328 replies to this topic

[Solom Rembert]

"I would still advocate changing your password, but that is my own personal paranoia telling me to do so. "

Did you find a way to use the "forgot password"-option without enabling scripts for the site ?

[Parmeggido]

Niko Snow, on 13 December 2012 - 10:21 PM, said:

I am pleased to report that Chrome is no longer flagging our site as Malware.

On a completely unrelated note, we ask the citizens of California to pay no heed to any urbanmechs which may have accidentally wandered into their fine state, they should be migrating back north promptly.

I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.

[Kin3ticX]

shabowie, on 13 December 2012 - 04:22 PM, said:

I didn't receive that email.

I got it.

Its a very bizzare email.


btw 5 of my other MWO buddies also got the email

Edited by Kin3ticX, 13 December 2012 - 10:49 PM.

[Trickster Fox]

Kin3ticX, on 13 December 2012 - 10:37 PM, said:

I got it.

Its a very bizzare email.


btw 5 of my other MWO buddies also got the email

please don't tell me you opened it...

[Veggies]

shabowie, on 13 December 2012 - 04:22 PM, said:

I didn't receive that email.

It's in your spam folder. I am concerned as well if they did not compromise, how did they get my email?

[Chronojam]

Parmeggido, on 13 December 2012 - 10:31 PM, said:

I wondered what all the noise was. Haven't gotten the email, but as soon as the site came up as malicious, I disabled java for awhile. Good to see things seem to be back to normal.

A common misconception is that Java and JavaScript are somehow related; that's not the case. In a large number of these exploits, it's JavaScript that is the culprit, or things like holes in image rendering code or other media (hello Flash). Because of the whole Web 2.0 thing, it's pretty common to see minified/obfuscated JavaScript without raising any alarms, and redirects to offsite pages or pulling in data from third party content delivery networks. That can make it hard to spot Bad Stuff at a quick glance, which is why we have things like these browser web page screening services to tell us when a particular page is serving up Bad Stuff.

Java's certainly an attack vector though and if you're not using it, you should remove it. Certainly keep it up to date, it's got a pretty ****** track record for security-- especially lately, with "security releases" being full of holes found within hours of release.

Minsc, on 13 December 2012 - 09:59 PM, said:

I did some checking around, apparently players from other games such as the secret world are getting the email from emails setup only for that game, similar to some people here on MWO. It seems it is more large scale than the conspiracy theorists here are making it out to be.

I would still advocate changing your password, but that is my own personal paranoia telling me to do so.

Wouldn't the conspiracy theory be that it's more widespread than it actually is? That's how conspiracy theories often go.

Given the recent rash of forum exploitation though I wouldn't be surprised if several other forums were compromised. Mine was, after all, and so were tons of other sites.

[Fais]

Good Job PGI, you survived your first "brush with death." Heh, jk.

Defintly some how email information was compromised, its possible it was client side during the redirect, I dont know. With that said, I dont care if my email is on a spam list, as it is already on a bunch of them. Just glad to see the forum restored, and things getting back to normal. Yelling at you for this or that game design instead. I hope you guys have a good Holiday, because we are going to no mercy mode come January .

[Wolfways]

Niko Snow, on 13 December 2012 - 10:21 PM, said:

I am pleased to report that Chrome is no longer flagging our site as Malware.

Firefox is.

[Armorpiercer M82]

hm.

BTW your +20% MC still dont work.

[Buck Cake]

Best fun with MWO I've had in a while, esp the part about the devil.

[De La Fresniere]

I'd just logged in on the forums earlier that day, I saw reports of the attack and of a strange email and when I checked my mail, there it was. After more than 15 years using the internet and never, ever getting an email that wasn't directly addressed to me before yesterday... that was an unexpected violation, I must admit I'm a bit shaken. Is my personal address being sold to spammers right now?

Far worse, PGI representatives are very intent on saying what *wasn't* compromised [Redacted], and they won't say what the goal of the attack was or what the consequences of the attack were/are.

The attack is a significant black mark on PGI's records... but their response to it is a much bigger one. I gave them money because I viewed them as a small, friendly game company, but now I have to start treating them as an untrustworthy business partner. Anything could be a lie.

People never fail to disappoint...

Edited by Niko Snow, 14 December 2012 - 01:43 AM.
Defamatory

[PPO Kuro]

Good to know the problem has been fixed. I'm glad I have good security on my pc.

I'm just using W7 firewall and Comodo, browser Firefox with NoScript. Haven't gotten anything 'bad' on my pc for years now

[Paper Airplane]

Bryan Ekman, on 13 December 2012 - 04:14 PM, said:

a malicious redirect script

Where did it go to?

[De La Fresniere]

[Redacted]

Edited by Niko Snow, 14 December 2012 - 01:41 AM.
Discussing Moderation Actions ;)

[Rooikat]

Now that is good corporate responsibility:

1) Report fault
2) Fix fault
3) Release information

Well done!

Just wish other corps could do the same

[Winterdyne]

Just logged n via my iPad to repeat the fix for the nasty root kit virus I got:
http://www.bleepingc...7-defender-2013

Seems to have done the job. Now patching holes in my security....

Edited by Winterdyne, 14 December 2012 - 02:13 AM.

[TheGreatNoNo]

Yea, I got that alert on my anti virus last night. Password changed. Good thing Im too poor right now to buy MC.

[Almeras]

"allowed a malicious redirect script"

I like how PGI don't elaborate on what that script was doing. For all we know it was to redirect you once you click on reply topic then had a spoof login page.

That's like being told something bad has happened to everyone but don't worry they're are ok...

[BlackAbbot]

Out of the dozen or so email addresses in use in my household, only the two that are signed up for MWO received the malware email. Neither of these addresses uses the same name as the account it is registered to and neither was logged in to the forum at any point in the three days preceding receipt of the email. The two addresses are also with different email providers. No other email accounts from either of these providers in my household received the malware email.

This claim that email addresses were not compromised seems highly spurious.

For those saying you did not receive the email, check your spam folder. Gmail successfully filtered it and many ISPs may have too.

Edited by BlackAbbot, 14 December 2012 - 02:39 AM.

[_Rorschach_]

Thanks for the info. I was wondering why Chrome was all like "OMFG don't go there red page redpage redrum redrum redrum!!'

So at the worst someone now has a hash value of a salted password. That's not really bad. I guess I'll change it anyway just to be safe