Kid's site query
Links: home · search · speed test · login · more ·
 
Links: Reply New Topic
Forums » Security » Security » Kid's site query

norwegian @ 7th Nov 06:12AM:
Kid's site query

I am not sure how to approach this one.

I know I can email them in regards what I consider a breach, however I thought I'd run it past the experts first.

I know my kids account have been used by others, they buy/sell cloths etc, and there has been movement when they have not been on.....no a biggie you say. However comments have been made in their name as well.

So obviously, regardless of whether the password has been breached or the site has been exploited, I'm wondering first, has anyone else noticed this? Do you trust a site as such if you want to pay to join? (another separate question to my main concern)

they have no youtube or such accounts and only use a couple of accounts on kids game sites. How do you look into these? Hope the admin care enough to listen? If the site is breached, then are the admin careful enough?

Any advice for a concerned parent, even though so far it is harmless, even with the derogative comments posted in their absence, how do you approach this to help others?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
reply
VikingBob @ 7th Nov 09:38AM:
Re: Kid's site query

My only thought this early in the morning, a quart low on coffee, is to change the password(s) to a strong one. If your kids can verify they didn't share their password(s) with anyone (or someone looking over their shoulder), then one would hope the nefarious activity would stop.

If it doesn't stop after that, then perhaps the site's security isn't so great, and they need to be contacted.

There's also WOT - see what it says.
reply
evil_gusgus @ 9th Nov 06:01AM:
Re: Kid's site query

If the email accounts have been compromised if possible I would delete those emails and make new ones for them with a stronger password (numbers, letters and punctuation) if possible.
reply
norwegian @ 9th Nov 08:14AM:
Re: Kid's site query


So you both think it is only a weak password?

I realise I've not mentioned the site, however, does it need being public to answer the question? If I posted the site, would probing it make any difference?
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
reply
VikingBob @ 9th Nov 10:06PM:
Re: Kid's site query

It's one distinct possibility. There isn't enough information here to give you a 100% certain answer. If changing the password, and making sure it isn't "shared" or otherwise leaked with others your kids may know, then that would tend to eliminate one possibility. Passwords get cracked daily.

The possibility the site has been hacked is a real one. There are hundreds of sites hacked daily.

"Probing" the site could be illegal, if you're talking about looking for holes. Any sort of "pen-testing" of a site you don't own requires explicit permission from the site owner. If you have legitimate concerns that the site has been hacked, try contacting the site itself.
reply
seankelly @ 10th Nov 05:09AM:
Re: Kid's site query

said by norwegian
I know my kids account have been used by others, they buy/sell cloths etc, and there has been movement when they have not been on.....no a biggie you say. However comments have been made in their name as well.
[/BQUOTE :

On some game sites, my children have in the past give others their passwords so that they can help each other. Maybe yours have done the same?
I think I've persuaded mine not to do it again - if they need to "share" a game character, I get them to set up another account which they and friends can use.
I also use Blue Coat's K9 software on the children's PCs, it seems to do quite a good job. They accept it without complaint, which surprised me.
reply
norwegian @ 10th Nov 09:06AM:
Re: Kid's site query


Might be possible, who knows with kids.

However, on a seperate subject, but almost related (for me anyway) I've had 2 computers crap out and both were on FaceBook at the time, talk about co-incedence.

Back to the topic though, I'm not sure what "info" you post on subjects such as these. It's sensative however you look at it. As the kids box was one that broke, they can only reference material in front of me and I'll check what is happening to see if it helps.

As some have posted on this site, some of the old character pictures of famous people, I saw as a school kid years ago, I not doubt think there is enough script kiddies running this site, inadvertently as it may be.

VikingBob I realise the implications of probing, however if you knew the site, would you look through the script, flash etc? I realise most wouldn't
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke
reply
VikingBob @ 11th Nov 12:04AM:
Re: Kid's site query

Examing the source code is perfectly legit. But even then, all that shows is what's being served to the end user on port 80. It won't necessarily tell you if the site is insecure and has been hacked. You'll see if malicious (or at least suspect) javascript and/or iframes have been inserted, of course. If that's the case, put that site on your blacklist. The lack of those things still doesn't mean the site is secure, or hasn't been hacked.

I'm not a code expert, nor do I currently have a box I want to fiddle with potential malware on - but there are others here who'd probably check out the site in more detail, if you posted a link.

Eliminating the obvious is still the best first step. Change the passwords, and make danged sure your kids don't share, on purpose or accidentally. Then see what happens, and go from there.
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC