Skip to Content
6-16-2008 @ 4:04PM
Wow, out of all that ramble and scare tactics, you actually manage to touch on two very good things, yet not make the CONNECTION.1) Hash values are good, they let you validate the file2) wowwiki provides a big list of mirrorsAnd the missing connection? Wowwiki also provides the hash values for every file so you can validate the file you downloaded from a mirror before you run it!It's great that you want to deter people from doing this for their own safety, but for some people bittorrent is not an option. That's why the mirrors exist. So how about actually EDUCATING users on how to protect themselves instead of just trying to scare them into never ever touching an exe file ever again?Oh, and on a side note, wowinterface also provides hashes for every addon they host. Had you taken the time to educate people on how to validate hashes, you could have shown them that the same security measure can be used with their addons as well.
6-16-2008 @ 4:54PM
The Bloggers Point is valid.His main assertion is --- USE THE OFFICIAL UPDATER.Any other means of grabbing the patch can be compromised, PERIOD. And hash values are not 'magic'. If Blizz is not giving out the hash value for the source file, any hash value created after the fact is suspect.Scenerio: Person A, who is associated with FilePlanet, downloads the patch onto their server. The downloading machine or the server is hacked to add a 'wrapper' to all EXE files. This wraper installs a trojan. Person A faithflully creates the hashcode for the file on the drive and publishes it. the File on the drive contains the virus + the wow update, and the user created hashcode reflects this.Person B downloads said file from FilePlanet, checks it's hash, it matches. Person B installs the file and feels safe.Story ends badly for both FilePlanet and Person B.Rules of security thumb:1.) If it is not coming from the vendors site, it is suspect.2.) Never run automatic installation/update programs [I don't even trust Microsofts]. These auto-updaters are key hack targets. [I'm looking at you Curse Gaming]3.) Never run an .exe, .com, .scr, or .bat associated with any email.I've followed my rules for 15 years of internet use. I've been hacked ONCE. And that was a microsoft exploit that was patched within 15 hours. Gamer sites will get you infected. If you don't believe it, you probably think that cigarettes don't cause cancer and sex doesn't get girls pregnant.
6-17-2008 @ 4:49PM
WHAT???? Girls can get pregnant from sex? Like... all girls? What about casual sex? Or phone sex? Wait... define sex.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.