Thread Rating:

Edpokernut
Edpokernut
Joined: Dec 6, 2017
  • Threads: 3
  • Posts: 35
Thanks for this post from:
Mission146Romes
March 12th, 2018 at 10:38:17 PM permalink
Quote: Mission146

Quite frankly, if I have a choice, I will no longer do some of these people the favor of Administrating this site on a volunteer basis.

The Administrator position pays a salary of $0 ? For all you do in helping members around here and its all volunteer work? All I can say is wow! I just wanted to say I hope you stay and thank you for all you do for the forum.
Mission146
Mission146
Joined: May 15, 2012
  • Threads: 133
  • Posts: 15308
March 12th, 2018 at 10:42:00 PM permalink
Quote: Edpokernut

The Administrator position pays a salary of $0 ? For all you do in helping members around here and its all volunteer work? All I can say is wow! I just wanted to say I hope you stay and thank you for all you do for the forum.



I thank you for your post. I intend to continue writing for the sites as well as posting regularly.

I will also continue to help people to any extent that I can, including answering math questions that are within my ability.
https://wizardofvegas.com/forum/off-topic/gripes/11182-pet-peeves/120/#post815219
RS
RS
Joined: Feb 11, 2014
  • Threads: 62
  • Posts: 8623
March 12th, 2018 at 10:51:52 PM permalink
Quote: Mission146

Quote: cwazy

No problem. I'm routinely ignored on this forum :), but that's partially my fault since I don't post much. BTW...this is the vulnerability that I was talking about that allows anyone to get IP addresses of members here:



Basically, because the forum allows external images (including in PMs), any casino could post even a single pixel invisible image in any thread and sit back and not just collect IPs, but also cookie and use more advanced fingerprinting techniques that don't require cookies. Then sit back and wait for people with that cookie/IP to login to check offers at the casino website, and bam - they're toast (FYI I'm not logging these or issuing cookies, but I easily could).

A site like this should be proxying all external images.



He shoots, he scores! I'm a town or two over, though, I guess you can't get my address from an IP.

Other than that, I don't understand anything you just said, but thank you for saying it.


TLDR: You can create a dynamic image using PHP. Probably others but that’s what I’m familiar with.

It’s common on vegasmessageboard (or something like that), where people have an image in their signature that has a “countdown to Vegas trip”. Basically it’s just code that creates an image and text over it. That in it of itself is fine.

However, you can also write more code that doesn’t effect the image. You can even make it so it’s just a regular looking picture, like a funny cat, and have the extra code added in there. Ah, those were the days.
Zcore13
Zcore13
Joined: Nov 30, 2009
  • Threads: 39
  • Posts: 3706
Thanks for this post from:
AxelWolfMission146beachbumbabsSOOPOOMoosetonpetroglyph
March 13th, 2018 at 12:51:49 AM permalink
I'd like to say, I don't know Mission personally. I've talked to him via PM multiple times. He's never been anything but respectful, professional and helpful. I think he's consistantly done a great job here as a Mod and writer. My guess would be that any association with WoN was on a business level with no intent to be any part of a scam or theft. He may have been played a bit, but that's what con artists are good at and sometimes it's hard to detect dishonesty when that's not how you think.


ZCore13
I am an employee of a Casino. Former Table Games Director,, current Pit Supervisor. All the personal opinions I post are my own and do not represent the opinions of the Casino or Tribe that I work for.
PokerGrinder
PokerGrinder
Joined: Apr 30, 2015
  • Threads: 23
  • Posts: 4383
March 13th, 2018 at 1:18:24 AM permalink
Quote: cwazy

No problem. I'm routinely ignored on this forum :), but that's partially my fault since I don't post much. BTW...this is the vulnerability that I was talking about that allows anyone to get IP addresses of members here:



Basically, because the forum allows external images (including in PMs), any casino could post even a single pixel invisible image in any thread and sit back and not just collect IPs, but also cookie and use more advanced fingerprinting techniques that don't require cookies. Then sit back and wait for people with that cookie/IP to login to check offers at the casino website, and bam - they're toast (FYI I'm not logging these or issuing cookies, but I easily could).

A site like this should be proxying all external images.


Is this a special trick because it showed up as Nha Trang, Vietnam which is where I am lol.
You can shear a sheep a hundred times, but you can skin it only once. — Amarillo Slim Preston
Pappa
Pappa
Joined: Nov 15, 2009
  • Threads: 0
  • Posts: 3
March 13th, 2018 at 1:34:08 AM permalink
Quote: cwazy

No problem. I'm routinely ignored on this forum :), but that's partially my fault since I don't post much. is is the vulnerability that I was talking about that allows anyone to get IP addresses of members here:



Hey hey, that's me! Should I worry about something?

Mission146
Mission146
Joined: May 15, 2012
  • Threads: 133
  • Posts: 15308
March 13th, 2018 at 2:06:46 AM permalink
Quote: Zcore13

I'd like to say, I don't know Mission personally. I've talked to him via PM multiple times. He's never been anything but respectful, professional and helpful. I think he's consistantly done a great job here as a Mod and writer. My guess would be that any association with WoN was on a business level with no intent to be any part of a scam or theft. He may have been played a bit, but that's what con artists are good at and sometimes it's hard to detect dishonesty when that's not how you think.
ZCore13



I thank you for your post supporting me, Zcore! I have always enjoyed my PM's with you and hope there are more in the future! I would say, only if you don't mind, that you are probably one of the people I've had more back-and-forth with than any other without ever meeting in person, or talking to on the phone. I look forward to meeting you one day, you'll see me as soon as I've, "Checked the machines," in your casino!
https://wizardofvegas.com/forum/off-topic/gripes/11182-pet-peeves/120/#post815219
GWAE
GWAE
Joined: Sep 20, 2013
  • Threads: 93
  • Posts: 9854
March 13th, 2018 at 3:48:19 AM permalink
Quote: PokerGrinder

Quote: cwazy

No problem. I'm routinely ignored on this forum :), but that's partially my fault since I don't post much. BTW...this is the vulnerability that I was talking about that allows anyone to get IP addresses of members here:



Basically, because the forum allows external images (including in PMs), any casino could post even a single pixel invisible image in any thread and sit back and not just collect IPs, but also cookie and use more advanced fingerprinting techniques that don't require cookies. Then sit back and wait for people with that cookie/IP to login to check offers at the casino website, and bam - they're toast (FYI I'm not logging these or issuing cookies, but I easily could).

A site like this should be proxying all external images.


Is this a special trick because it showed up as Nha Trang, Vietnam which is where I am lol.



when i looked at your pics it said you were in canada. I didn't want to out you and your lies but owell ;-)

This damn thread has pulled my time away from your thread and it makes me sad.
Expect the worst and you will never be disappointed. I AM NOT PART OF GWAE RADIO SHOW
cwazy
cwazy
Joined: Mar 18, 2016
  • Threads: 14
  • Posts: 178
March 13th, 2018 at 5:35:28 AM permalink
Quote: RS


TLDR: You can create a dynamic image using PHP. Probably others but that’s what I’m familiar with.

It’s common on vegasmessageboard (or something like that), where people have an image in their signature that has a “countdown to Vegas trip”. Basically it’s just code that creates an image and text over it. That in it of itself is fine.

However, you can also write more code that doesn’t effect the image. You can even make it so it’s just a regular looking picture, like a funny cat, and have the extra code added in there. Ah, those were the days.



You're quasi-correct, but everyone seems to be missing the point. It’s true that everyone who views that image is viewing their own IP address (even in quoted replies, so in GWAE’s post above this, you’re seeing your own IP and location in the image). But the point was to demonstrate the fact that when external images are allowed to be loaded directly, the third party server receives your IP address and browser headers that can be used to fingerprint your browser, and can also store cookies on your browser. That can be problematic for people trying to hide their identity, such as those in this forum.

Imagine that I work for a large casino chain (I don’t, this is a hypothetical). I can pop into a thread, and say “Great post!” in a response. Included in that post would be a transparent 1 pixel image that you wouldn't even see. When you merely load that page, my server now has your IP, browser information, and can drop a cookie on your browser. With that, next time you log into my player’s club website, I now know that you are a member of WOV and your casino account should at a minimum be flagged for review. In fact, if I wanted to identify specific individuals on here, I could simply send a PM with the same invisible image embedded, then I’d be able to correlate your casino player’s club login with your username here.

I don’t know if casinos have done this here or on other forums yet or not, but given that the members here probably represent millions in losses for casinos annually, there is certainly an incentive do so, since it would cost almost nothing. Maybe a few hours of setup time and another few hours just posting the pixel in popular threads.

There is a way for the forum to prevent this while still allowing external images to be displayed. But obviously they are not doing it. That was the point of showing the IP. I wasn’t trying to perform a parlor trick, I was trying to call attention to a glaring privacy issue.
Last edited by: cwazy on Mar 13, 2018
prozema
prozema
Joined: Oct 24, 2016
  • Threads: 24
  • Posts: 1194
March 13th, 2018 at 5:45:11 AM permalink
This is one helluva thread... Geez.

  • Jump to: