Your explanation is a little bit more complicated than needed but yes you got it right.Originally Posted by wooshiewoo
The hacker would only be able to delete one piece of your gear. Just expand the need of a key for this action.
I stopped reading here.Originally Posted by Whoopsa
I have a authenticator and I don't regret. It does prevent standard keyloggers. The current hack isn't a standart keylogger since it has to alter/block your internet packets. It's not that common than classic keyloggers. Also it prevents the hacker to change your password since three consecutive keys are needed to detach an authenticator. I know he only needs one key to change password but that would also lock him out because you can't feed him any keys then if he doesn't detach the authenticator.Originally Posted by wooshiewoo
Also I have an IPhone, free authenticator for me, hehe.
Yes the USB authenticator is time stamp based. Whenever an action requires a key, the key is sent to the server first. The key then expires. It's possible that authenticator and server desynchronize after this process. Therefor the server sends a time stamp to the authenticator to synchronize again.Originally Posted by wooshiewoo
If the time stamp gets logged by a hacker, he can't do anything with it because he doesn't know the registration key.
The IPhone version of the current authenticator already has a Synchronize button.
Sort of, but it isn't any more complicated than this -
1) You type your authenticator code in
2) Your sent information goes to the hacker instead of the game server
3) Hacker logs on
Yes there is slightly more to it than that, but those 3 points are pretty much how it works. It is simple to explain. (although i would have no idea how to actually program that hehe).
The hacker has to block player's connection to the server or he has to reroute the information to himself. Both are more difficult to achieve. With my knowledge I could write a keylogger: You have to "demonize" this program. That would cause it to become invisible to the player (only visible in task manager). Then it has to listen to keyboard inputs. But since the keyboard is standard input for every program I don't really have to program it, lol. Safe the log somewhere and after some time create a packet with the log as content and send it.
Stopping or changing a packet is more complicated because you have to first know on which "channel" WoW communicates with the network card/OS. If the hacker manages to find out, he wins.
As you see. Simple keylogger, no knowledge about the client needed. Current hack, must know communication "channel". I don't think the author of the current keylogger will share this knowledge with anyone. He'll want a bigger playerbase for himself.
You left out my last suggestion in your summary.
1) The player has a USB stick that generates the authentication key (OTP).
2) This stick isn't needed to play WoW or to logon.
3) The player logs on as usual.
4) Whenever the player does a money/items based action (except looting) he has to connect the USB stick.
5) The USB stick sends a OTP to the server to confirm one action. The next action requires a different OTP.
6) If the player unplugs the USB stick money/item base actions can't be done.
If you get hacked, the hacker can only do one action. Therefor the damage is minimal.
Your steps don't compute, because the USB stick is only connected when you do one of those actions. Plug in, sell, unplug. The window of opportunity is very small for the hacker. It wouldn't pay off. The hacker would have to wait the whole time till you send the first key. And after a few seconds he won't be able to do anything again. Since he can't see exactly when you unplug the USB stick, he can't know when to stop controlling your character. This would cause the client-hacker-server chain to desynchronize and hints you at an attacker.Originally Posted by wooshiewoo
Also I'd like to stay semi-afk for a long time, only watching the chat. That's a lot of time lost for the hacker.
About your factors:
Yes rendering that many authenticator completely useless would be painful.
A on/off button could solve the problem of straining the material.
If people don't unplug their USB stick when not needed, then that's their own fault. Why people don't leave key in the lock when they leave their home? It's convenient...
Bandwidth shouldn't be an issue since the code only takes up a few bytes. A 256bit key would need 32 bytes of extra traffic. It's considered safe because there are
(big num inc)
115792089237316195423570985008687907853269984665640564039457584007913129639936
possible keys.
Generating keys for every player at a very fast rate could be a problem. I'd say doing this by using a software can slow it down. But using hardware only, similar to the one I described earlier, could be fast enough.
I know what you're thinking^^. Not every USB stick needs its server counterpart. Blizzard stores how authenticator and accounts are matched (they already do it). If the server needs to validate a key, it sends the matching authenticator registration key to one of several key generator which then is able to produce the matching key.
Since electricity travels at light speed, the actual calculation is instant.
A problem I think of is the cost involved. Both USB stick and server's key generator are specially tailored hardware and expensive to produce.
1) The hacker wouldn't do that. He would attract too much attention and give you the hint to check your system for trojans. Also this would be a waste of time for him. He hacks accounts to make money. "Time is money, friend."Originally Posted by wooshiewoo
2) Annoying but necessary.
3) Would people leave their key in front of their door? Putting a on/off button on the stick should help.
4) Before responding to this, let me show my idea to prevent what's stated in you edit because they are related.
The USB stick gets a button. A single key is generated when you press the button. So every critical action requires a button input on the USB stick. The hacker can't mass buy stuff anymore since you have to physically interact with the USB stick.
Also the key is tied to the action you want to do (eg sending a specific amount of gold), can be done by encrypting the action with the key. Therefor the hacker can't intercept the key and change the action. Since the action and key are tied together a server request isn't needed because it can be done by the client. This way the hacker cannot fool the player with a false key request.
Returning to 4) Since we can't tie the key to action in the account management (the browser is outside Blizzard's regulation) we have to emulate this. I don't know how to say it in a elegant way. I'll explain it:
eg If you want to change your password, you have to send the first key, skip the second and then send the third. It is a hassle because you have to either unplug the stick and press the button to skip or wait for the key to expire. But the only actions I see that need this are if you want to change your password, change your email address or change the authenticator (USB stick).
The hacker may see all your personal information, but since he successfully hacked you he can do that anyway. If use an IM client he knows who your friends are. If use Amazon he knows your address and bank information. He can even find out what kind of porn you prefer.
I think that the account itself is safe now. Your privat information not. But Blizzard can't do anything about it.
The first thing that came to my mind to make the USB key update-able is to make it two sided. One side is software based which allows for updates. The other side is hardware based which generates the key. The hardware side would also act as a firewall. So if there are updates available you plug in the stick using the software side. To check the integrity of this side a checksum of it can be calculated by either client or server. If you want to play, you have to plug in the hardware side and do as usual.Originally Posted by wooshiewoo
I don't say that my ideas are failsafe but I do think it's one of the best solutions made in this thread. Only those post about how to make your computer safe yourself are better ^^.
Regarding QKD: It's still under development and not applicable in our situation. The cost to produce these hardware for every WoW player would horrendous. On top of that Blizzard needs every counterpart. Also there are reports of successful attacks.
Don't misunderstand if wiki says that the one-time-pad is impossible to crack. To crack a key means to recalculate the key without knowing every detail involved to generate it in the first place. That doesn't mean a hacker can't try to get the key in another way. Also you have to know that one-time-pad is the same thing as one-time-key (OTP) used by the authenticator.
Although you got the idea about the hardware/software side idea wrong, I won't explain it in detail because the outcome would't change much. Just let me tell you that the hardware side uses the software side to generate key+action bundle. Since a hardware based (irreversible) algorithm acts like a firewall the software is invisible. The endpoint key is on the hardware side. It can't be obtained by the hacker and can't be changed. Software side can be updated though, which is enough.Originally Posted by wooshiewoo
I agree with you that this solution may not be 100% safe. But at least it should be able to minimize the damage a hacker can cause.
Your reason that this idea is impractical:
1) That's the users decision. I personally think pressing a button for every critical action is not that annoying. If you're that lazy then you may also use a single digit password. Too bad Blizzard doesn't allow accounts with no password.
2) On this point I agree with you. But I think you mean maximize because a high performance is actually a good thing.
3) I said already. The hacker doesn't gain money by doing this. They won't get paid for grieving (I think I just discovered a market niche, lol). Also this would hint you to check your computer for trojans.
4) Agree again.
If you don't want to use the USB stick, you don't have to. But don't ask for better security from Blizzard because they already offered you a solution that is within their power. Every hacked player had their computer infected with malware first. Securing your computer isn't Blizzard's duty. It's yours.
This is not especially directed at you wooshie but everyone.
A little bit confusing to read wooshie but I think got it. I agree with you on the technical part but saying Blizzard failed because they didn't see the "obvious" is just wrong. It may be obvious for you with the knowledge you gained while participating in this thread but not necessary to everyone else. Not even for Blizzards employees. Or maybe they saw the problem but hoped that nobody would figure it out. There are a lot of script kiddies out there who don't know anything about hacking but could get their hand on those malware.
Even you didn't see the "obvious" when I explained why a hacker is able to relay information between server and client without getting caught (and without a fake server).
You also didn't see the "obvious" when I said that a hardware based Jablon generator is safe. But both were obvious to me.
I didn't blame you so please don't blame other people.
Blizzard security is fine even without authenticator. Every hack was done by infection the player's computer with a malware. Every attack was directed at the computer. Not the client files. Not the server. Not the connection. Even the current MIM attack is only possible because of a trojan on the computer.
If a robber gets into your house because you left your windows (pun intended) open. Who is the one to blame? Certainly not the architect.