Page 1 of 1

Cookie Grabbers on the rise

Posted: 13 Sep 2008 02:02 am
by Fjorab_Teke
OK, so this might not ease my own frustrations, but after reading stuff on Charter, it's apparent...

I COULD have been cookie-grabbed while going after what I thought was a great deal on a codestone...or something similar.

Be on the lookout everyone. It seems that people have yet again found ways to code around Neopets' filters, and they seem to be more rampant now. :(

Good ideas:

PIN everything! Hopefully mine blocked someone out of my valuables if I was CG'ed.
Make sure your email info is current. At least then there will not be confusion and IF there are updates you might find out faster.
Make notes of obscure details of your account that only you could possibly know, especially things that someone wouldn't see/notice/look for if they were snooping around.
If something looks fishy, immediately change PW, log out, log back in.

Any other advice? Spill it. :)

Re: Cookie Grabbers on the rise

Posted: 13 Sep 2008 01:36 pm
by Larkspurlane
That's really scary.

Not that my acct has anything worth stealing, but...

Question: if they're grabbing cookies, would it be of any use to frequently clear cookies/internet cache? Or does that not matter?

Question two: if they're grabbing cookies, presumably they'd be getting your PINs too, unless those aren't stored as cookies? (I don't know how those work.)

Re: Cookie Grabbers on the rise

Posted: 13 Sep 2008 02:08 pm
by daisybell
Clearing cookies won't help that much if you're being cookie grabbed onsite- because you need your cookie to stay logged in. If you were being cg-ed offsite then there isn't a lot TNT can do about that, but clearing your Neopets cookie would mean that they couldn't get at the data in it.

Your PIN isn't stored in a cookie- that's really the point of it. The only way (or only likely way) someone could get your PIN without you telling them it or them guessing would be if you had a keylogger on your computer, which is a nasty piece of spyware that tracks everything you type on your keyboard.

I don't know enough about cookies to know why it's possible for the information stored in them to be read by sites or people that aren't Neopets. But if it were possible to do so, it would make more sense to make sure that the cookie is useless to anyone who intercepts it, rather than trying to stop people from putting cookie grabbers on their pages. They almost certainly will find a way to do so and keep doing it as long as they can benefit from it. I though they had done this already, though, when the change came in that logged you out of an account if you logged into it on another computer or in another browser. Something about the cookie being specific to that computer/browser and no other computer being able to use it.

Re: Cookie Grabbers on the rise

Posted: 13 Sep 2008 08:05 pm
by mellaka
I don't know enough about it to know if it's true or not, but some people have said that the recent popular cookie grabbers exploit something in IE. So I have not been visiting any user-editable parts of the site while logged in on IE and have been using FF instead.

It also seems that Neopets may freeze people for their own safety if they bought from a shop where a CG was present, whether or not they were actually CG.

Two people I chat with have had their accounts frozen due to CG but both have had them returned too (one within a week; the other maybe 2 weeks). So good luck again Fjorab.

Re: Cookie Grabbers on the rise

Posted: 14 Sep 2008 01:43 am
by Madge
I think the basic idea behind a cookie grabber is that they steal your neopets cookie, copy it to their own machine, and then make neopets think they've already logged in as you - as far as I know, cookies aren't meant to have your password in them, encrypted or otherwise, but just sort of have a message saying "Hi, Madge is logged in, so don't ask her for her password".
I don't know enough about cookies to know why it's possible for the information stored in them to be read by sites or people that aren't Neopets.
I think it's basically encryption, though I've heard that Neopets has been known to use "basic" encryption rather than the super-awesome encryption your bank, say, would use.

That said, I have been known to be wrong.

Fjorab's advice is pretty good. Record things like the books your pets have read, items in your SDB, that sort of thing.

Re: Cookie Grabbers on the rise

Posted: 14 Sep 2008 06:11 am
by 23639377
Hackers are horrible.

I once found a page look EXACTLY like the login page of Neopets!