World of Warcraft Player Swallows Authenticator

obs

Supreme [H]ardness
Joined
Nov 4, 2002
Messages
4,682
Zarathustra[H];1036465826 said:
Sounds like they don't have a very secure system, adding an authenticator won't solve that.

Some SSL encryption would likely be a more cost effective choice...

SSL wouldn't prevent anything and they almost certainly already use it. Usernames/password are usually gained from keylogging, not intercepting transmissions to the server.
 

evanisthecoastie

Supreme [H]ardness
Joined
Nov 14, 2006
Messages
4,705
Zarathustra[H];1036465814 said:
OH NOES! I lost my game account... :rolleyes:

Meanwhile usernames and passwords are sufficient for most major banks...

Priorities much? It's just a silly game, not - you know - the money that pays your mortgage... :p

dude, you're so fucking cool. can i have your letterman jacket?
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,701
SSL wouldn't prevent anything and they almost certainly already use it. Usernames/password are usually gained from keylogging, not intercepting transmissions to the server.

Unless they are session hijacking...

Keylogging is possible, but that assumes that the user of the computer was dumb enough to get themselves infected with a keylogger...
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,701
dude, you're so fucking cool. can i have your letterman jacket?

I had to google that. I never heard the term letterman jacket before. First thought was of David Letterman, but that didn't make any sense.

Whatever, you're probably one of those fat 30 year old losers living in your moms basement I see going in and out of Game Stop all the time :p

itdept.jpg


Jokes on you.
 

ashmelev75

[H]ard|Gawd
Joined
Nov 29, 2007
Messages
1,714
[QUOTE='Zarathustra[H]
Meanwhile usernames and passwords are sufficient for most major banks...
[/QUOTE]

Hacking WoW accounts nets more profit that stealing credit card numbers.
Also there are no repercussions for hacking WoW accounts, while hacking bank accounts to steal money may result a serious jail sentence.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,701
Hacking WoW accounts nets more profit that stealing credit card numbers.
Also there are no repercussions for hacking WoW accounts, while hacking bank accounts to steal money may result a serious jail sentence.

This usually doesnt deter the offenders as they are often in countries which we either don't have extradition agreements with, or our relations are sour enough with, or local government doesnt care enough such that arrests and extradition rarely if ever happens.

Examples include Russa (or any of the other former Soviet states), China, etc.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,701
Hacking WoW accounts nets more profit that stealing credit card numbers.

Also, bear with me, as I have no knowledge of playing WoW or Everquest or any of that junk, but how on earth would anyone make money off of a stolen gaming account?
 

Brak710

[H]ard|Gawd
Joined
Oct 27, 2008
Messages
1,424
Zarathustra[H];1036469788 said:
Also, bear with me, as I have no knowledge of playing WoW or Everquest or any of that junk, but how on earth would anyone make money off of a stolen gaming account?

Easy. Sell the account or the money/items/etc from it.
 

4LC4PON3

DERP!
Joined
Jan 18, 2005
Messages
4,230
I think id rather poop it out then try and puke up back up. what happends when you go to Puke it up and it gets jammed in ur throad and u choke to death

new headline "WoW player eats authenticator, trys to puke it back and dies"
 

Ezteh

2[H]4U
Joined
Mar 27, 2002
Messages
2,246
Zarathustra[H];1036469825 said:
Uhh... People pay money for virtual items? :rolleyes:

do you pay for software that you download? do you pay for television, hell do you pay for internet?

all this could be considered virtual

I can't crate home a shopping bag full of 1's and 0's
 

Cyrilix

2[H]4U
Joined
Jan 21, 2005
Messages
2,188
do you pay for software that you download? do you pay for television, hell do you pay for internet?

all this could be considered virtual

I can't crate home a shopping bag full of 1's and 0's

Both virtual but in a different sense. Software is written to operate in a real-life environment to solve real-life problems. Virtual items are created to operate within a company-controlled unregulated volatile market. Buying virtual items is like... like... well, if you're actually profiting from purchase and resell, not bad, you're still operating within the real-world environment.
 

Brak710

[H]ard|Gawd
Joined
Oct 27, 2008
Messages
1,424
Buying virtual goods is really no different than spending money to see some sort of real life entertainment. What really tangible do you take away from attending a sporting event? Nothing. Just the enjoyment and experience.
 

ashmelev75

[H]ard|Gawd
Joined
Nov 29, 2007
Messages
1,714
Zarathustra[H];1036469788 said:
how on earth would anyone make money off of a stolen gaming account?

There are many ways especially that now the account hacking has replaced the usual botting used by chineze gold farmers.

1) vendor whatever the player has in the bank (the guild bank as well if lucky), mail the gold to another toon, sell the gold to some loser for $3.5 / 1000 gold.

2) if the character high enough and sufficiently geared, use it for a week to farm Botanica or some other instance, vendor or sell every single drop, mail the gold to another toon, sell the gold to some loser for $3.5 / 1000 gold.

3) try to sell the game account to some loser, make 300-500 bucks.

Although the gold prices have fallen significantly, there are still enough losers who keep buying gold to make the hacking profitable.
 

PornoSatan

2[H]4U
Joined
Sep 3, 2004
Messages
3,493
Not anymore. Account hacking in WoW has gotten so prevalent, you basically have to have an authenticator at this point. My account has never been hacked, but I went ahead and started using the free authenticator app on Android just to be safe. I've had a few friends that are tech savvy and have good online habits get their accounts hacked, so better safe than sorry IMO.

It doesn't matter how "tech savvy" your friends are, all it takes is one unknown unpatched browser exploit and a malicious third party ad from a trusted site and you get owned.

Zarathustra[H];1036465826 said:
Sounds like they don't have a very secure system, adding an authenticator won't solve that.

Some SSL encryption would likely be a more cost effective choice...

Adding an authenticator does solve the security issues with the WoW account itself. It's impossible to hack without doing a targeted man in the middle attack. The irony is that the user is now happily in bliss knowing that if he gets keylogged, atleast his WoW account his safe. What about his bank account information, paypal, etc? :rolleyes:

Getting your account hacked was a good sign in the sense of your PC's security status, just like puking was a good sign you had the flu. With authenticators people are no longer "puking", but can still have the flu.
 

Zarathustra[H]

Fully [H]
Joined
Oct 29, 2000
Messages
31,701
There are many ways especially that now the account hacking has replaced the usual botting used by chineze gold farmers.

1) vendor whatever the player has in the bank (the guild bank as well if lucky), mail the gold to another toon, sell the gold to some loser for $3.5 / 1000 gold.

2) if the character high enough and sufficiently geared, use it for a week to farm Botanica or some other instance, vendor or sell every single drop, mail the gold to another toon, sell the gold to some loser for $3.5 / 1000 gold.

3) try to sell the game account to some loser, make 300-500 bucks.

Although the gold prices have fallen significantly, there are still enough losers who keep buying gold to make the hacking profitable.

The solution to this problem should be for blizzard to reinstate any lost items/money/accounts due to account hacking after the fact and trace which accounts were involved.

That, and if someone gets a keystroke logger on their computer and doesn't notice it, they really have bigger problems....
 

ex0du5

Gawd
Joined
Jun 26, 2007
Messages
873
Both virtual but in a different sense. Software is written to operate in a real-life environment to solve real-life problems. Virtual items are created to operate within a company-controlled unregulated volatile market. Buying virtual items is like... like... well, if you're actually profiting from purchase and resell, not bad, you're still operating within the real-world environment.

So buying virtual items is like buying Steam games?
 

ex0du5

Gawd
Joined
Jun 26, 2007
Messages
873
Zarathustra[H];1036470651 said:
The solution to this problem should be for blizzard to reinstate any lost items/money/accounts due to account hacking after the fact and trace which accounts were involved.

That, and if someone gets a keystroke logger on their computer and doesn't notice it, they really have bigger problems....

Blizzard already does that.

I am more than computer literate, and am savvy enough to not get keylogged. Furthermore, I don't pirate software anymore, so beyond browser exploits and the like, I am relatively safe.

My WoW account did get hacked. Now, this may have been due to password simplicty (10 characters = 2 words + 1 number). Who knows. The point is, $6 is a very small amount to spend to insure the security of your account. It's not surprising that accounts get hacked.

Also, I believe the authenticator can probably be hacked with the aid of a key logger. With enough data (password + authenticator code + time), I'm sure the random seed can be exposed and the authenticator can be duplicated. Of course, maybe no one in the WoW hacking community has bothered to make such a keylogger.
 

bpizzle1

Supreme [H]ardness
Joined
Oct 27, 2007
Messages
4,197
It doesn't matter how "tech savvy" your friends are, all it takes is one unknown unpatched browser exploit and a malicious third party ad from a trusted site and you get owned.

That was exactly my point. All it takes is one bad ad on a site you visit regularly, and you could be screwed.
 

Azhar

Fixing stupid since 1972
Joined
Jan 9, 2001
Messages
18,875
Zarathustra[H];1036465814 said:
OH NOES! I lost my game account... :rolleyes:

Meanwhile usernames and passwords are sufficient for most major banks...

Priorities much? It's just a silly game, not - you know - the money that pays your mortgage... :p

gold sites and help sites posted on their forum and in game chats ofttimes take users to a phishing site that somehow logs a user's user name and password - sometimes by sites merely asking for it ("you have to tell me your user/pwd so I can log into your account and transfer the gold" or you give them your account so they can power-level you) or by requesting lost password using your credit card info, or by malware that logs your keystroke, and so on. On WoW forum, unfortunately you get a lot of links that promises porn and I'm sure you know the rest.

It's not like Hotmail or Gmail where botters brute forces thousands of accounts then hijacks it or use it for a spam bot.

Like the Nigerian scam too many people fall for it.
 

bpizzle1

Supreme [H]ardness
Joined
Oct 27, 2007
Messages
4,197
gold sites and help sites posted on their forum and in game chats ofttimes take users to a phishing site that somehow logs a user's user name and password - sometimes by sites merely asking for it ("you have to tell me your user/pwd so I can log into your account and transfer the gold" or you give them your account so they can power-level you) or by requesting lost password using your credit card info, or by malware that logs your keystroke, and so on. On WoW forum, unfortunately you get a lot of links that promises porn and I'm sure you know the rest.

It's not like Hotmail or Gmail where botters brute forces thousands of accounts then hijacks it or use it for a spam bot.

Like the Nigerian scam too many people fall for it.

Some of the email scams have gotten very good at making it look like something official from Blizzard too. In the beginning, the emails were obviously fake, and they were filled with spelling, grammer, and formatting errors. They would also just have a crazy URL to click like "warcraft-accounts-admin-setup-blizzard.warcrafts.com" or something equally obvious. Some of the more recent ones that I have personally gotten look just like the emails that Blizzard sends out. Really the only way you can tell the validity is to mouseover one of the hyperlinks and look in the corner of your browser to see where it leads. The links usually say "www.battle.net," but they really link to some crazy keylogging website like the one I mentioned previously.

The recent beta for Cataclysm was a big target for scammers. I probably got 3 or 4 fake beta invitations a day for a while. Again, some of them early on were obviously fakes, but later on I started getting some that were essentially a copy/paste of the official email that Blizzard sent out for beta invites with the hyperlinks changed to one of their phishing sites (hidden behind "www.battle.net" links)
 

westrock2000

[H]F Junkie
Joined
Jun 3, 2005
Messages
9,251
Also, I believe the authenticator can probably be hacked with the aid of a key logger. With enough data (password + authenticator code + time), I'm sure the random seed can be exposed and the authenticator can be duplicated. Of course, maybe no one in the WoW hacking community has bothered to make such a keylogger.

I really don't think the original ones can (I don't know how the smart phone one works). Remeber the original one has no form of feedback, it is completely stand alone. That means the only way it could work is to have a predefined set of numbers in it. 6 digit numbers that might be 40,000 sequences long (just a random guess).

Now, obviously if it works like that, then that means Blizzard has a repository of ALL the authenticator sequences. So they are probably guarding that like Fort Bronx.
 

Cyrilix

2[H]4U
Joined
Jan 21, 2005
Messages
2,188
So buying virtual items is like buying Steam games?

A game is an actual software product that requires multiple man hours to create and is meant to be played. An item is nothing close to that. Think about it as the difference between an executable and a piece of data. The executable is sold within the context of the real-world, ie. games that are fun to play have elements that are fun from a real-world perspective. The items are sold within the context of an entirely artificial world. Blizzard says it gives +10 hp so it gives +10 hp. Blizzard says they're only making 10 of these items so there will only be 10. End of story. Try that in the real world with physical products and watch your competitors fill in the demand for the products that you refuse to make. Anyhow, very different stories.
 

evanisthecoastie

Supreme [H]ardness
Joined
Nov 14, 2006
Messages
4,705
Zarathustra[H];1036469611 said:
I had to google that. I never heard the term letterman jacket before. First thought was of David Letterman, but that didn't make any sense.

Whatever, you're probably one of those fat 30 year old losers living in your moms basement I see going in and out of Game Stop all the time :p

http://www.king-mag.com/online/wp-content/uploads/2008/11/itdept.jpg[img]

Jokes on you.[/QUOTE]

did you attend college/highschool? , and no, you couldn't be farther from the truth.

you are a very angry person.
 

bigddybn

Supreme [H]ardness
Joined
Nov 21, 2006
Messages
7,348
Every single bank, credit card, or financial website I use now has a very similar system. If I try to login from a different machine or make certain changes with my accounts then they send a text message to my pre-registered phone that I have to input along with my username/password combination. This isn't any different. Takes a pretty ignorant person to not see that.

Oh hi Zarathustra[H]
 
Joined
Apr 5, 2005
Messages
632
Its stories like this.. that will always remind us all.. why abortion should always remain legal...
 

westrock2000

[H]F Junkie
Joined
Jun 3, 2005
Messages
9,251
Every single bank, credit card, or financial website I use now has a very similar system. If I try to login from a different machine or make certain changes with my accounts then they send a text message to my pre-registered phone that I have to input along with my username/password combination. This isn't any different. Takes a pretty ignorant person to not see that.
[H]

Ya, Chase is like this.....kinda annoying when you have mulitple computers in the house and are in a hurry or you upgrade something on the computer....but its best in the end.
 

Dreaz

[H]ard|Gawd
Joined
Aug 30, 2004
Messages
1,656
Does anyone even check the credibility of their sources anymore? How do we know this is even legit? Because someone posted it on the WoW forums? Because someone "confirmed" it on reddit?

God, we'll swallow anything without questioning, won't we?
 

KatalDT

2[H]4U
Joined
Jul 28, 2010
Messages
2,567
Zarathustra[H];1036465814 said:
OH NOES! I lost my game account... :rolleyes:

Meanwhile usernames and passwords are sufficient for most major banks...

Priorities much? It's just a silly game, not - you know - the money that pays your mortgage... :p

There are also no real repercussions for hacking a WoW account. Hack an account, sell everything, and you can make $10-$1000. Multiply that by hundreds or thousands, and you're making a decent amount of cash with no worries about the law.

Hack a SINGLE bank account and steal a few grand... watch the feds bust down your door.
 

westrock2000

[H]F Junkie
Joined
Jun 3, 2005
Messages
9,251
Does anyone even check the credibility of their sources anymore? How do we know this is even legit? Because someone posted it on the WoW forums? Because someone "confirmed" it on reddit?

God, we'll swallow anything without questioning, won't we?

This is a thread about a player who are wrapped up in the biggest MMORPG ever.....we can RP anything.....
 

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
4,840
Zarathustra[H];1036465814 said:
OH NOES! I lost my game account... :rolleyes:

Meanwhile usernames and passwords are sufficient for most major banks...

Priorities much? It's just a silly game, not - you know - the money that pays your mortgage... :p

Banks and WoW are quite different. Couple of things off the top of my head.

Many add ons to enhance game play. Last I checked no add ons for Bank of America. Some add ons may be security risks and the authenticator can help protect you. I know, your response will be "well don't use the add ons." :rolleyes:

People like playing at different locations, like you said it is a game. Not all locations will be secure. I know, your response will be "well don't play any where but in a known safe location." :rolleyes:

Lot more kids play WoW than bank. What? You wanna make age restrictions?

Also the authenticator is less than $7 as a stand alone device, free if on a iDevice or Android.

Get with the times.
 

Liver

Supreme [H]ardness
Joined
Oct 24, 2005
Messages
4,840
Oh, and who cares if he swallowed it, people swallow all sorts of randomness all the time.
 
Top