thats far more interesting than "facebook is ripping your data"
edit: theres nothing to click on though.
edit: and clickjack is on every facebook page. The code you linked isnt even on the page you mentioned.
thats far more interesting than "facebook is ripping your data"
edit: theres nothing to click on though.
edit: and clickjack is on every facebook page. The code you linked isnt even on the page you mentioned.
Last edited by Bishop; 21-03-2012 at 15:47.
Support email: utopiasupport@utopia-game.com <- please use this and don't just PM me| Account Deleted/Inactive | Utopia Facebook Page | #tactics <-- click to join IRC|PM DavidC for test server access
it replaces ANY link on facebook with a link that seems to act normal but also hijacks utopia. It uses another security hole in facebook to get this data back to the hacker. I dont know everything it does so it could do even more things. It might not need a click at all and attempt to hijack utopia every 5 seconds. I think it works in different ways depending on the browser that you use.
well I dont know much about facebook, but ask yourself this: "do you see a link to utopia-game.com on facebook?" no? well its in the code. If the code I linked isnt in the page I mentioned than it might be removed because I posted it here
The code you linked did not exist on that page - ever, but every page in facebook contains a clickjack snippet, probably to combat clickjacking.
Support email: utopiasupport@utopia-game.com <- please use this and don't just PM me| Account Deleted/Inactive | Utopia Facebook Page | #tactics <-- click to join IRC|PM DavidC for test server access
I could however be wrong, I`m never 100% sure about these things.
lol bishop than how did I get the code if its not on that page? :P
How do i have a cup off coffee in front of me? I went and got it. I assume you did the same thing.
Support email: utopiasupport@utopia-game.com <- please use this and don't just PM me| Account Deleted/Inactive | Utopia Facebook Page | #tactics <-- click to join IRC|PM DavidC for test server access
Support email: utopiasupport@utopia-game.com | Utopia | UtopiaWiki | uTools
YouTube: Official fuZZy Video | Official ZZ Theme Music
Jerk by nature. 1 Bogdan to rule them all!
allright I see this part is on every page so I guess its the ANTI-clickjacking so I guess you are right I am wrong, damn I was so sure I found it :P
XYFS yells "fire" in a move theater, then realizes he was looking at a fire extinguisher :P
S E C R E T S
If i do the same thing as u i get ie click that link view page source and then do a crtl+F for the code you posted i dont have a match. I however did do a crtl+F on "function si_cj(m){setTimeout" and the code i read started with
while yours wasfunction si_cj(m){setTimeout(function(){new Image().src="http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=9565"
I admit i have no clue what any of this is, but the code you posted wasn't there when i searched, and bishop is right when i view source "clickjacking" is on every facebook page.function si_cj(m){setTimeout(function(){new Image().src="http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=8690"
Not sure if that helps as i have no clue what the original code you posted even ment.
Last edited by Persain; 21-03-2012 at 16:03.
lol
@Persian the code is only there if you go via www.utopia-game.com, I think it was made to protect from click-jacking (back into browser history), however the way it does this is BY clickjacking see how I got confused? :P
An honest mistake, thanks for trying to help though. I admit i get wary when people claim uto was hacked :p
Support email: utopiasupport@utopia-game.com <- please use this and don't just PM me| Account Deleted/Inactive | Utopia Facebook Page | #tactics <-- click to join IRC|PM DavidC for test server access
Well, he was claiming actually that someone's browser may have been hijacked via a facebook vulnerability. There was no accusation that someone directly hacked uto. Uto doesn't seem to have been even DDoS'd in a really long time, let alone hacked, so it's safe to say that Sean and Brian have the appropriate security measures in place and keep their stuff up to date. If not, we would have seen by now.
Whenever someone gets hacked, it didn't originate from utopia. Keyloggers are the most likely suspect these days. Baka also said he logs in from his phone. IF that's an android phone, there are loads of android apps that are malicious, especially when people go looking to get them for free instead of paying for them. I don't know if baka is that sort of person, but seems to me that much of society today does not really see anything wrong with pirating movies, music, apps, games, etc... so it's possible that Baka's phone has a malicious app and that's where he was compromised.
It's all speculation really. I assume that Bishop looked into it and came up with nothing conclusive else we would have seen someone get deleted (as happened in the Rage situation a few ages ago).
----
@Bishop - I'm wondering why the provinces were restored the way they were. I assume (perhaps wrongly) that utopia has regular backups of data, so shouldn't it be possible to restore those provs, even if they are rewound by some hours? I'm almost certain that BiO would prefer that to provinces which have no troops, no wizards, no thieves, and (I assume) no sci or build. I'm confused about this because I believe Rage got their provs back in the original shape.
Is that because in that case you deleted Rage's provs and then after investigation realized that it was a 3rd party who intentionally hacked into them to trigger the anti-cheat detection, and you are able to reverse a deletion you do, but you are not able to reverse a deletion that hacker does? I'm fairly certain that you have the ability to do a real restoration, although I suspect maybe it's a matter of policy or authority that you did not or cannot. Is that to prevent people from trying to abuse a restoration system and waste support resources, or is there some other rationale for it?
I ask all of this because I think we're all confused by the nuance here and don't understand why Rage got full restoration while BiO now has provs which are sitting ducks for anyone who wants to go for them. I mean, I am sure the restoration you gave them is better than nothing, but to me it doesn't really make them whole, to use a legal restoration term.
I mean no disrespect and I'm not trying to troll you. I'm genuinely curious as to the situation here and what is preventing you from giving them a real restoration. And is it something that can be fixed so that (in certain cases at least) you are able to make someone whole when they are harmed like this?
Last edited by Drixx; 21-03-2012 at 23:52.
There are currently 1 users browsing this thread. (0 members and 1 guests)