Forums

RS-Linkify Thread is sticky

Quick find code: 261-262-33-65181208

Indecent Act

Indecent Act

Posts: 7,456 Rune Posts by user Forum Profile RuneMetrics Profile
^I've sent so many emails about that.

I wonder did they read any of them. They have never replied to any security issues I've raised so I guess I'll never know.

Anyway it's a shame it's too late, the original log in names are all known for just about every active player. They shouldn't have made them public in the first place imo, there was no need for that.

12-Oct-2014 23:24:08 - Last edited on 12-Oct-2014 23:34:21 by Indecent Act

Indecent Act

Indecent Act

Posts: 7,456 Rune Posts by user Forum Profile RuneMetrics Profile
Ryan M said :
Is it sad that this is the first I've heard about this? :(


Nah, but it's sad that this has existed since the beginning of seasonal hiscores.

Also a slight variation of parameters on one of the API's meant even if the player wasn't ranked in seasonal hiscores, their login name could still be retrieved.

My sister's account confirmed this, since she wasn't ranked and uses a different display name.

Now it's been fixed that I don't mind speaking about it, however I kept it very quiet for obvious reasons. I'm pretty sure plenty of other people knew (API's were on the official wiki).

My main issue was that the information is helpful for account hijackers and basically had no other use at all. It's good it's been fixed, but sadly plenty of info has been retrieved in the last year or so. That could have easily been prevented. Sure mistakes are made, but I let them know many many times over the last year. That to me is a long time to ignore an issue.

13-Oct-2014 02:14:38 - Last edited on 13-Oct-2014 02:22:17 by Indecent Act

Indecent Act

Indecent Act

Posts: 7,456 Rune Posts by user Forum Profile RuneMetrics Profile
@Morgypie,

They can be thumbnailed, where the same image appears more than once on the same page. That option was made with quotes in mind.

The original option did make them spoilers, but that was changed long ago based on feedback. The thumbnails were better received.

http://i.imgur.com/Tvh39OF.png

This post
http://i.imgur.com/g8Dfsif.png

quoted down the page looks like...
http://i.imgur.com/yS4EgME.png

This worked better than completely hiding the image, particularly where there are multiple posts by the same person all containing a different image. If quoted, at a glance you know what image the quote is relating to.

13-Oct-2014 06:17:37 - Last edited on 13-Oct-2014 06:31:18 by Indecent Act

Quick find code: 261-262-33-65181208 Back to Top