Security Problem

[wweyland]

So I have heard that there is a backdoor that hackers can use to gain access to your computer when using Carbonite. Anyone know anything about this security problem if it does exist.

Thanks,
wweyland

[Mycroftxxx1]

Carbonite the PC backup product or Carbonite the World of Warcraft addon?

[wweyland]

Carbonite the WOW addon.


wweyland

[mankeluvsit]

whered u hear this, source?

[wweyland]

One of the people in my guild said he was told by a programmer that there was a backdoor that a hacker can use in the WoW addon carbonite. Evidently, it would allow access to the computer running the Wow addon carbonite and the progarmmer said he had done it. The information is about a year old and I was wondering if it had been fixed. I love the addon so much that I have paid for 2 copies of it before Blizzard changes their stupid rule on addons.

[MidgetMage55]

So far as i understand it addons run in a sandboxed enviornment. Meaning that they can not access anything outside of WoW. They also only run when WoW is running. I highly doubt your guild mates "programmer friend" has accurate information.

If this person is so sure of it i would like to see his proof.

[Petrah]

Originally Posted by MidgetMage55 If this person is so sure of it i would like to see his proof.

You might be waiting for quite awhile, since no such proof exists for any version of Carbonite downloaded from the original Carbonite site, WoW Interface, or Curse.

Now if people downloaded illegal copies obtained from anywhere other than the Carbonite site, before Blizz changed the rules, then it's fair to say that the dummy who did so probably got something they didn't intend to get.

[Elhana]

Put it this way - while there is a theoretical chances wow client contains bugs that could allow code execution, in reality chances are close to zero.

Addon itself however could do some nasty things within WoW and since Carbonite code is a one big obfuscated piece of **** you can't really find out easy way, so you have to trust the authors if you want to use it.

[carboniteaddon]

Originally Posted by Elhana Put it this way - while there is a theoretical chances wow client contains bugs that could allow code execution, in reality chances are close to zero. Addon itself however could do some nasty things within WoW and since Carbonite code is a one big obfuscated piece of **** you can't really find out easy way, so you have to trust the authors if you want to use it.

No, you would have to trust Blizzard, since they are the ones that block addons from doing anything except the specific game functions they allow. Blizzard is not stupid. If they allowed addons to access files, the internet or your password then plenty of jerks would be throwing bits of lua code into a popular addon and uploading it somewhere as a new version. It does not happen.

Addons are zip files containing lua code, xml, text, graphics and sound files. Lua code is a script compiled by the game to access game functions. There is no directly executable code in the Carbonite zip files we distribute.

Email is the most common way of getting hacked as described here:
http://www.wikihow.com/Avoid-Getting...our-Windows-PC

I get several emails a week with fake links to websites that would try to infect me through my browser, which is why I use FireFox with the NoScript addon. I read the link destination at the bottom of the browser window before I click most links, but if I forget, then NoScript stops malicious code before it can run.

[carboniteaddon]

Originally Posted by MidgetMage55 I highly doubt your guild mates "programmer friend" has accurate information. If this person is so sure of it i would like to see his proof.

It would be easy to prove if it could happen. All game functions Carbonite uses are plainly visible in the lua files. A simple text search for "open file", "write file", "do evil function", "blah", would find it. The game has no lua read/write file type of functions, since Blizzard removed them from the lua engine they compiled into the game.

[Elhana]

Originally Posted by carboniteaddon No, you would have to trust Blizzard, since they are the ones that block addons from doing anything except the specific game functions they allow.

Actually I meant there is always a chance of buffer overflow or similar type of bug in lua that would allow code execution outside of wow sandbox environment, therefore said unlikely. There is 1001 other ways to hack someone.