I can still see the site and the virus is still there.
Yah I noticed that, They should look at going to WoWI's method of AddOn upload approval, aka a real life human being actually looking at it and taking it apart. Sure its a bit slower however its more secure. The only time that can I think of that WoWI had a keylogger issue, someone acutally had to hack the file server and even then it was the backup file server they managed to get into, not the primary one.
I don't have to put up with you saying that myself or one of my peers at Curse condone uploading of viruses.
I don't have to put up with you running around doing nothing constructive but slandering my name and the name of those who are trying to bust their collective asses for the community.
You are not welcomed here if your goal is to do nothing to but throw accusations, not only at myself and the company I work for but at the other community members who
are in no way affiliated with Curse.
I've been very patient, stop pressing your luck.sd
Yeah, like I'm the only one coming to conclusions. Just read the official Blizzard forums...
Everything that "happened" to WoWUI is beneficial to cursed.com in every single way.
You have to pretend way more often that none of you or your bootlickers had nothing to do with it. You don't sound convinced yourself...
Yah I noticed that, They should look at going to WoWI's method of AddOn upload approval, aka a real life human being actually looking at it and taking it apart. Sure its a bit slower however its more secure. The only time that can I think of that WoWI had a keylogger issue, someone acutally had to hack the file server and even then it was the backup file server they managed to get into, not the primary one.
And please tell me why they are still letting files get upload??
A few people may be aware of the fact that I moderated the UI forum on Worldofwar for some time. I got de-modded a while back for moaning at their Admins over a few issues and not agreeing with them in public, I could see their point and couldn't complain to be honest. Now I still post there because I know some of the community but the admins there are so frustrating. This whole virus thing doesn't surprise me at all, I've been telling them for months that the UI forum needs a dedicated moderator and that person should have UI site moderator permissions as well. I saw that thread about 30mins after it was posted and could have sorted it instantly but we had to wait for an admin to come online and even then it seemed to take hours to actually get sorted. How hard can it be to delete a mod or at least suspend it while you check it out?
It's just another issue in the list of ways that Worldofwar doesn't seem to give a damn about any of its users. Their updater was removed months ago when it turned out an author had stolen some of the code from somewhere else. Their site has a whole bunch of sessions issues that are absolutely not machine or browser specific and yet they "can't repoduce them". They ban links to Wowhead "because it's run by goldsellers" when the reason is obviously because they want people to use the utterly pathetic and outdated Wowdigger. And the UI forum is a complete mess with posts in the wrong forums and no moderator despite being close to the most read forum on there, and it has stickies made by an ex-moderator (me) which haven't been updated for months.
I really can't undestand the philosphy or attitude of the people who run that site. I post for the sake of the community which I clearly care a lot more about than they do. I'm not the only long-term user who feels that way and really we should just leave and see how dead the forums are then.
What sucks is when sites like Wowace get dragged into this. But considering Worldofwar's lack of interest in its own reputation I can't say I really expect them to care about anyone elses. Still it's a shame and I'm sorry to be associated with it even if my name there is no longer green.
It's a shame to see this kind of thing. I suppose as long as some people think virtual gold is worth real money, they'll keep trying. :(
I wonder, though. Interface addons don't ever use executables. The few things that might, like the WoWAceUpdater, well, you could put them through extra scrutiny.
Why doesn't WoWUI at least check the archive, unpack it, and reject (or at least, delay for a human moderator to approve later) any interface addons that are possibly risks? Something like, it requires moderator approval if any of the files has an extension other than toc, lua, xml, mp3, blp, tga, ttf or txt, or if any of the files' first two bytes are "MZ"?
That might help slow these guys down; I'm not sure for how long, but it might at least help keep their trojans off of the major sites.
It has to be someone from cursed.com. They aim to sabotage their competitors because they missed the opportunity to overcome them by service and quality.
If you use the cursedupdater you are supporting organized crime!
Think about it! Maybe there is even a cursed-mole inside wowui which uploaded the keylogger bypassing all approval-protocols.
It can't be a coincidence that wowui gets attacked after the massive failure of cursedclient!
Yeah, like I'm the only one coming to conclusions. Just read the official Blizzard forums...
Everything that "happened" to WoWUI is beneficial to cursed.com in every single way.
You have to pretend way more often that none of you or your bootlickers had nothing to do with it. You don't sound convinced yourself...
I don't normally resort to name-calling on forums, but you sir are an idiot. Kaelten exercised more patience with you than you deserved. Also, IT'S CURSE.COM NOT CURSED.COM, LEARN TO READ.
worldofwar.net doesn't need help to ruin its reputation for being a keylogger-ridden site. Their lackadaisical (omg I spelled it right) attitude towards site security is ruining their reputation for them.
Why doesn't WoWUI at least check the archive, unpack it, and reject (or at least, delay for a human moderator to approve later) any interface addons that are possibly risks? Something like, it requires moderator approval if any of the files has an extension other than toc, lua, xml, mp3, blp, tga, ttf or txt, or if any of the files' first two bytes are "MZ"?
What annoys me most about this is how the admins have previously declared that there is no way any mods on their site can have a virus. Everytime I post that it's rubbish: no virus scanner is flawless and it has happened before, but still this claim gets made. Inevitably it has happened again but I bet they will "make improvements" and then continue to make this claim.
Of course you're right, if it just filtered any file beyond a few specific types then you make this kind of attack impossible - add this a decent AV and you have a good security system.
They also claim that all addons are checked manually before being accepted but no UI site mod/admin has admited to accepting these ones so I suspect someone was being lazy and just checking them off without looking. A mod called "CurseClient" on Worldofwar should be a big clue that something isn't right!
Apparently they got fooled by the trojans being double-zipped or something, which I find hilarious. Also, using a virus scanner on something doesn't guarantee that it's safe, especially on a site which is likely to be the distribution point from which new (i.e., that no virus scanner yet knows about) trojans are released into the wild.
It's pretty failsafe to reject all zips (or recursive zips) with exe and other executable extensions independent of whether they contain check positive for a virus or not. If someone wants to up a legit exe make them go through extra hoops like email submission and manual adding to the site.
Funny you should say that. I knew this quote was somewhere, finally found it:
you have as much chance of getting something dodgy from any site as you do from this one and I think this is the only site that does not accept executable files so we are playing it super-safe for all users
And please tell me why they are still letting files get upload??
I was referring to WoWI's approval method where a Real Human Being (not a program) actually looks at the mod in question, takes it apart (especially EXEs) and scans it three ways to Sunday looking for any trouble. That is what WoWUI should be using. However WoWUI seems to use only an automated Virus scan (which can be fooled, especially if the virus scanner does not have definations for the malware in question and most virus scanners don't catch other forms of malware). WoWUI should use WoWI's method, they don't have the site upload volume that WoWI has (judging from both sites front page and Fin's WoWMods (my update checker of choice ;D) site,
Tunga I am glad to see you around these parts. I am Xinh although you haven't seen my name on WoWUI in a long time due my misgivings with that site. They still haven't learned. I was suprised to read that WoWUI does not have a dedicated UI moderator. It would seem they don't have an Admin that is not on EU time either.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
Edit: BAH! back up and it still has the file.
Yah I noticed that, They should look at going to WoWI's method of AddOn upload approval, aka a real life human being actually looking at it and taking it apart. Sure its a bit slower however its more secure. The only time that can I think of that WoWI had a keylogger issue, someone acutally had to hack the file server and even then it was the backup file server they managed to get into, not the primary one.
Yeah, like I'm the only one coming to conclusions. Just read the official Blizzard forums...
Everything that "happened" to WoWUI is beneficial to cursed.com in every single way.
You have to pretend way more often that none of you or your bootlickers had nothing to do with it. You don't sound convinced yourself...
And please tell me why they are still letting files get upload??
It's beyond time to show the world just how many keyloggers have originated from worldofwar.net.
I don't have to sound convinced, I have nothing to defend against, and I certainly don't have to prove myself to you.
You're gone, all three of your accounts. If you decide you want to make another one fine, but change your attitude or the same will happen.
It's just another issue in the list of ways that Worldofwar doesn't seem to give a damn about any of its users. Their updater was removed months ago when it turned out an author had stolen some of the code from somewhere else. Their site has a whole bunch of sessions issues that are absolutely not machine or browser specific and yet they "can't repoduce them". They ban links to Wowhead "because it's run by goldsellers" when the reason is obviously because they want people to use the utterly pathetic and outdated Wowdigger. And the UI forum is a complete mess with posts in the wrong forums and no moderator despite being close to the most read forum on there, and it has stickies made by an ex-moderator (me) which haven't been updated for months.
I really can't undestand the philosphy or attitude of the people who run that site. I post for the sake of the community which I clearly care a lot more about than they do. I'm not the only long-term user who feels that way and really we should just leave and see how dead the forums are then.
What sucks is when sites like Wowace get dragged into this. But considering Worldofwar's lack of interest in its own reputation I can't say I really expect them to care about anyone elses. Still it's a shame and I'm sorry to be associated with it even if my name there is no longer green.
I wonder, though. Interface addons don't ever use executables. The few things that might, like the WoWAceUpdater, well, you could put them through extra scrutiny.
Why doesn't WoWUI at least check the archive, unpack it, and reject (or at least, delay for a human moderator to approve later) any interface addons that are possibly risks? Something like, it requires moderator approval if any of the files has an extension other than toc, lua, xml, mp3, blp, tga, ttf or txt, or if any of the files' first two bytes are "MZ"?
That might help slow these guys down; I'm not sure for how long, but it might at least help keep their trojans off of the major sites.
GI JOE!
Seconded.
I don't normally resort to name-calling on forums, but you sir are an idiot. Kaelten exercised more patience with you than you deserved. Also, IT'S CURSE.COM NOT CURSED.COM, LEARN TO READ.
worldofwar.net doesn't need help to ruin its reputation for being a keylogger-ridden site. Their lackadaisical (omg I spelled it right) attitude towards site security is ruining their reputation for them.
Of course you're right, if it just filtered any file beyond a few specific types then you make this kind of attack impossible - add this a decent AV and you have a good security system.
They also claim that all addons are checked manually before being accepted but no UI site mod/admin has admited to accepting these ones so I suspect someone was being lazy and just checking them off without looking. A mod called "CurseClient" on Worldofwar should be a big clue that something isn't right!
http://wowui.worldofwar.net/?p=mod&m=6663
about time.
http://www.worldofwar.net/forums/showpost.php?p=4117253&postcount=3
Guess not!
I was referring to WoWI's approval method where a Real Human Being (not a program) actually looks at the mod in question, takes it apart (especially EXEs) and scans it three ways to Sunday looking for any trouble. That is what WoWUI should be using. However WoWUI seems to use only an automated Virus scan (which can be fooled, especially if the virus scanner does not have definations for the malware in question and most virus scanners don't catch other forms of malware). WoWUI should use WoWI's method, they don't have the site upload volume that WoWI has (judging from both sites front page and Fin's WoWMods (my update checker of choice ;D) site,
Tunga I am glad to see you around these parts. I am Xinh although you haven't seen my name on WoWUI in a long time due my misgivings with that site. They still haven't learned. I was suprised to read that WoWUI does not have a dedicated UI moderator. It would seem they don't have an Admin that is not on EU time either.