Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
First Blizzard Authenticator Hack Confirmed
tro44_1
Member Posts: 1,819
Blizzard has confirmed that a work-around that allows hackers to gain access to games protected by its authenticator tool has been invented.
This is the first confirmed case of a compromised World of Warcraft account with an authenticator attached. The affected user alerted others to the issue on the official forums, which was responded to by a Blizzard rep, who confirmed that the case was genuine. Other players then reported similar experiences.
Blizzard poster Kropacius informed readers that the type of problem was a 'Man In The Middle' attack.
According to information from various affected users, the hacker gains access to a player's system through a keylogger, thought to be a file named emcor.dll, which can be found in C:/Documents and Settings/Users/[username]/Application Data/Temp. Once infected, the PC will cause WoW to crash, prompting players to log back into the game. This is when the authenticator code is intercepted by the hacker, who sends on a different code to Blizzard's servers, preventing the legitimate user from gaining access to the game. In the mean time, the hacker does have access to the account until the code resets, and can proceed to steal any gold and/or possessions from your characters.
The code on an authenticator changes every 30 seconds or so, therefore hackers only have access to the account until they log out. In the case of the original user who reported the issue, he was blocked from attempting to access WoW for 15 minutes after inputting “incorrect” login details too many times. During that time, the keylogger file was detected and removed. Nothing was changed in the account management on the official WoW site, but when he gained access to WoW after the lock-out, several in-game items were gone; the hacker had presumably been logged out when the owner logged back in.
Blizzard has always maintained that the authenticator was never a 100% fool-proof method of keeping game accounts safe, and should be treated as an additional layer of protection. This latest development further highlights the need to be aware of keyloggers, and to keep anti-virus software up to date. However, neither of these prevented the afore-mentioned user from falling foul of the scum of the internet.
http://www.incgamers.com/News/21240/first-blizzard-authenticator-hack-confirmed
Comments
what locks unlocks .. =/
..but im sure blizzard can track the transfered gold and ban the chars involved with the stolen goods?
Just to make it clear: Blizzard authenticator itself hasn't been hacked. The hackers have developed a keylogger wich steals all your login information, including the random number generated by Blizzard authenticator, thus bypassing the protection offered by the authenticator for the time the keylogger code remains valid (30 seconds).
All this authenticator hacking stuff had me suspicious, as I have been on hiatus from the game for a few months...I just tried to log into the manage account section of WoW's website, and it is now asking me for an authenticator code. Awesome. Now I am on the phone with Blizzard, as I hate people snooping around my info.
Sad to hear that an authenticator can be hacked this easily. But it does leave me with one question...
How on earth did this player get the .dll on his system? If he's a 100% legit player he would not go to suspicious sites that can upload this stuff into your temp dir...
Get a Genuine version of windows and pay the 55$ or so yearly for the Microsoft Live one Care service and you'll never have any problems. Funny how it's always those with a hacked version of Windows who always get into trouble. Oh well :P
So the authenticator *hasnt* been hacked. People are just still clicking on every piece of ass they see on the internet. Business as usual then.
If you stand VERY still, and close your eyes, after a minute you can actually FEEL the universe revolving around PvP.
What?!
I needz ANti-Virus to makez my PC safe from da intwewebs?
Title of thread should be-
"Educate yourself in PC safety before using one!"
How the hell did you come to this conculsion? I don't think you understand what happened in this scenario.
Also, Windows Live OneCare is no longer available for sale. (http://onecare.live.com/standard/en-us/default.htm)
How the hell did you come to this conculsion? I don't think you understand what happened in this scenario.
Also, Windows Live OneCare is no longer available for sale. (http://onecare.live.com/standard/en-us/default.htm)
Yeah, you get Microsoft Security Essentials (same thing + extras) for FREE from Microsoft now.
I love how the people who are legit and don't really mess around on the net still get blamed for being hacked: by saying that we somehow did something wrong and "ALLOWED" this to happen because we are not tight enough on our security.
Give me a break, you can have anti-virus software and anti-spyware, the whole nine yards and it would not matter. The person that wants into the account is eventually going to get in if persistent or good enough.
The whole having a hacked version of windows is a FAR reach my friend. I can bet the OP has a legit version of windows, as do I, and things like this will still happen.
I don't know, I've always has legit versions of Windows (7 now) and full, licensed, legit versions of virus-protection, firewall, anti-spyware etc. (now using Microsoft Security Essentials) and I have NEVER had a virus.. ever... seriously, never.
Pro-tip from someone who works in IT -
Hackers will NOT go through all the effort of trying to attack a protected PC unless they REALLY want something they know you have, as in if you are a business.... there are SO many un-secure computers out there, 99.999999% of the time they'll be the ones who get hacked because it's FAR FAR FAR FAR FAR FAR FAR easier to do.
I don't know, I've always has legit versions of Windows (7 now) and full, licensed, legit versions of virus-protection, firewall, anti-spyware etc. (now using Microsoft Security Essentials) and I have NEVER had a virus.. ever... seriously, never.
Pro-tip from someone who works in IT -
Hackers will NOT go through all the effort of trying to attack a protected PC unless they REALLY want something they know you have, as in if you are a business.... there are SO many un-secure computers out there, 99.999999% of the time they'll be the ones who get hacked because it's FAR FAR FAR FAR FAR FAR FAR easier to do.
I digress. My PC is well protected, maybe not paid for anti virus and spyware etc... because I honestly cannot afford to pay for all of that, but I do take care of my investments. I have virus/spyware/adware scans every night, my firewall and windows defender are always on, now I do not have UAC on because it really is a pain in the ass, but I do do what I can to protect my PC. It sounds as though the OP does to. All I was trying to get at is that just because someones account was taken advantage of doesn't mean that the person wasn't actively taking a part in their PC's security.
The hardest part of information security isn't the software and the hardware. That stuff is relatively easy to maintain and update and configure.
The hard part is people.
3rd party websites and mods and add-ons, very popular in WoW, and even from reputable sources like Curse still carry the potential to be infected.
Securty starts with the individual and is AIDED by the technology, it can't do everything for us.
Just like porn = viruses more often then not.
The hardest part of information security isn't the software and the hardware. That stuff is relatively easy to maintain and update and configure.
The hard part is people.
3rd party websites and mods and add-ons, very popular in WoW, and even from reputable sources like Curse still carry the potential to be infected.
Securty starts with the individual and is AIDED by the technology, it can't do everything for us.
Just like porn = viruses more often then not.
Oh the porn...lol. I totally knew that was going to come up in this. But yes I see what you're saying. I'm just curious in situations where people go on hiatus', such as myself, where mods and add-on sites wouldn't really pertain. I guess anything 3rd party that is not secure. It just sucks how much time we have to invest on being careful these days.
Amen to that.
But, as someone else said, Blizzard while not neccessarily fast is indeed thorough and fair in returning lost items/money/characters to an account that was hacked.
And, for the millions of players who do play, having an authenticator still protects you 99% of the time, and with some security-concious decisions and sticking to reputable addon sites, the average WoW player will NEVER have to worry about it.
Oh, and complex passwords still help ALWAYS.
Not entirely true. My bet is that 75% of the gamers still uses IE5 or IE6 that came with their XP package. We both know that the security of these old IE versions is even worse than versions 7 and 8.
First thing I did when I changed to Windows back in 2000 (I used OS/2 before that and never had ANY security problems) was ditch IE and get an alternate browser. I started with Netscape (knew it from OS/2), then changed to Opera and right now I'm with FireFox.
Same for the email client. Outlook is a huge security risk on your PC. Ditch it and take something else. I'm using Thunderbird (from the makers of FireFox).
If you want to stick to both IE and Outlook, then do something about your ActiveX settings. That's where things start to go bad. Let every ActiveX install ask for a manual confirmation (IE installs these without your knowledge by default!), next the cookies (lots of odd things in IE).
...I could go on, but bottom line, ditch the Mickey$oft internet extentions ASAP
[EDIT]
Almost forgot to mention - ditch all those toolbars from your system. Nothing is for free, not even those free toolbars...
You were hacked. They enabled the authenticator to prevent you from logging in while they did their business.
All could be avoided if the game checks for the login users IP address.Of course Blizzard/Activision cannot make money off that security.This should be the security that all games use,an IP check.You could even have 2 ip's in case you need to login from a different location.Account server should also use the same security,not just the game server.Blizzard should also have a log of IP addresses ,so that the hackers could be reasonably traced.
Never forget 3 mile Island and never trust a government official or company spokesman.
These sorts of 'newsflashes' don't strike me as news at all. Who *didn't* suspect Blizzard had been hacked? It's just like them to deny deny deny. By the time they finally do admit, you're past the point of caring- you already knew.
Blizzard, listen to some dirty south hiphop on this and other PR issues:
"I know you like to think you s*** don't stink, but lean a little closer...". Blizzard, your s*** does indeed stink.
That is exactly right, and we're not saying NO to save WoW, because it is already a lost cause. We are saying NO to dissuade the next group of greedy suits who decide to emulate Blizzard and Cryptic, etc.
We can prevent some of the future games from spewing this crap, but the sooner we start saying no, the better the results will be.
So - Stand up, pull up your pants, and walk away.
- MMO_Doubter
Or running scripts of some sort: ie. mods. Which are maintained to be safe, despite Blizzard deeming them allowable.
So on one hand we have a 'failsafe' authenticator. And the other, a green light to encourage scripting while running the client the authenticator is for.
The net result is the same. Thus, a poor 'promise' to a consumer-base who might do only what you give a thumbs up to do, as they could end up getting screwed in the end.
That is exactly right, and we're not saying NO to save WoW, because it is already a lost cause. We are saying NO to dissuade the next group of greedy suits who decide to emulate Blizzard and Cryptic, etc.
We can prevent some of the future games from spewing this crap, but the sooner we start saying no, the better the results will be.
So - Stand up, pull up your pants, and walk away.
- MMO_Doubter
Woo, "Blizzard Authenthicator HACK".
Got to love how these press sites make some drama. Nothing new there, just people getting keylogged as usual with the extra of being instantly hacked instead of before, after all, they will need to login with your account before the current code expires.
You will never ever be 100% secure, especially if you got an unauthorized .DLL downloaded into your computer.
That's an interesting coincidence.
Today I was reading about this inventor's device (I think it was business week)which he claims is completely hacker proof. Of course people doubt that his claims are true but he essentially created a device that acts as an "internet condom" between the internet and a computer system.
The device is the size of a book and essentially is a read only device.
One of the examples given was that it was similar to having a web cam read a computer screen. That's just an example it isn't a web cam!
Apparently he tested it by inviting any hacker to hack it. If they could he would give them a Harley Davidson motorcycle.
None could.
I don't know the ins and outs but it sounded interesting.
Godfred's Tomb Trailer: https://youtu.be/-nsXGddj_4w
Original Skyrim: https://www.nexusmods.com/skyrim/mods/109547
Serph toze kindly has started a walk-through. https://youtu.be/UIelCK-lldo
You were hacked. They enabled the authenticator to prevent you from logging in while they did their business.
Yeah, I realized that, lol. I just got off the phone from waiting about an hour, nice guy, everything is back to normal now. I haven't played in ages though...
Just because someone gets a .dll file that is not supposed to be there does not mean that the person does anything bad. The internet is never 100% safe ever no matter what methods you take to protect yourself.
All it takes is visiting the wrong site and you can be infected. But there is millions of other ways to be infected. Take valve for example when they had the source code leaked for HL2.