|
| 19 Aug 2012 05:17 PM |
| Which only works if you give anyone a "source code" of some sort. I dont know how it works, but someone was trying to tell me how to do it for robux. So if anyone asks you for some source code thing, dont do it! |
|
|
| Report Abuse |
|
|
|
| 19 Aug 2012 05:17 PM |
Good job, Tell RT instead of reporting it.
This is going to go well |
|
|
| Report Abuse |
|
|
shoop
|
  |
| Joined: 28 Feb 2008 |
| Total Posts: 1323 |
|
|
| 19 Aug 2012 05:18 PM |
| I saw something like this a long time ago |
|
|
| Report Abuse |
|
|
Mo7phR
|
  |
| Joined: 13 May 2011 |
| Total Posts: 44100 |
|
|
| 19 Aug 2012 05:18 PM |
| Here's a hint: It doesn't work. |
|
|
| Report Abuse |
|
|
shoop
|
  |
| Joined: 28 Feb 2008 |
| Total Posts: 1323 |
|
|
| 19 Aug 2012 05:18 PM |
| No, it works. This is how NintendoZACHERY's account was stolen. |
|
|
| Report Abuse |
|
|
| |
|
|
| 19 Aug 2012 05:19 PM |
Nega,
Would you rather know about it so you can avoid it, or not know, have it happen, and lose your account?
And how do you know he/she DIDN'T report it? |
|
|
| Report Abuse |
|
|
|
| 19 Aug 2012 05:19 PM |
You could get sued for using them.
~The Jedi Of RT |
|
|
| Report Abuse |
|
|
| |
|
|
| 19 Aug 2012 05:21 PM |
| I did report it, I always wanted to inform players. I dont wanna see anyone lose their account. |
|
|
| Report Abuse |
|
|
| |
|
| |
|
jmax149
|
  |
| Joined: 03 Feb 2010 |
| Total Posts: 574 |
|
| |
|
|
| 19 Aug 2012 05:26 PM |
| ROBLOX Admins holds all source codes to everyone account, which is how they store our PWs. |
|
|
| Report Abuse |
|
|
jak12321
|
  |
| Joined: 12 Dec 2007 |
| Total Posts: 2814 |
|
|
| 19 Aug 2012 05:28 PM |
The account stealing was a form of XSS, people request you to enter a javascript URL into your bar and the code would steal your authentication cookie and email the attacker with it. From there they could replace their cookie with your and you would be logged in with their account.
This does not work now, as there are new security precautions to prevent these types of attacks. All authentication cookies should be protected and secure now, so this method is obsolete. Plus, the sessions could store IP information (encrypted and salted) so you wouldn't be able to change IP with the same authentication cookie.
- Source: I'm an ethical hacker in my free time. |
|
|
| Report Abuse |
|
|
|
| 19 Aug 2012 05:30 PM |
So we should careful what link we put into the URL Bar.
-Former Hacker- |
|
|
| Report Abuse |
|
|
|
| 19 Aug 2012 05:33 PM |
| Oh, if you were talking about xss; they have security against it. |
|
|
| Report Abuse |
|
|