Protection against Cookie Grabber questions?

Can someone use CG to get into your email?

let say CG has got in my computer? how can I remove it?

Im using NoScripts FireFox, some of the websites to go to which I think is safe

I click Allow all this page, is it safe?

 

1a. Cookie: a small file that contains your information (username, password, preferences) from sites you visit. This file is not edible, hence, it must be distinguished from the other kind of cookie, which is a really, really delicious snack, the kind they offer you to convince you to join the evil side.
1b. Cookie Grabber (CG): a script that essentially masquerades as a legitimate browser request, and thus, "tricks" your browser into transmit the information stored in your cookies.

2. How to tell if you've encountered a CG? A cookie grabber usually appears as a blank popup and closes quickly. When it's opened (i.e. when YOU clicked on the link to open it), it masquerades itself as neopets.com, and your browser, thinking the page is indeed neopets.com, sends your cookie to it. The evil person on the other side (the one who designed the CG) now has your username and password to do whatever he pleases.

3. You've been CGed, now what? Change your password. Don't believe what people tell you about logging out, clearing your cookies, etc. etc. This only clears YOUR cookie, not the one the evil CG person has on his computer. If you log out, but don't change your password, all it does is forces you to log in again.

If you realize you've been CGed, and quickly change your password, probably nothing is going to happen to you. If you still have access to your account, it's probably a good sign that the other person is too lazy to take over your account. (All he has to do is change the password, and he can lock you out from your own account.) If you have any other site that uses the same password (which is always a very stupid idea), change that password, too.

4a. A cookie grabber cannot "get into" your computer. It's not a keylogger (if you have a keylogger on your computer, it's a different problem, because then, ANYTHING you type, the other person has access to). The only way it can continuously grab your cookies is if you continuously visit that page. Which brings me to...

4b. Don't click on links if you have no idea where they're leading, or if you don't know and trust the person who posted it. Just because I decide to link to blahblah.com in this post doesn't mean you have to click it.

4c. Make sure you have the latest anti-virus software and spyware removal tool. Keep its definitions updated. There's no point in paying for Norton Anti-Virus if you click "Ignore" every time it wants to take an hour to download new updates.

5. NoScript is useless if you click "Allow All." Neopets.com might be safe, but neopets.com/~blahblahblah might not. If you click "Allow all on this page," you're not only allowing neopets.com but also neopets.com/~blahblahblah and advertisements.randomdomain.com. Although, in my opinion, NoScript is an overkill if you diligently practice 4b & 4c.

Man... all this cookie talk makes me want a cookie!

 

Thank you so much, your answers are very helpful +rep

Is there any other way I can get my password stolen?

 

If someone sends a request to your email and* they know youre email and such they can get your password, or if you give them your pw theyll know your pw.

 

I dont quite understand, they add me on my email and how they get my password? if I dont give it to them lol

 

I think what upriser meant to say is that the most common way people get a hold of your password is by flat out asking you, and you somehow think it's a good idea to give your password to them.

e.g. If you give me your password, I'll log into your account, play a few games to get you trophies, and give you 5mil NP.

The other way (via e-mail) is theoretically possible, but not likely. Essentially, it works like this: I ask you to add me on MSN messenger/whatever IM protocol of your choice. You add me. Now I know your e-mail address. I think you also use this e-mail address to sign up for your Neopets account, so now, I plan ways to get the password to your e-mail account. After figuring out the password on this account, I go to neopets.com and click "Forgot my password. Send it to my e-mail now." Neopets.com will then e-mail you the password, and since I already have access to your e-mail account, I now know your password to your Neopets account too.

Honestly, not the most efficient way to get people's password, in my opinion.

There are only three ways to get your password compromised:

1. If you give it out yourself (see anecdote above). Or if your password is easily guessable (e.g. you use your real name, your birthdate, your pet's name, anything you might have said at some point in a conversation that suggests that it's of some significance to you). Also, the most common password most people use is "password."
2. If data is somehow intercepted between when you type it and when it reaches the server (falling for a CG, trojan, or keylogger, or using an unsecured wifi network that's actually set up to lure you into using it to access your accounts (this is known as a honeypot))
3. If Neopets.com itself is compromised, which, despite what every sci-fi movie tries to convince you, is actually pretty unlikely. Not that it's impossible, but to actually have someone with the knowledge to do this targeting just YOU (instead of other players with hundreds of millions of neopoints) AND just you on Neopets (vs. your bank, where they can actually get real money), you actually have to pull a lot of strings and angered someone with a lot of grudge and time on their hands.

P.S. This isn't really important to me, but you actually don't have any rep power to +rep me. Hang around for a while, level up, and you can +rep me then.

 

Thank you for this info, it is very helpful