May 15th, 2007, 03:24 AM
Sorry, I don't do games, so I have no idea of how those forums are designed; besides, this isn't really the medium for detailed explanations. Suffice it to say that your site does not seem to use encryption so your password isn't secure in transit.
You might register on this site and browse around. It specialises in games development so just try searching for "security", "logons" and stuff like that:
May 15th, 2007, 02:47 PM
It doesn't look like a client side login.
You can still guess the password from an md5 hash.
I also really doubt they're sniffing the auth info for his account off the wire.
proboller86 > The most likely explanation for your problem are:
1) Your authentication information (username, password, security question) were probably of a low quality and easy to guess or brute force.
2) The website has vulnerabilities and is open to a cross site scripting attack. With this type of attack knucklehead 'a' submits client side code that is pushed through the system to person 'b' and is executed by b's client to grab the authentication information and send it to 'a'. This 'could' be why they were trying to get you to right click and view source (if that is indeed what they were attempting). Doing so might have allowed you to see their scripts in the html.
You have to understand however that most people on sites such as www.ghetoo.com that are claiming to be evil hax0rs are actually just goobs that know just enough to prey on the fears of those who know less than themselves. It makes their e-peen bigger or something.
If you want a better understanding I recommend doing some reading on how the web and web applications work. Maybe learn to do a little code.
I work on games as well as security. Feel free to ping me with questions.
Last edited by Juridian; May 15th, 2007 at 02:51 PM.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
May 15th, 2007, 04:04 PM
It's not. I just asked if it was above because someone else said "they peeked at the source code".
May 15th, 2007, 04:51 PM
By E5C4P3 in forum AntiOnline's General Chit Chat
Last Post: January 16th, 2008, 11:40 PM
By Aden in forum AntiOnline's General Chit Chat
Last Post: April 28th, 2004, 03:40 PM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM
By Anatra in forum AntiOnline's General Chit Chat
Last Post: March 31st, 2003, 11:48 AM
By TURBOWEST in forum The Security Tutorials Forum
Last Post: September 23rd, 2002, 05:46 AM