Welcome to Gaia! ::

Srs poll is srs

Yes Gaia needs to fix towns or take it down 0.71460674157303 71.5% [ 1272 ]
Just take towns down 0.12584269662921 12.6% [ 224 ]
I agree because I've been hacked via towns 0.032022471910112 3.2% [ 57 ]
I don't really care about this issue 0.074719101123596 7.5% [ 133 ]
I disagree for whatever reason 0.052808988764045 5.3% [ 94 ]
Total Votes:[ 1780 ]
1 2 3 4 5 6 ... 160 161 162 > >> >>> »|
User Image
Banner by Frenchbananahorn
[url=http://www.gaiaonline.com/forum/t.46163883/][img]http://i728.photobucket.com/albums/ww281/weimaranerfan/attention.gif[/img][/url]

VOTE THUMBS UP PLEASE


I have been browsing Q&A and the bugs forum lately, people are getting redirected and hacked through towns AGAIN. Devs have replied to some threads but have not stated what their plan of action is to take care of it this time, since obviously the last fix wasnt permanent.

Supposedly these issues are fixed. If that is so, then I am happy and there is no need for this anymore. Regardless, I am probably leaving the forums and at the very least I am done bumping this thread. I am not going to try and help Gaia with my feedback when they cannot honor simple requests from the users. No longer. I couldnt care less if they get their asses sued because of this and since they let it go on so long neither should you.



There is NO SUCH THING as a 'live code' swf file and Towns is swf based, It can be taken down, Lanzer has said they are considering it they just don't WANT to because it means no more sponsor worlds, vj, rallies, cinemas, etc. They know what needs to be done. It's not live code. It can be taken down. Please don't say it can't be.

If you have a problem with how I write, please refer to the bottom of this post.
Dev reply also at the bottom
I've been told referring to the viruses as hiding in cookies is an incorrect term, regardless, this can still happen. I've explained how elsewhere, and external sites can frequently download things without your permission.

Mods claim the holes are fixed. But they'll probably be back in a few days unless they REALLY fix towns.


Towns and Housing are two relatively old staples of Gaia. Not as old as some other things, but they've been around.
Lately there have been major 'improvements' in the intelligence and cunning of scriptors. They can redirect you to other web addresses- this leads to major risk taking every time someone uses towns. You could go on that site and be hit with a cookie grabber, trojans, viruses, or whatever they have hosted on the site. Cookie grabbers and keylogging viruses open people up to a WORLD of fraud. All through an exploit in YOUR system.

One may argue that its one's own responsibility to avoid such viruses- However, any properly maintained website on the net will have some reasonable degree of safety, and in many cases viruses can do what they need to do before you know it's been done. I have virus protection up the a** and I still occasionally get thrown for a loop.

Now I understand Gaia has lots of legalese in their TOS, but the fact is, when ANY other software or service provider finds an exploit like that- THEY FIX IT. Exploits and security concerns should be TOP priority. I have a paypal, and I check my bank statements online- I do NOT want some pissant scriptor stealing what little money I can manage to raise in this economy, just because I dared to want to commune with others in towns.

This, however, is not the only glitch in towns. Scripting for a long time, has been an issue- and according to what I've heard, the report system in towns can NOT get around when a scriptor 'ghosts' their name and makes it something other than their true name. You think Cake-kun's real username is Cake-kun? Cause I bet you its not.

There are also minor, playability glitches- Housing not loading due to certain items, Housing EATING items (One user in q&a had a before and after screenshot of their ENTIRE LETTER COLLECTION which looked complete (with many dupes) getting EATEN) and users disappearing in towns, then reappearing when you reload that block.

But none of those (except maybe the item eating glitch since it costs money in cases of cash items) are as bad as the fact that Towns has now become a platform for FULL SCALE HACKING AND IDENTITY THEFT. Any -adult- who has a credit card, has applied for one, has a bank account, has a paypal, etc, could viably get their identity stolen if they got a cookie grabber or keylogger- and it could happen through Gaia.

I don't want a mod to reply to this saying its not possible. I've SEEN the latest 'Cake-kun's, and they fully redirect you to another site, VIA towns- This third party site could be as dangerous as any other website, in fact, I've seen people loading third party site pieces INSIDE towns as well. These things ARE possible and it is only a matter of time.


Now Gaia, be a responsible website and fix it, or take towns down. It is not worth the risk to me and if others understood the risks I doubt it'd be to them, either. I use my debit card online, I have a paypal, I have a bank account, I am LIVING MY LIFE, and all that could be ruined if I pick the wrong block in towns.

Even if Gaia insists they are not liable
, to leave their users at risk in this way expresses a 100% opinion of "Screw you, we don't care about your safety" in my eyes and others I've mentioned it to.


It is possible, and it will happen if Gaia doesn't fix this or stop it NOW.
Cookie grabbers and keyloggers are available freely on the web and touted as 'easy to use' as long as it gets onto the targets pc somehow. There are tutorials even on video websites about how to use them. Third party websites place cookies in your internet cache. These files can be sent with the cookies as 'trojan' type viruses disguised as safe cookies. A cookie grabber or keylogger can get ALL passwords from your cookies- your email, which may contain bank or paypal info, or in the case of a keylogger it might even get your (or your parents in case of minors) BANK OR CREDIT CARD INFORMATION.
90% of the viruses I have dealt with got on my computer -without me asking to download anything or approving it- this means it was placed on by either cookies, or a 'downloader' type virus hidden in a cookie, that is directed to download its component pieces on reboot and initiate them.
If you say this is not possible then you truly have no idea what can be done on the internet these days.
If you care about our safety, address the issue.

There's another thread in the Bugs forum that at the moment is not up to date and thus not entirely reliable for security purposes- But it does show how long these huge issues have been going on for.
Its here

IN RESPONSE TO THOSE SAYING THE TOS COVERS GAIA COMPLETELY
Please read the thread for more, as more info is scattered about the thread, this is taken from page 11 if I remember correctly.
Astral Descent
I apologize for being a biznatch but its so disconcerting to have people just plain not read. This is your and everyone elses LIVLIHOOD on the line here without so much as a peep from administration.

A bit of a continuation of my earlier reasoning, yes most lawsuits filed against ISPs are in pursuit of piracy- However the root of piracy is theft. Is identity theft and the theft of monies or one's account not also theft? It causes people to lose time, money, or the very basis of their financial lives depending on severity, and if their computer is damaged that is more monetary loss to them. Not to mention hacking of ANY sort is illegal.

By wagering that these activities, theft and hacking, are illegal despite what the TOS says and that Gaia permits it to go on, and that ISPs have been sued despite having similar 'bulletproof' TOS articles written by lawyers of a much higher caliber than Gaia's (you have no idea how much money AT&T has), one could hazard a guess that Gaia could also be sued for permitting theft, hacking, and damage of one's property.

If ISPs can be sued for piracy they didnt know about, Gaia can be sued for s**t they DO know about.

Even if Gaia -cant- be sued, they are still obligated to facilitate any lawsuit of an individual hacker or scammer- yes, this is true, because when someone breaks the law on the net and someone wants to press charges it IS possible if you have the money to pay the lawyer for their time. Though compliance is usually voluntary and technically not required by law, denying to give out such information despite having it is protecting a criminal and hindering a criminal investigation- Legal troubles.

And yes, pressing charges against an individual over the net is possible, otherwise no off-gaia hackers or scammers would ever be prosecuted, and identity thieves who run off the net, etc.

If you're stubborn enough and willing to invest the time and cash it can be done. Don't let some words discourage you, the fact is most TOS are made to cover the ISPs/Gaia legally from the LAZY people who will be discouraged and simply believe what they are told.

Lawbreaking is lawbreaking no matter what, and hacking and theft (scamming, identity theft etc) are against the law last I checked.


If you have a problem with how I write
, I'm sorry, however this issue has been ignored for well over a year, and gaia has been informed multiple times. This is basically them saying that they dont care about our security, in my eyes. This is why I am bitchy. I found this out shortly after I became involved in paypal transactions over the net. I was biting my nails and sweating bullets while I scanned every bit of my PC and rechecked all my info.
This is dangerous. This is a lack of security. They haven't responded and by all accounts they seem not to care. As a friend of NKs I'm sorry but she's been polite for months and they haven't listened. This is them standing by and doing NOTHING while we risk EVERYTHING just by logging on to THEIR services. This is an utter lack of morals.
Basically if you have a problem with me PM me and tell me so but it doesn't make my argument any less.


This is their reply.
As usual, it doesnt fix anything and seems to say to me they dont care. 'Thank you for your patience', and there's no timeline for it to be fixed? people could lose their identities over this- All you need to do is take towns DOWN until its fixed! Security shouldnt be a 'Thank you for your patience' issue, it should be of utmost importance no matter what.
Quote:
Hello there,

Thank you for your concern. The developers are aware of the situation and
working on the issue. We can not give a time frame as to when this issue
will be fully resolved.

Thank you for your patience.
Lucas Coldstone's avatar

Romantic Werewolf

8,000 Points
  • Tycoon 200
  • Profitable 100
  • Money Never Sleeps 200
I tottally agree.
-|- {~She has a point.~} -|-
User Image
This is why I stopped going to towns long ago biggrin ;;;
stressed

agreed.
User Image - Blocked by "Display Image" Settings. Click to show.



I am just wondering...
Is this also happening in Rallies, zOMG, Hollywood, Kung Fu Panda, Madascar, etc?
User Image - Blocked by "Display Image" Settings. Click to show.
Lucas Coldstone's avatar

Romantic Werewolf

8,000 Points
  • Tycoon 200
  • Profitable 100
  • Money Never Sleeps 200
Seemingly Invisible
User Image - Blocked by "Display Image" Settings. Click to show.



I am just wondering...
Is this also happening in Rallies, zOMG, Hollywood, Kung Fu Panda, Madascar, etc?
User Image - Blocked by "Display Image" Settings. Click to show.
it maybe.
It can be done in any Towns based platform.
So, yes, for most of that. zOMG is more of a challenge to the average script kiddie since so much of it is controlled by gaia's servers, and they are just learning to script it and can only do simple things as far as I know.

It's mostly towns based platforms, and rallies which is closely based off of towns, as well as the sponsor worlds which are just remodeled towns.
Since they are already working on the trash/flowers etc bug, and there isn't any of that in towns at the moment, they might just as well shut it down for a while and sort everything out, although it's really just a race, isn't it? Whatever they do in that kind of environment, scriptors will attempt to invade it, and rally is just a hangout for gangs and scriptors too. I hope they are working to button up zOMG nice and tight, because that would be disastrous.
I have never encountered scriptors myself, but I don't use Rally, and I only ever go to remote unpopulated parts of towns to collect trash.
Astral Descent
It can be done in any Towns based platform.
So, yes, for most of that. zOMG is more of a challenge to the average script kiddie since so much of it is controlled by gaia's servers, and they are just learning to script it and can only do simple things as far as I know.

It's mostly towns based platforms, and rallies which is closely based off of towns, as well as the sponsor worlds which are just remodeled towns.
It's a night to believe, It's a night filled with wonders. . .


Aw man, don't tell me that script kiddies are trying to ******** up zOMG! Why do these people have to ruin things for the rest of us.

But I do agree that the Devs are taking way too long on fixing security flaws. I may not be a programmer, but surely there must be a way to block any incoming transmissions to the servers besides the ones that are typed in the message box.

It's a night filled with dreams, Christmas dreams you can make true. . .
Its simply an issue of how towns is built. because it accepts so much user generated input, it allows for massive security holes. At the time towns was made, packet editing wasnt as popular or as easy, however now those tools along with configurable cookie grabbing/keylogging platforms and free website hosting are very available to the public.

It simply needs an update and more restrictive security rules, for example saying that it will not execute certain commands under any circumstances, such as the vortexing and redirecting or force-racing that kicks people to rallies. I only know a bit of programming, but it feels like it'd just need a simple check before running any inputted data, that or move it to serverside like zomg.

The only thing they can do on zOMG is fuxxing with emotes and animations as well as cloning as far as I know, they cant do any real harm yet but it'd be horrid if they figured it out
Lucas Coldstone's avatar

Romantic Werewolf

8,000 Points
  • Tycoon 200
  • Profitable 100
  • Money Never Sleeps 200
K r a z y k a t
Astral Descent
It can be done in any Towns based platform.
So, yes, for most of that. zOMG is more of a challenge to the average script kiddie since so much of it is controlled by gaia's servers, and they are just learning to script it and can only do simple things as far as I know.

It's mostly towns based platforms, and rallies which is closely based off of towns, as well as the sponsor worlds which are just remodeled towns.
It's a night to believe, It's a night filled with wonders. . .


Aw man, don't tell me that script kiddies are trying to ******** up zOMG! Why do these people have to ruin things for the rest of us.

But I do agree that the Devs are taking way too long on fixing security flaws. I may not be a programmer, but surely there must be a way to block any incoming transmissions to the servers besides the ones that are typed in the message box.

It's a night filled with dreams, Christmas dreams you can make true. . .
scriptors ruin it for us because they got no real lives and like to see people suffer
It's a night to believe, It's a night filled with wonders. . .


Wow, I suppose scripting has really taken off since Towns has been released. neutral

I know that it's not a matter of if people can hack zOMG. It's a matter of when and if the Devs can keep up with them.

Maybe they should have people just checking through the site all day for security errors. Gaia is a big site with a lot of active users. As I am typing this there are almost 70,000 people online. Imagine if 5% of them were scripters. That's 3,500 people. Even if only 2% were scripters that would be 1,400. That many people can do a hell of a lot of damage.

It's a night filled with dreams, Christmas dreams you can make true. . .
Lucas Coldstone's avatar

Romantic Werewolf

8,000 Points
  • Tycoon 200
  • Profitable 100
  • Money Never Sleeps 200
K r a z y k a t
It's a night to believe, It's a night filled with wonders. . .


Wow, I suppose scripting has really taken off since Towns has been released. neutral

I know that it's not a matter of if people can hack zOMG. It's a matter of when and if the Devs can keep up with them.

Maybe they should have people just checking through the site all day for security errors. Gaia is a big site with a lot of active users. As I am typing this there are almost 70,000 people online. Imagine if 5% of them were scripters. That's 3,500 people. Even if only 2% were scripters that would be 1,400. That many people can do a hell of a lot of damage.

It's a night filled with dreams, Christmas dreams you can make true. . .
agreed.
To adress where scripting can take place:
It is possibe to script in
*Towns- as you all have seen mostly
*Jigsaw- usually as blue link popups in the chat area that can redirect you to ripway
*Rally- just like towns we've seen how this worlks
*Fishing- I haven't dug too deep into this one yet, but apparently the pop-up concept like jigsaw applies as well

Not sure about the other games and I doubt you can script on Towns.

Also, it's possible for some scriptors to change their avi name color to orange, green, brown etc. in towns. <----that needs to me stopped

Quick Reply

Submit
Manage Your Items
Other Stuff
Get GCash
Offers
Get Items
More Items
Where Everyone Hangs Out
Other Community Areas
Virtual Spaces
Fun Stuff
Gaia's Games