IMPORTANT SECURITY ANNOUNCEMENT: Password Theft Attempts

The forum Administration will not ask for password or serial key information via random PM.
This will never be legit:

Immediately report any such PMs to the Administration team.


First Security Message (Oct 21, 2010)

Please note that the forum will never ask for your username and password in a separate popup window. The only valid password entry forms for the forum look like this, integrated into the page as shown:



If instead you ever see a password entry request in a pop-up window like the one below, do not enter you forum account info into it. Any such password request pop-up is almost certainly an attempt to steal your account info.



You'll notice in the above image that the popup window clearly indicates in the first line the actual website domain which the request is coming from, and it's not TaleWorlds (no matter what it may indicate in the second line). The above screenshot is of a password popup generated in Firefox, but other browsers should similarly indicate the actual website domain which such requests are coming from.
If you ever unwittingly enter your account info into such a password request form, you should immediately change your password.

The reason for this announcement is due to a recent user apparently having a fake image link in his signature which would cause the above example of a password request pop-up. Again, if you saw that pop-up and actually entered your forum account info, you should immediately change the password on your forum account, along with any accounts with other sites on the internet on which you used the same password.

Whoah, yeah. Thanks for the announcement.

You find out who was doing this?

I thought it was just some recruit who thought Taleworlds and Steam were trying to hack his account.

But alas, 'tis serious.

Warcat92 said:

You find out who was doing this?

Click to expand...

The particular user was this one.

Might be others around, but I'll let Janus answer that when he posts next.

How'd he not know what his sig was doing. And if his sig did that, what could other sigs be doing?

Warcat92 said:

You find out who was doing this?

Click to expand...

Yes. I've contacted the person in question on the vanishingly slim chance that it wasn't intended as a password theft attempt before outright banning him, but I don't expect much from that. Even if this particular instance wasn't malicious in nature (unlikely), other such attempts could happen in the future so I figured this announcement was needed.
The only real way we could completely prevent such a thing from happening again would be to disable images from being posted in the forum entirely, and I'm not willing to do that.

EDIT: after further investigation which proves the malicious intent, he's now banned.

I should further add that I've found he is connected to the following site:
http://risker.in/

Anyone who entered their username and password to that popup message should really also change their password on any other accounts on the internet which use the same password as they have here on the forum. Otherwise, you should expect to have your other accounts accessed eventually.

Thanks Janus.  Always keeping the site up.   

Good work. Hope not many people fell victim of that scam before it was deleted. They seem to have had something againist Hobos

Whoah, that looks worse than I originally suspected.

I just checked out the risker site, and...that person needs to die. 

EDIT:  And McBev is on it.   

Good looking out.. thanks. 

Bolkonsky said:

EDIT:  And McBev is on it. 

Click to expand...

I am? 

You are now.

Godspeed. And dont come back without his head.

Also, related? http://forums.taleworlds.com/index.php?topic=142378.new#new

EDIT. Nevermind, I checked his posts. Just trollin'.

McBeverage said:

Bolkonsky said:

EDIT:  And McBev is on it. 

Click to expand...

I am? 

Click to expand...

Didn't ya see the Contact button, Nathan, or whatever yer name is? 

(I kid, I kid!)

Anyways, after a wee bit of digging, it appears that the domain is registered to one Cody Ward living at 151 Queen Mary Street in New South Wales.

Although this could be a cover identity.

McBeverage said:

Anyways, after a wee bit of digging, it appears that the domain is registered to one Cody Ward living at 151 Queen Mary Street in New South Wales.

Although this could be a cover identity.

Click to expand...

Checking into it yourself, eh? 

I bet it is actually him, since his first several posts to the forum here were from a real Australian ISP. His later posts were through an anonymizing proxy; oops, too late. I've contacted the abuse department of that ISP with the relevant details. I also contacted the host of the password harvesting script and they've already taken it down pending investigation a few minutes after receiving my e-mail. I'm about to contact the host of the risker.in domain as well.

So, in English, this guy ain't coming back and tale-worlds forums doesn't have any security issues, and you're preventing further security issues for taleworlds/othersites also?/Armagan isn't going to die -cough-?

it was a guy named "Taleworldsfanboy" or something.