Read both articles aboveGraidlyz wrote:gas56 wrote:The path leads to where the password is.Fletchette wrote: And passwords ARE NOT STORED IN COOKIES.
Something you need to read and learn about hackers/crackers and where vulnerabilities are.
Here are 2 articles that explain it.
Cookies don't lead where the password is, they allow you to log into an account, but don't give you any password.
Important Security Reminder
- gas56
- Outfitter
- Posts: 4340
- Joined: April 4th, 2014, 12:51 pm
- Location: Ohio
- Contact:
Re: Important Security Reminder
- caledonianblues
- Master Hunter
- Posts: 9725
- Joined: September 27th, 2012, 11:01 pm
- Location: London, UK
- Contact:
Re: Important Security Reminder
I removed the links. Please refrain in future from sharing such information. By the way the first article referenced archaic methods that no hackers use in this day and age, nor would they yield any success with any modern web application. The article was at least 6 or 7 years old. Web applications have moved on leaps and bounds since then, and I can assure you such techniques would not work on theHunter.gas56 wrote:Why don't you read both articles above.
If the military taught me one thing it was to keep my mouth shut about security matters.
So I think that is what I will do now, if you want to learn, it won't be from me making mistakes, good luck.
To conclude, the advice being given is to change your passwords regularly and avoid using the same passwords for numerous sites. Use strong passwords and, where possible, avoid dictionary words. Deleting cookies will not stop someone from accessing your online accounts, or improve your online security one iota. Cookies do not store sensitive information (or paths to sensitive information).
Everyone is welcome to their own opinion, but in a topic like this, please let's stick to facts to avoid confusing users. Thank you.
- TheSheWolf
- Hunter
- Posts: 935
- Joined: April 28th, 2010, 9:48 am
- Contact:
Re: Important Security Reminder
Strange, why bother hacking a bunch of accounts on this game? It's not like you can transfer anything back and forth :S Thanks for the heads-up, though!
- gas56
- Outfitter
- Posts: 4340
- Joined: April 4th, 2014, 12:51 pm
- Location: Ohio
- Contact:
Re: Important Security Reminder
So I guess what you are saying is neither articles were based on facts and could never be a threat.caledonianblues wrote:I removed the links. Please refrain in future from sharing such information. By the way the first article referenced archaic methods that no hackers use in this day and age, nor would they yield any success with any modern web application. The article was at least 6 or 7 years old. Web applications have moved on leaps and bounds since then, and I can assure you such techniques would not work on theHunter.gas56 wrote:Why don't you read both articles above.
If the military taught me one thing it was to keep my mouth shut about security matters.
So I think that is what I will do now, if you want to learn, it won't be from me making mistakes, good luck.
To conclude, the advice being given is to change your passwords regularly and avoid using the same passwords for numerous sites. Use strong passwords and, where possible, avoid dictionary words. Deleting cookies will not stop someone from accessing your online accounts, or improve your online security one iota. Cookies do not store sensitive information (or paths to sensitive information).
Everyone is welcome to their own opinion, but in a topic like this, please let's stick to facts to avoid confusing users. Thank you.
I wouldn't tell anybody either.
Last edited by gas56 on November 3rd, 2017, 7:47 pm, edited 1 time in total.
- Fletchette
- Trophy Hunter
- Posts: 7318
- Joined: September 10th, 2013, 8:30 pm
- Location: Missouri, USA
- Contact:
Re: Important Security Reminder
You obviously didn't read or understand those articles. In the first, the password was NOT in the cookie, nor did it lead to the path where the password is. It's a simple redirection hack where getting the victim to click on a link directs him to another site, which then redirects him to Yahoo. In the process the "hacker" grabbed the session token and could go to the Yahoo account WITHOUT the password. The "victim's" Yahoo account was specifically targeted, otherwise this wouldn't work, and it's the SESSION cookie that is used. These ARE NOT the cookies you are deleting when you delete cookies in your browser. You'll notice that the "hack" happened LIVE when the victim was actually logging into his account, not after. The session token was grabbed in real-time, not pulled from his system afterward. Finally, the session cookie MUST exist, otherwise you couldn't use YAHOO. The "hack" was getting the "victim" to click on that fake link that then took him to his Yahoo account. This isn't really even a "hack", but rather a Phishing attack.gas56 wrote:The path leads to where the password is.Fletchette wrote: And passwords ARE NOT STORED IN COOKIES.
Something you need to read and learn about hackers/crackers and where vulnerabilities are.
Here are 2 articles that explain it.
The second article didn't actually say or explain anything, and can basically me summed up with, "use strong passwords".
You'll notice that neither article said anything about logging out of websites, or deleting cookies to protect yourself. Why? Because it doesn't matter. In fact, the first article specifically stated that the victim logging out WOULD NOT log out the attacker.
So again, you do whatever nonsense you want, just don't spread the nonsense.
- gas56
- Outfitter
- Posts: 4340
- Joined: April 4th, 2014, 12:51 pm
- Location: Ohio
- Contact:
Re: Important Security Reminder
What articles are you talking about???...................Fletchette wrote:You obviously didn't read or understand those articles.gas56 wrote:The path leads to where the password is.Fletchette wrote: And passwords ARE NOT STORED IN COOKIES.
Something you need to read and learn about hackers/crackers and where vulnerabilities are.
Here are 2 articles that explain it.
Last edited by gas56 on November 3rd, 2017, 8:00 pm, edited 3 times in total.
- Mills
- Outfitter
- Posts: 1648
- Joined: January 1st, 2009, 5:01 pm
- Location: Whispering Woods
- Contact:
- gas56
- Outfitter
- Posts: 4340
- Joined: April 4th, 2014, 12:51 pm
- Location: Ohio
- Contact:
- Seifer
- Hunter
- Posts: 650
- Joined: February 15th, 2014, 6:33 pm
- Location: San Antonio, Texas
- Contact:
Re: Important Security Reminder
The following link is another screen that I see every time that I log in. It says "You exceeded the maximum # of log in attempts. In addition to your username and password you now also have to solve the CAPTCHA below." Just wondering if anyone else has been having this problem?
https://s1.postimg.org/5w5ymo6pcf/Hunter-0001.png
https://s1.postimg.org/5w5ymo6pcf/Hunter-0001.png
Spoiler:
- Graidlyz
- Spotter
- Posts: 55
- Joined: October 27th, 2015, 10:22 am
- Location: France
- Contact:
Re: Important Security Reminder
I do have it all the time as wellSeifer wrote:The following link is another screen that I see every time that I log in. It says "You exceeded the maximum # of log in attempts. In addition to your username and password you now also have to solve the CAPTCHA below." Just wondering if anyone else has been having this problem?
https://s1.postimg.org/5w5ymo6pcf/Hunter-0001.png
By the way it's pointless since the answer is always the same
gas56 wrote:Read both articles aboveGraidlyz wrote:gas56 wrote:
The path leads to where the password is.
Something you need to read and learn about hackers/crackers and where vulnerabilities are.
Here are 2 articles that explain it.
Cookies don't lead where the password is, they allow you to log into an account, but don't give you any password.
What articles are you talking about???...................
Last edited by Graidlyz on November 3rd, 2017, 8:23 pm, edited 1 time in total.
Who is online
Users browsing this forum: No registered users and 1 guest