Dec 13Th Incident - Official Response
#141
Posted 13 December 2012 - 10:27 PM
Did you find a way to use the "forgot password"-option without enabling scripts for the site ?
#142
Posted 13 December 2012 - 10:31 PM
Niko Snow, on 13 December 2012 - 10:21 PM, said:
On a completely unrelated note, we ask the citizens of California to pay no heed to any urbanmechs which may have accidentally wandered into their fine state, they should be migrating back north promptly.
I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.
#146
Posted 13 December 2012 - 11:39 PM
Parmeggido, on 13 December 2012 - 10:31 PM, said:
I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.
A common misconception is that Java and JavaScript are somehow related; that's not the case. In a large number of these exploits, it's JavaScript that is the culprit, or things like holes in image rendering code or other media (hello Flash). Because of the whole Web 2.0 thing, it's pretty common to see minified/obfuscated JavaScript without raising any alarms, and redirects to offsite pages or pulling in data from third party content delivery networks. That can make it hard to spot Bad Stuff at a quick glance, which is why we have things like these browser web page screening services to tell us when a particular page is serving up Bad Stuff.
Java's certainly an attack vector though and if you're not using it, you should remove it. Certainly keep it up to date, it's got a pretty ****** track record for security-- especially lately, with "security releases" being full of holes found within hours of release.
Minsc, on 13 December 2012 - 09:59 PM, said:
I would still advocate changing your password, but that is my own personal paranoia telling me to do so.
Wouldn't the conspiracy theory be that it's more widespread than it actually is? That's how conspiracy theories often go.
Given the recent rash of forum exploitation though I wouldn't be surprised if several other forums were compromised. Mine was, after all, and so were tons of other sites.
#147
Posted 14 December 2012 - 12:15 AM
Defintly some how email information was compromised, its possible it was client side during the redirect, I dont know. With that said, I dont care if my email is on a spam list, as it is already on a bunch of them. Just glad to see the forum restored, and things getting back to normal. Yelling at you for this or that game design instead. I hope you guys have a good Holiday, because we are going to no mercy mode come January .
#149
Posted 14 December 2012 - 12:54 AM
BTW your +20% MC still dont work.
#150
Posted 14 December 2012 - 12:56 AM
#151
Posted 14 December 2012 - 01:00 AM
Far worse, PGI representatives are very intent on saying what *wasn't* compromised [Redacted], and they won't say what the goal of the attack was or what the consequences of the attack were/are.
The attack is a significant black mark on PGI's records... but their response to it is a much bigger one. I gave them money because I viewed them as a small, friendly game company, but now I have to start treating them as an untrustworthy business partner. Anything could be a lie.
People never fail to disappoint...
Edited by Niko Snow, 14 December 2012 - 01:43 AM.
Defamatory
#152
Posted 14 December 2012 - 01:06 AM
I'm just using W7 firewall and Comodo, browser Firefox with NoScript. Haven't gotten anything 'bad' on my pc for years now
#154
Posted 14 December 2012 - 01:19 AM
Edited by Niko Snow, 14 December 2012 - 01:41 AM.
Discussing Moderation Actions ;)
#155
Posted 14 December 2012 - 01:23 AM
1) Report fault
2) Fix fault
3) Release information
Well done!
Just wish other corps could do the same
#156
Posted 14 December 2012 - 01:27 AM
http://www.bleepingc...7-defender-2013
Seems to have done the job. Now patching holes in my security....
Edited by Winterdyne, 14 December 2012 - 02:13 AM.
#157
Posted 14 December 2012 - 02:16 AM
#158
Posted 14 December 2012 - 02:31 AM
I like how PGI don't elaborate on what that script was doing. For all we know it was to redirect you once you click on reply topic then had a spoof login page.
That's like being told something bad has happened to everyone but don't worry they're are ok...
#159
Posted 14 December 2012 - 02:38 AM
This claim that email addresses were not compromised seems highly spurious.
For those saying you did not receive the email, check your spam folder. Gmail successfully filtered it and many ISPs may have too.
Edited by BlackAbbot, 14 December 2012 - 02:39 AM.
#160
Posted 14 December 2012 - 02:53 AM
So at the worst someone now has a hash value of a salted password. That's not really bad. I guess I'll change it anyway just to be safe
14 user(s) are reading this topic
0 members, 14 guests, 0 anonymous users