World of Warcraft Account Security

***Cairenn*** · 10-18-05, 01:18 PM

In light of all the recent warnings from Blizzard we thought that a reminder here, as well, would be appropriate.

Users:

a) Never use an executable from an unknown source. If you want to use something that requires an executable, make sure you get it from a trusted source;
b) Never give out your World of Warcraft log-in information to anyone. There are only TWO places outside of the game where you should EVER enter your password. Both of them are located on World of Warcraft's official website:
1. Account Management (http://www.worldofwarcraft.com/account)
2. The Official Game Forums (http://forums.worldofwarcraft.com)

Authors:

a) Remember to include your source code any time you upload an executable to our site, whether it’s a first time upload or an update to an existing mod. We will verify the source code is safe and remove it from your zip file before approving your mod for download. If you do not include your source code, we will contact you asking for it. If you still do not provide it to us, we will remove your upload;
b) Do not post any form of executable as an attachment to a message in the forums. They will be removed, and you will be asked to upload it and provide source code for security verification

Please note: Any executable uploaded to our site that is found to contain malicious code of any form (Trojan, keylogger, spyware, virus, etc.) will result in all information we have concerning the user being forwarded to Blizzard’s legal department, as well as any further action we may take against you, not the least of which will include an automatic and permanent ban from all of our sites.

guice · 10-18-05, 01:41 PM

Since LUA files are all plain text, why not just deny any executables?

This will prevent somebody from uploading an executable and supply you with fake source codes.

***Cairenn*** · 10-18-05, 01:57 PM

Guice, there are some times reasonable purposes behind executables. As an example, GypsyMod provides a patcher, for those that wish to use it, that make it easier for the joe_average_user to update after a patch. We have no problem with allowing Mondinga to host his executable with us, as he has let us view his source code, and he is well known and respected members of the community, etc. There are other examples I can use, but the point is that there are times and reasons that executables aren't a bad thing, and sometimes even *necessary* things.

We obviously don't accept executables from brand new members with no history or standing in the community, just as we obviously rely on our members to let us know if someone attaches a zip with an .exe inside it on the forums.

Also note that this was a general reminder for folks to be careful.

guice · 10-19-05, 11:19 AM

That works for me. The initial impression of the post gave the feel that you were accepting course from anybody, reguardless of their background, as long as they provided the source code.

Now I see you'll only accept them from reputable sources, that works for the better.