Wednesday, July 08, 2009

Don't believe everything you read!

So, I was going on the boards on Neopets, and saw a board titled "Finally Critical Information About CGers?" (CGers=Cookie Grabbers) Hmm. Somewhat interesting. By this point, cookie grabbing is not new on Neopets by any means, and it is somewhat tedious to see all of the boards about it. Though, it admittedly caught my interest. I clicked, and saw a post that said that the cookie grabbers have also been taking bank account info. Shortly after, I saw a reply from another person saying that was what Fox News was saying.

Another person posted that they thought it would only get worse, because now even more hackers knew about the security hole in the site. Kreepyjess (Jessica) replied to that particular post, saying "Posting scams about getting 'free paintbrushes if you go here' and redirecting people to an off-site link with malicious coding is NOT a security hole in the site. It's a security hole in the head of anyone who falls for it."

http://www.foxnews.com/story/0,2933,530684,00.html?test=latestnews

"Nearly half of players are between the ages of 8 and 12, although some are as young as 6, and they communicate with each other while at play."

You can only communicate with other players if you are 13 or above, or if a parent has sent in the parental permission form. Or of course, if you lie about your age, which is what a lot of kids do.

"They're sent a seemingly innocuous e-mail or private message on the Neopets bulletin boards telling them about a secret Web site that will let them make their own magic paintbrushes — without having to spend precious points for them."

You cannot give out your e-mail on Neopets. However, you can send a person a Neomail. (Which are moderated and filtered) Nothing on the Neoboards is private, and it's not necessarily a "secret website" that gives you free stuff. There are lots of cookie grabbing scams, including:

  • Luring people to your shop with easy to sell items at a much lower price than they are worth. Some have found coding loopholes which makes it so that buying the item is impossible, but you are still cookie grabbed. These generally hit Premium users more, but anyone who visits shops like those can be cookie grabbed.

  • Putting cookie grabbers into a fake reply box on a Neoboard. Buying a Neoboard Pen at the Neocash Mall, which gives you the option of another font to use and more space to type, so it will appear that the reply box is part of their font. They are generally veered to the left, therefore cutting off parts of the left-hand side. If you have Neoboard pens, you won't be able to see the option to use them, which makes it easy to spot that it is not legit.

  • Fake Tarla links. Every few days or so, there is an Ixi named Tarla who gives out free items. People have been faking Tarla links and posting the fake links, which truly links to a cookie grabber, and not Tarla.

  • User look-ups, pet look-ups, petpages, galleries, shops, guilds, etc. Basically anywhere you can input your own coding, scammers can and have put cookie grabbers in those places.

  • Neomails. As far as I know, people have not been able to directly put cookie grabbers in Neomails, but they can and will Neomail links to people with cookie grabbers on the pages.

Please not that these are only the most common ways that people have been cookie grabbed.

"Passwords to banking sites, account information, Social Security and credit card numbers all become fair game."

Correct me if I'm wrong, but can't a cookie grabber only grab the cookies from the site you're on when you're cookie grabbed? For example, say you're playing Neopets. You see a really good snipe on a codestone, and click on the link to buy it. You click and click, but it won't let you buy it, but it's still there. Within minutes, your Neopoints, pets, and items are all gone, your password is changed, as well as your e-mail address which is what you need to retrieve a lost password. A little bit later, your account is frozen. Do they only get your cookies from Neopets, or all of your cookies stored in your browser?

"While social networking sites such as MySpace, Facebook and Neopets spell out conditions against such practices and publicly warn users of the potential threats of infiltration, it's really up the user"

Neopets is not a social networking site, and the staff does not inform users of the cookie grabbing scams. Users inform other users.

Just my 2 Neopoints. =) (Err, cents) Thank you for reading and putting up with my ranting.

By the way, could anyone besides me tell that the person who wrote the Fox News article obviously didn't play?