who got their passwords reset whereas all the others who joined at least a few months later did not.
Some more info as to what exactly happened would certainly be appreciated.
-----
DJ 4tw |
SpankMeHard
|
Posted - 2006.01.08 01:27:00 -
[4]
My main was made at launch and its had it pass reset as have many of my older corp m8ts. None of our new accounts have had this prob.
|
BeastMaster
|
Posted - 2006.01.08 01:39:00 -
[5]
First off, A part of the database that contains the logins/passwords must have been ripped off. Therefor the mass deletions of user passwords. I could be wrong. But if I force my customers to change their passwords , this would be the only thing I would do a mass delete of the passwords for.
Forum password captures, sounds highly unlikely and wouldnt cause a huge panic on CCP side. |
Shiner BockBeer
|
Posted - 2006.01.08 01:39:00 -
[6]
Not saying I buy it yet, but both of my accts were opened within two months of live and they were both reset.
|
Justus Imperius
|
Posted - 2006.01.08 01:55:00 -
[7]
 Originally by: BeastMaster
First off, A part of the database that contains the logins/passwords must have been ripped off. Therefor the mass deletions of user passwords. I could be wrong. But if I force my customers to change their passwords , this would be the only thing I would do a mass delete of the passwords for.
Forum password captures, sounds highly unlikely and wouldnt cause a huge panic on CCP side.
And if theres even a hint of it you'd think they disable siggies at least until they find out something.
|
Nyphur
|
Posted - 2006.01.08 01:58:00 -
[8]
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
|
Justus Imperius
|
Posted - 2006.01.08 01:59:00 -
[9]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
There is/was an exploit in Windows. Suggest you run windows update if you havent.
|
Feyd Darkholme
|
Posted - 2006.01.08 02:28:00 -
[10]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
Someone needs to keep up with current events. There's been a large, gaping WMF exploit out for a few weeks now at least that allows for executables through everything from images in emails to browsers, and the image doesn't even have to be clicked, just viewed. It's also not a JS or Active-X issue, so even if you have things like that blocked it still works. Not only that, but in some cases even if you have images blocked it will still execute the malicious program. It was active for over a week with only a few not well known semi-fixes released for it, and many people were hit with it that were otherwise very well protected. Although finally as of a few days ago Microsoft has a fix released for it... I strongly suggest that people update their WindowsXX with it if they haven't already.
---------------
|
|
|
Dark Shikari
|
Posted - 2006.01.08 02:30:00 -
[11]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
WMF exploit anyone?
-
Proud member of the [23].
The Tachikomas are DEAD! Click sig for video.
|
Cmdr Sy
|
Posted - 2006.01.08 02:34:00 -
[12]
Originally by: Dark Shikari
WMF exploit anyone?
I just ran Windows Update and downloaded all the high-priority updates, one was marked critical so I'm assuming I'm OK now. I am however hoping I managed to avoid having a keystroke logger downloaded onto my PC. If someone in EVE has, may you spend the afterlife mining Scordite in a Cormorant. 
Hegemonising Swarm Objects / von Neumann Probes |
Lord Aradon
|
Posted - 2006.01.08 03:18:00 -
[13]
dont think a key logger would work as you log into a page where no user-sigs are displayed.
Free Websites |
Dark Shikari
|
Posted - 2006.01.08 03:19:00 -
[14]
Originally by: Lord Aradon
dont think a key logger would work as you log into a page where no user-sigs are displayed.
The WMF exploit lets the hacker install a keylogger onto your system, so it works anywhere, even if you're logging into EVE.
-
Proud member of the [23].
The Tachikomas are DEAD! Click sig for video.
|
Lord Aradon
|
Posted - 2006.01.08 03:22:00 -
[15]
Originally by: Dark Shikari
Originally by: Lord Aradon
dont think a key logger would work as you log into a page where no user-sigs are displayed.
The WMF exploit lets the hacker install a keylogger onto your system, so it works anywhere, even if you're logging into EVE.
DOH didnt think of that, sorry ive been at work for the past 18 hours 
Free Websites |
netochka
|
Posted - 2006.01.08 03:26:00 -
[16]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
Hello, my name is Matt, im a member of SYS Hackers, and i assure u i can put anything from a keylogger to a trojan horse virus upto the scripted millium love bug virus into an image with little difficulty, so when u load the pic on ur pc it auto launchers the exe code imbedded within the image.
Please in future do not makie comments on sumthing which you obviously do not understand, n00b
|
Abdicator
|
Posted - 2006.01.08 03:32:00 -
[17]
Originally by: netochka
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
Hello, my name is Matt, im a member of SYS Hackers, and i assure u i can put anything from a keylogger to a trojan horse virus upto the scripted millium love bug virus into an image with little difficulty, so when u load the pic on ur pc it auto launchers the exe code imbedded within the image.
Please in future do not makie comments on sumthing which you obviously do not understand, n00b
oh dear
RUN 4 T3H HILLZ WE R ALL DOOMED
PH3AR T3H L33T HAXZORS
----
YUP, i be ebil.
----
Jenny Spitfire's official stalker. |
|
Chribba
|
Posted - 2006.01.08 03:45:00 -
[18]
Originally by: netochka
Hello, my name is Matt, im a member of SYS Hackers
I so hope this was sarcasm...
EVE-Files | EVE-Search | Get Email if thread updates |
|
Abdicator
|
Posted - 2006.01.08 03:52:00 -
[19]
Originally by: Chribba
Originally by: netochka
Hello, my name is Matt, im a member of SYS Hackers
I so hope this was sarcasm...
i so bet it was bull**** 
----
YUP, i be ebil.
----
Jenny Spitfire's official stalker. |
netochka
|
Posted - 2006.01.08 03:56:00 -
[20]
Typical responses from 12 year olds, makes EVE such a warmer place.
I have already set up a help thread on how to avoid being hacked/exploited.
No i wasnt being sarcastic, EFFNET msot hackers in the world are based on, and most will be willing to help u, visit there forums, ask questions
YOU stated images couldnt be comprimised, im telling u they can
|
|
|
Abdicator
|
Posted - 2006.01.08 03:58:00 -
[21]
Edited by: Abdicator on 08/01/2006 03:58:26
Originally by: netochka
Typical responses from 12 year olds, makes EVE such a warmer place.
I have already set up a help thread on how to avoid being hacked/exploited.
No i wasnt being sarcastic, EFFNET msot hackers in the world are based on, and most will be willing to help u, visit there forums, ask questions
YOU stated images couldnt be comprimised, im telling u they can
typical response from a nublet wannabe, makes the t'internet such a humurous place.
Knowing who i know, i KNOW you are NO hacker 
----
YUP, i be ebil.
----
Jenny Spitfire's official stalker. |
netochka
|
Posted - 2006.01.08 04:00:00 -
[22]
Originally by: Abdicator
Edited by: Abdicator on 08/01/2006 03:58:26
Originally by: netochka
Typical responses from 12 year olds, makes EVE such a warmer place.
I have already set up a help thread on how to avoid being hacked/exploited.
No i wasnt being sarcastic, EFFNET msot hackers in the world are based on, and most will be willing to help u, visit there forums, ask questions
YOU stated images couldnt be comprimised, im telling u they can
typical response from a nublet wannabe, makes the t'internet such a humurous place.
Knowing who i know, i KNOW you are NO hacker
Look little man, get off your mums pc, go play action man with u little twerp mates and leave the talking to big boys k? because if u really think images cannot contain viruses or exe process bkg then ur a comple nublet, get a life and grow up, oh btw, sent a mail to ccp to report u for trolling k?
|
Cmdr Sy
|
Posted - 2006.01.08 04:04:00 -
[23]
Oh FFS, we're not interested in who is more pro, people whip out a ruler just by taking an interest in such things anyway.
Hegemonising Swarm Objects / von Neumann Probes |
Abdicator
|
Posted - 2006.01.08 04:06:00 -
[24]
Originally by: netochka
Originally by: Abdicator
Edited by: Abdicator on 08/01/2006 03:58:26
Originally by: netochka
Typical responses from 12 year olds, makes EVE such a warmer place.
I have already set up a help thread on how to avoid being hacked/exploited.
No i wasnt being sarcastic, EFFNET msot hackers in the world are based on, and most will be willing to help u, visit there forums, ask questions
YOU stated images couldnt be comprimised, im telling u they can
typical response from a nublet wannabe, makes the t'internet such a humurous place.
Knowing who i know, i KNOW you are NO hacker
Look little man, get off your mums pc, go play action man with u little twerp mates and leave the talking to big boys k? because if u really think images cannot contain viruses or exe process bkg then ur a comple nublet, get a life and grow up, oh btw, sent a mail to ccp to report u for trolling k?
Um, please tell me where i said you couldnt put malicious code into images, and i believe this statement
Quote:
Typical responses from 12 year olds
Makes you a troll, aswell as all your derogatory remarks you just made (i highlighted them for your convenience)
define: troll
Quote:
From the fishing term. As a noun, synonymous with flamebait. As a verb, to post controversial or provocative messages in a deliberate attempt to provoke flames.
I did none of this, i simply denied your claim to be a hacker.
You however, followed the troll definition to a tee by launching a personal attack on me, hmmm.
----
YUP, i be ebil.
----
Jenny Spitfire's official stalker. |
Dr Tetrahydrocannabinol
|
Posted - 2006.01.08 04:09:00 -
[25]
lol how is this suppose to ease fears i think you just raised most of them.
---------------------------------------------
<Make ECM Burst useful>
ECM Burst Idea! |
Maya Rkell
|
Posted - 2006.01.08 04:19:00 -
[26]
Originally by: Justus Imperius
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
There is/was an exploit in Windows. Suggest you run windows update if you havent.
Any up-to-date AV program blocked it too.
Warning: above post may contain traces of sarcasm.
"Corpse cannot be fitted onto ship. Only hardware modules can be fitted." |
Syrec
|
Posted - 2006.01.08 04:23:00 -
[27]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
Images have been used many times to transfer virii. This most recent involved the very operating system (windows). More specificly the windows media and fax viwer (wmf). A user's browser *did not* matter. Firefox, IE, it didn't matter as long it puts in the images in. MS knew about the flaw for a while, but they waited for hackers to abuse it to actually fix it. I suggest you run windows update to patch this ASAP. 
|
Turas Kain
|
Posted - 2006.01.08 04:32:00 -
[28]
Originally by: Nyphur
You cannot implant executable code into a plain image. It is possible to use image links to scripts which will display an image (see image macros and rotating sigs) but unless there is a vulnerability in the target computer's web browser, this cannot be exploited.
Truth be told you can put executable code into an image file. I knew someone who done it a few years ago and lots of 'fun & games' entailed. I highly suspect if you really put your mind to it there are a few ways you could do it now.
|
Ukucia
|
Posted - 2006.01.08 04:49:00 -
[29]
Originally by: Justus Imperius
Or does CCP know for certain that it was their database that was hacked.
If CCP's database was hacked, they would have changed everyone's password or locked everyone's account, since they'd have no way of knowing with certanty which passwords were read from the database. CCP's actions make it appear to be a client-side or brute-force attack.
|
|
Chribba
|
Posted - 2006.01.08 04:53:00 -
[30]
Hi, my name is *CENSORED*, I am a former member of WoH, TEW, SilverLords. Close friend of RaFa to mention one, but it's not like I brag about it.
That's what my sarcasm was about, not the fact that you can exploit flaws in image libraries to execute hostile code. It has been done countless times before the WMF exploit.
EVE-Files | EVE-Search | Get Email if thread updates |
|
|
|
|
|
| |
|
| Pages: [1] 2 :: one page |
| First page | Previous page | Next page | Last page |