PSA: Blizzard Authenticators now Vulnerable to Keylogging

[WhiteTigerShiro]

You know what's wierd, I've never actually had any account hacked, wow, email, anything. The only reason I got my authenticator for WoW, was because I was a high officer with full access to the guild bank, and several officers had their accounts hacked, the GM included. Even after I became guild master, still never got hacked, but the authenticator was more for the 7.5K gold I'm walking around with

For the most part (I'm sure there are exceptions), you have to do something stupid to get your account hacked. And by "stupid", I mean that you have to fall for one of those links they like to spam around the WoW Forums that are usually pretty obvious once you've seen more than a few of them and know how they look. Admittedly they do get tricky about it. Last I checked (which was about a year ago), they were actually using multiple accounts to post mock conversations. The first one would be a guy making the topic with the link that would put a key logger on your system, then they actually put the effort into having about 5 or 6 follow-up accounts all post replies to what's supposedly inside the link. They actually noticed how people will read a topic before going to a link, and learned from it. Granted it was still a lot of broken english and the link still looked like a key-logger link, so it was still easy to spot if you were looking for it, but it really goes to show you how much they'll adapt to try and attack people's accounts.

Anywho, that tangent aside, unless you go to a site that sneaks the logger into your system, there's really no way they can attack your account. This is why sharing your account is considered a bad idea: You don't know if the other person (or people) is going to get a key logger on his system. Like this one guildy of mine; smart guy when it came to avoiding key loggers, except that he shared his account with a couple friends. So despite his own ability to identify and avoid key logger sites, he still ended-up having his account attacked because one of his friends must have done something stupid.

 

[crimsonhawk]

they actually have 15 seconds to hack your account. authenticators rotate their 6 digit number after that amount of time.

 

[DragonChi]

My Wow Account has been hacked into twice. the first time made me stop playing and I lost 90% of my original interest in the game. but after the second time...I was like..ok..that's enough. i bought the authenticator. it is a little annoying having to type in extra stuff to get in my account. but given what ive been through. all my stuff sharded twice. i feel safer with this thing than without it. and I have 2 REALLY good anti-viral softwares running. so while i will be more conscientious with this new key logger. I feel pretty secure.

 

[Litchhunter]

So let me get this straight...

Blizzard comes out with this stupid fucking device that you use to access your games, which the player has to pay for, but it promises that your account will be secured against account theft... Then, their ten-dollar cash-grab doesn't even fucking work?

Between this, the splitting of Starcraft II, the huge delays on Starcraft II, the lack of LAN in Starcraft II, The whole "it's too colorful" fiasco of the still decades-away Diablo 3, and the new (and horrible) Battle.net system that is being forced on us for even single-player use AND webstore purchases... I have literally ZERO faith in this company these days, and my WoW plushie order that I am waiting on will probably be the last Blizzard product I ever buy.

So the boycott list to date is UbiSoft for their excessive DRM plan, 2K/Take2 for their DRM offenses which were most notable in the Bioshock series, the vast majority of EA titles for their criminal use of SecuROM and that travesty called EA Downloader, Valve for mandatory Steam, and Bungie for their refusal to make XP compatible PC games. Fuck, if it weren't for Squenix and GPG working on SuCom2, I'd say I've pretty much written off gaming entirely. All that's left is a smattering of indie developers and Nintendo.

I'm praying that this new found failer of Blizzard's is due to being with Activision, which hopeful will go down the shit pipe soon if IW gets their way, and even if they don't, thats still alot of bad press.

 

[Danpascooch]

That's pretty ingenious.

Seriously though, it seems like all of these damn malicious files are .dll extensions, I wish there was some way I could get my computer to ask permission every time a .dll file is going to be added, since they aren't common file extensions to be added to your computer regularly, it'd really cut down on infections.

 

[cefm]

Better yet, stop downloading so much porn.

It's not like they can just put this virus on your computer from orbit - you have to download something that has it and install it.

 

[Antari]

Step #1 .. right click gold spammers name
Step #2 click on report spam
Step #3 don't visit the website they were spamming

Problem solved. I know its 3 steps and it can get pretty difficult ... but its worth it.