Silent Watch Forum Index
FAQ  Search  Memberlist  Usergroups  Log in   Register
Author Message
<  Macros and Addons  ~  Real ID fix
Kiretsu
PostPosted: Thu Jul 08, 2010 5:38 pm  Reply with quote
Moderator


Joined: 04 Jun 2005
Posts: 2628
Location: Hanover, MD
This is something everyone should probably download if you are at all concerned about your privacy:

Mod

Info is as follows:
______________________________________________________

There is currently an exploit in the WoW implementation of Real ID that exposes the Real Name on the account of the character your are currently logged into:
/run BNSendWhisper(BNGetInfo(),"Test")

If you run the above you will receive a whisper from yourself via the Battle.Net system and of course the system will show who you are whispering/receiving the whisper from. As a result your Real Name can be exposed by addons.

An AddOn could trivially do this and then hide the outgoing and incoming whispers from you with the chat system.

If this makes you uncomfortable there are two ways to protect yourself from this:

a) Disable the Real ID system entirely by turning on the Parental Controls feature. You will be removed from all Real ID friends lists and will have no Real ID friends if you do this. You can do this at:
http://battle.net/parents

b) Install my BlizzBugsSuck addon that contains several other fixes to Blizzard UI bugs as well as a block to prevent an addon from using this. You can find my addon at:
http://wow.curse.com/downloads/wow-addons/details/blizzbugssuck.aspx
or
http://www.wowinterface.com/downloads/info17002-BlizzBugsSuck.html

Some things to note, the addon solution can be gotten around by making sure that the addon that wishes to exploit the problem loads before my addon. To attempt to avoid this BlizzBugsSuck installs with the name !BlizzBugsSuck. Any addon that has a name that would sort earlier in ASCII should be viewed with suspicion unless it has a legitimate reason to be named that way (!BugGrabber and !Swatter are examples of addons with legitimately early sorted ascii names, but even they do not sort before !BlizzBugsSuck).

The AddOn method does not mitigate a small risk from the BN_NEW_PRESENCE event. This event will fire with your real name as an argument, only if you reconnect to the Battle.Net server while connected to the game, see the next post below for further details on this risk.

Credit to the person who as far as I know was the original finder of the exploit:
http://forums.wow-europe.com/thread.html?topicId=13816898018

______________________________________________

And example of how you can be unprotected with Gearscore 3.2 viewing some random person:

Back to top
View user's profile Send private message AIM Address
Edge
PostPosted: Mon Jul 19, 2010 3:19 pm  Reply with quote
Moderator


Joined: 25 May 2005
Posts: 1310
Location: Madness
Thanks. Didn't know I could disable realid entirely, which is what I'll probably end up doing. No intention of ever using it.
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
All times are GMT - 5 Hours

View next topic
View previous topic		 Page 1 of 1
Silent Watch Forum Index  ~  Macros and Addons

Post new topic   Reply to topic


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Powered by phpBB and Ad Infinitum v1.06
Protected by Anti-Spam ACP