Joe Rutkowski

Idle Earth, iClover, and Dock Penguins

Us here at #iamthewalrus do raids frequently, but tonight we went in a different direction. A few weeks ago Sebastian from MCCP informed me about an oh exploitable problem in many browsers that’s really great for social engineering and phishing. So tonight, we tried the technique on Dock Penguins, a pretty good sized forum run by wweadam. Although the campaign didn’t really get too far, only compromising one account (hence, Idle Earth), the real hilarity comes in the response from the forum’s userbase (hence, iClover, also known as ninjaboycp on Club Penguin HQ).

^{click here for full size} In record time, iClover made a thread on Dock Penguins telling us that our attack had failed, all the while completely missing the point of the attack in it’s entirety. But last but not least, Idle Earth’s post in the aforementioned thread. Hey, who doesn’t like irony? ^{click here for full size}