hmm.. check this out!

[Urme the Legend]

Urme removed the link

Yeah.. check this out..


EDIT: Removed link due to peoples safety

 

[Cheesehound]

lol at the peeps who copyed their password

 

[SilverHood]

ho hum, all those ip addys....

wouldn't want to be one of those

 

[Galiryn]

/em is getting a new game password

:doh:

oh and btw , have fun with the walkthrough to Restore the magic SI quest

 

[Carlos Bananos]

porn? ;x

 

[Archeon]

uke:

God, i'd just eaten when i saw the pic-a-ture on that, good god thats just not right. Reminds me of those vampire eating thingies in blade 2

 

[Wile_E_Coyote]

My cookie security was medium, after this its high and staying there. =/

 

[Urme the Legend]

Yes this is a security problem in IE imo..

Btw I cleaned the database since some people used a little trick .. (I will fix so that won't work tomorrow ...

 

[Urme the Legend]

I'm suprised that i'ts soo many that got their password in the clipboard while surfing ...

No wonder people get hacked!

 

[old.Downanael]

Wtf was on that link? someone tell please

 

[Wile_E_Coyote]

It was a link that used a cookie-security issue in IE to copy whatever you had in your clipboard and posted it in a log along with your IP for all to see.

There were alot of daoc passwords there, and some even had their acc name as well.

 

[Archeon]

Originally posted by old.Downanael
Wtf was on that link? someone tell please

You don't wanna know, trust me

 

[Urme the Legend]

That security problem has been there for over 1.5 years.. thought they fixed it now.. but guess not

 

[old.Downanael]

Originally posted by Wile_E_Coyote
It was a link that used a cookie-security issue in IE to copy whatever you had in your clipboard and posted it in a log along with your IP for all to see.

There were alot of daoc passwords there, and some even had their acc name as well.

Ouch Now i got one reason more to use Opera

 

[Urme the Legend]

It could easy be implemented in any homepage so people would never know if it logged the clipboard or not.

 

[wrathofsauron]

Originally posted by Urme the Legend
Urme removed the link

Yeah.. check this out..


EDIT: Removed link due to peoples safety

You sir are an idiot, are you even aware of what you did before? the ammounts of passwords was a bit scary including my own.

If i was a goa employee reading this post and clicked on that link i would terminate your account immediately.

It is one thing making a post on how bad security people have in general but making a link where all can see peoples password is just stupid.

p.s. my password is changed.

 

[Urme the Legend]

Well with a password you aren't getting far. But I couldn't imagine in my wildest fantasy that so many people had their password in the clipboard.

Well now atleast you know what kind of tricks can be used on the internet to get other passwords.. and btw the databased were cleaned several times during the night. And I don't think anyone had both login and password in their clipboard.

edit: and again this little script could be hidden in several homepages to sniff up other users passwords from different websites.

 

[Gorbash]

fact is tho, cos you cant manually set a password, you have to remember some b0rked string of letters, and its much less hassle to just keep it tucked away in the clipboard.

 

[greenfingers]

Originally posted by Carlos Bananos
porn? ;x

what? where? who ... ??



.... heeeey ... where is the p0rn???

U cheated me U twat!:great:

 

[Basso]

From securityfocus:

This functionality can be disabled.

Under the tools menu of IE, select Internet Options > Security > (select zone) > Custom Level. Under scripting, disable "Allow paste operations via script." or set it to "prompt" if you wish to be notified when this sort of operation is being conducted.

 

[Urme the Legend]

Originally posted by Basso
From securityfocus:

This functionality can be disabled.

Under the tools menu of IE, select Internet Options > Security > (select zone) > Custom Level. Under scripting, disable "Allow paste operations via script." or set it to "prompt" if you wish to be notified when this sort of operation is being conducted.

That was superb! :great:

Even I didn't know about that..

 

[Sibanac]

Re: Re: hmm.. check this out!

Hehe thank god i use a real browser
mozilla for ever !

 

[old.Demeter]

solution posted by Basso addresses only 2 of 5 methods to steal clipboard contents that i am aware of...

trust me, if YOU have password in your clipboard and you dare to browse web with it - you give em to hackers by yourself

unbelivers with high security settings look for your clipboard content here (2 methods demoed)
http://www-sop.inria.fr/cma/personnel/Dimitri.Petoukhov/c.html


http://www.mdkgroup.com/archive/library/hack99/msie_5_dhtml_cuartango.txt

http://packetstormsecurity.nl/9901-exploits/cuartangojc-clipboard-msie.txt

and there are other holes that i just dont recall/missed so far...

While IE is full of holes using Opera/Mozzila doesnt give 100% warranty either
so dont store FECKING passwords in clipboard !

 

[vintervargen]

excuse me , but by clipboard, you mean ctrl + c = copy or what?

 

[Urme the Legend]

Originally posted by vintervargen
excuse me , but by clipboard, you mean ctrl + c = copy or what?

Yes

 

[froler-mid]

my password was there, im a newbie


changed etc now.

 

[Sibanac]

you know this wouldnt be such a problem if people would finaly learn NOT to store passwords on their pc

 

[hercules-df]

Surely its time for a FUCKING SAVE PASSWORD TAB on the launcher, Its annoyed me from the beta, fucking remembering that list of b0rk3d letters and numbers is pointless, now with the poxy 2 accept buttons to click JUST TO GET INTO THE FUCKING GAME its more like running a lunix app than starting a fucking game, Mythic/GOA Give us a 1 click way into the game, and NO FUCKING TUERMS AND CONDITIONS BULLSHIT, we dont need tofucking read them everyimte we play, do u know what kind of a BITCH it is for 2hr cutoff ppl.

Yes Yes save password built into the DAOC launcher MAY be vulnerable but far less so than M$ stuff.

 

[Archeon]

its that difficult for you to remeber your password? then again with all the swearing and meaningless babble in that post it wouldn't surprise me if you couldn't...

 

[Flimgoblin]

doesn't seem to work in IE6 (or at least the first one of the other methods posted)