IFrame Vulnerabilties and how it works

[Kirakun]

Found this article when I got bored and looked up how Inline Frames works. AKA RMT special:

http://www.secureworks.com/research/threats/iframeads/

Basically, be weary of the sites you visit

[Caudex]

haha, in short, dont use Internet Explorer.... use Firefox.

Look at it this way.... Firefox = your FREE and yearly subscription to virus software.
Since almost as soon as some big "exploit" gets on the web (such as IFRAME), Firefox releases update to fix that within like 24-78hrs. X_X

Where as Internet Explorer.... will be updated 3-6months later after exploit has surfaced, which means you'd be screwed over already by the exploit 3-6months before that update.

Why Virus Software = Firefox?
Almost all viruses on a computer is contracted via 2 ways:
1. Inserted on ya computer without you knowing, via exploits in the browser system.
2. User being retarded and pressing OK to a file.... like (Kira_Naked.exe)....
3. Infected Disks shoved into ya computer....

Also haven't heard of any user cases which had the sentence "I was using firefox and got haxed" .... all i hear online is "I was using internet explorer and got haxed" >.>

[Kirakun]

Be weary of this too: http://storage.itworld.com/4650/071112n ... age_1.html

[Nightelf]

Yeah, I remember the Hard Drive incident, caused a bug fuss in Taiwan because the government there contracted for alot of those Hard Drives and they went into alot of government systems.

[Kirakun]

Caution on Account Hacking



Recently both ABC News and Yahoo! News have reported that over 10,000 websites have been infected by hackers in an attempt to steal the IDs and passwords used in various online games.

Based on the articles, it is apparent that hackers are heavily targeting online game accounts. As we have often reminded our players in the past, we ask that you continue to monitor and update the security of your system and Internet connection to prevent any harm caused by infected websites and malicious programs.

If you suspect your account is compromised, please contact the Information Center and provide us with the details. If your account is compromised outside Information Center business hours, please place a helpdesk call in order to contact a Game Master (GM) to report the details. Depending on your situation, we will offer all the assistance we can, including temporary login restriction to prevent any further harm, as well as instructions on how to proceed from there.

We are currently reviewing the restoration policy for players who have had their accounts compromised. Our goal is to expand the assistance towards affected players by restoring their accounts to a state that's as close as possible to the state it was in before it was compromised. Details on the restoration policy will be announced on the official web site once they become finalized. We appreciate your patience and understanding in this matter.

[Related Articles]
ABC News:
http://www.abcnews.go.com/Technology/PC ... id=4441255

Yahoo! News:
http://news.yahoo.com/s/infoworld/20080 ... bb8T663MMF

Looks like POL finally giving a damn AFTER it hits the news

[Caudex]

Be weary of this too: http://storage.itworld.com/4650/071112n ... age_1.html

HAHAHAHA I remember something like that happening. XD Which is why i always Delete Partition then format before use XD

Haha this one is even dodgy...... When you thought the CPU Manufacturing process was supposed to be "completely sterile" similar to Surgery Environments...

http://www.hardspell.com/english/doc/sh ... ws_id=1033

[Siubee]

i hope they actually will do something about this stuff! and help us

i have no hopes in getting my or sai's account back :/

[Caudex]

BTW this is a guide to protecting yourself, which i posted on my own LS Forum:
------------------------------------------------------------------------------
This is a guide to get yourself "protected" against hax.
Sadly Firefox actually thought they fixed it however it has yet to be fixed.

If your firefox or internet explorer doesnt get crashed by this link, then you are pretty much safe against IFRAME Exploit, if it does crash then .... you aren't safe.

This link is "safe" it only demonstrates the exploit, it doesn't take any information from your computer, so don't worry about getting hacked.

This link is a similar program to what the RMT's are using however it doesn't execute malicious code, this is simply a "proof of concept"
Initiate IFRAME Exploit

You will be reading this next part after you have realized your web explorer has crashed:

This is how you can protect yourself against it:
1. Install Firefox
2. Press the Add to Firefox button on this page:
https://addons.mozilla.org/en-US/firefox/addon/722
3. Close and Reopen Firefox
4. Go to Tools > Addons > Extentions > Make sure NoScript is ENABLED
If it was previously disabled, enable it again and close and re-open firefox
5. You will now see a |S| icon on bottom right hand corner of Firefox
6. Click on it and go to Options
7. Under Plugins Tab > Tick on FORBID <IFRAME>
8. Under Apperance Tab > Tick on Full Domains
9. Press OK
10. Now try the link i posted which showed proof of concept, now this time it will not do anything and will not crash your browser.

YES No Script can be annoying, some things from your favorite sites will not work. However you can do the following thing:

ON SITES YOU KNOW ARE GOOD:
For example: You always visited this site called Club box or http://www.google.com
You know they are safe, you can do the following:
1. click on the |S|
2. Press "Allow <address>"
You will see heaps of Addresses... the correct one is the one for your site....

Lets give you an example:
If you go to FFXIAH.com the following will be in the |S| list:
Allow google-analytics.com
Allow http://www.google-analytics.com
Allow ffxiah.com
Allow http://www.ffxiah.com
Allow Fleckz.com
Allow ads.fleckz.com

As described above you gotta allow one of those to restore "normal" website usage.
You can press "Allow ffxiah.com", since ffxiah.com is the place you are visiting and you trust that place.

However do not allow the other stuff since those are "advertisment servers".

However if you accidentally pressed other ones, dont worry.... IFRAMES have been permantly disabled, so dont "panic" just press on the |S| again and press "Forbid <address>"

This will prevent you from contracting the most recent and common wave of "hacks"
------------------------------------------------------------------------------