Announcement

Collapse
No announcement yet.

***Alert*** View Wise's or my profile from 0730-1045 Eastern? Change your password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    ***Alert*** View Wise's or my profile from 0730-1045 Eastern? Change your password

    A scammer/spammer is trying a new (to me) method of stealing passwords.

    If you visited my profile or Wise's profile from 7:30-10:45am Eastern and were asked to enter your login info, please change your password.

    Thank you,

    Steven
    ...it's worse than we thought. it turns out the people at the white house are not secret muslims, they're nerds.

    #2
    XSS attack?

    Comment


      #3
      bummer

      Comment


        #4
        Originally posted by Lazlo View Post
        XSS attack?
        (mods if you don't want the specifics just delete this, I don't care) It was a simile image that returned a 401 HTTP code. Popped up a basic auth box, I didn't fill it in and click it so don't know what it did from there.

        Comment


          #5
          Originally posted by Lazlo View Post
          XSS attack?
          t8burst has it right, I think. That or it was javascript piggybacked on a .gif file that mimicked the 401 request.
          ...it's worse than we thought. it turns out the people at the white house are not secret muslims, they're nerds.

          Comment


            #6
            Tricky stuff!

            Comment


              #7
              What good would it be to them to have a password anyway?

              But that goes to show, never enter your password info, if you don;t expect the login box to be there.
              Last edited by sjean423; 24 Feb 2010, 11:00 PM.
              T7-8 since Feb 2005

              Comment


                #8
                Originally posted by sjean423 View Post
                What good would it be to them to have a password anyway?
                They'd be able to PM your friends with spammy links, generating a higher click-through rate for them. (Because, you know, friends trust you not to send them malevolent content.)
                ...it's worse than we thought. it turns out the people at the white house are not secret muslims, they're nerds.

                Comment


                  #9
                  Originally posted by Steven Edwards View Post
                  A scammer/spammer is trying a new (to me) method of stealing passwords.

                  If you visited my profile or Wise's profile from 7:30-10:45am Eastern and were asked to enter your login info, please change your password.

                  Thank you,

                  Steven
                  I and the Russians stand by you Steven. We are ready to serve and help.

                  Comment


                    #10
                    Originally posted by Steven Edwards View Post
                    They'd be able to PM your friends with spammy links, generating a higher click-through rate for them. (Because, you know, friends trust you not to send them malevolent content.)
                    Seems like an awful lot of trouble to generate traffic.
                    T7-8 since Feb 2005

                    Comment


                      #11
                      Originally posted by sjean423 View Post
                      Seems like an awful lot of trouble to generate traffic.
                      They generally use automated tools, so it's all the same amount of effort to them.
                      ...it's worse than we thought. it turns out the people at the white house are not secret muslims, they're nerds.

                      Comment


                        #12
                        Too much burgers - the Russians maybe

                        Originally posted by Steven Edwards View Post
                        They generally use automated tools, so it's all the same amount of effort to them.

                        Comment


                          #13
                          Originally posted by Lazlo View Post
                          XSS attack?
                          my first thought also. Admins/Steven, I have a handy link you may be interested in if you plan any regular checking of the boards for xss vulns. PM me if interested.

                          Comment


                            #14
                            Originally posted by sjean423 View Post
                            What good would it be to them to have a password anyway?

                            But that goes to show, never enter your password info, if you don;t expect the login box to be there.
                            Solid advice about not entering your pword when it seems oddly out of place.

                            As for what they could do; that kinda depends on who they dupe. Imagine an admin with high level access to the innards of the forums being pwnd. That could lead to some craziness fo sho.

                            Comment

                            Working...
                            X