Page 9 of 13 FirstFirst ...
7
8
9
10
11
... LastLast
  1. #161

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Craze
    What "own key" are you talking about?
    A user with an authenticator already has 2 "own keys". 1 is his password and one is the random clock in the authenticator.
    The way this hack works is that it just reads keystrokes in real time, changes the code you put in and send that to the server. In which case the server responds with an error telling you the code is wrong.
    The "own key" is a encryption key defined when the account in created... But of course (as indicated in my original post), the hacker don't have to bother about how the reply message is created or what it means, he can just log on with false credentials to get such a response generated (and re-send to the client)...

  2. #162

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by XemnasXD
    I never considered keylogging a hack. I mean basically someone is downloading something bad onto there computer. Its not the the keylogger forced its way on there.
    Yes it is. You can't expect everybody in the world to be computer experts. Often the malware exploit bugs and bad programming in the software people use.
    I wanna go back to my trainer and learn a new spell in the next expansion! And we all need to be able to fly from day 1 ! (And fly over the Exodar and Silvermoon on our own mounts!)

  3. #163

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Kathor_
    The "own key" is a encryption key defined when the account in created... But of course (as indicated in my original post), the hacker don't have to bother about how the reply message is created or what it means, he can just log on with false credentials to get such a response generated (and re-send to the client)...
    The biggest problem with security is just allowing everyone to login from anywhere on any machine.
    If you want to make this more secure you'd need to make either of these things unique. Be it with a token on the machine the user is using or limiting the account to only connect from a certain IP.
    Of course this would make things way to complicated.
    Encryption wouldn't really help if the attacker can just read your keystrokes.

    What blizzard could do is check if a succesful login occurs from a different IP right after a failed login. This would make things a whole lot more complicated.

  4. #164

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    yeah no system, not even authenticator, is entirely 100% dumbproof, but if you are not a fool, you should never get hacked even without the authenticator. 4 simple tricks

    change your password often.
    dont open emails, attachments from people you are unsure of.
    dont go to websites you are unsure of.
    dont download files you are unsure of.

    when all those fail, best bet is to use a virus protection client and the authenticator.

  5. #165

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by skyclops
    Never been hacked in wow 4 years now
    Dont use a authenticator
    basic common sense will always keep you safe n secure
    I'd say pretty much everyone says this....until they get hacked. As has been responded too, tons of software avail and on computers, java, flash, etc... have and probably will again have vulnerabilities that can and will be exploited.

    An authenticator is just another level of protection.


    Also add to those that say it's unlikely because of a small window of opportunity, and while true, and someone can correct me if I'm wrong here. They may not have to log into WoW, just log into battle.net, or your wow account and do damage that way and then be able to get control of your account. then you won't be able to log back in, but I could be wrong here.

  6. #166

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Wolrdofraids has more info

    http://www.worldofraids.com/topic/15...c524f70d937c61


    this might be a lil cleche' but they have good info and mmo-champ does not right now.
    Made from:
    50% Win, 50% LOL, 50% Legend... That is 150% mother*(#^$*!!!

  7. #167

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quick note:

    Trojan != Virus

    A trojan acts like normal software while allowing unauthorized access to a computer (hence the name Trojan Horse).

    A virus is a self-replicating program that corrupts already present files.

    A worm is self-sufficient, self-replicating malware.


  8. #168

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    That was a long 12 pages of text.

    As people have already mentioned rest assured there is no way to be 100% safe from a virus. Currently google chrome is safest browser and firefox without security plugins is probably the most insecure. Just thought id throw that out there.

    Anyway last I tested the keys do not die after 30 seconds. They last about 15minutes. You can generate a new key every 30 seconds and if you use a key then all keys created after it become invalid until you generate another key. Did that make sense?

    Also I would not consider this as a man in the middle attack and I don't think most people would classify this as one either.

    EDIT: Disregard my request for a copy of the virus. I found it.

  9. #169

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by gr1pp
    10/10
    fixed

  10. #170

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Simple solution: whenever Blizzard receives a failed login request to your authenticator account, it changes your authenticator number.

    That way when the Trojan intercepts your login info and authenticator number, it's useless b/c Blizz trashed that number due to the failed login attempt sent from your computer.
    Originally Posted by Ghostcrawler (Blue Tracker)
    We don't think burst is a problem in PvP right now.

  11. #171

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    is to bad ... i play for 2 year and haket 1 time , now .. in PVP 2v2 or Icc10 disconect 389215876185826438721 time .... and save or lost point so ... ani questions !!! for what !!! .

  12. #172

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by stupid11
    Simple solution: whenever Blizzard receives a failed login request to your authenticator account, it changes your authenticator number.

    That way when the Trojan intercepts your login info and authenticator number, it's useless b/c Blizz trashed that number due to the failed login attempt sent from your computer.
    That's not how it works. Blizzard won't trash it because they never received your login and so it never failed on their end.

  13. #173

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I ran a search on my computer for "emcor" and it found three files. wbemcore.dll , wbemcore.lo_ & wbemcore (notepad file)

    wondering if i should delete it, not sure tho because i dont wanna fuck up my computer and it isnt exactly "emcor.dll" what do you guys think?.

  14. #174

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I think it's hilarious that people will go to such extreme lengths to get past the authenticator with this method just to get into a WoW account... when banks use the same authenticator tech to protect vaults.

  15. #175

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Bergenia
    That's not how it works. Blizzard won't trash it because they never received your login and so it never failed on their end.
    The way Boub explained it, the trojan has to send a fake token code to blizz instead of the real one. They don't receive what you typed, but I was under the impression that they did receive SOMETHING.

    If they don't, that seems detectable through Warden or something similar (if they still use Warden), because the WoW client itself would have to be hacked so as not to send out a login request.
    Originally Posted by Ghostcrawler (Blue Tracker)
    We don't think burst is a problem in PvP right now.

  16. #176

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Drawz
    I am wildly offended by the use of "ass" in this announcement. Please keep in mind that this is a game for ages 12 and up. WHY WON'T ANYONE THINK OF THE CHILDREN?!
    I lol'd

    Quite a shame that they're givin away dk mounts ... But its a bit early to talk, better wait to see what u have to do to get it and what are the requisite

    Quote Originally Posted by Bergenia
    Quote Originally Posted by stupid11
    Simple solution: whenever Blizzard receives a failed login request to your authenticator account, it changes your authenticator number.

    That way when the Trojan intercepts your login info and authenticator number, it's useless b/c Blizz trashed that number due to the failed login attempt sent from your computer.
    That's not how it works. Blizzard won't trash it because they never received your login and so it never failed on their end.
    Ez way to do this is allowing ur login page to send via another channel the info at blizzard that the person failed at login so blizz could authomaticly invalidate the number and disconnect the current session ...

    No cookies for ninjas

  17. #177
    Titan Gallahadd's Avatar
    10+ Year Old Account
    Join Date
    Aug 2009
    Location
    Beyond the 1% barrier.
    Posts
    14,177

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    gotta say this authenticator hack stuff is freakin me out :S, but hey, I'm just gunna keep my virus scanner up to date etcetc and hope for the best :P

    P.S. I hearby start a petition to get the tabard of the Silver Hand's name change to Tabard of the BRO FIST!
    Check out the blog I write for LEGENDARY Indie Label Flicknife Records:

    Blog Thirty is live! In which we discuss our latest releases, and our great new line of T-shirts.
    https://www.flickniferecords.co.uk/blog/item/30-blog-30

  18. #178

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Damnit! NO! With the possible addition of the deathchargers as quest rewards, i DEMAND a pally mount....and flight form.....and a warlock mount!

    Ill freakin flip if i ever see a paladin riding my precious Deathcharger -.-.

  19. #179

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Hello!

    first of all, english isnt my primary lang. so if something is wrong sorry


    I have an authenticator and i've used and ARP Poison and MitM attacks on neighborns networks, so i know a bit.

    Ok lets go, when you try to log on your userass:numer isnt sended to blizzard, that the reason of the invalid username box, its sended to the attacker who recieves the data in simple text, since he get the userass:numer he have 60 segs to log in in your account or the code expires, if this happen and u diddnt try to login again he havent the number again to login, therefore, the attaquer only can steal accounts while hes sit on his pc, if he is recording all text in a database and hes sleeping, when he wake up only have the user n pass, all the codes has expired.

    I was thinking a bit more, he can change your password to evade your login, but he cannot login again after steal you, because when hes gonna login again the randomcode is needed again, because to unlink the authenticator from the account you need the serial number printed in the back of the auth.

    if u guees that you are infected, dont try to login 10 times more, doesnt nothing, tell a friend to login your account asap to disconnect the attacker, and dont try to login again until your desinfected.

    btw, if hes recording wow, im sure 100% that hes recording the rest of websites such gmail, hotmail, anything that have login:user

    cya

  20. #180

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I like Wikipedia's examples of a Man In The Middle Attack:

    1. Alice sends a message to Bob, which is intercepted by Mallory:

    Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob

    2. Mallory relays this message to Bob; Bob cannot tell it is not really from Alice:

    Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob

    3. Bob responds with his encryption key:

    Alice Mallory <--[Bob's_key] Bob

    4. Mallory replaces Bob's key with her own, and relays this to Alice, claiming that it is Bob's key:

    Alice <--[Mallory's_key] Mallory Bob

    5. Alice encrypts a message with what she believes to be Bob's key, thinking that only Bob can read it:

    Alice "Meet me at the bus stop!"[encrypted with Mallory's key]--> Mallory Bob

    6. However, because it was actually encrypted with Mallory's key, Mallory can decrypt it, read it, modify it (if desired), re-encrypt with Bob's key, and forward it to Bob:

    Alice Mallory "Meet me in the windowless van at 22nd Ave!"[encrypted with Bob's key]--> Bob

    7. Bob thinks that this message is a secure communication from Alice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •