Does anyone know where the actual virus is coming from? Searched my hard drive, and couldn't find anything, but I haven't been to any WoW related websites for a few weeks now. Is it attached to addons or something like that?
The Blizzard authenticator uses a technology called SecurID [http://en.wikipedia.org/wiki/SecurID], which is what many banks and other financial institutions provide to their customers. The technology itself is VERY secure. However, most security systems are still vulnerable to a man-in-the-middle attack.John Funk said:And don't ask me how it does this - I have one and I can't figure out how it works).
From Wikipedia:Khell_Sennet said:Blizzard comes out with this stupid fucking device that you use to access your games, which the player has to pay for, but it promises that your account will be secured against account theft... Then, their ten-dollar cash-grab doesn't even fucking work?
Name any other computer developer that has put your account security as high as Blizzard.Khell_Sennet said:Quasi-generic, but with some nice improvements. Ultimately though, more of the same-old is what the doctor ordered. Not looking for some ground-breaking changes like how Dawn of War 2 abandoned base creation, or Company of Heroes abandoned any pretense of the AI playing honestly... There is a demographic which I fall under, I don't know how large a group we are, but it's people who want more of the same. Some new guns or new units are nice, and a new collection of maps or levels to play in, but the same thing we enjoyed previously, we just want more of it. Give me a new campaign for Far Cry, maybe a new kind of rifle or pistol, and I'd be happier with that than I was with Far Cry 2 or Crysis. Release ten new maps and/or a working bug-free map maker for Sid Meyer's Railroads and you'd have a hard time pulling me away from the PC. And I can't even fathom how much time I'd blow playing Freelancer if the campaign was longer or there were 50% more systems to explore.Sebenko said:Tried the demo for that? It's... well, without all the hate, I describe it as a pretty generic RTS.Khell_Sennet said:Fuck, if it weren't for Squenix and GPG working on SuCom2, I'd say I've pretty much written off gaming entirely. All that's left is a smattering of indie developers and Nintendo.
Thursdays. Apocalypse Lane mellows me out, it's hard to be bitchy when Obama starts singing "Respect".John Funk said:Do you ever not whine?
My bank account is really, really secure. And just recently, my bank gave out new cards with these handy-dandy chips embedded in them to make it even MORE secure. Didn't have to pay ten bucks for the card, and if anything goes wrong with my account for reasons beyond my control, THEY have to make it right again.The Authenticator is one of the best things that Blizzard ever did; The fact that it took four years to crack this thing - and even then, as people have illustrated above it's a haphazard in-between solution that gives the hackers 30 seconds to get in to your account - is tantamount to the fact that it's actually really, really secure.
Maybe Blizzard's authenticator wouldn't piss me off so much if it didn't cost the end-user, since we already have to pay monthly fees for the game. If you're charging for the software itself, then charging for monthly access, I'd damn well expect better security as part of the deal. But then, if you charge a further amount for that better security, it had better be 100% foolproof. 99% doesn't cut it, 75% doesn't cut it, 100%! Otherwise, if someone has the authenticator, and it fails, Blizzard had better be willing to refund the cost of the damn thing, plus refund the full amount paid for the services and software, because 3 years of gameplay can be wiped out faster than you can say "Mumorpeger".
You are making a mountain out of a mole hill, the authenticator was 100% unhackable until this keylogger showed up, and the appearance of it was an inevitability when you consider how many hackers around the world devote their sad pathetic lives to fucking up someone's account for this game.Khell_Sennet said:*snip*
The authenticator has not been out for 4 years John, to my knowledge it was put into the blizzard store just last year. I'm more shocked that its been cracked so fast, but when you think about the supposed method being employed I'm shocked it wasn't thought of sooner. It ingeniously simple.John Funk said:The Authenticator is one of the best things that Blizzard ever did; The fact that it took four years to crack this thing - and even then, as people have illustrated above it's a haphazard in-between solution that gives the hackers 30 seconds to get in to your account - is tantamount to the fact that it's actually really, really secure.
It's certainly been out for longer than that. But you're correct, it hasn't been 4, only 2.KeyMaster45 said:You are making a mountain out of a mole hill, the authenticator was 100% unhackable until this keylogger showed up, and the appearance of it was an inevitability when you consider how many hackers around the world devote their sad pathetic lives to fucking up someone's account for this game.Khell_Sennet said:*snip*
The authenticator has not been out for 4 years John, to my knowledge it was put into the blizzard store just last year. I'm more shocked that its been cracked so fast, but when you think about the supposed method being employed I'm shocked it wasn't thought of sooner. It ingeniously simple.John Funk said:The Authenticator is one of the best things that Blizzard ever did; The fact that it took four years to crack this thing - and even then, as people have illustrated above it's a haphazard in-between solution that gives the hackers 30 seconds to get in to your account - is tantamount to the fact that it's actually really, really secure.
PEBKAC, nothing is wrong with the device.John Funk said:But there is a security flaw, and people need to be aware of it.
I think you were thinking that because deep down we'd all like 4 years of guaranteed hack protection for our various gaming accounts.John Funk said:It's certainly been out for longer than that. But you're correct, it hasn't been 4, only 2.KeyMaster45 said:*snip*Khell_Sennet said:*snip*
I don't know why I was thinking 2006 instead of 2008.
Good point... Except the authenticator code is unique so you'd still be typing it down somewhere.KeyMaster45 said:I think you were thinking that because deep down we'd all like 4 years of guaranteed hack protection for our various gaming accounts.John Funk said:It's certainly been out for longer than that. But you're correct, it hasn't been 4, only 2.KeyMaster45 said:*snip*Khell_Sennet said:*snip*
I don't know why I was thinking 2006 instead of 2008.
Oh yes and one question I had. A trick I've been using for years is copy and pasting my password into wow so that if I did have a keylogger all the hacker would get is ctrl+v. Would that same method work with my authenticator code?
With that method, you don't need an authenticator, just a text file hidden away somewhere.Doc Theta Sigma said:Good point... Except the authenticator code is unique so you'd still be typing it down somewhere.KeyMaster45 said:I think you were thinking that because deep down we'd all like 4 years of guaranteed hack protection for our various gaming accounts.John Funk said:It's certainly been out for longer than that. But you're correct, it hasn't been 4, only 2.KeyMaster45 said:*snip*Khell_Sennet said:*snip*
I don't know why I was thinking 2006 instead of 2008.
Oh yes and one question I had. A trick I've been using for years is copy and pasting my password into wow so that if I did have a keylogger all the hacker would get is ctrl+v. Would that same method work with my authenticator code?
I believe some keyloggers have the ability to take a screenshot when you make a keystroke. This is why you're solution isn't all that secure.Baron Khaine said:With that method, you don't need an authenticator, just a text file hidden away somewhere.Doc Theta Sigma said:Good point... Except the authenticator code is unique so you'd still be typing it down somewhere.KeyMaster45 said:I think you were thinking that because deep down we'd all like 4 years of guaranteed hack protection for our various gaming accounts.John Funk said:It's certainly been out for longer than that. But you're correct, it hasn't been 4, only 2.KeyMaster45 said:*snip*Khell_Sennet said:*snip*
I don't know why I was thinking 2006 instead of 2008.
Oh yes and one question I had. A trick I've been using for years is copy and pasting my password into wow so that if I did have a keylogger all the hacker would get is ctrl+v. Would that same method work with my authenticator code?
Now if the tracked that down, then those are some damn dedicated hackers.
No, for the original post.Altorin said:Hey Funk, was that Thanks to Proteus214 for the Update? If it was.. wtf?
ehh, whatever, my life will go on I suppose.
Easy there, tiger. If you have a phone from this decade, chances are there is an authenticator program for $1 or free. Also, it works against 99% of all viruses; there is an entire one virus that does this.Khell_Sennet said:So let me get this straight...
Blizzard comes out with this stupid fucking device that you use to access your games, which the player has to pay for, but it promises that your account will be secured against account theft... Then, their ten-dollar cash-grab doesn't even fucking work?
Between this, the splitting of Starcraft II, the huge delays on Starcraft II, the lack of LAN in Starcraft II, The whole "it's too colorful" fiasco of the still decades-away Diablo 3, and the new (and horrible) Battle.net system that is being forced on us for even single-player use AND webstore purchases... I have literally ZERO faith in this company these days, and my WoW plushie order that I am waiting on will probably be the last Blizzard product I ever buy.
So the boycott list to date is UbiSoft for their excessive DRM plan, 2K/Take2 for their DRM offenses which were most notable in the Bioshock series, the vast majority of EA titles for their criminal use of SecuROM and that travesty called EA Downloader, Valve for mandatory Steam, and Bungie for their refusal to make XP compatible PC games. Fuck, if it weren't for Squenix and GPG working on SuCom2, I'd say I've pretty much written off gaming entirely. All that's left is a smattering of indie developers and Nintendo.
A brief trip to the Blizzard store will tell you that the authenticator actually costs $6.50 USD. Digging further you'll find that the authenticator actually does still work (This is just one trojan) and beyond that the cost is actually to cover shipping and handling. Cash grab? What cash grab?Khell_Sennet said:So let me get this straight...
Blizzard comes out with this stupid fucking device that you use to access your games, which the player has to pay for, but it promises that your account will be secured against account theft... Then, their ten-dollar cash-grab doesn't even fucking work?
Anyone complaining about delays from Blizzard games doesn't follow or play Blizzard games at all. Delays are to always be expected, and if you really want to nit-pick details how exactly can the release date get pushed back when Blizzard never gives one? The new Battle.net 2.0 system is all but identical to steam. I blame Blizzard for doing a poor job explaining it sufficiently but they've basically said that so long as the game gets initially authenticated you can play single player, AI, and the map editor in an "offline" mode. Gee. Sounds familiar, eh?Between this, the splitting of Starcraft II, the huge delays on Starcraft II, the lack of LAN in Starcraft II, The whole "it's too colorful" fiasco of the still decades-away Diablo 3, and the new (and horrible) Battle.net system that is being forced on us for even single-player use AND webstore purchases... I have literally ZERO faith in this company these days, and my WoW plushie order that I am waiting on will probably be the last Blizzard product I ever buy.
All aboard the baw train? With piracy getting pervasive in the PC world combined with the increasingly smaller player base companies need to go out of their way to protect their products.So the boycott list to date is UbiSoft for their excessive DRM plan, 2K/Take2 for their DRM offenses which were most notable in the Bioshock series, the vast majority of EA titles for their criminal use of SecuROM and that travesty called EA Downloader, Valve for mandatory Steam, and Bungie for their refusal to make XP compatible PC games. Fuck, if it weren't for Squenix and GPG working on SuCom2, I'd say I've pretty much written off gaming entirely. All that's left is a smattering of indie developers and Nintendo.
Nah he really really hates Blizzard for some reason. I have yet to find any logical reason for it, but then again, hatred is rarely logical. I do <3 Khell, though, I'd have a few beers with the man.Flawedhero said:Easy there, tiger. If you have a phone from this decade, chances are there is an authenticator program for $1 or free. Also, it works against 99% of all viruses; there is an entire one virus that does this.Khell_Sennet said:So let me get this straight...
Blizzard comes out with this stupid fucking device that you use to access your games, which the player has to pay for, but it promises that your account will be secured against account theft... Then, their ten-dollar cash-grab doesn't even fucking work?
Between this, the splitting of Starcraft II, the huge delays on Starcraft II, the lack of LAN in Starcraft II, The whole "it's too colorful" fiasco of the still decades-away Diablo 3, and the new (and horrible) Battle.net system that is being forced on us for even single-player use AND webstore purchases... I have literally ZERO faith in this company these days, and my WoW plushie order that I am waiting on will probably be the last Blizzard product I ever buy.
So the boycott list to date is UbiSoft for their excessive DRM plan, 2K/Take2 for their DRM offenses which were most notable in the Bioshock series, the vast majority of EA titles for their criminal use of SecuROM and that travesty called EA Downloader, Valve for mandatory Steam, and Bungie for their refusal to make XP compatible PC games. Fuck, if it weren't for Squenix and GPG working on SuCom2, I'd say I've pretty much written off gaming entirely. All that's left is a smattering of indie developers and Nintendo.
Don't get me wrong, I'm no fanboy of anyone, they've done their share of stupid shit but you may very well just be overreacting a bit.