|
|
Post by ♥ Azzie on Nov 15, 2015 17:40:37 GMT -5
I've been seeing posts from Openneo on Tumblr (post is here). Basically, there's a Flash file that shows up on Neopets and immediately transfers all of your on-hand Neopoints, banked Neopoints, and gallery items to the attacker’s account if you visit an infected page. It's recommended you turn on click-to-play for plugins and remove all exceptions for Neopets and its fansites. Please be safe, guys. And try to avoid Flash on there in general. |
|
|
|
Post by Duke Pikachu on Nov 15, 2015 18:07:40 GMT -5
Was just about to post this. I activated "Click-to-Play" so I'm hopefully safe now.
|
|
|
|
Post by PFA on Nov 15, 2015 18:08:11 GMT -5
Why hackers are so relentlessly determined to get virtual money from a virtual petsite, I may never know.  Thanks for the heads-up, though! |
|
|
|
Post by Carolyn on Nov 15, 2015 18:21:51 GMT -5
Likely because there are folks who are willing to pay real money for fancy pets and points, blah.  Thanks for the warning! |
|
|
|
Post by Rabbit ♠ on Nov 15, 2015 18:27:24 GMT -5
Not another hack attack thing. Anyway, thanks for the warning.
|
|
|
|
Post by PFA on Nov 15, 2015 18:36:45 GMT -5
Likely because there are folks who are willing to pay real money for fancy pets and points, blah. Thanks for the warning! Probably true, sadly. |
|
|
|
Post by Shinko on Nov 15, 2015 18:47:26 GMT -5
By fansites does that include the forum? I don't visit neo itself often anymore and seldom visit any other fansites except for Jellyneo... and click-to-play is super inconvenient. DX
|
|
|
|
Post by Herdy on Nov 15, 2015 19:38:02 GMT -5
By fansites does that include the forum? I don't visit neo itself often anymore and seldom visit any other fansites except for Jellyneo... and click-to-play is super inconvenient. DX JN hasn't been targeted, but even if we were the only flash things we have are the old negg hunts and a few video guides in places - nothing that should impact using JN in any way if you have flash blocked. The main source for now seems to be people following links to sites rather than the pages themselves being infected - so I wouldn't visit any posted links for a while. |
|
|
|
Post by Jae on Nov 15, 2015 21:27:16 GMT -5
Do we know what kinds of pages can be infected? Also how will we hear when this is patched or whatever?
|
|
|
|
Post by Rabbit ♠ on Nov 15, 2015 21:42:01 GMT -5
How long will it take for this to get better? A few days, a couple weeks...
|
|
|
|
Post by Zoey on Nov 15, 2015 22:47:40 GMT -5
learned how to set up click to play on chrome from this. thanks!  |
|
|
|
Post by Duke Pikachu on Nov 15, 2015 23:39:34 GMT -5
By fansites does that include the forum? I don't visit neo itself often anymore and seldom visit any other fansites except for Jellyneo... and click-to-play is super inconvenient. DX JN hasn't been targeted, but even if we were the only flash things we have are the old negg hunts and a few video guides in places - nothing that should impact using JN in any way if you have flash blocked. The main source for now seems to be people following links to sites rather than the pages themselves being infected - so I wouldn't visit any posted links for a while. Well there's also the NC Collectible ads, but I doubt those are infected. Do we know what kinds of pages can be infected? Also how will we hear when this is patched or whatever? I would think only parts of the site a someone can edit would possibly be infected. But right now it sounds like you need to go someplace off site. How long will it take for this to get better? A few days, a couple weeks... It all depends when JS responds and them figuring out how the malicious program is doing this. |
|
|
|
Post by Jae on Nov 16, 2015 12:10:09 GMT -5
Site's been taken down. Hopefully it's JS trying to get a handle on the flash vulnerability and not, like, general lag.
|
|
|
|
Post by Zoey on Nov 16, 2015 13:04:50 GMT -5
Site's been taken down. Hopefully it's JS trying to get a handle on the flash vulnerability and not, like, general lag. Site's back up for me as of 1 PM EST! hope everything's been fixed! |
|
|
|
Post by Geodude 🌻 on Nov 16, 2015 16:30:47 GMT -5
Flash is one of the most vulnerable web plugins in existence and many in the tech sector have called for it to simply cease to exist as a project. Unfortunately, many games and other web applications depend on it. Click-to-play is a fair compromise that allows you to still run plugins like Flash on demand but prevents them from loading automatically and potentially carrying a malicious payload with it. Direct link to the article linked from OpenNeo, somehow OpenNeo ended up on the block list at work: www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/Stay safe online everyone. Did I mention that Flash was irreparable garbage that has wonderful features like being a system resource hog and having security like Swiss Cheese? |
|
Thanks for the heads-up, though!
Thanks for the warning!
