Curse.com

85 Human Paladin
2705
Is it safe to use the Curse client To download add-ons?
Reply Quote
89 Blood Elf Priest
8495
Yes.
Reply Quote
85 Night Elf Hunter
4935
Definitely.
Reply Quote
85 Human Paladin
2705
Ok cause i have heard of people getting HAcked from using it not sure of all the truth in it or not
Reply Quote
- Technical Support
90 Blood Elf Hunter
0
06/16/2011 07:18 PMPosted by Deminã
Ok cause i have heard of people getting HAcked from using it not sure of all the truth in it or not


These would be spoofed sites that look like Curse.com. Curse in and of itself is safe, as are the addons and applications it offers. There have been quite a few people that downloaded illegitimate software that pretends to be the Curse Client but actually steals your login credentials.

When in doubt, head directly to the site at wow.curse.com.
________________________________________________
The wise speak only of what they know. - J.R.R. Tolkien
CORE I7 3.8GHz | 12GB RAM | ATI 5970+5870 | F120 SSD
Live Support: irc://chat.freenode.net/wowtech
Reply Quote
86 Tauren Warrior
9510
some people claimed that the adds that curse showed in the client were installing malware.

But that was 99% false accusations because they would install the client, download addons, and the next day be hacked... Hackers dont hack the day they get your info, because then you can trace where you got attacked and learn from your mistakes.
Reply Quote
90 Gnome Mage
4840
Actually, there have been flash vulnerabilities in the past. Hackers would take advantage of security holes in flash ads. This is why it's important to always keep your Flash up to date.

That, however, is not Curse's doing.

____________________
Seerah - WoWInterface Mod and Addon Author - http://seerah.wowinterface.com
Check out my Pick of the Week! - http://www.wowinterface.com/pickofweek.php
Edited by Tseerah on 6/17/2011 10:47 AM PDT
Reply Quote
85 Blood Elf Rogue
6615
Personaly i dont recomend going any where but curse for addons. thyeres a lot of reasons for this but mainly because they actualy check out the addons and will not alow them to be posted for download if they have any malware attatched
Reply Quote
90 Undead Priest
12110
06/16/2011 06:58 PMPosted by Deminã
Is it safe to use the Curse client To download add-ons?


Make certain that the "Curse Client" you're downloading is actually from Curse and not something pretending to be the client:

06/16/2011 07:29 PMPosted by Kodiack
When in doubt, head directly to the site at wow.curse.com.

Reply Quote
90 Gnome Mage
4840
06/18/2011 02:45 PMPosted by Zivadavid
Personaly i dont recomend going any where but curse for addons. thyeres a lot of reasons for this but mainly because they actualy check out the addons and will not alow them to be posted for download if they have any malware attatched

We do this at WoWInterface, too.
Reply Quote
85 Goblin Priest
3545
Curse.com
Wowinterface.com
Wowace.com

The big three for addons.
Reply Quote
90 Dwarf Shaman
7030
I use the curse and wowinterface downloaders/updaters all the time and have had zero problems.

As a safety precaution though - I always follow this procedure when playing WoW:

Update my addons with Curse and MMOUI (wowinterface)
Close my internet browser and instant messenger completely
Run Advanced System Care quick scan (free download from download.cnet.com that finds and removes malware and spyware)
Log into WoW all the way until the character select screen

Then I go back and open my messenger or internet browser back up if I want. I don't know if all that really makes a difference - but it makes me feel like I am doing everything I can to be safe =).
Reply Quote
83 Blood Elf Paladin
1360
Actually, there have been flash vulnerabilities in the past. Hackers would take advantage of security holes in flash ads. This is why it's important to always keep your Flash up to date.

That, however, is not Curse's doing.

____________________
Seerah - WoWInterface Mod and Addon Author - http://seerah.wowinterface.com
Check out my Pick of the Week! - http://www.wowinterface.com/pickofweek.php


ive been hacked from curse client, but i really doubt it was the curse webmaster stealing wow gold lol.

If you have an authenticator, i wouldnt worry about it. personally im turned off from the client after that, but for the record i would trust it in general.
Reply Quote
26 Human Mage
310
Actually, it seems that Curse.com database was hacked within the last few weeks. They finally admitted to it on June 15th. Check out http://antivirus.about.com/b/2011/06/22/curse-com-ad-on-woes.htm.
Reply Quote
MVP - Technical Support
90 Draenei Mage
6490
Actually, it seems that Curse.com database was hacked within the last few weeks. They finally admitted to it on June 15th. Check out http://antivirus.about.com/b/2011/06/22/curse-com-ad-on-woes.htm.


That's funny.

I'm actually able to talk to some of the people that work at Curse Gaming over IRC.

Todays downtime is due to hardware failure not hacking. They have not heard about any such hacking and as an Official Blizzard Fansite program they are obligated to inform Blizzard of such compromise of their database.
Reply Quote
90 Pandaren Priest
15135
06/18/2011 02:45 PMPosted by Zivadavid
Personaly i dont recomend going any where but curse for addons. thyeres a lot of reasons for this but mainly because they actualy check out the addons and will not alow them to be posted for download if they have any malware attatched


That's a bit misleading. Addons are simply fancy text files. Mod authors might do a boneheaded thing like upload a self-extracting zip, but I wouldn't trust that from ANY site regardless of how thoroughly they say they check stuff.

The Curse client itself is a much bigger gamble, since they'd have to constantly check their offered download to make sure it hasn't been compromised (probably safe, but outsiders have no way of knowing how thoroughly it's checked), and doing a google search for the client can direct you to a malware version of the Curse site rather than the real thing (extremely likely)

I use the Curse client but I'm leery of it, Flash vulnerabilities like the one rumored makes me really unhappy when I take time to block suspicious crap through my browser and another program opens the door and lets it all in anyway.
Reply Quote
90 Draenei Shaman
13640
06/22/2011 06:46 PMPosted by Morgynna
Actually, it seems that Curse.com database was hacked within the last few weeks. They finally admitted to it on June 15th. Check out http://antivirus.about.com/b/2011/06/22/curse-com-ad-on-woes.htm.


That article cites user complaints but no solid facts. I believe that qualifies as "fear, uncertainty and doubt."

Her bio says she's an AV expert. Google backs that up. But the article is light on facts and long on saying "you can't trust curse.com because they're essentially an ad site." No evidence is given of an intrusion.
Reply Quote
85 Gnome Mage
13425
I posted the following as a reply to that article on antivirus.about.com.


This is a very poorly written article.

A) The entire article cites no sources except for 2 links, both of which goes to forum threads, neither of which are credible.

B) In the first link, a curse.com representative replies "We don't sell your information to anyone, period. It's all too easy for hackers to get into any database; look at the recent CCP hack. I get the emails, too. We're working on getting this fixed-- it's just a tricky process." which is taken completely out of context by just quoting the single sentence in the middle of it.

C) All Curse has admitted is that somewhere, email addresses are being leaked. This does not indicate a compromise in the database nor indicate that it was hacked. In fact, Mikk's reply #6 indicates that there are bugs where email addresses are displayed on webpages which coincide with phishing attacks (which when taken into context could be what is being fixed). Again, an accidental leakage does not indicate their servers being breached.

D) The after-posts citing evidence in reply #8 again is just that - more links to forum posts - anyone can post malicious/incorrect data to a public forum. The June 16 trojan/flash exploit claim is also unsubstantiated.

When a journalist starts using forum posts as the basis of facts, everyone should start considering the credibility of the article. The fact that this article is getting so many replies while having 0 replies on the previous ones on this website goes to show how misinformed this one is written. The article isn't even written in a neutral point of view.

If none of the "facts" can be proven with more than forum links and rumors, it can be considered slander and legal action can be taken for potential loss of revenue.

And the irony is that this website itself (about.com) is just another ad network under the New York Times Company (scroll to the very bottom of this page, see "Advertise on About.com").


The above got deleted within 30 minutes of my posting (it was reply #23 before it got deleted).
Reply Quote

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]