Posted by confuzyq on July 5, 2007, at 20:35:41
In reply to Re: consequences of being hacked, posted by Dr. Bob on July 5, 2007, at 18:51:01
> One of the consequences of someone having your posting password is that with it, they can access the information you entered to register here, and if that includes an email address that can be linked to your real name, then what you've posted could be linked to you.
>
> > FYI, what the hacker did was insert malicious instructions into a post that sent them information from the Babble cookies of those who came across that post.
>
> That post was on the main Psycho-Babble board from 5/10 to 5/12, so I think only posters who visited that board during that time were at risk.
>
>
> BobThe following wouldn't be of much general comfort, but does the above mean that lurkers or others who hadn't posted since a cookie cleaning were probably "immune" from having their "individualized" cookies read; even if they had cookies turned on? For example, myself, during that time I was allowing cookies so that I'd get the yellow new post flags. But I had not actually posted in a long time, so while that function did work, the board didn't recognize me personally -- At least, I gathered that because the "Find posts specifically for you" button didn't display my user name.
Just curious about this one: the infected meds board post(s) you refer to -- did one of them consist of three "NM"s in a row at the end of a thread; the first saying "I agree" and the rest saying either that or possibly nothing but NM? I think the poster had a three letter name, possibly beginning with "A" or "R." (Altho as you said, the hacker could post as others.)
I clicked those intentionally, as they looked suspicious and I was curious once word started spreading about the hacking in The Final Hours. I had read that there was a pop up from a post on the newbie board (I think), and that that one was harmless tinkering with javascript, so assumed whatever was going on on the meds board would be harmless too. Oops!
But I'm not worried. Despite that, as much as I felt sure from the start that nothing serious could happen to anyone's computer due to the hacking, it has been hard not to at least let it cross my mind, when my computer does something it hasn't before. ;-)
But I do know it's not likely to be related. For the heck of it, I'll probably do full online scans at trendmicro.com ("Housecall") and pandasoftware.com ("Activescan"). There are other great ones too, all free. A lot of stuff they remove, other stuff they just tell you is there, but at least you know and can seek help by other means, like the below (or buy their software ;). They are better than any individual antivirus or spy/malware program one could have on their computer itself, for detecting suspicious stuff. (If anyone tries this, note that each can take hours to finish scanning, on a dialup connection.)
There's another great free tool out there for detection, called "hijackthis" (HJT). But that one generates a log that has to be interpreted by experts at one of many great free forums. Can recommend a few if anyone wants to know -- you do want to make sure the site is very well-known and the instructions will be tried and true. They make it as easy as possible, walk you right through anything that needs to be done.
poster:confuzyq
thread:758315
URL: http://www.dr-bob.org/babble/admin/20070702/msgs/767951.html