I can't help but wondering; how safe is the wowace SVN against such hacking attempts? And what about WAU and the other updaters?
I'm sure SVN accts could be bruteforced fairly easily, there's a ton of them. But would that even do any good? Look at how the code nerds here have ripped apart the thing so far... putting it onto the SVN is like an open invitation for us to rip it up even more. Plus it would very quickly expose the hijacked account.
And AFAIK the updaters don't handle executables, only zip packages.
Honestly, trying to hijack addons was a big mistake, cause those are exactly the people you don't want ripping apart your little trojan. Back when it was just web page ads taking advantage of IE's holes it didn't really effect the devs... most of the time they're well beyond catching a bug from a web page... but sticking it into addon packages? Oh yea that's like jumping in the lion's cage and handing him a bottle of BBQ sauce.
Quote from Thalie »
At least Cairenn is handling it correctly... how long did it take the "other guys" to fix things?
How long did it take for the "other guys" to admit there was an issue?
WAU when dowloaded from this site is safe when downloaded *via the clickonce link*. If it has been altered it wont install. If you download an exe install, you can always click the download link, and it will validate your local copy. This is why clickonce was used.
I have turned the digital keys over to Kaelten, so I am no longer the only person with a copy of them. In fact he built WAU himself and the latest update came from him.
I pulled WAU off SF.NET. Don't get me started on how much I hate OSS after my experience with WAU.