Also on AOL
- Autos
- Technology
- Lifestyle
- Gaming
- Finance
- Entertainment on AOL
- Lifestyle on AOL
- Sports on AOL
- Travel on AOL
- More on AOL
Featured Galleries
Joystiq
© 2013 AOL Inc. All rights Reserved. Privacy Policy | Terms of Use | Trademarks | AOL A-Z HELP | About Our Ads
Reader Comments (Page 1 of 1)
6-16-2008 @ 4:04PM
Tekkub said...
Wow, out of all that ramble and scare tactics, you actually manage to touch on two very good things, yet not make the CONNECTION.
1) Hash values are good, they let you validate the file
2) wowwiki provides a big list of mirrors
And the missing connection? Wowwiki also provides the hash values for every file so you can validate the file you downloaded from a mirror before you run it!
It's great that you want to deter people from doing this for their own safety, but for some people bittorrent is not an option. That's why the mirrors exist. So how about actually EDUCATING users on how to protect themselves instead of just trying to scare them into never ever touching an exe file ever again?
Oh, and on a side note, wowinterface also provides hashes for every addon they host. Had you taken the time to educate people on how to validate hashes, you could have shown them that the same security measure can be used with their addons as well.
Reply
6-16-2008 @ 4:54PM
Candina@WH said...
The Bloggers Point is valid.
His main assertion is --- USE THE OFFICIAL UPDATER.
Any other means of grabbing the patch can be compromised, PERIOD.
And hash values are not 'magic'. If Blizz is not giving out the hash value for the source file, any hash value created after the fact is suspect.
Scenerio: Person A, who is associated with FilePlanet, downloads the patch onto their server. The downloading machine or the server is hacked to add a 'wrapper' to all EXE files. This wraper installs a trojan. Person A faithflully creates the hashcode for the file on the drive and publishes it. the File on the drive contains the virus + the wow update, and the user created hashcode reflects this.
Person B downloads said file from FilePlanet, checks it's hash, it matches. Person B installs the file and feels safe.
Story ends badly for both FilePlanet and Person B.
Rules of security thumb:
1.) If it is not coming from the vendors site, it is suspect.
2.) Never run automatic installation/update programs [I don't even trust Microsofts]. These auto-updaters are key hack targets. [I'm looking at you Curse Gaming]
3.) Never run an .exe, .com, .scr, or .bat associated with any email.
I've followed my rules for 15 years of internet use. I've been hacked ONCE. And that was a microsoft exploit that was patched within 15 hours.
Gamer sites will get you infected. If you don't believe it, you probably think that cigarettes don't cause cancer and sex doesn't get girls pregnant.
6-17-2008 @ 4:49PM
Zali said...
WHAT???? Girls can get pregnant from sex? Like... all girls? What about casual sex? Or phone sex?
Wait... define sex.