Toon Hacking/Account Stealing/Keylogging Consolidated Thread - Page 12

Troubrin · 03-24-2008, 04:31 AM

Quote:

Originally Posted by Niber

I remember watching a keylogger that could remotely activate webcams. The "hacker" turned on the infected webcam and took videos of the guy having sex with his girlfriend.

(This was many years ago, Back Orifice? developed by Cult of the Dead Cow, if memory serves.)

Niber · 03-24-2008, 04:33 AM

Yeah, kids, remember.. unplug your webcams (or aim them away from your bed)!

Avaela · 03-24-2008, 04:58 AM

lol good memory
Worst Case Scenario

Kradun · 03-24-2008, 05:24 AM

AVAELA "IM" ME LETS PLAY SOME VIDEO GAMES K?

axuis · 03-24-2008, 08:18 AM

ok just to clear up we need evidence thread what evidence?

if you been hacked like some people i know have soe tells them they have a key logger so forth or maybe have one so they do usally stuff new virus scanners format etc so 4th

now not every ones some kind of super pc wizz kid 90 perc people play games not pc hack minded yes fire walls are standard and virus stuff etc and that about all they do

my point is you cant get evidence only what people told you if you go on holiday for a week or two come back all your toons been stripped etc what you going to do then ?

i like to know why people people think that players give out personal info all the time it just dont happen maybe they down loaded a 3rd program some crafting thing mouse thing i dont know

but to change your pasword you need the secret answer my post is how do they get that? and why doesnt soe have some software protection to stop say 5 attempts at it like 5 strikes your locked out contact us pls sort thing

Oswaldor · 03-24-2008, 09:41 AM

Quote:

Originally Posted by the_mo

i just recently had our guild forum hacked and they added an <iframe> to the very end of the page to load up some shit. some guildmember alerted me as his virus-detection started ringing.

i dont want to go any more into details about how the page was hacked tho

i cant say any more about how they got in, but i think it was an automated attack like all the others because the iframe was very badly hidden in the settings

You would really be doing the community a favor by disclosing more information that this. The how is already known - you suffered from poor input validation and you are right in the assumption that it was an automated attack - all this is known.

But can you post the injected data please (or someone else), so we can prove that this is how accounts were hacked and thus give the folks who were hit some remedies.

Oswaldor · 03-24-2008, 10:16 AM

Quote:

Originally Posted by Troubrin

its 3:30am i didnt read the whole thread but have a few questions about it.

1. Has anyone figured out HOW and WHO were hacking the accounts.
2. WTF is sony doing about it.
3. Please read question 1 again.

1) From the usage of the attacked accounts, the WHO would be someone with an interest in plat.

2) Only SOE knows, but thus far only putting out generic 'don't get hacked and protect yourself' 'information'.

It is a difficult situation for any company - it is, from what is known, not their software nor their site that is vulnerable (well they are vulnerable, but that is not what is seen in the current context) so they can't do much to protect the users (right now). Also SOE is not a security specialist company and to handle this you really need specialists - they are expensive. It would be nice if they would come forward and disclose how it is happening and what they are doing internally - that is what most respectable companies do these days.

It is clear however that MMO companies have to address this issue, because the offenders will be able to keep preying on users not patching their machines.

3) ok

Quote:

Originally Posted by Niber

I'd be weary of all forums/wiki's/blogs .. whatever else, that allow (public) execution of html codes.

For instance, if you can type this <b><u> HI </u></b> and it actually turns bold and underlined. Then you should never visit that forum/wiki/blog again.

Definitely, however that is just in the encoding you have set - some might be vulnerable to simple hex encoding (the above HTML would be: %3Cb%3E%3Cu%3E%20HI%20%3C/u%3E%3C/b%3E ).

If the forum 'programmer' only sanitize for clear text input in the standard encoding scheme, something like this would be allowed through.

Well-developed wiki/forum/blog software would take a defensive approach and encode the output from their data storage, so no matter what is injected into it, it will be harmless when it comes out.

I think the issue in these attacks (but difficult to say with certainty without any 'source') is that the attacke injected data into the application through SQL injection and the resulting data is not encoded when displayed to the users. So they 'appear' safe, from a usage perspective, but are really not.

Quote:

Originally Posted by Niber

But back to the keylogger issue. Assuming they're logging keystrokes, how are they getting the account name? My client saves my station name.

EQ2 has to store it somewhere to put it up there. I don't have EQ2 anymore, but if the input box with the username is just a standard windows control it can be read with a simple GetText message - which is usually what keyloggers do (read all controls on a window/form and store the data with the logged information). If not, then it probably reads it from the same source as the EQ2 binary does.

Petgroup · 03-24-2008, 12:00 PM

Quote:

Originally Posted by axuis

ok just to clear up we need evidence thread what evidence?

if you been hacked like some people i know have soe tells them they have a key logger so forth or maybe have one so they do usally stuff new virus scanners format etc so 4th

now not every ones some kind of super pc wizz kid 90 perc people play games not pc hack minded yes fire walls are standard and virus stuff etc and that about all they do

my point is you cant get evidence only what people told you if you go on holiday for a week or two come back all your toons been stripped etc what you going to do then ?

i like to know why people people think that players give out personal info all the time it just dont happen maybe they down loaded a 3rd program some crafting thing mouse thing i dont know

but to change your pasword you need the secret answer my post is how do they get that? and why doesnt soe have some software protection to stop say 5 attempts at it like 5 strikes your locked out contact us pls sort thing

Holy hell it was painful to read this mess.

If Calbiyum is able to post pics and videos here, its not that difficult for someone to post a friggin screenshot.

SoE tells people they have a keylogger? Great, now that these fucktards know that, wheres the fucking screenshot showing what program found it and how it got removed from there computer. Nobody has posted shit. So they go on with there day with a keylogger sitting dormant till the perps wanna do it again.

Since there is no proof they have keyloggers, once again these dipshits bought accounts/plat/powerleveling or gave info to someone.

the_mo · 03-24-2008, 01:12 PM

Quote:

Originally Posted by Oswaldor

But can you post the injected data please (or someone else), so we can prove that this is how accounts were hacked and thus give the folks who were hit some remedies.

yes i realized that after i had removed the line, sorry

i still remember it beeing poorly edited, since it put an <iframe> after the END of the file, AFTER </html>. a properly coded browser shouldnt event inspect that, but well... even FF did

the page embedded was something that looked like livexxxblog.biz/f1_(something i forgot)

after i had deleted it i realized i was stupid to not save it for further investigation

and the attack was a result of an outdated board-software (at least thats what i think)

axuis · 03-24-2008, 03:56 PM

Not a single player thats been hacked has provided one shred of fucking evidence that would involve a virus/keylogger or fucking anything that would compromise the security on there computers

this is what i was on about from your post

now im guessing that most people wont know what a key logging virus looks like or what program it runs under

and im assuming that soe is just covering every option out there by saying its a key logger it could be any thing really from a key logger to a website to a 3rd party progam that some1 has installed

my point is even if you are hacked for what ever reason weather you belive people being hacked or not and how they are being hacked why isnt there more security around the secret questions for your passwords how these people getting this info

as i said do they brute force it ? if so why no red flag a soe end and software to stop it

why is it when soe asks you the questions you have to give 5 answers to various questions when mr hacker only had to ask 1 = your secret answer

im saying i think thers more to this than what people are writting ie passwords given out etc lot of blames at soe end if people can not only crack your password but secret questions as well is it really that hard to set up software that times users out after 5 attempts or something

banks have a 3 strike your out rule you forget your pin you got 3 attempts if not your cards swallowed and you have to contact the bank etc why not this for soe?