About Cookie Grabbers

[tiramisu]

1.	It's not likely to happen from within the site itself, on any page. The cleared shop descriptions nowadays are often just the word filter catching up with the latest slang for derogatory words, or the result of somebody having their shop reported for whatever reason. The Neopets server subjects all board, lookup, pet page and shop input type="text", select and textarea fields to a filtering routine which removes JavaScript. This prevents users from executing scripts which could hijack your cookies. Unless someone has copied your cookies from your browser's local database, captured your traffic as you browse, or installed an extension or script-injector, then your cookies are safe.
2.	(you need an account to see links) by clicking a link would only be possible if that link could be manipulated to execute code through a JavaScript event. (you need an account to see links) for a user's personal information by tricking them into manually entering their username and password is often associated with clicking a link, which will cause you to navigate to a site that is often disguised to look like the login page of the site you came from. A user may mistake that page as genuine and provide their credentials, resulting in their username and password being stolen.
3.	You'd want to look out for any code which is accessing the document.cookie object, then attempting to send that string off-site via an iframe request or postback, WebRTC, WebSocket or XMLHttpRequest. UserScripts can also use GM.xmlHttpRequest or GM_xmlhttpRequest to send data as well. The trouble with detecting when code is stealing cookies is that a smart developer will (you need an account to see links) their code, which makes it difficult to decipher what it's doing. Furthermore, almost all of the methods mentioned above are used on the Neopets site in some capacity, either by the site itself, or the advertiser content you see as you browse. Attempting to manually identify the good from the bad will be a tedious task.

Wow, thank you so much! This is such a detailed answer.

If I may ask one more question, I've seen a method somewhere that involved inserting an offsite link into a Neopets swf, would that work nowadays? I'm not sure if you can currently use swfs .

[Bat]

Wow, thank you so much! This is such a detailed answer.

If I may ask one more question, I've seen a method somewhere that involved inserting an offsite link into a Neopets swf, would that work nowadays? I'm not sure if you can currently use swfs .

No, that wouldn't work anymore. The Neopets filters also remove embed and object HTML elements, which are used to load a Flash (.swf) files.

[gmac]

I want to open up this thread again. I have seen a lot of high profile accounts getting hi-jacked and their gallery cleared. What is the best way to protect ourselves against external "hackers"? What type of security should I install on my computer?

[j03]

I want to open up this thread again. I have seen a lot of high profile accounts getting hi-jacked and their gallery cleared. What is the best way to protect ourselves against external "hackers"? What type of security should I install on my computer?

Nothing on your computer...

It's server sided - on TNTs computers if you want to say it like that.

So the best way is to regularly change your account password.


Sent from my iPhone using Tapatalk