and your story isn't sounding right if your officer DID get hacked he/she could have made a ticket along along with the gm and got the money back
No offense..but when has WoW ever been "Hacked"?
Hacking is a felony(a rather severe one at that), The silly stuff you see in game is usually just exploiting, or packet sending/altering. The difference between hacking and the stuff you see in game is like the difference of Jaywalking and Serial killing. They aren't even in the same ball park.
As for how this would be handled - It's the exact same as someone whose Debt Card gets stolen. Only this would probably never happen since you need to do it from the IP the original account holder uses. I'm sure their'll be a lot of fail safes since we're dealing with real money - that only the biggest idiot could screw up.
IE Theirs a way for your acct to be compromised with the authenticater but it's incredibly difficult. You basically have to GIVE your authenticater numbers to a fake site AND your password, then not do anything about it for 5-10 minutes. It's no different from any other phishing site for your credit card info. If you're dumb with it, you'll lose it, the end. :P
Last edited by Yoshimiko; 2011-11-21 at 07:48 PM.
not that I don't find it plausible but I'd like a source nevertheless.
either way you might or might not have noticed this but credit card information is rarely stored accessible to a user, i.e if you look at the credit card number it usually says **** **** **** 1234 or something like that.
this is essentially "online security for dummies", i.e "do not save valuable data in plain text".
also I would like to point out that the few times an authenticator-style security has been broken it has been in a controlled environment for the sole purpose of breaking it.
without going into too much detail authenticator codes are only valid for a very short period of time.
this means that whoever is trying to hack you can't just wait for you to login, steal your code and use it tomorrow. no he has to use it on the spot or else it won't work. this time critical step is a huge issue for attack methods such as key loggers.
it is just not feasible for a hacker to waste so much effort on an authenticator-protected account.
real life example:
who'd you rather date out of two twins, the one who is all over you or the one who ignores you?
Last edited by adimaya; 2011-11-21 at 07:59 PM.
Its called a man in the middle attack and it basically blocks the code you entered from being sent to blizzards' servers, thus giving you an error, meanwhile they use the code that went to them instead to login.
It can be done its just quite rare.
OT: personally yes i do believe that anything that is using the RMAH should have extra "defences" Someone said that you have to put funds into your Battle.net account and not actually through anything else which is a good idea tbf, but i also think there needs to be something else I just personally can't figure out what.
User enters username, password
System prompts for auth code
Man-in-the-middle forces system to display an invalid code error
Hacker on the other end of the man in the middle is waiting with the correct code and promptly uses it access b.net account
Last edited by Tyrianth; 2011-11-21 at 08:16 PM.
(This signature was removed for violation of the Avatar & Signature Guidelines)
they released that statement to cover their ass if and when someone did get hit by a mitm attack
i have yet to see one real claim over someone being hacked while having an authenticator please feel free to prove me wrong
till then while i know it is possible it is very very unlikely to happen and will continue to believe no one has been hit by one
Last edited by OrangeJoe; 2011-11-21 at 09:56 PM.
Like previously stated, if you have an authenticator on your account, if they don't have your authenticator, then they're not getting into your account, unless it's intercepted, and used, within 30 seconds of becoming active. Even less, due to human reaction time via typing and the code possibly not being refreshed at the exact second you look at it.
If you see yourself get disconnected within 30 seconds of logging in and get notice that your account tried to log in somewhere else besides your normal location and think "meh whatever I wont bother", then who's fault is that?