i don't use NC but what the actual fuckOriginally Posted by GeoffryHawk
This is interesting and new, the NC Transaction log and Premium log in sections are showing a weak security connection now. Something is amiss with the Neopets Hashing.
That's sp00ky af
This is interesting and new, the NC Transaction log and Premium log in sections are showing a weak security connection now. Something is amiss with the Neopets Hashing.
Sent from my SHIELD Tablet using Tapatalk
i don't use NC but what the actual fuck
This is interesting and new, the NC Transaction log and Premium log in sections are showing a weak security connection now. Something is amiss with the Neopets Hashing.
I theorize Tony is the Techo Morpher, converting more UC like an ass
That's because of the certificate. Chrome is very anal about certs signed below SHA-2.
This is interesting and new, the NC Transaction log and Premium log in sections are showing a weak security connection now. Something is amiss with the Neopets Hashing.
Nothing's changed on Neo's end, and that's the problem. Chrome evolves and SHA-1 becomes much less secure than it was a couple of years ago. In fact, (you need an account to see links).
(you need an account to see links)
Neo's "secure" website gets a (you need an account to see links). Not a good sign.
Last edited by paradox; 06-17-2016 at 09:54 PM.
DJ Music Man (06-17-2016),Raposa (06-18-2016),Requiem (06-17-2016),Shizuku (06-17-2016)
Do you think that might be part of the reason why the techo morpher is able to keep getting into accounts?
DJ Music Man (06-17-2016),Raposa (06-18-2016),Sakuras (06-18-2016)
Maybe, if he managed to exploit this part of the website. Although since this deals with NC and payment info, I doubt it.
Neo is so insecure (the regular website) that anyone using a packet sniffer can see your password in plain text if they are on the same WiFi network as you. So if you log in with public WiFi unencrypted and some genius is running Wireshark for some reason, they'll be able to see that as you submit the form (and your username). They likely wouldn't be interested in your Neopets account, but it goes to show that we're in 2016 and Neopets doesn't even use or enforce HTTPS on every page (which isn't hard at all - I could set that up in 2 hours).
It's a mess. Over the years Neo has been vulnerable to so many things - and exploited almost as much. SQL injection, XSS (cross-site scripting), you name it. This Techo morpher is probably using an SQL injection of some sort to get access to the passwords. I doubt it was from a 2013 dump.
(you need an account to see links) (if you're curious)
Makes me wonder why I even spend money on Neopets when it's apparent the staff couldn't care less about the security and privacy of its users. :/
Bottom Frag Hero
@(you need an account to see links)
Well it's hard ot update and fix the site when you fire everyone who knew what they were doing eh?
Doubt it. The previous staff had been there for years and they hadn't implemented things that kept users safe either.
Bottom Frag Hero
@(you need an account to see links)
I dunno, Nickelodeon had helped, but any updates they had made are now well outdated, and the server move crippled everything. It'd take like a dedicated team and to just take the site down to put it all back together and fix it at this point.
But now they can't do that they don't have the player base to maintain downtime.
Raposa (06-18-2016)
Posting Permissions