68 replies to this topic

[Cowman_133]

spling, on 28 July 2012 - 07:22 PM, said:

Speaking as someone who also has a project partnered with Tip.It, I know that this will be a great benefit for both parties involved. Glad to see some forward progress for Tip.It, and excited to see what this might bring in the future. Good luck! (Now; let's bring RuneTracker into the mix.)

Get the proposal going!

[Carl]

D. V. Devnull, on 28 July 2012 - 02:56 PM, said:

I find myself disappointed and gravely angered that this has occurred.  This is made worse by the fact that it wasn't brought past the main Tip.It community first, in order to receive proper feedback on the matter.  I happen to have seen quite many forum posts out on the RSOF, here at Tip.It, and such that have specifically identified SwiftKit and their SwiftIRC server as being the point at which many have been hacked and their RS accounts stolen/ruined.  The damage to other users that I have seen those posts about has either happened via IP detection and DOS attack, or via some manner in which someone on the SwiftIRC network has exploited a hole on another person's computer and compromised their computer and RS account.  To switch your Tip.It IRC to being a mere set of channels on SwiftIRC, and therefore open up Tip.It's users to an IRC community that is known to lack morals and has hurt others, now results in my permanent discontinued use of IRC in regard to RuneScape and related fansites.  I may have used it rarely and only when necessary, but this change was a breaking point between me possibly using an IRC client actively and my not using one at all anymore.  Further, I will now have to rethink my usage of Tip.It's Forums, as mixing that other community with us is going to result in many additional, and highly detrimental issues.

~Mr. D. V. "You're likely to lose some of the security-conscious folk over this..." Devnull

I'm quite confused as to why you'd take posts on the RSOF as truth? I'm not disputing that some people post there after being hacked, but the events that lead to their account being compromised generally isn't honest or it's just uneducated.

IP's on our servers are masked, regular users can't view an IP address without fooling you into unsetting particular modes which are automatically applied when you connect The only other way is if you visit a URL sent to you by an unfamiliar user, navigating to it can give them your IP address.. But if you exercise general caution, you should know not to visit URL's sent to you by strangers. You speak as if this community is hidden from the outside world and not grown up enough to handle other people, I don't know where you've been these last few years but that's an image that you've horribly distorted.  

D. V. Devnull said:

It's far worse than that, MageUK, as the virus doesn't have to be directly in that executable, but only just a mere point of exploit.  Let alone what I've already mentioned, allowing any browser (even swiftkit's) to show the adverts above the RS applet (and especially with IE's engine active) runs a high risk of the user's system getting damaged/infected.  Stacked on that, it's likely most IRC users don't know how to shut off IRC DCC and/or are unable to due to whatever client they're using.  Instant opening to being hit, right there.  And as for the viruses/hackings/damage that have been claimed and are attributable to usage of SwiftKit, most of the ones that I'm referencing are not possible to be linked to due to having been eaten by the "page 51 monster" on the RSOF over many years.

I'm afraid you guys are very unsuspecting.  At this point, I'm going to leave this topic in regard to the thread be, and alone.  I'll be watching from the background as the negative feedback rolls in sometime in the future.

~D. V. "Far more aware than you realize..." Devnull

DCC is disabled on our network, so you need not worry about that. Those threads you can't cite would be quite useless anyway, as already stated the facts are generally left out in "Help, my account's been hijacked!" posts.The Tip.It Administration would not have made this move if it put its users at risk, don't be silly.

[Serpent Eye]

I don't use either feature, but very exciting news indeed!

to all involved!

[Simmo]

Newb, on 28 July 2012 - 07:53 PM, said:

IP's on our servers are masked, regular users can't view an IP address without fooling you into unsetting particular modes which are automatically applied when you connect

If it weren't for people with custom host names we would hard code it right into the SwiftIRC client to force everyone to use that mode. Removing the ability for people to trick you. If people have concerns or questions please feel free to post in the SwiftKit forums and we will do our best to answer them.

[iso-]

its really great to see the merging of two communities that honestly should have come together a long time ago. Working together using each others tools, services, man power and experience is the only way to move forward now to a brighter and large community.

[WildxYak]

I've already made some use from the update, small things admittedly but useful none-the-less.
On a side note, I've never had any 'security breaches' on my RS account through either tipit or SwiftKit and feel just as safe as before. I don't want to get involved or anything as I have no idea on the behind the scenes workings about any of this stuff!

[Plugpoint]

Awesome news!

[GrandZephyr]

Isn't Swiftkit the same third-party client that was hacked and used to harvest peoples' accounts through an applet?

[Kimberly]

GrandZephyr, on 29 July 2012 - 01:54 PM, said:

Isn't Swiftkit the same third-party client that was hacked and used to harvest peoples' accounts through an applet?

Their web domain was compromised - not the actual program itself. Stidor made a post which Zpoon copied over to Tip.it and included steps for removing what was put onto your machine if you weren't paying attention enough to let the applet run.

Quote

Zpoon, on 31 May 2012 - 01:44 AM, said:

Hey guys just thought I'd let you know we made a post explaining what happened and what's going on right now:

http://forums.zybez....ssue-explained/

Quote

One down side to SwiftKit being as popular and successful as it is, means that it has a giant target on it's back. Today we unfortunately experienced the effect of that., which is a shame really as we only exist to offer a free helpful tool to players...It really is unfortunate. As always though, we aim to be as transparent about the situation as possible.

At around 3am this morning it came to my attention that someone had gained access to the domain register's account that hosts SwiftKit.net. This allowed them to transfer the SwiftKit.net domain off our account and onto their own. Once they did this they were then able to change the webserver the domain points at, to their own malicious site. The problem was that it took around 5 hours for the domain to be rightfully returned back to us. So during this time the SwiftKit.net domain was pointing to a malicious website. We'll definitely be moving to a different domain registrar in the near future.

How was the intruder able to gain access to our domain account? By using a fake ID, or identity document to convince the domain hosting company to reset the e-mail address to their own. Then all they had to do was perform a simple password reset. We're very concerned that this could even happen in the first place, and that it took so long to re-gain control. We'll be looking forward to getting as far away as possible from this domain host.

So what does this mean for you as a user? Not too much, SwiftKit itself wasn't affected at all, just the domain. However If you were unfortunate enough to click accept or yes on any JAVA popups that came up I suggest do you a virus scan straight away and once clean change your password. You should never accept any JAVA requests from sources you don't trust. (It states the source in the popup)

We have seen this specific malware can be detected and removed by Microsoft Security Essentials. If you believe you have loaded SwiftKit in this small window and accepted any rogue Java confirmations, then it would be a good idea to run a full system scan.

SwiftKit itself has several layers of protection built into the updater to prevent anyone from being able to push out bogus updates. The only way you could be harmed is if you download or accept something yourself.

As it stands we now have full control of our domains and have taken temporarily steps to prevent such a situation from occurring again. DNS changes have been successfully apllied to many users and they should now be directed to the right, normal site. If you still are redirected incorrectly, try clearing your browser's history and cache, and also by going to Start > search for "cmd", and type in "ipconfig /flushdns". This will ensure the right DNS address is obtained from the server. In the coming future we will be looking to implement some permanent changes to further prevent such an occurrence, abandoning our current and frustrating registrar is one of them.

We understand our well-earned reputation has been tarnished by this horrible incident, and we understand many are wary using our products in the future. That trust is going to have to be earned back, and I know for some it will be difficult. I want to personally let everyone know the safety and security of all of our users are our #1 priority. The entire SwiftKit staff, including support from our users and Jagex moderators have hopefully showed everyone that we are serious about security.

If you have any hesitations or questions please don't hesitate to ask.

We're also going to be posting some specific ways of checking if you are indeed infected, and removal steps if you are. Gimmie a sec.

Edit: Detection and removal instructions:

1. Open Start
2. In search, type "regedit" and hit Enter
3. Navigate to "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows" using the folder dropdowns.
4. If there is a file or entry in the Windows folder called "Adobe Drivers", than you are infected and you require removal. If it doesn't exist, you are not infected.

Removal:

1. Right-click the taskbar and select "Start task manager"
2. In the Processes tab, end any process named "winsyl[Caution: Executable File]"
3. In the Registry Editor window you still should have open, right-click the "Adobe Drivers" folder and select Delete
4. Open Windows Explorer, enter in the URL %AppData%\Microsoft\Windows\
5. Delete the folder "Drivers"
6. As a safety measure, run a full system scan using a reputable anti-virus such as MSE.

You might've forgotten that because at the time you were very busy with crew work I think.

[Sentry_Wolf]

Wasn't excepting to see this at all! But delighted it has happened, two amazing additions. Really excited to things going forward for tip.it

[GarryGarry]

maa virus scanner   removes it when try to download oh well

[Stev]

Add it to the exceptions list.

A lot of virus scanners and browsers are having issues with the downloads because they no longer have their old 'reputation'. Take DGSweeper for example. It used to be hosted on AutoHotkey.net. So if DGSweeper(.)exe was downloaded from AuoHotkey.net/~DGSweeper/, it was recognised by browsers and anti-viruses as a safe download because it already had a reputation there from being downloaded so many times. It'll just take some time for that reputation to build at the new locations.

That's part of the reason, anyways.

[Downfall]

This is really cool! Tip.it has always been a great community and this partnership is awesome news

[MVP]

Hello Tip.it!

[Mercifull]

Don't care much for SwiftKit but I've used DGSweeper on the rare occasions I enter a dungeon so this is good news.

[LordAdib]

Excellent news. I've always liked the Tip.It community and am really glad to see this partnership taking place.

[Killerred005]

GarryGarry, on 30 July 2012 - 01:23 AM, said:

maa virus scanner   removes it when try to download oh well

Add it to your whitelist. It's a false positive. Or perhaps temporarily disable it (unplug internet, exit browser etc) while installing it, while reenabling it after.

[brainymidget]

Good to see Tip.it advancing so much recently.  The website design getting finished up at last and rolled out, and now these partnerships with two of the really great Third-party applications available.
It's a good time for Tip.it

[Matt258]

I do NOT Support this SK site. It is NOT a Supported Jagex Client & should not be allowed for anyone to use it. It was know to give Un-fair Advantages in the past (able to get on Full Worlds, hop wolrds faster) it was Hacked in the past few Months this Year iirc?

Tip.it please REMOVE this

[brainymidget]

While it is true that in the past it did allow you get into full worlds and hop faster, they did remove that feature when asked to by Jagex and they always try to comply with Jagex's wishes for things like this.
And the client was not hacked, it's site was.  But at one point Tip.it's site was hacked as well, does that mean you will stop trusting Tip.it from that point on?
If you don't wish to use Swiftkit, noone is forcing you.