Aces High Bulletin Board
Help and Support Forums => Technical Support => Topic started by: Sloehand on January 14, 2007, 08:14:25 PM
-
Reported to HiTech, but thought community should be aware.
Perusing through various threads here in the General Discussion forum, I entered the "interesting history Saburo Sakai" thread by boneyfreak.
I immediately received a notice from my PC-cillin Privacy Protection software as follows:
xxxxxxxxxxxx
Notification
Privacy Protection (Web)
Privacy Protection has prevented confidential information from being sent over the Web. To allow the protected item to be sent to the address below, click Add Exception.
.
Action taken: Blocked.
.
Address: http://forums.hitechcreations.com/forums/avatar.php?
Item: Credit card number Visa3
xxxxxxxxxxx
I'm guessing here, but could it be that someone's avatar in that thread contains some type of malware, trying to get my credit card info?
Don't know exactly what's going on or who is doing it (if I'm correct about this), but it happens only in that thread and I have tested it repeatedly.
Haven't found it anywhere else and I've been into threads before and after that one.
Just thought everyone should know.
-
It's possible. There were several XSS exploits in vBulletin as there were few with image uploads including avatars...
If the version stated on the bottom is true, this forum should be updated to ver 2.3.11.
-
i have trend micro and had no message pop up.
not saying that your assumptions are innacurate, only offering a result from the same scanning program.
-
Originally posted by JB88
i have trend micro and had no message pop up.
not saying that your assumptions are innacurate, only offering a result from the same scanning program.
All depends on your system. Not all Browser/OS/SecuritySoftware combos would be affected and not all security software would issue a warning, especially if you added this site to trusted ones in your application.
It is still good idea to check it out.
-
agreed.
-
Sorry to actually repeat a previous thread, but Skuzzy initially responded and I was afraid might not go back to it and see my additional info.
I now have more info.
Here's what is going on. Every time I try to enter the "interesting history Subaru Sakai" thread by 'boneyfreak' in the General Discussion forum I get the notice from my PC-cillin security software.
Notice is as follows:
xxxxxxxxxxxx
Notification
Privacy Protection (Web)
Privacy Protection has prevented confidential information from being sent over the Web. To allow the protected item to be sent to the address below, click Add Exception.
.
Action taken: Blocked.
.
Address: http://forums.hitechcreations.com/forums/avatar.php?
Item: Credit card number Visa3
xxxxxxxxxxx
I tested this several times and it's this thread, and iy happens immediately upon entry.
Am I right that it looks like someone's avatar in that thread has something imbedded causing this, possibly the thread author?
I figure this is very serious, which is why I want to make sure HiTech gets notified.
FYI -- this was NOT a pre-extisiting bit of malware on my machine as I ran all my security scans (and found nothing resident) and as it only (and always) happens when going into this thread.
-
Did you pre-register your personal info with the Privacy Protection module of the Trend software on your machine? You have to establish the CC#'s, addresses, phone #s, etc. for the software to protect, first.
Originally posted by JB88
i have trend micro and had no message pop up.
not saying that your assumptions are innacurate, only offering a result from the same scanning program.
-
Did you e mail support about this as well Sloehand? They might get it that way faster.
-
Originally posted by Sloehand
Did you pre-register your personal info with the Privacy Protection module of the Trend software on your machine? You have to establish the CC#'s, addresses, phone #s, etc. for the software to protect, first.
negative. but i see where that is an option. nice.
-
Originally posted by Sloehand
Did you pre-register your personal info with the Privacy Protection module of the Trend software on your machine? You have to establish the CC#'s, addresses, phone #s, etc. for the software to protect, first.
OK, maybe im being really dumb here.... but isnt giving the security software the info the only way for your computer to know your CC info in the first place?
(That is unless of course youre doing online banking or other such things).
-
Originally posted by Schatzi
OK, maybe im being really dumb here.... but isnt giving the security software the info the only way for your computer to know your CC info in the first place?
(That is unless of course youre doing online banking or other such things).
LOL thats what I was thinking also Schatzi ;)
-
Originally posted by Schatzi
OK, maybe im being really dumb here.... but isnt giving the security software the info the only way for your computer to know your CC info in the first place?
Majority of the browsers support auto form fill ie they save what you type into fields with common names like name, address etc.
If you purchase things online your cc# number could be saved without you knowing it.
And that's where security software comes in. It compares pre-registered personal info with transmissions. If there's a match it'll block it unless it is user invoked...
-
Originally posted by 2bighorn
Majority of the browsers support auto form fill ie they save what you type into fields with common names like name, address etc.
If you purchase things online your cc# number could be saved without you knowing it.
And that's where security software comes in. It compares pre-registered personal info with transmissions. If there's a match it'll block it unless it is user invoked...
Rgr, thank you Bighorn. Thats pretty much what Schutt told me LoL.
-
I find it odd that boneyfreak has only one post, no profile infomation, no avtar, etc.
Just an observation
-
OK, folks. Schutt alerted me to the probable cause of all this and that is my Protection software, or actually, what I put into the software. Seems that I used the minimum number of digits required (4) of a credit card number to trigger an alert, not realizing that within the thread's normal use of userid's I might get a match and trigger the alery. This seems to be the case as I have had the same thing happen now at other websites.
Strange in that, I've had the Protection module active for about 3-4 weeks and haven't had a hit till last night and then again today.
Anyway, that seems like the probabl cause and that it is NOT a malware attack by anyone.
Sorry, if anyone got annoyed or unnecessarily concerned. My motivation was only to protect others from what I thought might be a serious problem.
-
Ahh, 4 digits, lol
So must be one of those:
1244
1087
0871
8719
7198
1986
9864
8645
1478
4783
1165
1651
6511
5111
1119
1194
1941
1332
3324
1526
5269
2694
6945
9459
4598
5024
1502
1593
5937
9375
3758
7585
5855
5531
1553
1644
6447
4472
4722
7228
2283
1176
1117
1532
5326
3263
2639
6394
3940
6307
1630
1682
6821
8211
2116
1160
1603
-
Originally posted by 2bighorn
Ahh, 4 digits, lol
So must be one of those:
....
:t
-
Originally posted by Sloehand
Sorry, if anyone got annoyed or unnecessarily concerned. My motivation was only to protect others from what I thought might be a serious problem.
Hey, I appreciated the "warning". It might've gotten my attention to start blocking images on the web. Since I've gotten a nasty bug that way before.