Possible Solution for Hacks

[Astronomy]

As most of you have realized, there is a big increase in the number of hacks happening lately. I'm one of the victims here.

Yeah I know its user's fault most of the time to not to detect that virus (keylogger most of the time) etc. But I'm not a newbie about computers or its security, and it was the first time I was really shocked about my computer and account's security.. (I'm hacked for 2 times in 5 days, after first hack I did lots of scans and found 1 keylogger, and thought i found the problem, which is proven that i was wrong). Now I format my computer, really sure that I'm safe, and waiting for my password from Blizzard.

My point is, we all know that these hacks are occuring for gold. and I don't think there is a way to stop ppl buying golds. And most of the hacks are happening the way that hacker gets your account name and password, changes it immediately, and merges account with battle.net (last trend), etc.

And my possible solution is, in order to merge account with battle.net, and/or change password of the account, the account owner should be asked for his CD-key. Thats the easiest solution, you may be asked for credit card digits, or other stuff too. Moreover, you can send you ID or passport image to Blizzard in order to change your security settings too.

Well, there can be more and more solutions, even better than those. Is it too hard to make things work in such ways?

[Nepenthes]

If you want to sacrifice usability for security get an authenticator. Personally I wish you could use an authenticator on account management and not for the actual game, but at least Blizard offer a hardware security solution.

[Elementium]

You just have to be careful. Remember that there's consequences for going on shady sites and run a virus scan frequently. Also I've never got a gold selling e-mail or anything like that so I must be doing something right :P

[Lostprophet]

"NoScript"

[Varon]

Sure solution against account compromisation:



All the keyloggerboys who wanna steal your account just get a nice "You can't touch this!"

Also merging your account to a battlenet account helps ... because then noone other can merge it to a battlenet account ... so uh ... get the point?

Authenticator >all

[Dedweight]

"NoScript"

Noscript will prevent them from running through your browser, it in no way prevents you from downloading a keylogger from what seems to be a legitimate file.

NoScript helps in preventing you from getting hacked but its far from being a Solution.

[bbr]

Sure solution against account compromisation:

You'd still have the keylogger, so all your other passwords - including your email would not be safe.

And noscript doesn't prevent stuff like adobe flash, since you usually trust that - and that's where the last two keyloggers came from.

[AetherMcLoud]

Best solution ever: use your brain.

[Pheonixis]

You still do not get hacked. You get keylogged. Somewhere, somehow, perhaps you clicked a stray link someone send you, you downloaded some weird file, you did something that allowed a keylogger to get installed on your computer.

[Aknot]

Best solution ever: use your brain.

People dont do that anymore. They want someone else to do the work and or take the blame for something they should be doing and or did in the first place.

[Stormwish]

If you want to sacrifice usability for security get an authenticator. Personally I wish you could use an authenticator on account management and not for the actual game, but at least Blizard offer a hardware security solution.

^ This.

The authenticator makes you completely unhackable unless you give your authenticator away.

[Varon]

You'd still have the keylogger, so all your other passwords - including your email would not be safe.

And noscript doesn't prevent stuff like adobe flash, since you usually trust that - and that's where the last two keyloggers came from.

Sure, but regarding account security the authenticator is solution no.1 ... and someone said you sacrafice usability ... thats just BS ... how much usability do you get from a account that got stolen?

Entering an authenticator code is not doing a fractional differential equation reversed on blessed papyrus with your feet in goatblood ...
it's just 6 friggin numbers

also turn off all javascript flash and so forth ... or scan every DL you make and run systems scans on a daily basis ... eg. scaning your system and then shutdown ... some scaner suport those functions to perform and shutdown afterwards ... task shaduling allows to chain all sorts of scanners and also alows to shutdown afterwards

[Aknot]

Sure, but regarding account security the authenticator is solution no.1 ... and someone said you sacrafice usability ... thats just BS ... how much usability do you get from a account that got stolen?

And how much usability do you get if that keyfob is lost? As for No 1? No it is not. No 1 is what you should be doing in the first place with good computer security which includes but is not limited to:

1. Secure UN/PW combination.
a) Don't use a UN easily traced back to Warcraft
b) Don't use a PW easily "guessed"

2. Update your PC on a regular basis with software, OS, virus and malware protection to include regular scans.

3. Don't share any personal data with anyone.

4. Do not visit questionable sites (on the PC you use for WOW)

The keyfob is great for people that:

1. Share a PC with others. Obviously then you are not in control of everything.
2. Travel and use networks (to include internet cafes, friends house, etc) not under their control.

There are a few others however if you get compromised (it is not being "hacked") while following those simple rules above you really shouldn't own a computer that connects to the internet.

[Varon]

And how much usability do you get if that keyfob is lost?  As for No 1? No it is not. No 1 is what you should be doing in the first place with good computer security which includes but is not limited to:

1. Secure UN/PW combination.
a) Don't use a UN easily traced back to Warcraft
b) Don't use a PW easily "guessed"

2. Update your PC on a regular basis with software, OS, virus and malware protection to include regular scans.

3. Don't share any personal data with anyone.

4. Do not visit questionable sites (on the PC you use for WOW)

or just lock up your wow pc somewhere in a military bunker and never ever download something directy to this pc and run mulpile checks before deploying anything to this pc ... well uhm yes ... anyways keylogger can f*ck up any username PW combination ...

just don't lose authenticator and your fine ...

The keyfob is great for people that:

1. Share a PC with others. Obviously then you are not in control of everything.
2. Travel and use networks (to include internet cafes, friends house, etc) not under their control.

or for those who don't tend to lose their keyrings and just want some more security added

[bbr]

1. Secure UN/PW combination.
a) Don't use a UN easily traced back to Warcraft
b) Don't use a PW easily "guessed"

Battle.net.
You don't get to choose your username, you login with your email now... sad yes i know.
Blame blizzard's AMAZING foresight for that retardedness.

[Aknot]

Battle.net.
You don't get to choose your username, you login with your email now... sad yes i know.
Blame blizzard's AMAZING foresight for that retardedness.

You mean your email address that you set up only for WOW. You know the one you don't use anywhere else.

[Aknot]

anyways keylogger can f*ck up any username PW combination ...

Only if you get one in the first place. Learn to take responsibility for your "stuff". I have had an account since day one. Nary a problem and unless all of a sudden (based on the info above) I need to I will never get a keyfob.

Issue I see (with people like you) is you get a keyfob then "forget" about everything else. You do realize those keyloggers are derivatives of other keyloggers, which were originally created to go after other stuff.

Of course your sloppy security keeps me in business.

[Spronny]

I find it quite funny that people get hacked and complain. from windows XP to windows 7 the default settings are to notify/ask you permission to run/download programs. I don't use other operating systems. So, if you choose to turn off those notifications about a possible unsecure download or a program is asking to run that you didn't initiate then you full well better know what your downloading or running.

I've never once had anything on any of my computers hacked. The most i've ever done is cause a blue screen(my own fault, and i knew before hand i couldn't trust the cause). If your going to bad websites and downloading random things you better learn to check it some way. I don't even have any anti-virus/anti-spyware programs on my computers. Shouldn't need them if your not downloading random crap all the time.

[superstargoddess]

You still do not get hacked. You get keylogged. Somewhere, somehow, perhaps you clicked a stray link someone send you, you downloaded some weird file, you did something that allowed a keylogger to get installed on your computer.

Exactly. It is the users responsibility to not do anything to put their accounts at risk. It is Blizzards responsibility to make sure that their end is safe. In the end, 99.9% of the time, it comes down to the user falling for a phishing site, giving their password to a "friend", or getting keylogged.