Got hacked while on MMO-Champion.com

The whole Adobe Flash exploit bullshit... just be careful.

It's getting to the point where it's tempting to disable flash, or have a dedicated machine for surfing the net, or surfing in a virtual machine. /sigh

does that one goes through authenticator security?

Just use on screen keyboard they are not keylog-able.

Got hacked while on MMO-Champion.com

The whole Adobe Flash exploit bullshit... just be careful.

Are you insinuating that mmo champ ran an ad that compromised your comp? That being said might be one of the most rewarding hacks in wow history.

http://noscript.net/

Just use on screen keyboard they are not keylog-able.
Taken from the almighty Wikipedia (http://en.wikipedia.org/wiki/Keystroke_logging):


On-screen keyboards

Most on screen keyboards (such as the onscreen keyboard that comes with Microsoft Windows XP (http://en.wikipedia.org/wiki/Windows_XP)) send normal keyboard event messages to the external target program to type text. Every software keylogger can log these typed characters sent from one program to another. Additionally, keylogging software can take screenshots of what is displayed on the screen (periodically, and/or upon each mouse click).

taken from the almighty wikipedia (http://en.wikipedia.org/wiki/keystroke_logging):


pwnd

does that one goes through authenticator security?

I forgot to add authenticator to 2ndary account... it only had 1 account + some PTR shit. Was still enough to wipe out my guild bank.
pwnd

I'd be "pwnd" if I could read what fenril says unless someone quotes him. Little update.... it helps knowing a GM or two I went out for dinner and by the time I got back my shit was all back.

I'd be "pwnd" if I could read what fenril says unless someone quotes him.
Haha, always thinking I'm talking shit in your threads? Okay, I guess I'll deliver...

Little update.... it helps knowing a GM or two I went out for dinner and by the time I got back my shit was all back.
It also helps knowing where to use punctuation, because without it your sentences don't make any sense. :)

I'd be "pwnd" if I could read what fenril says unless someone quotes him.
Fenril was quoting the post from Blacky_chan, and linked a wiki post saying that virtual keyboards were useless as they still send keyboard event messages that keyloggers read anyway.

Good to hear you got your shit back



on a side note, here's the invader derailing thread!

http://labmanager.no-ip.biz:8044/wowstuff-NEW/images/invader.gif

how can you be so sure the hack originated from an ad on mmo-champion ? Your account could have been on queue for months..

IMO this is another reason to install adblock (and only use firefox or chrome).

I hate to hear this man. Hackers are on my short list. I think it goes...

Child Rapists,
Rapists,
Anyone who steps on my lawn,
underpants gnomes,
and Hackers.

anyways, I'm kinda surprised you didn't try out that authenticator/Android thing you told us about a while back man.

stephen

There's a unofficial patch out for that:

http://www.infoworld.com/d/security-central/researchers-issue-homemade-patch-pdf-zero-day-bug-727?source=rss_infoworld_news

I forgot to add authenticator to 2ndary account... it only had 1 account + some PTR shit. Was still enough to wipe out my guild bank.

Yet another account compromised because of failure to do the best you can to maintain account security (Authenticator). Nothing really to see here. Another flash exploit, another keylogged account that didn't have an authenticator.

I enjoy all the flaming in this thread. It's like barrens chat or the official forums here.

Yet another account compromised because of failure to do the best you can to maintain account security (Authenticator). Nothing really to see here. Another flash exploit, another keylogged account that didn't have an authenticator.
I made the mistake, that is true. But that doesn't mean that I should not warn people about this.

Flash was updated recently... I suggest updating it.

Also as to how do I know it originated from mmo-champion? I had two websites open. MMO and d2jsp. It being in "que" doesn't make sense as a majority of the time I am on that account while boxing and in the one instance I was not and was logged into a website in my browser that had flash based ads logged into that account to check something then out... and it gets hacked that exact night... yeah too good to be just a coincidence.

Anyway. It's all fixed. Authenticator + anti-script plugin.

Thank you for warning us that you are an idiot.

Your post wasn't really a warning it was more an assumption that could have been prevented if you used an authenticator. Then you proceed to say OMG LOOK AT ME IZ KNOW DA GMS BRO. Instead of saying something like "Fortunately they were able to restore my account and all is well. Just a heads up for people who like to browse MMO-Champion and forget to authenticate".


I leave this thread with this message:
http://www.dual-boxing.com/showthread.php?t=31670

P.S. Fenril for President

I made the mistake, that is true. But that doesn't mean that I should not warn people about this.
...
Anyway. It's all fixed. Authenticator + anti-script plugin.

I didn't mean to say you shouldn't warn people. I just took the opportunity to point out yet another hacked account that didn't have an authenticator on it.

Glad you got it all resolved.

Yet another hacked account on a windows computer ...

Yet another hacked account on a windows computer ...

Because Linux is a foolproof and 100% secure Operating System (http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/)


/just saying

I'd be "pwnd" if I could read what fenril says unless someone quotes him. Little update.... it helps knowing a GM or two I went out for dinner and by the time I got back my shit was all back.

http://headdesk.de/headdesk.jpg

Your post wasn't really a warning it was more an assumption that could have been prevented if you used an authenticator. Then you proceed to say OMG LOOK AT ME IZ KNOW DA GMS BRO. Instead of saying something like "Fortunately they were able to restore my account and all is well. Just a heads up for people who like to browse MMO-Champion and forget to authenticate".

This. You realize GM, Devs, and the like can loose their jobs for outting themselves on their characters. Just saying.

Hey guys, I know this GM and I just wanted you all to know that, go me! :D

I don't know any WoW GMs but I do know some people who make very little money at customer service jobs dealing with a never-ending stream of drooling morons, which is pretty much the same thing.

Because Linux is a foolproof and 100% secure Operating System (http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/)


/just saying You are comparing apples with tomatoes, since according to that article you need a working user account to exploit the bug. 'foolproof & 100% are your words. Don't think anyone with common sense is gonna state that something that is made by humans can ever be 100% foolproof. But it's pretty clear that both operating systems play in a different league, one in the secure league, and another one in the insecure league. You blame him for not having an authenticator, by that same logic i blame him for not having a secure OS.

You are comparing apples with tomatoes, since according to that article you need a working user account to exploit the bug. 'foolproof & 100% are your words. Don't think anyone with common sense is gonna state that something that is made by humans can ever be 100% foolproof. But it's pretty clear that both operating systems play in a different league, one in the secure league, and another one in the insecure league. You blame him for not having an authenticator, by that same logic i blame him for not having a secure OS.


I understand your argument as well as your logic. I was just pointing out it's not always so simple as "not having a secure OS"

you should stop advertising for non-windows OS.
If enough people hear you and make the move, so will the hackers.You basically have nothing to gain, and everything to lose.

TLDR: gloating about the awesome lack of virus/hacks of your OS will only bring viruses/hackers to your OS in the long term.
just saying :p

Well we know it wasnt DB! :D




http://safeweb.norton.com/images/icons/large_sphere/large-green.png?1223051324



http://www.dual-boxing.com/data:image/jpg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhISEBQUExQUERQWFxUUFRcVFRUWFxQVGBYVGBcRFx QYHCYeGB0vGhQXHy8hIycpLCwsFyA9NTAqNSkrLCkBCQoKDgwO Gg8PGi0kHiQsLjUvNTIvNSw1NTQwLSksNDUsLCwtLykqMDQvLD UsLCwsKTUpLCwsLCwsLC80LCkpLP/AABEIAHYAZAMBIgACEQEDEQH/xAAcAAEAAgMBAQEAAAAAAAAAAAAABQYDBAcCAQj/xAA9EAABAwIDBgMGAgcJAAAAAAABAAIDBBEhMUEFBhJRYXETQo EHIjKRobHB0SNDUlNykrIUFSQzNGJzguH/xAAaAQACAwEBAAAAAAAAAAAAAAAABQMEBgIB/8QALREAAQMCBQIFAwUAAAAAAAAAAQACAwQRBRIxQVEhYRMjMnH hIoHRkaGxwfD/2gAMAwEAAhEDEQA/AO4oiIQig9sb3QwP8JodUT6RRWLh1eTgwdyora+8E1VOaSiPDw m0848nOOPTi5u07rYo4KagbwRND5M3uOJLtXOccSfr2ULpL6fq q7pb+nTn8cr4yn2nUYvkZQsPliAkkt1leLA9mod0KY/51RUznXjqJbfytIb9Fim2q9/xO9NPkvLatRZm+/uoc7d+vv8AjRZzufs/CwkaebZpge9+Jexu0W409bUxnQPeJ2erZbm3YhYW1S9tqkXbwv Q5nH9LL/fFZTf6iEVEf72mB4gOb6c4/wAhPZTeztqRTxiSF7ZGHVp11BGYPQ4qGj2gRqo+rpCJDPTEQz+ b93MB5JWjPo4e8PouxJZdiW3cK5oorYO3m1LDgY5GHhljd8Ubr ZX1BzDhgR6qVU4IIuFZBBFwiIi9XqKpb9bfewMpoDaefAEZxsy dJ3xsOvZWqWSwJXJ9n7VEtVUVrsRcsi/hb7rLd8T6qvO/K23Kq1MmRthv/irGJY6CBtPDbxCB4jhp0vzUQKpRUlaXOLibkm57r62dL3S39kr dNfTRTDalZG1CiWTrK2dc+IuPFUs2oWRtQooTL7JWBoubnEAAC 5c45NaNSeSPFR4ylXVgaLkgDmSAB6lINosf8D2vtnwuDvsVKbv 7p5S1TQ+Q4sjNnMhHbJz+btMhzO1vJu7FJC97GtjmY1zo3tABu Bfhdb4mm1iDzVoRSZcyuiGXJm/ZVfaFQ6F7aqIXfGLSNH62HN0Z6j4gdCFf9n1zJomSMPE17Q5p5 ghc1k2qBE2QjB3ASOQdb81K+znaHA+ekJwjd4kX/G8/COzv6ginmBdl5RS1AL8nKvqIiYJoq/v1XmKhncMDwOA7kcIPzK5JT1HDC1g0xPyXR/ao7/Av/wCv9bVyhsqVVzrOA7JJiT7PA7KUgc5zg1oL3ONmtaLlx5AKdm3 SrmM43Q3AFyGPa54H8Az7AlffZe5n9tPFbi8J3h358TeK3Xh+l 11leU9O2VmYlFLStmjzOK4lFUXFwcCs7ZVbN89zDd1RTNu74pY h5+cjB+1zGvfOhsrL2DQXEkBoAuXE4BoGZPRUZ2Ohdld9ktqWP gfld9u6kzUWtmSSAABcuJyaBqb6K9bqbqGK084BmI9xuYhB0HN 51d6Dr53Q3Q8G004BnI91uYhB0HN3N3oOtrTOlpi3636pxRUZb 5kmvHHyipe/G9rGB1NGbvcOGVw/VMIxaP8AeQctL35L1vnvn4V4Kc3m878xCD938hpmVzrw+51JOJ JOZJ1Kgr68R+WzXdVcTxMRXij9W/b5WWur+NoYBwsFsO2S393q0sr6V/7xjondcCR9WhRRYs1G61RScxL97/8AqV0kpMwJ5CTUEzjUNJ5H8ruLTgi8U590dl8WsW4VW9pVOX0U gH7JPyx/BcYjcv0Ht+k8SFw6FcBmpjHI+M+Qkemn0SrEWGwekmLMNmvHss 1NUPY5rmEtc0gtcMC0jULsG5W+ratvhyWbUNGIyEgHnb+I07Lj rAtmnkc1wc0lrmkFrgbFpGoKWwVToHX23SimrXUz77bhfoNRUG 69MypdUtjAld8gT8T2tyDjqfzN4vc3fNtU3w5bNqGjEZCQDzt6 8xp2VpWiY5kzQ8dVq2PjnaHt6jZFTt8t8vCvBTn9L535iEHQc3 9NMym+O+Ph3gpz+lye8YiEHQc39NNVQo47fck4kk5knU9UqxDE RF5ceu/b5SXFcVEIMUR+rc8fK8Nj7nMknEknMk6nqvvAs4YvvAsuX3WML 7m5WsWJsqPjrqdvIl/yB/EhZZBYLf8AZ/QmWqfLo33G+hu4/Ow9EzwxhknHZOMHjMtQDsOq6zTj3R2XxZGjBFr1vF8kZcELj3t F2AYpfGaMMnW1HP0XY1F7d2Q2eMghRyRiRpaVHLE2VhY7dcHid dbLAve3dhvpJDgTHfl8PbosMEoIwWXqYHQusVi6umfA6zltwuL SHNJa5pBa5psWkZEFWJ++9c5nAZWjQvbGA8+t7DuAoGCK63I6E nKyrsmljBDCRdVWTzxAiNxF1jjZb7knEknMk6lZ2hbEWynnkty LY/M37KqYpHHRUjDK86KODb5L26K2a3p3Rxi2F+Qz9VX9p7Yx4Wji ccmj7lDYCXZR1KG07nOyN6uWPaVQSRGzF7sB05uK6fuNsIQQNw 0VW3H3Qc53jS4uOPboOi6fFGGiwWuoKMUzOup1W7wygFJHY+o6 r2iImCaIiIhCiNt7vsnaQQLrlO3txpYHF0V7ctPku2rFNTtcLE XXD2NeLOFwo5I2SNyvFwvz0K18Zs9jm9RiPzW/TbxgecetvxxXWto7mQy+UKvVXsvjJwSx+Fxk3aSEnkwWJxuxxC qg3rt52D5LXqN7b4cZd0aPywVsb7K2KTofZvE3MXUYwkH1PKjG BtPrkJC5tEKmoNmNLAdTifyCu+6ns9DTxyYnPHMq7UOwYohg0K RDbJjBSxQD6AmtNRw0wtG1Y6emawAAWWVEVlW0REQhEREIRERC EREQhEREIRERCEREQhEREIRERCEREQhEREIRERCEREQhEREIRE RCF//Z

But it's pretty clear that both operating systems play in a different league, one in the popular league, and another one in the obscure league.

Fixed that for ya.

There are more people surfing the web using Java ME as their OS than linux. Yeah, I get the point about basic differences in design but you can't really judge something that falls below the statistical noise floor of usage against something that 92% of the world uses. Apples and tomatoes, indeed, as you have completely different players in the game. Hackers who are out to actually make money wouldn't target linux even if it were LESS secure because there's no money in it due to the vanishingly small market.

I forgot to add authenticator to 2ndary account... it only had 1 account + some PTR shit. Was still enough to wipe out my guild bank.

I'd be "pwnd" if I could read what fenril says unless someone quotes him. Little update.... it helps knowing a GM or two I went out for dinner and by the time I got back my shit was all back.

DRAMA LLAMA

I wasn't talking to you, and I did quote him.

He replied to Blacky_Chan (http://www.dual-boxing.com/member.php?u=31553) about the use on screen keyboards making you safe (which is a falsehood)

Fixed that for ya.
. Personally I prefer that you would quote me without changing what I wrote. There are other ways to make your point instead of making it look like I wrote that. But obviously I have no influence on that. Anyways:
Hackers who are out to actually make money wouldn't target linux even if it were LESS secure because there's no money in it due to the vanishingly small market.
You forget the fact that Linux is widely used in the server market as well. Saying there's no money in there for a hacker is ... well being ignorant tmho. Obviously there is a difference how a server & home user are being targeted by hackers. Calling an opensource os so widely used among top universities, businesses & scientific organizations 'obscure', compared to a commercial closed source os with a past of failure, is ... well plain stupid.

This thread is so ironic.

The guy who showed us how to setup a dodgy PC version of the mobile authenticator 'forgets' to add it to his second account then proceeds to blame MMO-Champion in a rather vague post and then proceeds to tell us how cool he is for knowing some GM's.

You better go write us up a huge guide on how to use common sense. Please.

At least your not writing huge threads about how much uni homework you have anymore or exactly how many pages each project is.

I hope these forums get back to being interesting and fun once Cataclysm hits because Shodokan the Clown is getting a bit old. :/

time for Space Invaders!

http://labmanager.no-ip.biz:8044/wowstuff-NEW/images/invader.gif

i think this thread has run it's couse.

time for Space Invaders!

http://labmanager.no-ip.biz:8044/wowstuff-NEW/images/invader.gif

i think this thread has run it's couse.

Agreed