Bio's two Provs?

[Bishop]

thats far more interesting than "facebook is ripping your data"

edit: theres nothing to click on though.

edit: and clickjack is on every facebook page. The code you linked isnt even on the page you mentioned.

[XYFS]

it replaces ANY link on facebook with a link that seems to act normal but also hijacks utopia. It uses another security hole in facebook to get this data back to the hacker. I dont know everything it does so it could do even more things. It might not need a click at all and attempt to hijack utopia every 5 seconds. I think it works in different ways depending on the browser that you use.

[XYFS]

well I dont know much about facebook, but ask yourself this: "do you see a link to utopia-game.com on facebook?" no? well its in the code. If the code I linked isnt in the page I mentioned than it might be removed because I posted it here

[Bishop]

The code you linked did not exist on that page - ever, but every page in facebook contains a clickjack snippet, probably to combat clickjacking.

[XYFS]

I could however be wrong, I`m never 100% sure about these things.

[XYFS]

lol bishop than how did I get the code if its not on that page? :P

[Bishop]

How do i have a cup off coffee in front of me? I went and got it. I assume you did the same thing.

[fuzzy|]

How do i have a cup off coffee in front of me? I went and got it. I assume you did the same thing.

is that a bit extreme though? lol

what does XYFS have to gain by posting false info unless XYFS was the actual hackzor!

btw Bishop cant you just track the Ip of the logger when the prov get self mehuled?

[XYFS]

allright I see this part is on every page so I guess its the ANTI-clickjacking so I guess you are right I am wrong, damn I was so sure I found it :P

[DHaran]

XYFS yells "fire" in a move theater, then realizes he was looking at a fire extinguisher :P

[Persain]

lol bishop than how did I get the code if its not on that page? :P

If i do the same thing as u i get ie click that link view page source and then do a crtl+F for the code you posted i dont have a match. I however did do a crtl+F on "function si_cj(m){setTimeout" and the code i read started with

function si_cj(m){setTimeout(function(){new Image().src="http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=9565"

while yours was

function si_cj(m){setTimeout(function(){new Image().src="http:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=8690"

I admit i have no clue what any of this is, but the code you posted wasn't there when i searched, and bishop is right when i view source "clickjacking" is on every facebook page.

Not sure if that helps as i have no clue what the original code you posted even ment.

[XYFS]

lol

[XYFS]

@Persian the code is only there if you go via www.utopia-game.com, I think it was made to protect from click-jacking (back into browser history), however the way it does this is BY clickjacking see how I got confused? :P

[Bishop]

An honest mistake, thanks for trying to help though. I admit i get wary when people claim uto was hacked :p

[Drixx]

An honest mistake, thanks for trying to help though. I admit i get wary when people claim uto was hacked :p

Well, he was claiming actually that someone's browser may have been hijacked via a facebook vulnerability. There was no accusation that someone directly hacked uto. Uto doesn't seem to have been even DDoS'd in a really long time, let alone hacked, so it's safe to say that Sean and Brian have the appropriate security measures in place and keep their stuff up to date. If not, we would have seen by now.

Whenever someone gets hacked, it didn't originate from utopia. Keyloggers are the most likely suspect these days. Baka also said he logs in from his phone. IF that's an android phone, there are loads of android apps that are malicious, especially when people go looking to get them for free instead of paying for them. I don't know if baka is that sort of person, but seems to me that much of society today does not really see anything wrong with pirating movies, music, apps, games, etc... so it's possible that Baka's phone has a malicious app and that's where he was compromised.

It's all speculation really. I assume that Bishop looked into it and came up with nothing conclusive else we would have seen someone get deleted (as happened in the Rage situation a few ages ago).

----
@Bishop - I'm wondering why the provinces were restored the way they were. I assume (perhaps wrongly) that utopia has regular backups of data, so shouldn't it be possible to restore those provs, even if they are rewound by some hours? I'm almost certain that BiO would prefer that to provinces which have no troops, no wizards, no thieves, and (I assume) no sci or build. I'm confused about this because I believe Rage got their provs back in the original shape.

Is that because in that case you deleted Rage's provs and then after investigation realized that it was a 3rd party who intentionally hacked into them to trigger the anti-cheat detection, and you are able to reverse a deletion you do, but you are not able to reverse a deletion that hacker does? I'm fairly certain that you have the ability to do a real restoration, although I suspect maybe it's a matter of policy or authority that you did not or cannot. Is that to prevent people from trying to abuse a restoration system and waste support resources, or is there some other rationale for it?

I ask all of this because I think we're all confused by the nuance here and don't understand why Rage got full restoration while BiO now has provs which are sitting ducks for anyone who wants to go for them. I mean, I am sure the restoration you gave them is better than nothing, but to me it doesn't really make them whole, to use a legal restoration term.

I mean no disrespect and I'm not trying to troll you. I'm genuinely curious as to the situation here and what is preventing you from giving them a real restoration. And is it something that can be fixed so that (in certain cases at least) you are able to make someone whole when they are harmed like this?