Gameplay Help and Discussion - Poe.xyz.is; suspected cause for compromised accounts? - Forum

It's just web analytics. Just viewing a website can't compromise your computer unless you: 1) Have a plugin with security vulnerabilities (flash is notorious for this... but java and others also have problems sometimes). 2) Enter information on the website (common with phishing websites). 3) Download an executable file from the website and run it. IGN: Jerk, Princess http://orbswap.info - the easy way to trade currency	Posted by taekvideo on Feb 28, 2013, 3:10:44 PM Alpha Member Quote this Post
" Zalm wrote: " sage2050 wrote: ive been using it since the day it opened and haven't been hacked. im sure if it was malicious someone who knows what they're talking about would have said something by now. Same...I've been using this site, and even have it on my favs since I saw it posted. I have yet to be hacked. I will continue to use this site until someone shows me concrete evidence that it is a hacking site. Something concrete like having to sign into my account on this site. Which you dont have to so...it searches the fucking forums for you, idiot. I was using that site and got hacked up til 3 hours ago. I didn't think much of it pouring over the source code initially, but, sites that use java I am always leery about. Again, I don't claim to know what I am talking about. Just trying to find out, why and other seemly competent individuals also were compromised.	Posted by PSGMud on Feb 28, 2013, 3:11:12 PM Quote this Post
" Zalm wrote: Something concrete like having to sign into my account on this site. Which you dont have to so...it searches the fucking forums for you, idiot. Err just because a site doesn't ask you directly for your username and password that doesn't mean it can't contain something malicious. No reason to call someone an idiot because you don't know what you're talking about.	Posted by RandallPOE on Feb 28, 2013, 3:11:41 PM Quote this Post
" PSGMud wrote: I was using that site and got hacked up til 3 hours ago. I didn't think much of it pouring over the source code initially, but, sites that use java I am always leery about. Again, I don't claim to know what I am talking about. Just trying to find out, why and other seemly competent individuals also were compromised. Yet here you are, making over zealous claims that this site is suspected to cause account compromise? I'd like to see an external source to the acclaimed suspicion. Or at least GGG claim that they suspect this. Not you, you are not GGG so you cant claim that its malicious and under suspicion. " RandallPOE wrote: " Zalm wrote: Something concrete like having to sign into my account on this site. Which you dont have to so...it searches the fucking forums for you, idiot. Err just because a site doesn't ask you directly for your username and password that doesn't mean it can't contain something malicious. No reason to call someone an idiot because you don't know what you're talking about. True, but you have to have some input to make the malicious entity work, such as downloading something, inputting something or accessing something while its working. Unless you have no security, in which I'm surprised you can even access half the internet with no type of security. 'It is good to contact a moderator if you feel someone is being a twat' Charan, Forum Moderator Sometimes, we have to cross a ditch. Sometimes, we have to cross an ocean.-Rhys, GGG Last edited by Zalm on Feb 28, 2013, 3:18:21 PM	Posted by Zalm on Feb 28, 2013, 3:17:24 PM Quote this Post
this is a pretty flimsy accusation	Posted by namad on Feb 28, 2013, 3:31:49 PM Quote this Post
Just for general information since this is vastly misunderstood: Java is not the same as Javascript The vulnerabilities you hear about Java are not related to the Javascript language as well. As far as making claims against this site, you could at least compared the script they use (hosted on the site's domain) to see if it was updated.	Posted by kaeus on Feb 28, 2013, 3:32:39 PM Quote this Post
" Zalm wrote: " PSGMud wrote: I was using that site and got hacked up til 3 hours ago. I didn't think much of it pouring over the source code initially, but, sites that use java I am always leery about. Again, I don't claim to know what I am talking about. Just trying to find out, why and other seemly competent individuals also were compromised. Yet here you are, making over zealous claims that this site is suspected to cause account compromise? I'd like to see an external source to the acclaimed suspicion. Or at least GGG claim that they suspect this. Not you, you are not GGG so you cant claim that its malicious and under suspicion. How exactly am I being zealous? I have said, "I don't know" many occasions in this thread. It has custom code from what it appears. I am just asking questions and investigating. Chill out. http://nationalcybersecurity.com/back-door-added-to-piwik-analytics-software-installer-following-site-compromise/ Piwik isn't known for its security either. Last edited by PSGMud on Feb 28, 2013, 3:37:05 PM	Posted by PSGMud on Feb 28, 2013, 3:34:59 PM Quote this Post
" kaeus wrote: As far as making claims against this site, you could at least compared the script they use (hosted on the site's domain) to see if it was updated. Do you know of a means to obtaining that script?	Posted by PSGMud on Feb 28, 2013, 3:38:19 PM Quote this Post
Javascript can't really do much, hijack your poe session at most. Java and flash can upload files from your PC ( config file, with hashed PW ). I am a daily user of the site and was not hacked so far, hope it stays that way.	Posted by dzordzo on Feb 28, 2013, 3:38:23 PM Alpha Member Quote this Post
been using it for a weeks.. nothing.... but just in case im not gonna use it for a while	Posted by Deleted on Feb 28, 2013, 3:44:45 PM