Poe.xyz.is; suspected cause for compromised accounts?

nah, it's safe. Been using it since it announced here on the forums.

Looks like a simple analytic tracking cookie to me.

The thread necromancy here is really not amusing. Alex, this is not funny. Cut the crap out.

At the very least, this can't be the only cause. A week or so ago I had someone from China try to log on to my account, but it was blocked by the new security feature. Literally the only sites I have looked at are this forum and the wiki. Granted, stupidly I did use the same account info for the wiki, but I have changed it now. I literally only logged in to the wiki one time to see what the editing rules were. Scanned my comp with several antivirus/malware programs and turned up nothing. That leads me to believe the wiki must be compromised somehow.

I have a Masters in IT Info Sec and to quote one of my favourite Sith Lords:

"There are some techniques in the force against which there is no defense...." ~ Kreia

As there are certain types of malicious codes that against which there is basically no defense :o

Once upon a time, the big thing to do was SQL Injection. That's passé in the cracking world. Sure, it's still done by the script kiddies - talentless, wanna-be computer rejects that crack systems via pressing buttons that possess little to know true computer knowledge. These pathetic losers make up for 98% of the cracking community. It's the other 2% that you should really be worried about that actually understand computers and can remotely access your computer even when it's shut off, in certain situations.

@taekvideo:

You are incorrect - sorry but there are things called:

1) Drive-by downloads. These may happen when JUST VISITING a website, viewing an e-mail message or by clicking on a deceptive pop-up window: by clicking on the window in the mistaken belief that, for instance, an error report from the computer's operating system itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the person "consented" to the download although actually unaware of having started an unwanted or malicious software download. Websites that exploit the Windows Metafile vulnerability (eliminated by a Windows update of 5 January 2006) may provide examples of drive-by downloads of this sort.

There is also a little nasty thing called: XSS - Cross-site scripting

The expression "cross-site scripting" originally referred to the act of loading the attacked, third-party web application from an unrelated attack site, in a manner that executes a fragment of JavaScript prepared by the attacker in the security context of the targeted domain (a reflected or non-persistent XSS vulnerability). The definition gradually expanded to encompass other modes of code injection, including persistent and non-JavaScript vectors (including ActiveX, Java, VBScript, Flash, or even HTML scripts), causing some confusion to newcomers to the field of information security.

XSS vulnerabilities have been reported and exploited since the 1990s. Prominent sites affected in the past include the social-networking sites Twitter, Facebook, MySpace, and Orkut. In recent years, cross-site scripting flaws surpassed buffer overflows to become the most common publicly reported security vulnerability, with some researchers in 2007 viewing as many as 68% of websites as likely open to XSS attacks.

Exploit examples:

Attackers intending to exploit cross-site scripting vulnerabilities must approach each class of vulnerability differently. For each class, a specific attack vector is described here. The names below are technical terms, taken from the cast of characters commonly used in computer security.

Non-persistent:

Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and stores sensitive data, such as billing information.

Mallory observes that Bob's website contains a reflected XSS vulnerability.
Mallory crafts a URL to exploit the vulnerability, and sends Alice an email, enticing her to click on a link for the URL under false pretenses. This URL will point to Bob's website (either directly or through an iframe or ajax), but will contain Mallory's malicious code, which the website will reflect.

Alice visits the URL provided by Mallory while logged into Bob's website.
The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server (this is the actual XSS vulnerability). The script can be used to send Alice's session cookie to Mallory. Mallory can then use the session cookie to steal sensitive information available to Alice (authentication credentials, billing info, etc.) without Alice's knowledge.

Persistent attack:

Mallory posts a message with malicious payload to a social network.

When Bob reads the message, Mallory's XSS steals Bob's cookie.

Mallory can now hijack Bob's session and impersonate Bob.

These are just brief examples. And I gave you the baby explanations from Wikipedia - not the best place for shit but for this forum, it's on a low enough level for most to understand. The only way to protect yourself against XSS attacks is to turn scripting off or greatly limit the scripting abilities on a web page but that usually limits what you can and cannot do. Also, you will NEVER know you are being attacked via XSS as they are invisible and you can also click a valid link with the XSS superimposed over it.

A good way to "defend" yourself against this kind of annoying crap is to follow these very simple rules:

1) Don't use IE - it has more security holes than swiss cheese

2) Use something like firefox and download the addon called "noscript:"

https://addons.mozilla.org/en-us/firefox/addon/noscript/

3) Use anti-virus and fire-wall protection together. I also use very specific, secured DNS servers via my fire-wall service. I use comodo:

http://www.comodo.com/home/browsers-toolbars/browser.php

Most of the stuff is free - one of the best on the market or you can pay for a year's sub, like I do for $20. For the $20, you also get access to a shit ton of goodies like live support. I don't have any issues whatsoever - except that Comodo is a bit "over-zealous" in its protection lol!

4) Don't click on shit if you don't know what it's about or if it's too good to be true, then, more likely than not, it's a virus, worm or someother piece of annoyance.

5) NEVER give anyone your personal user id/password - you're just asking for trouble if you do.

6) This is the hardest one - USE YOUR FUCKIN COMMON SENSE PEOPLE. This IS the hardest one as most ppl seem to lack this.

If you have any questions in reference to cyber security, just ask and I will try to answer as best I can. Oh, and don't ask how to crack (the proper term and not "hack." Hacking is different from cracking.) shit as I won't tell you. But how to secure your computer, that I will do :)

I've been using the site for weeks without problem.

However, it is possible hackers might be using the site to find worthy targets.

I still think GGG should hire the guy that made that site. It should be integrated into the official site.

Can you just let that necro'ed thread died? It's bad enough that some retarded person had to create it back then without any kind of proof, so don't let the necro-troll win by keeping this at the top of the first page ;)

Am a nice guy so I'll try to educate anyone who wants to learn:

http://usa.kaspersky.com/products-services/home-computer-security/internet-security

There you go.

It's a LOT OF MONEY (sarcasm mode on) to protect everything you do for a whole year on the internet really!

"

sage2050 escreveu:

ive been using it since the day it opened and haven't been hacked.