Moonhorse

Level 21
Content Creator
Verified
Joined
May 29, 2018
Messages
1,067
Operating System
Windows 10
Antivirus
Comodo
#1
Theres game called runescape, they have official game client but theres like 20-30k people online throught 3rd party game client, thats open source project in github.
You login to game via that client.
1. Is it possible to run malicious code in and infect / 'keylog' peoples account that way?
2. isnt it security issue for company that owns the game?

I doubt theres zero people that really can / bother read the code before they run client
 
Joined
Dec 6, 2017
Messages
99
Operating System
Windows 8.1
Antivirus
Emsisoft
#3
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
 

Arequire

Level 21
Content Creator
Verified
Joined
Feb 10, 2017
Messages
1,091
Operating System
Windows 10
Antivirus
#4
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
 

Moonhorse

Level 21
Content Creator
Verified
Joined
May 29, 2018
Messages
1,067
Operating System
Windows 10
Antivirus
Comodo
#5
Thats the reason multi-factor authentication exist's :D
Never thought it that way lol, thanks

Personally i have always created new email for every game account and protected them with authenticators
 
Likes: BryanB

Moonhorse

Level 21
Content Creator
Verified
Joined
May 29, 2018
Messages
1,067
Operating System
Windows 10
Antivirus
Comodo
#6
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure. No. It's not. Open source doesn't automatically make software safe and secure to use. This is particularly true for project that relatively new and/or not popular.

Now on to your question.
  1. Of course it's very possible
  2. I'd say it's unlikely. Most of the time, the risks are on users. Unless there's some sort of exploit on their system that allow 3rd party tools like this to do nasty things
I don't have any knowledge about this project in question. But if the number you stated above is accurate then we can assume the project is safe to use. I'd be shocked if nobody (from that number) actively watching the project.
Yeah true, thanks for post
Theres some chrome extensions like ublock origin have millions of users, when nanoblock have like 30k users. Always bit unsure should i trust something with few users, same with the privacy badger against privacy possum.

The main thing i was thinkin was that if someone could take over the owner of this project and run malicious code in, since the game have money currency that can be sold on blackmarket
 

Moonhorse

Level 21
Content Creator
Verified
Joined
May 29, 2018
Messages
1,067
Operating System
Windows 10
Antivirus
Comodo
#7
Just because something is open-source doesn't mean it's secure; it only affords the ability for someone with the capability to review the source code.

If I were you I'd do some research about the client and try to find out how long it's been around. If it's been around for a long time and there's been no reports/warning from others about it doing anything malicious or accounts being hijacked and Jagex hasn't stated not to use it then I'd imagine it's okay.
At first jagex ( company) were against this project, but community voted against it and now like half player base is using it
 

TairikuOkami

Level 19
Content Creator
Verified
Joined
May 13, 2017
Messages
937
Operating System
Windows 10
#8
That's the thing about open source project. I have a long battle against people who are so adamant that open source = secure.
You do not have to argue, just say OpenSSL. It was vulnerable for years and it was found out only by an accident and that DLL is used for everything, emails, IMs, some banking, etc. OS creates a false sense of security. People do not randomly review codes. The bigger they are ...
 
Likes: Moonhorse