Concerning free ArbiBots:Quote:
Originally Posted by YoHoJo
If you've used ArbiBots at any point, change you're passwords and delete ArbiBots immediately.Quote:
Originally Posted by YoHoJo
Printable View
Concerning free ArbiBots:Quote:
Originally Posted by YoHoJo
If you've used ArbiBots at any point, change you're passwords and delete ArbiBots immediately.Quote:
Originally Posted by YoHoJo
Not true from when I looked at his loader and scripts in November 2010. But things change in 4 months.
And powerbot and arbibots are kinda rivals now, so whatever they say about each other should be taken lightly. Since Arbiter owns Arbibots and resigned from powerbot to join Jacmob in making RSBuddy, which will basically compete with powerbot.
Don't user powerbot, but was on their twitter page and this was on top:
http://twitter.com/#!/rsbotorg
Would still rather not take the risk though.Quote:
Originally Posted by pyroryan
Actually i think this should be a little corrected. As i've seen people suspect actually all the blaming on arbiter was fake. The person who "hacked" the accounts is actually a person named Gh0$t and it wasn't just arbibots that were infected, but the whole RSBot v2.22. That is because this Gh0$t guy had access to the repository and somehow managed to include his own things in it, meaning a file dropper and a logger of some sort.
Currently i think that RSBot and RSBuddy are ddosing eachother and there seems to be no end. I'm not 100% sure about this except for the part that Gh0$t actually infected the RSBot client.
Wow, sad :[. Happy nothing like this happens at SRL :D. I guess it's the money aspect?
That's worrying to say the least.
-- BP
well actually Gh0$t is an alias/worker for arbi they put it all on him, but arbi and jacmob made over $10,000 by RWT the stolen gpQuote:
Originally Posted by lolislol
Wait, so he has the passwords to my RS accounts?
Wow...Just wow. That's why you've gotta love SCAR/Simba/SRL.
More power to SRL, in my opinion. Someone had to teach these guys a lesson.
Explains why many accounts of people I know IRL got hacked (from a US IP). Someone most likely ran the infected version.
This could just as easily be done here...
People are acting like it isnt even possible and thats just ignorant.
Wondering how you'd do that. :)Quote:
Originally Posted by kitchenrange
Well, I certainly wouldnt be able to do it. But you could. :)Quote:
Originally Posted by Wizzup?
MSI stores it plaintext in players.ini or whatever. Just add some http thing in MSI (there's no default enabled firewall anyways) and tadaa, you got a dozen of passwords.
Why the fuck does MSI store it as plaintext...Quote:
Originally Posted by Markus
Well, you store it in plaintext in your script as well. But I think we should assume that people won't run random scripts that will just upload their files etc.
How are you supposed to log onto RS with an encrypted login file?...Quote:
Originally Posted by kitchenrange
Well, I guess its true that its stored in most scripts I use as plaintext as well. Just seemed like there could be some sort of encryption/decryption process, but w/e.Quote:
Originally Posted by Harry
The point I was making is that it could be done here easily.
If the loginplayer function has access to the decrypt function, then the password stealing function would have access too. So encryption/decryption wouldn't work.
What does work, is having an open source system that is easy to read. Easy for users to read, and easy for an automated script verifying script to scan through scripts and includes to make sure that Declareplayers/playerform and loginplayer are the only things using the password variable.
So, you are saying that it couldn't be done?
Someone with commit access couldn't change something that would be updated using the hourlies that everytime declareplayers was called, it sent the password to somewhere?
Even if you could catch them it would be afterwards. I don't know the inner workings of the system, but it seems like that could be done easily.
Yes, that is possible. Eventually I'll make the updater use tags, so they'll have to be verified in advance. At the cost of getting the updates with some delay.Quote:
Originally Posted by kitchenrange