That was on the Subeta is Down page for a brief span, but seems to be removed now. I don't know how serious it is or how long the news post in question was up as I never saw it, but if you did click that link I would change your passwords. And maybe Subeta's too to be on the safe side.We are currently investigating a security issue that just sprung up.
If you clicked on the link that was posted in the news, to a 'jellyneonews', and have a neopets account, I suggest you change your password. There is a NEOPETS cookie grabber going around, that will steal your account.
Subeta security risk
-
- Posts: 2793
- Joined: 19 Jan 2006 08:47 pm
- Gender: Female
- Human Avatar: 155383
- Location: Mystery Island
- Contact:
Subeta security risk
Wanna donate towards my drink gallery, the Golden Goblet.
-
- Posts: 1641
- Joined: 16 Jan 2007 10:14 pm
- Gender: Female
- Human Avatar: 150891
Re: Subeta security risk
I missed this, too, so thanks for the heads up Seerow.
I wonder what's up with the Neo-related hackings (?) lately.
I wonder what's up with the Neo-related hackings (?) lately.
-
- Posts: 1105
- Joined: 29 Nov 2006 11:17 pm
- Location: Hall of Origin
Re: Subeta security risk
Seems like they just want to give them a bad name. Or trying to start a "war"
Re: Subeta security risk
this bites, I saw it, clicked it.. have now changed my passwords for subeta, neo, and gaia just to be safe...
-
- Posts: 3413
- Joined: 09 Mar 2006 06:29 pm
- Human Avatar: 155904
- Location: Seattle, Washington
- Contact:
Re: Subeta security risk
There's another new post on the down page:
Blah. I have no problem changing our passwords, but aren't they supposed to be 100% encoded now so people CAN'T find them out? I haven't been on Subeta all day, so I doubt I was 'cookie grabbed' or anything, but still. It's not exactly encouraging news.We are dealing with a security issue.
When the site comes back up, I suggest changing your password.
As always, thanks for your patience and support!
-
- Incorrigible Bookworm
- Posts: 1324
- Joined: 18 Jan 2006 09:41 pm
- Gender: Female
- Human Avatar: 157826
- Location: wandering
Re: Subeta security risk
I clicked on the link without really looking at the news post, which was stupid, I know. I closed the window as soon as I saw that it was leading offsite, and I cleared my cookies, added a PIN, changed my password, and am running Spybot just in case. I'm not too worried about my Subeta account, but I am wondering if it's possible for something like that to collect saved password information for other sites. Like online banking or email, things like that. Should I be concerned enough to change all my passwords?
-
- Posts: 1191
- Joined: 03 Mar 2006 12:19 am
- Gender: Female
- Location: Mars
Re: Subeta security risk
I was wondering the same thing too. I was on moments before the site was forcefully shut down for "security". How serious is this? If we're talking about CG'ing and changing passwords and drastic things for Subeta, how do we know that other private info is safe?bonecrivain wrote: I'm not too worried about my Subeta account, but I am wondering if it's possible for something like that to collect saved password information for other sites. Like online banking or email, things like that. Should I be concerned enough to change all my passwords?
Re: Subeta security risk
Change your neopets password, that's what they were after. They linked to a page with a neopets cookie grabber on it.
Your Subeta account is really actually pretty safe, I'm just saying to change passwords JUST to be safe. They couldn't see passwords, even on my account (and if they could, they're hashed) so it wouldn't have done them much good.
As for how they're DOING this, I assume it's via some sort of code exploit, and today we pushed out over 100 file updates for security changes. Basically, it's what we've been working on, we were going to finish, test, and push out like, parts of the site at a time. Instead, today, we pushed out what we've done so far all at once, so there might be bugs.
Mostly, it seems like they were just after neopets information.
Your Subeta account is really actually pretty safe, I'm just saying to change passwords JUST to be safe. They couldn't see passwords, even on my account (and if they could, they're hashed) so it wouldn't have done them much good.
As for how they're DOING this, I assume it's via some sort of code exploit, and today we pushed out over 100 file updates for security changes. Basically, it's what we've been working on, we were going to finish, test, and push out like, parts of the site at a time. Instead, today, we pushed out what we've done so far all at once, so there might be bugs.
Mostly, it seems like they were just after neopets information.
-
- Posts: 3413
- Joined: 09 Mar 2006 06:29 pm
- Human Avatar: 155904
- Location: Seattle, Washington
- Contact:
Re: Subeta security risk
THIS just got posted on the news:
In place of Keith's warning. Obviously somethign fishy is still up. Want my advice? Avoid Subeta until this is 100% over, heh.Posted by Keith at 05:39 pm
Click here for your free 100000 SP for today only!
Limited time offer!
-
- Posts: 1105
- Joined: 29 Nov 2006 11:17 pm
- Location: Hall of Origin
Re: Subeta security risk
This reminds me of all the spam links on DA ...that lead you to a fake login screen when you clicked on the provided link.
-
- Zombie Queen
- Posts: 5251
- Joined: 08 Jan 2006 05:20 am
- Gender: Female
- Human Avatar: 89833
- Location: Tyland
- Contact:
Re: Subeta security risk
You should change all passwords everywhere once a month. Few people indulge in this. ;)
Trying to change my password on Subeta, it did seem to change my password, but I got a blank error. It brought me back to the password page, but with this line of text added:
Trying to change my password on Subeta, it did seem to change my password, but I got a blank error. It brought me back to the password page, but with this line of text added:
Even the errors are misspelled. >.<Subeta wrote:The following error has occured:
-
- Posts: 1105
- Joined: 29 Nov 2006 11:17 pm
- Location: Hall of Origin
Re: Subeta security risk
..so I suppose I should change my Neo password.
The thing is that a handfull of people tend to use the same password as everything else, thus, they get your Neo account they can get everything else.
I learned my lesson the hard way.
The thing is that a handfull of people tend to use the same password as everything else, thus, they get your Neo account they can get everything else.
I learned my lesson the hard way.
-
- Posts: 1055
- Joined: 11 Jun 2007 03:33 pm
- Gender: Female
- Human Avatar: 48736
- Location: philly, usa
Re: Subeta security risk
I got into the habit of playing Subeta in a different browser from other sites at home because, honestly, I didn't trust the site's security 100% when I joined. Unfortunately, I've gotten lazy at work and visit it in the same browser as Neo and other stuff. I think I'm going to use a separate one at work now too.
-
- Posts: 2793
- Joined: 19 Jan 2006 08:47 pm
- Gender: Female
- Human Avatar: 155383
- Location: Mystery Island
- Contact:
Re: Subeta security risk
I guess Keith self froze his account earlier this evening, and Amber's had the admin abilities taken away. So I guess this is more serious then they are letting on in the news post, though that's hardly surprising.
I changed my pw for Subeta, but arg, I hate changing pws for sites. I always forget what I change them to later
I changed my pw for Subeta, but arg, I hate changing pws for sites. I always forget what I change them to later
Wanna donate towards my drink gallery, the Golden Goblet.
-
- Posts: 720
- Joined: 12 Jan 2006 03:12 pm
- Gender: Female
- Human Avatar: 168295
- Location: missouri
Re: Subeta security risk
One of the bugs: Buying from a usershop with an apostrophe in the shop name will eat your sp and not give you an item. I probably wasted around 50k (or more!) during quests 'cause I didn't notice my sp was being taken. If your shop name has an ' in it, change it so people can GET the items they're trying to buy from you I feel bad for anyone who bought anything from my shop since I had an ' in it
Luckily one of the prizes I got from Maleria more than makes up for the sp I lost!
Luckily one of the prizes I got from Maleria more than makes up for the sp I lost!
Who is online
Users browsing this forum: Bing [Bot] and 133 guests