Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
so, after getting the clown smiley on my alt PENNYWISE, I decided to do some terrorizing.
When I first created the account, the intent was just to be in worlds. Just... being there. AFK.
I don't think very many people on EE get the reference.
And since I was already logged into an alt, why not?
Armed with a gaming mouse and able to copy and paste with one small button press, I went to work:
I am a secret moderator and your account has been hacked. Can you please give me your email and password?
So I went to a few different worlds, mass PMing people, getting no responses, getting publicly called out, and getting sworn at. one person said "hi zoey".
Do people, collectively, learn that quickly?
The answer is... it depends where you look. of course.
So I was in a world, and PMed two different people.
They both kind of asked why, so I repeated what I'd said before: I'm a secret moderator.
One posted the thing publicly, and then PMed their account info.
and then they begged me not to hack them?
"why would you give me your account info if you thought i was going to hack you?" i asked.
"i don't know."
so then they started begging me not to hack them.
I logged into their account -- they only had one empty world and no friends. so nothing really worthwhile.
So then the other person, having witnessed someone begging me not to hack them, gave me their account info. smart.
and also begged me not to hack them.
it was the world owner, and the level had 26 people on it.
"what is a mostly harmless way to drill this lesson into their brain"
the answer was
"kicking everybody" as seen here.
tl;dr: seriously, have a message in every world saying "don't give out your password to anybody" like what bobithan said.
proc's discorb stylish themes for forums/the game
꧁꧂L O V E & C O R N꧁꧂ ᘛ⁐̤ᕐᐷ
danke bluecloud thank u raphe [this section of my sig is dedicated to everything i've loved that's ever died]
?
Offline
the answer was
"kicking everybody" as seen here.
That's just rough...
Offline
Nou did right in issueing a warning.
There is no social experiment - and you knowingly violated the rules. Being a forum mod makes it even worse and people might recognize you as "staff member" and follow your rude instructions.
I seriously hope this will have consequenes. Furthermore forum moderator previledges should be revoked - however, this up for the staff.
I just voice valid and most justified concerns regarding your "little experiment".
H
Hi.
Offline
Yes, phishing attacks are certainly off limits, and it was a bit aggressive.
However, Zoey demonstrated that phishing attacks are very easy (and many users comply), and that since no obvious preventative measures were taken beforehand (nothing in the rules about it; no warning message in chat) it shows that someone (a hacker) could have been doing this for a very long time. If Zoey did not say anything about it or try it, the practise could have gone on for much longer. While she did take control of one account and kicked some users from a room, someone else could have much more nefarious actions. Technically, she was one of the "better" people to conduct this.
If Zoey is disciplined for her actions, this makes users not want to report vulnerabilities because they might fear that they will be disciplined as well.
Because Zoey2070 resorted to posting this to the forum, it might show that the private feedback developers might need to be re-worked.
Offline
An account named "Hardwise" came into my world and PMed me that. I kicked immediately.
"thebiggestpoopever" Nice name.
thanks zoey aaaaaaaaaaaand thanks latif for the avatar
Offline
An account named "Hardwise" came into my world and PMed me that. I kicked immediately.
"thebiggestpoopever" Nice name.
rofl that hardwise nerd tried it on me. I managed to troll him for like 10 minutes before he ragequitted
Maverick: Started up on a 6, when he pulled from the clouds, and then I moved in above him.
Charlie: Well, if you were directly above him, how could you see him?
Maverick: Because I was inverted.
Offline
whoa there zoey
Offline
I feel that Zoey is proving a very valid point.
I remember someone on the forums here (Supermouk) claimed he was hacked by Threewheeldrive1. It was possible Supermouk gave his acc info away (Supermouk should confirm this).
This is serious and has been influencing hacked account reports for a very long time. Why would hackers even try to hack a specific player's account? It's not like they have a billion Gems on them.
What if the game censored your password if you tried saying it in chat and then sent you a message about never giving ANYONE your password?
Offline
What if the game censored your password if you tried saying it in chat and then sent you a message about never giving ANYONE your password?
If censors can be bypassed, what about passwords?
This is a false statement.
Offline
Vasum01 wrote:What if the game censored your password if you tried saying it in chat and then sent you a message about never giving ANYONE your password?
If censors can be bypassed, what about passwords?
Its kind of dumb is you are like
"Oh replace all of the 0's with o's in my password: passw0rd"
Offline
Creature wrote:Vasum01 wrote:What if the game censored your password if you tried saying it in chat and then sent you a message about never giving ANYONE your password?
If censors can be bypassed, what about passwords?
Its kind of dumb is you are like
"Oh replace all of the 0's with o's in my password: passw0rd"
Yeah but at least then they're making an informed stupid decision instead of an ignorant stupid decision. It'll probably deter a lot of issues like this, why avoid doing it just because it's not 100% effective?
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
An account named "Hardwise" came into my world and PMed me that. I kicked immediately.
"thebiggestpoopever" Nice name.
After you got kicked by your own world, "bot" kicked by mistake. I got the proof
Offline
Xfrogman43 wrote:An account named "Hardwise" came into my world and PMed me that. I kicked immediately.
"thebiggestpoopever" Nice name.
After you got kicked by your own world, "bot" kicked by mistake. I got the proof
Bad programming on my part. He PMed me that so yeah.
thanks zoey aaaaaaaaaaaand thanks latif for the avatar
Offline
I do believe that Zoey2070 shouldn't have "tried" and neither kicked everyone, it would be more common people quitting EE than learning not to give the password.
Also I do believe that anyone asking for passwords should get a warning even if it is for "testing" purposes and verifying how stupid is the common internet user.
If you want to do it for fun I know a better way. Take some pictures with a big camera and tell girls you are doing a lingerie photo-shoot but you need a nude picture to know if they will be good enough for the job.
You will be surprised of how many girls want to be models and are willing to give a random stranger a naked picture. (just verify they are 18+ so it is legal)
Offline
Though what Zoey did was mostly borderline violation, he has indeed proven that phishing can very, very easily happen in EE. In fact, armed with a dynamic regional proxy and a bot, I could start mass-phishing EE players all the time with a bot without worrying about IP ban--You can IP ban me, but I assure you that I'll be back by tomorrow with different IP to continue phishing people in EE. Ban that too, and I will be back with another IP to continue mass phishing EE players and the problem will never end.
Unless you are willing to type tens of millions of IPs to fully ban me which will in turn ban my entire region from playing EE, the easiest solution to prevent phishing is to inform players to not give account info in the first place.
Offline
Though what Zoey did was mostly borderline violation, he has indeed proven that phishing can very, very easily happen in EE. In fact, armed with a dynamic regional proxy and a bot, I can start mass-phishing EE players all the time with a bot without worrying about IP ban--You can IP ban me, but I assure you that I'll be back by tomorrow with different IP to continue phishing people in EE. Ban that too, and I'm back with another IP to continue mass phishing EE players and the problem will never end.
Unless you are willing to type tens of millions of IPs to fully ban my attack which will in turn ban my entire region from playing EE, the easiest solution to prevent phishing is to inform players to not give account info in the first place.
(plus delete your precious account)
No u.
Offline
-snip-
(plus delete your precious account)
It's a simple analogy, obviously you can always ban me but you get the point.
Offline
Yea , some people including me (that's been some time ago)
Woudl go in worlds and claim that ee censors your password and post a set of **** afterwards
it was both horrifying and interesting how many people fell for it
Offline
If you want to do it for fun I know a better way. Take some pictures with a big camera and tell girls you are doing a lingerie photo-shoot but you need a nude picture to know if they will be good enough for the job.
You will be surprised of how many girls want to be models and are willing to give a random stranger a naked picture. (just verify they are 18+ so it is legal)
this... is genius. i'd need to find a community with 18+ women. maybe say 'i need a copy of your photo ID' and 'also donate five dollars to this paypal account' and 'for... employment purposes, i'll need your social security number.'
then i could steal their identity and get nudes out of it.
edit: not that i'd actually do it because the identity theft, at least, is actually a crime. and also i don't even know what i'd use the nudes for.
Yea , some people including me (that's been some time ago)
Woudl go in worlds and claim that ee censors your password and post a set of **** afterwards
it was both horrifying and interesting how many people fell for it
classic phishing move.
proc's discorb stylish themes for forums/the game
꧁꧂L O V E & C O R N꧁꧂ ᘛ⁐̤ᕐᐷ
danke bluecloud thank u raphe [this section of my sig is dedicated to everything i've loved that's ever died]
?
Offline
Tork wrote:If you want to do it for fun I know a better way. Take some pictures with a big camera and tell girls you are doing a lingerie photo-shoot but you need a nude picture to know if they will be good enough for the job.
You will be surprised of how many girls want to be models and are willing to give a random stranger a naked picture. (just verify they are 18+ so it is legal)this... is genius. i'd need to find a community with 18+ women. maybe say 'i need a copy of your photo ID' and 'also donate five dollars to this paypal account' and 'for... employment purposes, i'll need your social security number.'
then i could steal their identity and get nudes out of it.
edit: not that i'd actually do it because the identity theft, at least, is actually a crime. and also i don't even know what i'd use the nudes for.
Use them for avant-garde art pieces
http://blog.everybodyedits.com/2015/07/ … ords-ever/
This "social experiment" is now over. Anyone caught doing this stuff will be held accountable for their actions.
No u.
Offline
http://blog.everybodyedits.com/2015/07/ … ords-ever/
This "social experiment" is now over. Anyone caught doing this stuff will be held accountable for their actions.
it took a week, but legit. thank you. so much.
i mean, granted, once there's another blog post and once people dismiss the warning in the lobby, the warning won't be seen. but good work.
i'm gonna close this topic because my ee phishing days are over and i got the result i wanted -- people being warned not to give out their passwords. which was totally my original intention.
continue the discussion here if you guys want.
proc's discorb stylish themes for forums/the game
꧁꧂L O V E & C O R N꧁꧂ ᘛ⁐̤ᕐᐷ
danke bluecloud thank u raphe [this section of my sig is dedicated to everything i've loved that's ever died]
?
Offline
[ Started around 1732336454.401 - Generated in 0.107 seconds, 13 queries executed - Memory usage: 1.82 MiB (Peak: 2.11 MiB) ]