Pages: 1 [2] 3 4 :: one page |
|
Author |
Thread Statistics | Show CCP posts - 12 post(s) |
Aethlyn
20
|
Posted - 2011.09.06 13:56:00 -
[31] - Quote
Tippia wrote:What you're talking about is a flaw in the browser. The forum software will simply put that url into an img tag, and if the browser is so ******** as to accept (much less execute) anything other than an image file coming through that link, then that browser needs to be fixed was retired 5 years ago. No, (despite the mentioned possible client side exploits) I'm talking about server side code that's run when the image is requested. Depending on your browser it will send quite a few lines of information, including referral information and such. It's the way classic non-JavaScript stats tracking scripts work. This not only opens up possible exploits (it's not like you need only 5 minutes and you've got something to explot - let's be honest) but also privacy issues (e.g. in Germany some instances actually want to force the removal of facebook's "I like" buttons due to them collecting data just by being embedded into the pages). I know that most abusive stuff will require at least some JavaScript code, but it's possible to get quite some data utilizing simple HTTP requests, e.g. for images. Looking for more thoughts? Read my blog or follow me on Twitter. |
Anja Talis
Mimidae Risk Solutions
2
|
Posted - 2011.09.06 13:57:00 -
[32] - Quote
I think providing image hosting eve side is the quickest solution. You can then implement checking to ensure the images are what they claim to be and allow us to link to them. |
Jade Constantine
Jericho Fraction The Star Fraction
161
|
Posted - 2011.09.06 14:00:00 -
[33] - Quote
CCP Karuck wrote: Image links are a completely different thing, and you do get a warning when clicking any links. At least links can't be a script marauding as an image exploiting a security hole in your browser.
My apologies for the confusion of terminology. I meant embedded images of course. I'm not that keen on the warning message for external links myself - quite immersion-breaking.
CCP Karuck wrote: Most public forums don't use https, and are wide open to packet sniffers. Since the forums, EVE Gate and other upcomings webs here use your actual EVE login we are taking steps to secure your information more (yes you can joke all you want about this, but we are).
Okay that makes sense certainly. Have you considered the alternative I mentioned above about hosting a ccp-controlled image upload service for signatures and in-character imagery and allowing people to embed directly from the ccp secure webserver?
CCP Karuck wrote: I'm sorry but I don't have a timeline for when this will be ready, that question would have to be answered by the forum producer.
Would it be possible for you to ask the forum producer to come and give a response to this thread when he gets a spare minute?
The True Knowledge is that nothing matters that does not matter to you, might does make right and power makes freedom. |
Sulyana Baiur
Black Vice Industries
0
|
Posted - 2011.09.06 14:03:00 -
[34] - Quote
I hate signature images, they are the worst kind of forum clutter.
Do the haters get a vote in this too? Nah. |
|
CCP Karuck
C C P C C P Alliance
12
|
Posted - 2011.09.06 14:04:00 -
[35] - Quote
Riflin' Betty wrote:CCP Karuck wrote:
Image links are a completely different thing, and you do get a warning when clicking any links. At least links can't be a script marauding as an image exploiting a security hole in your browser.
By this exact logic you are now saying that remote scripting exploits WERE possible on the previous iteration of this forum, despite your exact claims that the opposite was true. Please resolve this logical fallacy for me?
If you are referring to the short period where we did allow signatures on the first (failed) attempt at launching these forums then yes, it was a possibility. But it is a pretty remote possibilty, and this possibility exists on pretty much all public forums that do allow external image linking. I'd like to underline that this is a remote possibility, and (known) flaws like these have been fixed in all modern browsers.
But like I stated in my previous reply this isn't the only concern. Some browsers give you a warning if you try to request non-https images from a https website (for a good reason too).
Privacy is a concern too. Example: By hosting an image on my own webserver and putting it in my signature on forums, I can get a pretty good picture of the usage of that forum and where people using it are from.. as well as log IP addresses etc. I don't want to scare people, but do you want RMT tracking your IPs? This signature has no images |
|
Jade Constantine
Jericho Fraction The Star Fraction
161
|
Posted - 2011.09.06 14:05:00 -
[36] - Quote
Sulyana Baiur wrote:I hate signature images, they are the worst kind of forum clutter.
Do the haters get a vote in this too? Nah.
Hence you need an option to turn off images from your perspective in your preferences.
You should not be voting about denying such functionality to everyone. We live in a modern world of customizable content you know!
The True Knowledge is that nothing matters that does not matter to you, might does make right and power makes freedom. |
|
CCP Karuck
C C P C C P Alliance
12
|
Posted - 2011.09.06 14:05:00 -
[37] - Quote
Jade Constantine wrote:My apologies for the confusion of terminology. I meant embedded images of course. I'm not that keen on the warning message for external links myself - quite immersion-breaking.
Please correct me if I'm wrong, but as far as I know you cannot embed images in your posts either.
Jade Constantine wrote:CCP Karuck wrote: Most public forums don't use https, and are wide open to packet sniffers. Since the forums, EVE Gate and other upcomings webs here use your actual EVE login we are taking steps to secure your information more (yes you can joke all you want about this, but we are). Okay that makes sense certainly. Have you considered the alternative I mentioned above about hosting a ccp-controlled image upload service for signatures and in-character imagery and allowing people to embed directly from the ccp secure webserver?
Yes, that is one of the options being considered. This signature has no images |
|
Riflin' Betty
Perfunctory
17
|
Posted - 2011.09.06 14:08:00 -
[38] - Quote
CCP Karuck wrote:[ If you are referring to the short period where we did allow signatures on the first (failed) attempt at launching these forums then yes, it was a possibility.
Then why did the DevBlog say it wasn't possible? |
Alexandra Alt
Republic Military School Minmatar Republic
5
|
Posted - 2011.09.06 14:08:00 -
[39] - Quote
Aethlyn wrote:Code wise it's impossible to tell if an URL points to a static image or a server side script file (snip)....
No it's not impossible, can be server intensive ? yes it can, does the increase in server usage compensate the added feature ? No I don't think it does.
CCP Karuck wrote:... A few browsers also have problems with https:// sites linking to non-https images or images on a different domain.
This is what I thought first as being the initial concern seeing the forums are being run under https, and this yes, concerns me alot more than the checking or not what the external url is since it can be used easily to generate man in the middle attacks.
Advice ? simple, add the ability to upload images into your forum account with a very very low diskspace limit (something like 150k ?! 'ought to be enough' like our dear Gates once said) and use that for avatar/signatures. |
Riflin' Betty
Perfunctory
17
|
Posted - 2011.09.06 14:09:00 -
[40] - Quote
CCP Karuck wrote:[ If you are referring to the short period where we did allow signatures on the first (failed) attempt at launching these forums then yes, it was a possibility.
Then why did the DevBlog say it wasn't possible?
Further you didn't allow anything, you left open some awful holes that made it possible to do despite your intent not to.
|
|
Louis deGuerre
Malevolence. Territorial Claim Unit
16
|
Posted - 2011.09.06 14:10:00 -
[41] - Quote
But...but....but...
We must be able to make pony threads !!! FIRE FRIENDSHIP TORPEDOES ! |
Tippia
Sunshine and Lollipops
121
|
Posted - 2011.09.06 14:12:00 -
[42] - Quote
Aethlyn wrote:No, (despite the mentioned possible client side exploits) I'm talking about server side code that's run when the image is requested. Depending on your browser it will send quite a few lines of information, including referral information and such. It's the way classic non-JavaScript stats tracking scripts work. This not only opens up possible exploits (it's not like you need 5 minutes and you've got something to explot - let's be honest) but also privacy issues (e.g. in Germany some instances actually want to force the removal of facebook's "I like" buttons due to them collecting data just by being embedded into the pages). I know that most abusive stuff will require at least some JavaScript code, but it's possible to get quite some data utilizing simple HTTP requests, e.g. for images. Define GÇ£exploitGÇ¥.
The browser should not feed it cookie information unless it's programmed by chimps; post headers when editing threads should not be sent to third parties (again, assuming the browser isn't stupid); the referral information is worthless (yay! I got a link to a page anyone can find anyway); accept and user headers are unrelated to the forumsGǪ
So what relevant information about my EVE presence GÇö which is what they're trying to protect GÇö could they get that isn't due to browser flaws (that, again, CCP can't/have no business fixing)?
In particular, consider this in relation to the fact that they're already pulling all of the jQuery and analytics files from google GÇö you know that company that makes its money from collecting data about peopleGǪ? GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Jade Constantine
Jericho Fraction The Star Fraction
161
|
Posted - 2011.09.06 14:14:00 -
[43] - Quote
CCP Karuck wrote:Jade Constantine wrote:CCP Karuck wrote: Most public forums don't use https, and are wide open to packet sniffers. Since the forums, EVE Gate and other upcomings webs here use your actual EVE login we are taking steps to secure your information more (yes you can joke all you want about this, but we are). Okay that makes sense certainly. Have you considered the alternative I mentioned above about hosting a ccp-controlled image upload service for signatures and in-character imagery and allowing people to embed directly from the ccp secure webserver? Yes, that is one of the options being considered.
Okay then.
Thanks for your input Karuck, its been good to get a straight answer, much respect for that.
Could you ask the forum producer to make a response soon about the timescales for considering these options please?
I think it would be useful to get back to having a roadmap for feature delivery with timescales so we all know where we stand. If it turns out that we'd be waiting a few weeks for a ccp webserver for uploading of images to restore our sig functionality I think that'd be fine.
But I guess you appreciate how in the current climate of incarna-rage monoclegate and fearless it would be very useful to return to an older way of letting us know that the features we want are being worked on and will be delivered in short order!
All the best
The True Knowledge is that nothing matters that does not matter to you, might does make right and power makes freedom. |
|
CCP Karuck
C C P C C P Alliance
12
|
Posted - 2011.09.06 14:14:00 -
[44] - Quote
Riflin' Betty wrote: Then why did the DevBlog say it wasn't possible?
Further you didn't allow anything, you left open some awful holes that made it possible to do despite your intent not to.
Short reply: Two different things, no exploits got out.
Please link me to the reference you are talking about, but I'm pretty sure they were talking about embedding scripts in the signature, which is a completely different type of exploit. If you have a pretty modern browser (not 4-5+ years old) then the case I am talking about is not possible anymore, at least no known exploits. The case we discussed in the devblog is possible in all browsers but would have been a programming fail on our end. In that case the browser simply can't tell the difference between a normal script and a malicious one.
This signature has no images |
|
T'Laar Bok
11
|
Posted - 2011.09.06 14:19:00 -
[45] - Quote
Images on the internet? pppffffftttt its just a passing fad and the devs obviously recognize this. Amphetimines are your friend. |
Aethlyn
20
|
Posted - 2011.09.06 14:20:00 -
[46] - Quote
Client side exploits as in buffer overflows, image filter issues, etc.
Refreshing this page without hitting the cache requests content from the following servers: https://forums.eveonline.com/ https://gate.eveonline.com/ https://image.eveonline.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com/
These involve 2 companies but I've got complete control over this (e.g. by blocking google analytics in your browser).
But how should this work for tons of unknown image hosts? Sure, you could opt them in one by one but this wouldn't really increase your security (casual users won't see any sense behind this anyway). It just adds tons of overhead either server or client side. Looking for more thoughts? Read my blog or follow me on Twitter. |
Riflin' Betty
Perfunctory
17
|
Posted - 2011.09.06 14:21:00 -
[47] - Quote
CCP Karuck wrote:Riflin' Betty wrote: Then why did the DevBlog say it wasn't possible?
Further you didn't allow anything, you left open some awful holes that made it possible to do despite your intent not to.
Short reply: Two different things, no exploits got out. Please link me to the reference you are talking about, but I'm pretty sure they were talking about embedding scripts in the signature, which is a completely different type of exploit. If you have a pretty modern browser (not 4-5+ years old) then the case I am talking about is not possible anymore, at least no known exploits. The case we discussed in the devblog is possible in all browsers but would have been a programming fail on our end. In that case the browser simply can't tell the difference between a normal script and a malicious one.
if you're not allowing images now for some nebulous fear of 'sploits, then by your definition exploits were possible when you released the half-behinded version of this forum before.
ergo, this is a binary issue: exploits were possible yes or no, and you said "no" but now you are saying "urrrr maybe".
I take particular offense to this topic as there has been a completely disproportionate time spent on this whole project, only to release something which is cobbled together and does not offer functionality we had access to previously.
All this time has cost the company a whole lot of money (i.e. your wages) which could have been fruitfully spent on more game developers for Flying in Space. Moreover a single webdev would have sufficed to simply implement a proper search engine and an updated theme for the old forums, which are otherwise perfectly functional.
In summary: this here is not 72,000 man hours worth, and it never was, and the spindoctoring about the whole debacle is making my head hurt.
Note that this is not pointed at you or anyone in particular, just more of a general observation.
|
Jade Constantine
Jericho Fraction The Star Fraction
161
|
Posted - 2011.09.06 14:22:00 -
[48] - Quote
Alexandra Alt wrote: Advice ? simple, add the ability to upload images into your forum account with a very very low diskspace limit (something like 150k ?! 'ought to be enough' like our dear Gates once said) and use that for avatar/signatures.
I think we need more than that potentially. Recruiting banners, in-character themed artwork for IGS / corporate/alliance boards etc. Certainly a couple of megs would be fine though. I mean last forum had a limit of 50k posting size. At any one time I'd probably have 10 ish images in current threads maybe.
Of course, somehow linking this into the eve is real publicity scheme and ensuring its all eve-themed artwork might be clever.
The True Knowledge is that nothing matters that does not matter to you, might does make right and power makes freedom. |
|
CCP Karuck
C C P C C P Alliance
12
|
Posted - 2011.09.06 14:25:00 -
[49] - Quote
Riflin' Betty wrote: if you're not allowing images now for some nebulous fear of 'sploits, then by your definition exploits were possible when you released the half-behinded version of this forum before.
Then by your definition you can call pretty much every forum out there that allows external images "half baked" as well. Also, read my other replies.. this "remote change in hell" exploit was not the only reason we turned this off.
No one is perfect, it's the will to make things better that matters more to me.
This signature has no images |
|
Mashie Saldana
Veto. Veto Corp
27
|
Posted - 2011.09.06 14:26:00 -
[50] - Quote
I guess it's just a matter of time before people get used to have no signature images here. [Insert signature image here] |
|
Tippia
Sunshine and Lollipops
121
|
Posted - 2011.09.06 14:28:00 -
[51] - Quote
Aethlyn wrote:Client side exploits as in buffer overflows, image filter issues, etc. Iow, browser flaws that CCP cannot fix and which will exist/happen anyway when people are being sent to the same content through normal means. Like you say, casual users won't care and will get hit anyway.
Quote:But how should this work for tons of unknown image hosts? And the question remains: why do you need to make it work for them? What is there to protect and what makes it is an issue with the forums (i.e. within the domain of what CCP can control), and not with the behaviour and software on the user side?
For people who do care, they could always just re-institute the option of whether to display images or not and make it behave like the outgoing link warning (that no-one cares about anyway and just clicks through), and even without images, they will have to provide that option for signatures anyway sooner or laterGǪ
In fact, that's kind of the whole point, and has been the point for EVE as a whole for quite some time now: what is it about options that make CCP loathe them so much? GÇöGÇöGÇö GÇ£If you're not willing to fight for what you have in GëívGëí you don't deserve it, and you will lose it.GÇ¥ GÇö Karath Piki-á |
Riflin' Betty
Perfunctory
17
|
Posted - 2011.09.06 14:28:00 -
[52] - Quote
CCP Karuck wrote:Riflin' Betty wrote: if you're not allowing images now for some nebulous fear of 'sploits, then by your definition exploits were possible when you released the half-behinded version of this forum before.
Then by your definition you can call pretty much every forum out there that allows external images "half baked" as well. Also, read my other replies.. this "remote change in hell" exploit was not the only reason we turned this off. No one is perfect, it's the will to make things better that matters more to me.
Exactly. So why are the pictures off if it's apparently ok for every other forum on earth?
Contradictions abound, and definitely not good value-for-investment-money. |
Alexandra Alt
Republic Military School Minmatar Republic
5
|
Posted - 2011.09.06 14:31:00 -
[53] - Quote
Aethlyn wrote:Tippia wrote:What you're talking about is a flaw in the browser. The forum software will simply put that url into an img tag, and if the browser is so ******** as to accept (much less execute) anything other than an image file coming through that link, then that browser needs to be fixed was retired 5 years ago. No, (despite the mentioned possible client side exploits) I'm talking about server side code that's run when the image is requested. Depending on your browser it will send quite a few lines of information, including referral information and such. It's the way classic non-JavaScript stats tracking scripts work. This not only opens up possible exploits (it's not like you need only 5 minutes and you've got something to explot - let's be honest) but also privacy issues (e.g. in Germany some instances actually want to force the removal of facebook's "I like" buttons due to them collecting data just by being embedded into the pages). I know that most abusive stuff will require at least some JavaScript code, but it's possible to get quite some data utilizing simple HTTP requests, e.g. for images.
While you are right about how the functioning might happen, you're quite wrong about what can/cannot be sent to a server when requesting an image to be loaded when embedded in a page.
Cookies can be prevented to be sent to such external places depending on how the site software is configured, you can only allow cookies in a domain, secure only, and allot other settings to prevent the cookie hijacking scenario you're describing.
The only information that can be gathered is the usual referrer, user-agent, charset, encoding, language, a few headers that might be inserted from your ISP proxy if it has one, and eventually some other useless stuff. Now, this is sensitive (or can be) information for some, can be used as a gathering method for RMT sites about players, as possible strike targets for DNS hijacking/poisoning/hacking to make you go to other stuff, but then, were talking about highly sophisticated attacks here, not what your average Joe can do, thus, if there is the possibility, most certainly will be exploited (or attempted) and since the complexity to exploit such system means they'll be made by highly sophisticated people and most certainly succeed.
Now, one cannot live in a bubble thinking that every time you leave home you might die from a piano that has been dropped on you, you (as in any of us) leave allot of information scattered around the internet whenever we go that what would be revealed by a simple external image loading on a forum, and I'm pretty sure we don't worry as much as were worrying right now.
Again, I think (thus all the above is quite viable as something to take seriously) the biggest issue is ssl session hijacking, and that is way more serious than revealing your referrer/user-agent, and due to that I have to stand by CCP side and would think it should never be allowed the inclusion or external resources from non secure sources, thus the 'in-house' upload thing for each player. |
AnzacPaul
Perkone Caldari State
77
|
Posted - 2011.09.06 14:32:00 -
[54] - Quote
Riflin' Betty wrote:CCP Karuck wrote:Riflin' Betty wrote: if you're not allowing images now for some nebulous fear of 'sploits, then by your definition exploits were possible when you released the half-behinded version of this forum before.
Then by your definition you can call pretty much every forum out there that allows external images "half baked" as well. Also, read my other replies.. this "remote change in hell" exploit was not the only reason we turned this off. No one is perfect, it's the will to make things better that matters more to me. Exactly. So why are the pictures off if it's apparently ok for every other forum on earth? Contradictions abound, and definitely not good value-for-investment-money.
I confess to know nothing about the subject, but this is interesting point to me. What makes these forums so vulnerable compared to any other? |
Alexandra Alt
Republic Military School Minmatar Republic
5
|
Posted - 2011.09.06 14:37:00 -
[55] - Quote
AnzacPaul wrote: I confess to know nothing about the subject, but this is interesting point to me. What makes these forums so vulnerable compared to any other?
Heh, really ? is that hard to understand ?
For starters, forums are linked to your EveGate account, therefore everything else, hijacking of your account, your details, eventually in the future when everything is consolidated in the same platform (evegate) your API data, etc, etc.
On other forums what have u got to loose ? possibly a password, and the revealing of your email, hence those forums rarely bother about any kind of security related to session hijacking and or other vulnerabilities. |
|
CCP Karuck
C C P C C P Alliance
12
|
Posted - 2011.09.06 14:38:00 -
[56] - Quote
Riflin' Betty wrote: Exactly. So why are the pictures off if it's apparently ok for every other forum on earth?
The Internet is far from being a perfect place. Most people thought non-https was ok until people started hacking their Facebook accounts with Firesheep.
This signature has no images |
|
Cipher Jones
36
|
Posted - 2011.09.06 14:38:00 -
[57] - Quote
CCP Karuck wrote:Riflin' Betty wrote: if you're not allowing images now for some nebulous fear of 'sploits, then by your definition exploits were possible when you released the half-behinded version of this forum before.
Then by your definition you can call pretty much every forum out there that allows external images "half baked" as well. Also, read my other replies.. this "remote change in hell" exploit was not the only reason we turned this off. No one is perfect, it's the will to make things better that matters more to me.
Just quoting this as proof that you are damned if you don't and damned if you do. People complained that the last version of the new forums were insecure and CCP didn't do their job. Now CCP made them secure and people complain.
Thank you for the new forums.
I have one request please. Limit the size if images if/when you allow them. People abusing that exploit made the forums harder to read, and it was uncalled for. Stopping that would be swell. thank you.
See what happens when fat neckbeards try to ride little ponies? The ponies die. |
Aethlyn
20
|
Posted - 2011.09.06 14:41:00 -
[58] - Quote
The fact there are accounts linked to it that can be valueable in the right context, including possible online transactions (entering payment information probably on the same machine you're browsing the forum with)?
For those looking for an abusive scenario not requiring direct script access on the client machine: - Player uses the ingame browser to read forums. - Image is loaded from malicious site. - This might provide more or less (depending on player's system security) valueable information to someone trying to hijack the system: a) the player is running EVE right now b) the player's IP. - With this information there is the possibility the attacker might abuse existing vulnerabilities (screwed up NAT settings, missing firewall, whatever) to hijack specifically players of EVE instead of just trying random IPs.
This doesn't involve any information usually kept/not sent by browsers regardless of their security settings. Looking for more thoughts? Read my blog or follow me on Twitter. |
Jade Constantine
Jericho Fraction The Star Fraction
161
|
Posted - 2011.09.06 14:45:00 -
[59] - Quote
Alexandra Alt wrote:AnzacPaul wrote: I confess to know nothing about the subject, but this is interesting point to me. What makes these forums so vulnerable compared to any other?
Heh, really ? is that hard to understand ? For starters, forums are linked to your EveGate account, therefore everything else, hijacking of your account, your details, eventually in the future when everything is consolidated in the same platform (evegate) your API data, etc, etc. On other forums what have u got to loose ? possibly a password, and the revealing of your email, hence those forums rarely bother about any kind of security related to session hijacking and or other vulnerabilities.
Yeah thats about the size of it. I think I like many other thousands got our accounts compromised on the old Scrap Heap Challenge forums when it was discovered our user names and passwords were stored in plain text and looted by scoundrels - but fortunately nothing was linked to that login data so ultimately nothing of value was lost. Losing Eve account to the same fiasco would be appalling so I can see the point that Karuck is making about the security issues being an order of magnitude worse here.
So bottom line.
I'm not really that interested in a blame game and throwing stones at all the "wasted man hours" of forum development etc.
But I would like the forum producer to come onto the forum with a timely and informative blog that shows how the web/forum team is going to implement the hosting of images (if they go that route) and allow us to return to the functionality of the old forums we've gotten used too.
Maybe even improving things along the way huh?
I guess I'm a bit sick of "soon(tm" like everyone else and would like to see some commitment to timely results but explain the issues and vulnerabilties, provide information on the problems and a sensible timescale on the resolution and I'm fine with that.
The True Knowledge is that nothing matters that does not matter to you, might does make right and power makes freedom. |
Riflin' Betty
Perfunctory
17
|
Posted - 2011.09.06 14:45:00 -
[60] - Quote
CCP Karuck wrote:Riflin' Betty wrote: Exactly. So why are the pictures off if it's apparently ok for every other forum on earth?
The Internet is far from being a perfect place. Most people thought non-https was ok until people started hacking their Facebook accounts with Firesheep.
Evasive answer is evasive.
Also, I'm really sorry but, high-horsing and buzzword throwing is not allowed for people who put live a hacked-job YaF without removing the old admin pages, having unencrypted character identifiers in cookies and above all allowing code injection into the signature field.
There is no compelling argument for you to disallow the image tag other than the fact that one of your webgurus decided it was not esthetically pleasing.
|
|
|
|
|
Pages: 1 [2] 3 4 :: one page |
First page | Previous page | Next page | Last page |