Page 1 of 1

Security Vulnerabilities for Neo

Posted: 16 Nov 2015 01:15 am
by thelonetiel
Security issues of note on Neopets.com:

RESOLVED. 11/15/15: Saw this on the boards and thought I'd share:
Dress To Impress Blog wrote:A malicious Flash file has recently appeared on multiple Neopets-related websites, including Neopets.com itself.

When you visit an infected webpage, it exploits a vulnerability in Flash and Neopets.com to immediately transfer all of your on-hand Neopoints, banked Neopoints, and gallery items to the attacker’s account. Some users report that this attack can even circumvent PIN protection.
For more, including how to disable Flash in your browsers to mitigate this danger, see this DTI blog post.

I typically browse with Flash disabled by default, but I've had Neo on my exception lists since so much of the site is Flash. Luckily that is easy to fix.

Stay safe out there friends. :/

(Any interest in using this thread as an on-going status update for new vulnerabilities as they are reported? May be easier to just reply whenever something pops up than making a new post?)

Re: Malicious Flash Vulnerability for Neo

Posted: 16 Nov 2015 05:29 am
by Madge
I'd be interested in an updating thread; more to the point I'd be interested in knowing when this is no longer a problem.

Re: Malicious Flash Vulnerability for Neo

Posted: 16 Nov 2015 10:54 pm
by Jazzy
According to Matchu's post, this has now been fixed. However, I'd second his advice to make all Flash click-to-play by default.