EVE Search - Warning! EVEMon contains keylogger (possibly*)

Check My IP Information

All Channels

EVE General Discussion

Warning! EVEMon contains keylogger (possibly*)

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: [1] :: one page

Author	Thread Statistics \| Show CCP posts - 0 post(s)
Cori4n Caldari principle of motion Interstellar Alcohol Conglomerate	Posted - 2008.04.23 22:56:00 - [1] UPDATE* some sceptics have pointed out that my word alone is not enough, so I have added the "possibly" to make my warning appear less "troll-like". I had a friend (software engineer) look at the source for giggles, and today he e-mailed me back: Translated from my native tongue: Quote: hi I just finished the project and have had a few hours to look at the code you sent. At first glance, there doesn't seem to be anything fishy about it, a fresh install (TQ client and 'evemon') throws up all kinds of warnings. In many ways, the API supplied by CCP resembles the test suite we used a couple of years ago. I did find a a few non-critical security issues before running into the worst. Long story short, I would not execute the code unlesss I wanted to give away my username-password combination. The source and binaries you linked contain a kind of proxy. Once installed, it hides as a service. It acts much like the userhelp-app we used a while back in that it simply listens for events. Instead of crashes and connection problems, it appears to collect the login credentials. I will have a look at the proxy next week if I have the time, but to answer your question; DO NOT run this! Cheers, David L. I have known David for a long time and used to work with him with software quality assurance. He knows his stuff and when he says something about a peice of software, I listen. The community can make up it's own mind, but I am not gonna run this code anywhere near a computer running eve.
Koro Kar'Amarr Amarr Viziam	Posted - 2008.04.23 22:58:00 - [2]
Jenny Spitfire Caldari LoneStar Industries Veritas Immortalis	Posted - 2008.04.23 22:58:00 - [3] Dident I saw it somewehre before? --------- Technica impendi Caldari generis. Pax Caldaria! Recruitment -KB-
Tarminic Black Flame Industries	Posted - 2008.04.23 23:01:00 - [4] FailThread is already LowerActiveIntelligenceAndIncrementTrollCount. ---------------- Tarminic - 35 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)
Reuser Gunfleet Logistics Hydra Alliance	Posted - 2008.04.23 23:03:00 - [5] Look! We wrote the software and there's no keylogger or malware there! It's open source for goodness' sake! I offer up 100,000,000 ISK of my own money to anyone that can find... Oh wait. Sorry, I thought this was another thread. (lets self out quietly)
Ki Anna Ki Tech Industries	Posted - 2008.04.23 23:04:00 - [6] Originally by: Tarminic FailThread is already LowerActiveIntelligenceAndIncrementTrollCount. You also need to decrement Cori4n's credibility.
NightF0x Gallente Chicken Coup Raiders	Posted - 2008.04.23 23:05:00 - [7] Edited by: NightF0x on 23/04/2008 23:05:31 Originally by: Cori4n UPDATE* some sceptics have pointed out that my word alone is not enough, so I have added the "possibly" to make my warning appear less "troll-like". I had a friend (software engineer) look at the source for giggles, and today he e-mailed me back: Translated from my native tongue: Quote: hi I just finished the project and have had a few hours to look at the code you sent. At first glance, there doesn't seem to be anything fishy about it, a fresh install (TQ client and 'evemon') throws up all kinds of warnings. In many ways, the API supplied by CCP resembles the test suite we used a couple of years ago. I did find a a few non-critical security issues before running into the worst. Long story short, I would not execute the code unlesss I wanted to give away my username-password combination. The source and binaries you linked contain a kind of proxy. Once installed, it hides as a service. It acts much like the userhelp-app we used a while back in that it simply listens for events. Instead of crashes and connection problems, it appears to collect the login credentials. I will have a look at the proxy next week if I have the time, but to answer your question; DO NOT run this! Cheers, David L. I have known David for a long time and used to work with him with software quality assurance. He knows his stuff and when he says something about a peice of software, I listen. The community can make up it's own mind, but I am not gonna run this code anywhere near a computer running eve. I'm sorry that you fail at common sense ------------------------------------
Hesod Adee Xen Of Onslaught	Posted - 2008.04.23 23:05:00 - [8] Edited by: Hesod Adee on 23/04/2008 23:09:05 Quote: Long story short, I would not execute the code unlesss I wanted to give away my username-password combination. I've never had Evemon ask me for my username or password, just my API key. So where did you get this version of Evemon from ? Edit: Also, since you have the source, you should be able to tell where it is sending the data it collects to. So where is the collected data going ?
Cori4n Caldari principle of motion Interstellar Alcohol Conglomerate	Posted - 2008.04.23 23:12:00 - [9] Originally by: Ki Anna Originally by: Tarminic FailThread is already LowerActiveIntelligenceAndIncrementTrollCount. You also need to decrement Cori4n's credibility. I make posts with my main, including trolls
Goumindong Amarr Merch Industrial GoonSwarm	Posted - 2008.04.23 23:15:00 - [10] Originally by: Hesod Adee Edited by: Hesod Adee on 23/04/2008 23:09:05 Quote: Long story short, I would not execute the code unlesss I wanted to give away my username-password combination. I've never had Evemon ask me for my username or password, just my API key. So where did you get this version of Evemon from ? Edit: Also, since you have the source, you should be able to tell where it is sending the data it collects to. So where is the collected data going ? Originally evemon needed your log in and password in order to function. Before the API key was introduced. Vote Goumindong for CSM

Tarminic Black Flame Industries	Posted - 2008.04.23 23:21:00 - [11] Originally by: Cori4n Originally by: Ki Anna Originally by: Tarminic FailThread is already LowerActiveIntelligenceAndIncrementTrollCount. You also need to decrement Cori4n's credibility. I make posts with my main, including trolls As all real men do. ---------------- Tarminic - 35 Million SP in Forum Warfare Play EVE: Downtime Madness v0.81 (Updated 4/8)
Eronysis Caldari Gunfleet Logistics Hydra Alliance	Posted - 2008.04.23 23:26:00 - [12] I knew it.


Pages: [1] :: one page
First page \| Previous page \| Next page \| Last page

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.