SniperCharlie
03-18-2011, 03:21 PM
From the word of Notch:
Warning: Some malicious client mods are stealing passwords
When you install a mod, the mods gets full access to your computer, and can do ANYTHING to it.
Make sure you absolutely trust the source before installing any such mods.This applies to both server mods and client mods.
I don’t know which mods are the culprits.
When the modding support is added, there will be support for sandboxing mods to give them less access to important stuff. You can chose to trust a mod if you want to, and if it needs to do fancy things, but the default will be to run the mod sandboxed.
And this is from forums.bukkit.org:
It has recently come to our attention that a list of Minecraft usernames and passwords have been posted online and we urge everyone to read the following announcement found on MCBans.com:
We urge everyone in the Minecraft community to change their Minecraft.net passwords ASAP. Please read below for tips on how to create a better password before doing so.
It recently came to our attention that a list of approximately 1,000 Minecraft account names and passwords were made freely available on the internet. We believe this list consists of information collected by a group of malicious users from a well known "griefing team". How the information in this list was obtained is not sure, but we suspect they collected them through the use of hacked clients that pretend to only give you extra features like flying or seeing through blocks but actually send your account information to the creators as well.
The first thing we did when we acquired this information was to inform Mojang of this crisis, however, we feel we can do a bit more for the community while we wait for them to handle the situation properly as we've learned that there's a high possibility that the griefing team is aware that their list has been made public. As such, we are going to be pre-emptively banning compromised accounts with an informative reason. Unfortunately, MCBans did not have a means of merely informing compromised accounts that their username and password have been discovered, so banning them with a brief message telling them so is the only option.
If there is ONE thing you read in this announcement, it should be this: we urge everyone to go and change their passwords NOW, keeping in mind the following tips on creating better passwords:
* Passwords should not contain words found in the dictionary
* Passwords should contain a mixture of upper and lowercase characters.
* Passwords should contain a mixture of letters and numbers.
* Passwords should contain punctuation characters and symbols such as: % & + - = #.
* Choose a password you can remember but don't make it too easy.
* Passwords should be at LEAST 8 characters in length, but 14 or more is preferable.
Please help us by sharing this information with everyone you know and getting them to change their Minecraft.net passwords.
To see if you're one of the people on the list, use this site:
http://dinnerbone.com/minecraft.php
However, we still encourage everyone to change their passwords anyway.
If you are on the list, please feel free to PM Dinnerbone with a list of 3rd party mods you use so we can figure out what mod it was (if it was any of the public ones found within the Minecraft community).
In light of this security issue, we feel it is time to make our CraftBukkit Recommended Builds public. We've been hard at work plugging up known exploits to prevent them from more easily griefing or taking down your server with whatever knowledge we have. As such, we are moving to make our Recommended Builds for CraftBukkit more official and known ASAP. We want everyone in the Minecraft community to benefit from the exploit fixes we've made to the Minecraft server by switching to Bukkit, until Mojang has dealt with things properly themselves. While we're still in talks with Mojang about licensing and their stance on Minecraft server modding, we feel this is a more than good enough reason to release our Recommended Builds to the public.
Moments like this I'm really happy for being one of the few that never use a Minecraft mod.:o
P.S.:I think this thread should be stickied in the mods section.
Warning: Some malicious client mods are stealing passwords
When you install a mod, the mods gets full access to your computer, and can do ANYTHING to it.
Make sure you absolutely trust the source before installing any such mods.This applies to both server mods and client mods.
I don’t know which mods are the culprits.
When the modding support is added, there will be support for sandboxing mods to give them less access to important stuff. You can chose to trust a mod if you want to, and if it needs to do fancy things, but the default will be to run the mod sandboxed.
And this is from forums.bukkit.org:
It has recently come to our attention that a list of Minecraft usernames and passwords have been posted online and we urge everyone to read the following announcement found on MCBans.com:
We urge everyone in the Minecraft community to change their Minecraft.net passwords ASAP. Please read below for tips on how to create a better password before doing so.
It recently came to our attention that a list of approximately 1,000 Minecraft account names and passwords were made freely available on the internet. We believe this list consists of information collected by a group of malicious users from a well known "griefing team". How the information in this list was obtained is not sure, but we suspect they collected them through the use of hacked clients that pretend to only give you extra features like flying or seeing through blocks but actually send your account information to the creators as well.
The first thing we did when we acquired this information was to inform Mojang of this crisis, however, we feel we can do a bit more for the community while we wait for them to handle the situation properly as we've learned that there's a high possibility that the griefing team is aware that their list has been made public. As such, we are going to be pre-emptively banning compromised accounts with an informative reason. Unfortunately, MCBans did not have a means of merely informing compromised accounts that their username and password have been discovered, so banning them with a brief message telling them so is the only option.
If there is ONE thing you read in this announcement, it should be this: we urge everyone to go and change their passwords NOW, keeping in mind the following tips on creating better passwords:
* Passwords should not contain words found in the dictionary
* Passwords should contain a mixture of upper and lowercase characters.
* Passwords should contain a mixture of letters and numbers.
* Passwords should contain punctuation characters and symbols such as: % & + - = #.
* Choose a password you can remember but don't make it too easy.
* Passwords should be at LEAST 8 characters in length, but 14 or more is preferable.
Please help us by sharing this information with everyone you know and getting them to change their Minecraft.net passwords.
To see if you're one of the people on the list, use this site:
http://dinnerbone.com/minecraft.php
However, we still encourage everyone to change their passwords anyway.
If you are on the list, please feel free to PM Dinnerbone with a list of 3rd party mods you use so we can figure out what mod it was (if it was any of the public ones found within the Minecraft community).
In light of this security issue, we feel it is time to make our CraftBukkit Recommended Builds public. We've been hard at work plugging up known exploits to prevent them from more easily griefing or taking down your server with whatever knowledge we have. As such, we are moving to make our Recommended Builds for CraftBukkit more official and known ASAP. We want everyone in the Minecraft community to benefit from the exploit fixes we've made to the Minecraft server by switching to Bukkit, until Mojang has dealt with things properly themselves. While we're still in talks with Mojang about licensing and their stance on Minecraft server modding, we feel this is a more than good enough reason to release our Recommended Builds to the public.
Moments like this I'm really happy for being one of the few that never use a Minecraft mod.:o
P.S.:I think this thread should be stickied in the mods section.