Reply With QuoteThat's why we're the best maple fansite ever.
Be VERY Wary About Visiting Basil Market And Other Maple Sites
Always make sure you're running the NoScript plugin or similar software, cause otherwise...
http://i.imgur.com/QwzILUj.png
...yeeeeaaaah.
A lot of seemingly legitimate fan sites (some even endorsed by Nexon) have backdoor deals with third party spam/malware dealers who won't even think twice to completely bury your system. Some sites are also honey pots, looking to score your e-mail and other personal information that can be used to hijack your Maplestory account. More often than not when you see some post or message about someone saying that they "got hacked"... what actually happened is they stumbled across what looked like a legitimate fan site and wound up with their whole system compromised and jacked up with malware.
That's why we're the best maple fansite ever.
Oh wow, that's pretty bad. Good looks, Plarg!
Yeah this site never makes NoScript spaz out. You don't have to worry about your e-mail or personal details being sold off to 3rd parties either.
Mmmm speaking of which, most of these outfits like Basil Market do this deal where they say they're all "concerned about your privacy" and often say something to the effect that they're not actively sharing any personal information... BUT, if you look at the fine print on their affiliate and 3rd party ad sites they contain a bunch of sleaze about how they're not directly responsible for the actions of any 3rd party outfits, including the ones that they do business with.
So basically it's like saying, "Well ~I~ won't share your personal information... but I'm just gonna go on ahead and leave my door wide open for anyone to come on in and take whatever they like."
...hence the reason the NoScript plugin goes completely spastic with cross site scripting warnings on Basil. Something that you never have to worry about on this site.
==EDIT==
Here's a great example (one of the sites that Basil was trying to transmit data to):
Last edited by Plarg; 28th February 2014 at 07:10 AM.
A lot of that list seem to be ad delivery sites. While not particularly dangerous, they are responsible for all those tracking cookies so they can target their advertising.
Butts.
213 181 178 166 165 164 162 152 147 135 134 130 125 123 123 120 120 104 100 100
A lot of them are, at least on the surface, the problem is that many of them deal with other 3rd party outfits that do much more than simple cookie tracking. That's how they appear "legit" most of the time, they use a cover site/facade, in Basil's case they use networkadvertising.org, but that company in turn deals with dozens and dozens and DOZENS of other companies and doesn't do a very good job of actually looking into each one... to the point where the site itself actually has a system setup to report any rogue outfits.Originally Posted by FailFTW
To make things even more complicated, their cover site lists their participating companies:
https://www.networkadvertising.org/p...ating-networks
...but then the majority of those companies is an ad agency in and of itself with dozens MORE 4th party and even 5th party outfits who don't need to adhere to the rules/regulations of the originating site at all.
All in all it's simply a *BAD* idea to deal with any site that participates in such scam "networks", especially if they're using *ANY* form of cross-site scripting, which can be used for any number of extremely horrible things, including cookie stealing.
==EDIT==
And by the by, there are no shortage of techniques that these outfits can choose from...
http://securityweekly.com/2011/05/st...ng-new-xs.html
As a general rule of thumb you should simply never deal with any site that's using ANY form of XSS (cross site scripting). There is absolutely NO plausible reason either as to why the ad tracking companies would even NEED to use such forms.
Last edited by Plarg; 28th February 2014 at 08:00 AM.
Posting Permissions
