Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#141 Solom Rembert

    Member

  • Pip
  • The Determined
  • 15 posts

Posted 13 December 2012 - 10:27 PM

"I would still advocate changing your password, but that is my own personal paranoia telling me to do so. "

Did you find a way to use the "forgot password"-option without enabling scripts for the site ?

#142 Parmeggido

    Member

  • PipPipPipPipPip
  • The People's Hero
  • The People
  • 158 posts

Posted 13 December 2012 - 10:31 PM

View PostNiko Snow, on 13 December 2012 - 10:21 PM, said:

I am pleased to report that Chrome is no longer flagging our site as Malware.

On a completely unrelated note, we ask the citizens of California to pay no heed to any urbanmechs which may have accidentally wandered into their fine state, they should be migrating back north promptly.


I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.

#143 Kin3ticX

    Member

  • PipPipPipPipPipPipPipPipPip
  • The People's Hero
  • The People
  • 2,926 posts
  • LocationSalt Mines of Puglandia

Posted 13 December 2012 - 10:37 PM

View Postshabowie, on 13 December 2012 - 04:22 PM, said:

I didn't receive that email.

I got it.

Its a very bizzare email.


btw 5 of my other MWO buddies also got the email

Edited by Kin3ticX, 13 December 2012 - 10:49 PM.


#144 Trickster Fox

    Member

  • PipPipPip
  • 62 posts

Posted 13 December 2012 - 10:54 PM

View PostKin3ticX, on 13 December 2012 - 10:37 PM, said:

I got it.

Its a very bizzare email.


btw 5 of my other MWO buddies also got the email


please don't tell me you opened it...

#145 Veggies

    Member

  • PipPip
  • The Steadfast
  • The Steadfast
  • 29 posts

Posted 13 December 2012 - 11:34 PM

View Postshabowie, on 13 December 2012 - 04:22 PM, said:

I didn't receive that email.


It's in your spam folder. I am concerned as well if they did not compromise, how did they get my email?

#146 Chronojam

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,185 posts

Posted 13 December 2012 - 11:39 PM

View PostParmeggido, on 13 December 2012 - 10:31 PM, said:


I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.

A common misconception is that Java and JavaScript are somehow related; that's not the case. In a large number of these exploits, it's JavaScript that is the culprit, or things like holes in image rendering code or other media (hello Flash). Because of the whole Web 2.0 thing, it's pretty common to see minified/obfuscated JavaScript without raising any alarms, and redirects to offsite pages or pulling in data from third party content delivery networks. That can make it hard to spot Bad Stuff at a quick glance, which is why we have things like these browser web page screening services to tell us when a particular page is serving up Bad Stuff.

Java's certainly an attack vector though and if you're not using it, you should remove it. Certainly keep it up to date, it's got a pretty ****** track record for security-- especially lately, with "security releases" being full of holes found within hours of release.

View PostMinsc, on 13 December 2012 - 09:59 PM, said:

I did some checking around, apparently players from other games such as the secret world are getting the email from emails setup only for that game, similar to some people here on MWO. It seems it is more large scale than the conspiracy theorists here are making it out to be.

I would still advocate changing your password, but that is my own personal paranoia telling me to do so.

Wouldn't the conspiracy theory be that it's more widespread than it actually is? That's how conspiracy theories often go.

Given the recent rash of forum exploitation though I wouldn't be surprised if several other forums were compromised. Mine was, after all, and so were tons of other sites.

#147 Fais

    Member

  • PipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 146 posts
  • LocationCharlotte, NC

Posted 14 December 2012 - 12:15 AM

Good Job PGI, you survived your first "brush with death." Heh, jk.

Defintly some how email information was compromised, its possible it was client side during the redirect, I dont know. With that said, I dont care if my email is on a spam list, as it is already on a bunch of them. Just glad to see the forum restored, and things getting back to normal. Yelling at you for this or that game design instead. I hope you guys have a good Holiday, because we are going to no mercy mode come January B).

#148 Wolfways

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Mercenary
  • 6,499 posts
  • LocationIn a shutdown overheated mech near you.

Posted 14 December 2012 - 12:34 AM

View PostNiko Snow, on 13 December 2012 - 10:21 PM, said:

I am pleased to report that Chrome is no longer flagging our site as Malware.

Firefox is.

#149 Armorpiercer M82

    Member

  • PipPipPipPipPipPipPip
  • 759 posts

Posted 14 December 2012 - 12:54 AM

hm.

BTW your +20% MC still dont work.

#150 Buck Cake

    Member

  • PipPipPipPipPipPip
  • Knight Errant
  • 259 posts

Posted 14 December 2012 - 12:56 AM

Best fun with MWO I've had in a while, esp the part about the devil.

#151 De La Fresniere

    Member

  • PipPipPipPipPipPipPip
  • 622 posts

Posted 14 December 2012 - 01:00 AM

I'd just logged in on the forums earlier that day, I saw reports of the attack and of a strange email and when I checked my mail, there it was. After more than 15 years using the internet and never, ever getting an email that wasn't directly addressed to me before yesterday... that was an unexpected violation, I must admit I'm a bit shaken. Is my personal address being sold to spammers right now?

Far worse, PGI representatives are very intent on saying what *wasn't* compromised [Redacted], and they won't say what the goal of the attack was or what the consequences of the attack were/are.

The attack is a significant black mark on PGI's records... but their response to it is a much bigger one. I gave them money because I viewed them as a small, friendly game company, but now I have to start treating them as an untrustworthy business partner. Anything could be a lie.

People never fail to disappoint...

Edited by Niko Snow, 14 December 2012 - 01:43 AM.
Defamatory


#152 PPO Kuro

    Member

  • PipPipPipPipPipPip
  • Bad Company
  • Bad Company
  • 300 posts
  • LocationThe Netherlands

Posted 14 December 2012 - 01:06 AM

Good to know the problem has been fixed. I'm glad I have good security on my pc.

I'm just using W7 firewall and Comodo, browser Firefox with NoScript. Haven't gotten anything 'bad' on my pc for years now :)

#153 Paper Airplane

    Rookie

  • 2 posts

Posted 14 December 2012 - 01:08 AM

View PostBryan Ekman, on 13 December 2012 - 04:14 PM, said:

a malicious redirect script


Where did it go to?

#154 De La Fresniere

    Member

  • PipPipPipPipPipPipPip
  • 622 posts

Posted 14 December 2012 - 01:19 AM

[Redacted]

Edited by Niko Snow, 14 December 2012 - 01:41 AM.
Discussing Moderation Actions ;)


#155 Rooikat

    Member

  • PipPipPip
  • The 1 Percent
  • The 1 Percent
  • 54 posts
  • LocationIn the wild

Posted 14 December 2012 - 01:23 AM

Now that is good corporate responsibility:

1) Report fault
2) Fix fault
3) Release information

Well done!

Just wish other corps could do the same

#156 Winterdyne

    Member

  • PipPip
  • Philanthropist
  • 32 posts

Posted 14 December 2012 - 01:27 AM

Just logged n via my iPad to repeat the fix for the nasty root kit virus I got:
http://www.bleepingc...7-defender-2013

Seems to have done the job. Now patching holes in my security....

Edited by Winterdyne, 14 December 2012 - 02:13 AM.


#157 TheGreatNoNo

    Member

  • PipPipPipPipPipPip
  • Bridesmaid
  • Bridesmaid
  • 448 posts

Posted 14 December 2012 - 02:16 AM

Yea, I got that alert on my anti virus last night. Password changed. Good thing Im too poor right now to buy MC.

#158 Almeras

    Member

  • PipPipPipPipPipPip
  • The Slayer
  • The Slayer
  • 294 posts
  • LocationLondon

Posted 14 December 2012 - 02:31 AM

"allowed a malicious redirect script"

I like how PGI don't elaborate on what that script was doing. For all we know it was to redirect you once you click on reply topic then had a spoof login page.

That's like being told something bad has happened to everyone but don't worry they're are ok...

#159 BlackAbbot

    Member

  • PipPipPipPipPipPipPip
  • 781 posts
  • LocationSecret UrbanMech Production Facility

Posted 14 December 2012 - 02:38 AM

Out of the dozen or so email addresses in use in my household, only the two that are signed up for MWO received the malware email. Neither of these addresses uses the same name as the account it is registered to and neither was logged in to the forum at any point in the three days preceding receipt of the email. The two addresses are also with different email providers. No other email accounts from either of these providers in my household received the malware email.

This claim that email addresses were not compromised seems highly spurious.

For those saying you did not receive the email, check your spam folder. Gmail successfully filtered it and many ISPs may have too.

Edited by BlackAbbot, 14 December 2012 - 02:39 AM.


#160 _Rorschach_

    Member

  • PipPipPipPipPip
  • Veteran Founder
  • Veteran Founder
  • 128 posts

Posted 14 December 2012 - 02:53 AM

Thanks for the info. I was wondering why Chrome was all like "OMFG don't go there red page redpage redrum redrum redrum!!'

So at the worst someone now has a hash value of a salted password. That's not really bad. I guess I'll change it anyway just to be safe :)





7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users