Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Riethe
Fine Goods for Fine Gentlemen
|
Posted - 2008.01.17 06:41:00 -
[1]
You notice how near the roof of your forums now you have a checkbox to enable images?
Curious why this happened?
The reason for this is because a few clever folks thought it would be neat to use their signatures running from their webservers as data collection.
This is actually pretty common amongst forums, however with EVE and alts and hidden identities, it can actually be applied in malicious ways.
Basically, this is what was going on: If someone had a post in a thread with a signature made for this purpose, when you load the thread, your browser would automatically load their signature.
This by itself can't accomplish anything.
However, here's when it starts taking effect: If you load a thread, and then make a reply to it, if the post you make is on the same page as a signature designed to grab your information, they could check the post time on your post, and match it to a log on their webserver.
From this, they now have your IP address which they can match to your character, and match to your alts as well over time as the data aggregates.
This is an obvious malicious use of the signature functionality, and as a result of this, images have to been enabled manually on the forums.
The more you know.
|
Zeonos
Amarr Fairtrade Syndicate
|
Posted - 2008.01.17 06:48:00 -
[2]
how is that possible?, wont they only get my signatures host?, and ccp's ip since its from there the new content comes?
Look I Hijacked a sig!! -Kaemonn <3 Kaemonn -Zeonos A sunset with Kaemonn... how nice... -Wachtmeister In Eve-Online Forum Hijack Signature! -Ivan K This space is reserved for moderator hijacking, Need more colors! Red & Yellow & Pink & Green, Orange & Purple & ME! - Deckard My yellow pwns Deckard's fruity rainbow thingie anyday. BRING IT BABY! -Hango Black and pink 4tw however gold pwns -Eldo
|
Riethe
Fine Goods for Fine Gentlemen
|
Posted - 2008.01.17 06:53:00 -
[3]
I don't know if you're just bad at reading or if I goofed in my explanation, so I will start over:
If you post in my thread while I am running a signature, I can look at the time stamp of MY webserver's log which YOU had to access to view my signature, and the time stamp of the post YOU made. If I match these properly, I can deduct your IP from the whole lot.
Eventually over time, if you posted under alts and such, I could begin to match you to them.
Or, if someone wanted to be even more malicious, they could make use of your IP in other ways. Very unlikely that anything would come from that, but enough effort and patience can really prove to be quite malicious.
|
F'nog
Amarr Celestial Horizon Corp. Valainaloce
|
Posted - 2008.01.17 06:59:00 -
[4]
I have some foil to sell. Please contact me ingame. Reasonable prices.
Originally by: Kazuma Saruwatari
F'nog for Amarr Emperor. Nuff said
|
Miss Anthropy
The Greater Goon GoonSwarm
|
Posted - 2008.01.17 07:48:00 -
[5]
Edited by: Miss Anthropy on 17/01/2008 07:49:28 And what are they going to do with my IP? Pop over for a cup of tea and biscuits? Seriously, my IP is left everwhere that I surf on the net for anyone who cares to look. I suppose if I was really paranoid I could subscribe to one of those anonymous surfing sites that I've heard about. They can hide my IP while I surf.
But, looking at it another way then yes, using sigs to gain information on people (however fruitless) is still malicious.
EDIT: By the way, don't reply to this because I might just "pop over for a cup of tea and biscuits". You've been warned.
It's time to chew ass and kick bubblegum... and I'm all outta bubblegum. Wait... that don't sound right. |
LaVista Vista
Conservative Shenanigans Party
|
Posted - 2008.01.17 07:50:00 -
[6]
Edited by: LaVista Vista on 17/01/2008 07:53:20 Edited by: LaVista Vista on 17/01/2008 07:52:15 While its true this would work(Unless you get everal posts in a thread per minute), theres still a problem about dynamic IP's.
Its only really foolproof if people use static IP's.
Also, it cant really be used for anything. I post from several different IP's over a day(I can think of at least 3), and none of them seem static to me. Its also waaay too easy to use proixes you know. If people HAD a reason to not want to let people know who their alts are, chances are they know how to use a proxy.
And what are they gonna do with the info? Zomg they has my alts.
|
Riethe
Fine Goods for Fine Gentlemen
|
Posted - 2008.01.17 07:54:00 -
[7]
While many of you may not regard this as very important--I was simply explaining the reason that this feature was implemented.
Take what you will from it, it is a malicious, obvious misuse of the ability to embed images and that is why we now, by default, have no images.
|
Drakesh
Caldari Provisions
|
Posted - 2008.01.17 13:08:00 -
[8]
Didn't Goonfleet bust an alt spy this way?
Sounds like one obvious use...
================
|
Sister Impotentata
Elite Angels Of Death
|
Posted - 2008.01.17 14:10:00 -
[9]
Nerf Crumplecorn! ----- TANSTAAFL
Originally by: Professor Falken What you see here on these screens is a fantasy, a computer-enhanced hallucination! Those blips are not real missiles, they're phantoms!
|
Ilea Celentay
Veiled Justice
|
Posted - 2008.01.17 21:37:00 -
[10]
Edited by: Ilea Celentay on 17/01/2008 21:38:06 Well, I don't personally worry about this kind of online stalking, however, it was an interesting read to say the least.
I use a similar system to watch visitors to my personal profiles though I never thought (nor would never really have a need) to do such a thing on a forum, much less Eves.
Still, it clarified why some forums do not allow forum signatures that do not end in the common image file type extensions which, I know at one point I did wounder about.
Originally by: Riethe
Stuffs...
I notice that your image doesn't actually represent your balance and is .PHP based. I'll have tea and biscuits ready for 10, okay?
Faction Ship Info || Rig Factory |
|
Blind Man
Cosmic Fusion When Fat Kids Attack
|
Posted - 2008.01.17 21:45:00 -
[11]
wts dynamic IP address
|
Riethe
Fine Goods for Fine Gentlemen
|
Posted - 2008.01.17 23:11:00 -
[12]
Edited by: Riethe on 17/01/2008 23:12:26
Originally by: Ilea Celentay I notice that your image doesn't actually represent your balance and is .PHP based. I'll have tea and biscuits ready for 10, okay?
My sig is a random number generator set to look like my wallet balance.
I thought it would be fun to do. I get a lot of people asking me how much ISK I have from certain activities. It seemed like a neat little sig for that.
In the future it may actually use the API to represent my real wallet (it wouldn't be very difficult to change it.)
I'm also considering pulling some of the more general statistics like pod kills, ship kills, most deadly systems, etc, just fun stuff like that.
|
Pepperami
Art of War
|
Posted - 2008.01.18 03:42:00 -
[13]
ohnoes!
A-WAR might be Recruiting!
|
Surfin's PlunderBunny
Minmatar mUfFiN fAcToRy Sex Panthers
|
Posted - 2008.01.18 05:40:00 -
[14]
I want pie
() () (â;..;)â (")(") |
Alvar Ursidae
Amarr The OZ Hunters and Mercenary Association Black Scope Project
|
Posted - 2008.01.18 07:20:00 -
[15]
So SMART people would host sigs on DIFFERENT servers, and considering the FREE options out there. I don't honestly think that this is the reason. It's an argument for it, but a bit flimsy at that. Most would rather be playing the game, than going through logs.
The MAIN reason is so that people who just want to READ the forums, don't have to go through copious amounts of image loading, and can do said reading at a largely increased pace.
I do sigs and stuff...http://alvar.eve-stuff.net |
Riethe
Fine Goods for Fine Gentlemen
|
Posted - 2008.01.18 07:32:00 -
[16]
Originally by: Alvar Ursidae So SMART people would host sigs on DIFFERENT servers, and considering the FREE options out there. I don't honestly think that this is the reason. It's an argument for it, but a bit flimsy at that. Most would rather be playing the game, than going through logs.
The MAIN reason is so that people who just want to READ the forums, don't have to go through copious amounts of image loading, and can do said reading at a largely increased pace.
You don't get it, at all.
Re-read the thread.
Keep trying.
|
Alvar Ursidae
Amarr The OZ Hunters and Mercenary Association Black Scope Project
|
Posted - 2008.01.18 08:02:00 -
[17]
bite damn you - BITE!
No, your point is kind of valid, but what about people logging on from work though? Different accounts, different IPs, would still be too hard to do. Dynamic IPs would not ba a major issue, as you would get false positives, but MOST people leave modems/routers turned on, and THEY grab the IP addresses from the ISPs.
ISPs are given a limited range, so most likely it would work, but THAT MUCH FRIKKEN WORK? Bah.
I do sigs and stuff...http://alvar.eve-stuff.net |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |