I can't help but wondering; how safe is the wowace SVN against such hacking attempts? And what about WAU and the other updaters?
I'm sure SVN accts could be bruteforced fairly easily, there's a ton of them. But would that even do any good? Look at how the code nerds here have ripped apart the thing so far... putting it onto the SVN is like an open invitation for us to rip it up even more. Plus it would very quickly expose the hijacked account.
And AFAIK the updaters don't handle executables, only zip packages.
Honestly, trying to hijack addons was a big mistake, cause those are exactly the people you don't want ripping apart your little trojan. Back when it was just web page ads taking advantage of IE's holes it didn't really effect the devs... most of the time they're well beyond catching a bug from a web page... but sticking it into addon packages? Oh yea that's like jumping in the lion's cage and handing him a bottle of BBQ sauce.
Quote from Thalie »
At least Cairenn is handling it correctly... how long did it take the "other guys" to fix things?
How long did it take for the "other guys" to admit there was an issue?
And AFAIK the updaters don't handle executables, only zip packages.
True. But I was thinking more about the updaters themselves. In case of WAU that comes down to how secure this website is, I guess. (Wasn't WAU once located on sourceforge btw?)
True. But I was thinking more about the updaters themselves. In case of WAU that comes down to how secure this website is, I guess. (Wasn't WAU once located on sourceforge btw?)
If I am not mistaken, all SF code was removed recently by Sylv. But I could be wrong.
Thanks for the headsup Seerah. Wowinterface are usually spot on but their file server was directly accessed. Nasty that. :( Imagine if they got access to wowace files, eek doesn't bare thinking of.
WAU when dowloaded from this site is safe when downloaded *via the clickonce link*. If it has been altered it wont install. If you download an exe install, you can always click the download link, and it will validate your local copy. This is why clickonce was used.
I have turned the digital keys over to Kaelten, so I am no longer the only person with a copy of them. In fact he built WAU himself and the latest update came from him.
I pulled WAU off SF.NET. Don't get me started on how much I hate OSS after my experience with WAU.
-
View User Profile
-
View Posts
-
Send Message
Curse Premiumhttp://www.wowinterface.com/forums/showthread.php?t=13805
http://forums.worldofwarcraft.com/thread.html?topicId=3168328825&sid=1&pageNo=1
-
View User Profile
-
View Posts
-
Send Message
Curse Premiumhttp://www.wowinterface.com/forums/showthread.php?p=77361#post77361
I'm sure SVN accts could be bruteforced fairly easily, there's a ton of them. But would that even do any good? Look at how the code nerds here have ripped apart the thing so far... putting it onto the SVN is like an open invitation for us to rip it up even more. Plus it would very quickly expose the hijacked account.
And AFAIK the updaters don't handle executables, only zip packages.
Honestly, trying to hijack addons was a big mistake, cause those are exactly the people you don't want ripping apart your little trojan. Back when it was just web page ads taking advantage of IE's holes it didn't really effect the devs... most of the time they're well beyond catching a bug from a web page... but sticking it into addon packages? Oh yea that's like jumping in the lion's cage and handing him a bottle of BBQ sauce.
How long did it take for the "other guys" to admit there was an issue?
True. But I was thinking more about the updaters themselves. In case of WAU that comes down to how secure this website is, I guess. (Wasn't WAU once located on sourceforge btw?)
If I am not mistaken, all SF code was removed recently by Sylv. But I could be wrong.
-
View User Profile
-
View Posts
-
Send Message
Curse PremiumI have turned the digital keys over to Kaelten, so I am no longer the only person with a copy of them. In fact he built WAU himself and the latest update came from him.
I pulled WAU off SF.NET. Don't get me started on how much I hate OSS after my experience with WAU.
-
View User Profile
-
View Posts
-
Send Message
Curse PremiumIf anything get the source code and compile them yourself :P