Originally Posted by Shadowed
Even then, if somehow the bug popped up, an addon would have to take advantage of it and actually get the information out to a Bad Person. The addon systems sandbox already means the damage addons can do with your information is very limited.
|
It's possible from there it might be mailed to someone else on the realm or PST'ed to somewhere.
This would mean the hacker would need to have a toon logged in 24 hours a day on every single realm out there both Horde and Alliance . Maybe with an auto message taker or something. With the 50 toon limit per account that's a fair amount of accounts. Not really worth it when there is other hacking attack vectors with a much greater payload and are easier.
I admit though the other possibility would be a master addon and a slave type addon that gets installed via social engineering. The slave type addon would have to be disguised as something else like a build of a populour addon except with this listening code embeded in it.
But the thing is. The addon community has so far been excellent at self-policing itself. There isn't any way that this sort of scam would be put up with in the community and if it was found out then there's no way the community will be quiet about it. There will be guides to telling you how to remove including addons written to block it. As long as you are getting addons from Curse and Wowinterface both of whom have teams that verify every upload there shouldn't be a problem with this.
The other thing is *despite* knowing the function names and what they return we have very little information about how they work and if what they return is in a form that we can use. For all we know they could all be Protected and what's returned is only for Blizzard addon and code to read and is encrypted.
I've not seen anything about anyone playing around with those functions ... Shadow you up for it ? Wanna mail me an addon to play around with this on the PTR ?