328 replies to this topic

[Mims]

Still getting the warning on firefox.

[Inertiaman01]

So my forum account got banned from posting for being annoyed about this. More specifically - annoyed in a small way about the hack (**** happens) but annoyed in a huge way for PGI denying there was an issue and not telling users about it in any useful terms.

Someone cited Blizzard and Sony earlier in the thread as people who've also been hacked. The implication being that we should expect it. The trouble with those analogies is that Sony were utterly inept at securing their back end and paid a very high price. Blizzard - yeah they got done over but immediately put their PR setup into full swing to inform and educate their users about the issue.

PGI have managed to achieve none of the latter and all of the former. Both represent a poor show indeed. **** does happen - but MTFU and put it as right as you can. Whilst you're at it - unban my forum account and if you want a different opinion of yourselves portrayed in public - raise your bar far higher as you go about things.

Edited by Inertiaman01, 14 December 2012 - 04:31 PM.

[Lon3Wo1f]

As there still seems to be some doubt over things it's hard to accept this without a followup response from PGI. It's clear to me and others that email addresses were stolen from PGI as we have something in common. We all used email addresses that were unique to MWO and got the spam email there the same day. For me I have my own domain and sign up to new sites using addresses unique to them. It's a spam paranoia thing for me (probably others too) and allows you to see what sites have sold your details on for future reference but it also shows up clearly when someone says your address hasn't been taken.

What some are responding to is "big deal it's just spam email" but it isn't just spam email. The forums and site have been compromised and we have a statement saying no email addresses were taken when it's clearly not true. That leads me to wonder just what else has gone on that I don't know about. I've seen a few saying that people like myself must have something to hide if we're that worried which is ridiculous. If you blindly believe what you're told when you have evidence to the contrary then your opinion means nothing to me.

I would very much like to see a follow up response from PGI over this but I'm willing to give them time to do a proper investigation so they can give all the details they can without risking more misinformation.

[Harmatia]

Thankfully I use Chrome and it warned me about the site. I liked Google before, but now... I'm... Google-Man

[Chaldon]

Thanks for pretending like it didn't happen. We you giving us the quick run down.

oh ya. FF is still reporting mwomercs.com as a hostile website.

[Harmatia]

Inertiaman01, on 14 December 2012 - 04:28 PM, said:

So my forum account got banned from posting for being annoyed about this. More specifically - annoyed in a small way about the hack (**** happens) but annoyed in a huge way for PGI denying there was an issue and not telling users about it in any useful terms.

Someone cited Blizzard and Sony earlier in the thread as people who've also been hacked. The implication being that we should expect it. The trouble with those analogies is that Sony were utterly inept at securing their back end and paid a very high price. Blizzard - yeah they got done over but immediately put their PR setup into full swing to inform and educate their users about the issue.

PGI have managed to achieve none of the latter and all of the former. Both represent a poor show indeed. **** does happen - but MTFU and put it as right as you can. Whilst you're at it - unban my forum account and if you want a different opinion of yourselves portrayed in public - raise your bar far higher as you go about things.

Not true. While Blizzard didn't wait as long as Sony did to inform people, they didn't do it immediately.

[warp103]

Mims, on 14 December 2012 - 04:22 PM, said:

Still getting the warning on firefox.

same here and check with google . so you code is still not fixed have to chg password again. Yes i am getting the email so fix your MO FO site.

Edited by warp103, 14 December 2012 - 07:20 PM.

[Livewyr]

Just got warning again.

(Probably some pissant pissed off about their account getting banned for TK'ing...)

[Dark Severance]

Chronojam, on 13 December 2012 - 09:26 PM, said:

That was about a month ago, November 11 or 12 or so; a page I administer was hit in the first wave before a patch and mitigation strategy was published.

You can find the November 13 blog post at the IPS dev site detailing a few fixes that can minimize the impact of similar intrusions if they should occur again. It is currently December 13.

No that was a completely different issue. That was patched in before there were any issues. There is currently still a ticket open, IP.B and vB claim it isn't an issue on their end, that there aren't any holes. They said the holes are with the skin, although it is just a graphical skin. The sites are clean and have been since they've checked them and I re-installed the index page but they still claim it wasn't them. It may not be or it could be something that will happen later, no telling. I tend to believe them though.

However trying to calm the average user, they have no idea. The best safety any user can be is still on their end. Never use forum names as passwords. Don't use forum names/logins the same as your email. Use different passwords, etc. These are just the basics that help. Obviously don't use simple dictionary words, use capitalized letters, lowercase and numbers using at least a 8 digit password. Those things save a lot of headaches and stop issues before they happen. Obviously never install anything you don't know what it is or click strange links.

These types of injections though happen. The data itself though is usually safe from them. These things are usually redirects that try to get people to install things and that is how they get infected.

Mims, on 14 December 2012 - 04:22 PM, said:

Still getting the warning on firefox.

Then it is something still on your end. Chrome, Firefox and IE are showing no issues. Clear your cache and check your system. It could also still be on your ISP's end as well. If you ever suspect a site you always can use something like http://sitecheck.sucuri.net/scanner/ to check for malware.

Inertiaman01, on 14 December 2012 - 04:28 PM, said:

but annoyed in a huge way for PGI denying there was an issue and not telling users about it in any useful terms.

This particular issue, is not an issue. You just aren't listening and still think something else is up. There is actually plenty of useful information on how to protect yourself in this thread, not only so this doesn't happen but so if an email was compromised, it doesn't effect you.

[GalaxyBluestar]

i don't know much about this sort of thing so i'm just nervous gone through the password change and other precautions etc etc but this is the email people are talking about and it did turn up in my inbox yesterday which i quickly deleted. my email isn't just on mwo but it's an address that's very rarely used for anything. the mail has turned up on an unrelated mwo forum but don't know if he has an account here or not. not likely as he would've come forth already.

here -> http://forums.bit-te...d.php?p=3238217



Originally Posted by Windows 8 Is Fail - balmer@microsoft.com
Windows 8 is a lousy Operating System. Its supposed improved performance and claims of improved battery life are exaggerrated, Windows Store is a shameless attempt to pump people for money, and the user interface changes decrease productivity. It is a poor product created for the sake of getting money from your pockets into theirs while offering you as little value as possible. Security is not much different - most exploits and malware that work for earlier Windows versions will still work on Windows 8. One thing that might not work well on it is you, because they switched the interface around so that you have new computer skills to learn. It doesn't really matter whether you want to buy it anyway, because sooner or later it will probably be forced on you by hardware manufacturers.


Windows 8 is a shameless marketing ploy, introduced just in time for the "holiday shopping season", which is another big scam. There is nothing "Holy" about it, because "Christmas" is a big lie.


Excerpts from h*tp://fin**********or.com/xmas.htm


"Xmas has absolutely nothing to do with God. It was originally called Yuletide, which is a pagan festival from the Babylonian Mystery religion of SUN worship. The Babylonians were merchants (they were the originators of the "Market-system" which is condemned by God) and they used Yuletide to sell their merchandise because, like today, it made them lots of money."


"SANTA CLAUS is an anagram for *****."


"The fact that the three kings came to pay homage, and brought gifts of great wealth, was used by ***** to give, to those who perverted the teaching, the idea to continue and even increase the sales of their merchandise (a great marketing-exercise for them). So the virgin-birth was hijacked and corrupted into a time to make lots of money, using the ultimate in "high-pressure sales techniques", which was to falsely use God's Son's name, in order to embarass people, who couldn't afford to buy gifts, to go into debt or steal in order to buy their merchandise. By doing this the rich merchants ruin the lives of the poor, driving them further into debt and poverty or crime, whilst making themselves richer and richer."


Do you want to give more of your hard-earned money to an opulent mega-corporation? Do you want to serve *****? Don't fall for the cheap con-artist tricks of the Windows peddlers.

[Lonestar1771]

This morning I got 3 calls from Century 21 insurance claiming I requested a quote online. I never ever ever got spam calls to my cell phone until AFTER this situation.

[Buck Cake]

They should have apologised to the public right away. Their denial attempt was like a child caught stealing icecream.

[Lon3Wo1f]

Lonestar1771, on 14 December 2012 - 11:22 PM, said:

This morning I got 3 calls from Century 21 insurance claiming I requested a quote online. I never ever ever got spam calls to my cell phone until AFTER this situation.

MWO doesn't ask for any mobile or home phone number. I don't see how you're linking the two together when the only thing in common is that they both happened on the same day. The only way I could possibly see this making any sense is if your email address was your phone number and even then it'd be a guess that lots of numbers meant it was a phone number. Yes hold PGI accountable for things that have happened but your issue has nothing to do with it.

[Cyrionthewise]

ya baby!!

[Inertiaman]

Dark Severance, on 14 December 2012 - 09:32 PM, said:

This particular issue, is not an issue. You just aren't listening and still think something else is up. There is actually plenty of useful information on how to protect yourself in this thread, not only so this doesn't happen but so if an email was compromised, it doesn't effect you.

Er no. Most of the usual information is from me and other people with a clue. Being in possession of half a clue I'm not in any danger. My concern was for others with less awareness. I cannot see how you can take my opinion that there is a responsibility on the host of a service to dish out info of a security lapse that affects their customers, and not only tell me the stance is wrong but that I'm making it up. You're catagorically dismissing an entirely subjective opinion.

The email issue really isn't the problem, simply the symptom. The problem lies with anyone who didn't pay attention to browser warnings, or is using an older browser and now has malware on their PC. Please point out the information and fix regarding said malware in the OP or anywhere else in the official response.

Be useful or be quiet.

[Attalward]

Login today again from firefox and mwomercs.com/forums is sitll flagged as dangerous site.

[JudgeDeathCZ]

Attalward, on 15 December 2012 - 07:41 AM, said:

Login today again from firefox and mwomercs.com/forums is sitll flagged as dangerous site.

bumping this -.-
deleted cookies and cache 2 times

Edited by JudgeDeathCZ, 15 December 2012 - 10:20 AM.

[Dark Severance]

Inertiaman, on 15 December 2012 - 04:47 AM, said:

The problem lies with anyone who didn't pay attention to browser warnings, or is using an older browser and now has malware on their PC. Please point out the information and fix regarding said malware in the OP or anywhere else in the official response.

As to these situations can lead to multiple malware and issues depending on how the "infected" responded. If they only clicked once, it could just be a false positive message and nothing simply more. For the majority of people AV software stopped it. If others continued going further then there is no telling what other things they got infected from or where they were sent once redirected. It isn't the responsibility of a website to tell someone how to fix these things.

Almost every piece of malware or infected items can easily be searched for an answer to clean and stop. In the off chance that there is a particular nasty one that even effects their ability to search, almost everyone has another internet source (ie: ipad, phone, etc) that they can cleanly search for how to clean a system. They simply type in what the malware they have on their system or the symptoms and there are usually already tons of actual security websites that have the information that deal with this thing daily. No offfese to PGI but I wouldn't trust anyone whose doesn't deal with this on a regular basis telling me how to clean my system anyways. It just isn't there responsibility nor can they fully know with what or how someone got infected if they continued past the redirects.

98% of all malware can simply be purged by utilizing proper administration for Windows and seperate users. I actually have a seperate user for work and a seperate user that I use for gaming. On the off chance that it does get infected it is usually isolated only to that user. Simply removing that user, recreating it is enough. Or even restoring to a previous saved point, depending on the infection.

JudgeDeathCZ, on 15 December 2012 - 08:13 AM, said:

bumping this -.-
deleted cookies 2 times

Cookies is much different than cache. Deleting cookies will not stop the issue, you need to clear your cache. If you are unsure how to do this, google your browser name and clearing cache and you should be able to find instructions on how to do it.

[Lonestar1771]

Lon3Wo1f, on 15 December 2012 - 03:16 AM, said:

MWO doesn't ask for any mobile or home phone number. I don't see how you're linking the two together when the only thing in common is that they both happened on the same day. The only way I could possibly see this making any sense is if your email address was your phone number and even then it'd be a guess that lots of numbers meant it was a phone number. Yes hold PGI accountable for things that have happened but your issue has nothing to do with it.

I never blamed PGI and but it's not hard to get info off of someone's computer after it's compromised. If anything I was just giving a heads up to watch for weird things.

Edited by Lonestar1771, 15 December 2012 - 10:05 AM.

[JudgeDeathCZ]

Thontor, on 15 December 2012 - 08:14 AM, said:

and your cache?

ye sry.Cache too.Edited.