Page 13 of 13 FirstFirst ...
3
11
12
13
  1. #241

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    The "ZTIC" USB device could be bypassed using a similar method. The weakness again is the environment the programs run in. What's to stop a hacker from programming something that intercepts the network traffic that device uses?

    No security is 100% but the idea is to make it so difficult and time consuming that it is not worth the time and effort to bypass the security. The Blizzard authenticator does that for most cases.

    //Edit:

    After reading your updated post, I see that the methods used to protect against OS vulnerabilities were addressed. However, I still see that it is possible to hijack the data since the device is only verifying a secure connection to the server. If malware is on a system, it can be made to show the user anything or just connect to another server with your provided information. The ZTIC would only be there to confirm data sent to the authentication server was correct. Another security method like this ZTIC is called the YubiKey.

  2. #242

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by TobiasX
    The majority of viruses target a computer; they don't care whether it's a mac or a windows pc.
    There are a number of viruses that specifically target windows pcs. This is a very small number relative to the total number of viruses that exist.
    You're clueless, stop posting as if you know what you're talking about.
    Quote Originally Posted by Primohastat View Post
    That toxicity is normal in WoW. Even classic. And it comes from this what so called elitism, spreading everywhere. Average player say that classic is piss easy and every aspect can be done with minimal effort. But right after that, the same player ignites with rage when someone wants to apply that minimal effort

  3. #243

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Aragon
    The "ZTIC" USB device could be bypassed using a similar method. The weakness again is the environment the programs run in. What's to stop a hacker from programming something that intercepts the network traffic that device uses?

    No security is 100% but the idea is to make it so difficult and time consuming that it is not worth the time and effort to bypass the security. The Blizzard authenticator does that for most cases.

    //Edit:

    After reading your updated post, I see that the methods used to protect against OS vulnerabilities were addressed. However, I still see that it is possible to hijack the data since the device is only verifying a secure connection to the server. If malware is on a system, it can be made to show the user anything or just connect to another server with your provided information. The ZTIC would only be there to confirm data sent to the authentication server was correct. Another security method like this ZTIC is called the YubiKey.
    Yeah, but kernel and BIOS attacks is a completely different league when it comes to computer security and hacking... After a successful attack on that level, there's pretty much little to nothing you can do...

    "IBM expended a lot of effort to figure how to initiate an SSL session within a USB stick, Baentsch said. It takes some processing muscle, and since the USB runs independent of the PC, it does not have access to the computer's processor.

    ZTIC uses a chip from microprocessor designer ARM, and the software has been designed so it can quickly establish a SSL session, Baentsch said. Although it is a memory stick, no data can be stored on it, which also prevents malicious software from infecting it."
    http://pindebit.blogspot.com/2009/03...#ixzz0h19kS3tm

    One strength is that it will also discover attacks, and should in theory be able to boot the user (and making it impossible to log in again for a certain time frame).

    However, the costs related to this technology makes it unlikely that Blizzard implements a similar technology for World of Warcraft. It is simply cheaper to deal with hacked accounts (unless 12M players suddenly want to pay $70 to get a safer account).

    edit:
    I'll admit I have limited experience with this, and haven't spent enough research to state that this is a foolproof solution. But it seems like one of the stronger options available when it comes to online authentication today, and this is also said to be one of the best options available for online banking services today.

  4. #244

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by MurphyPI
    ...
    One strength is that it will also discover attacks, and should in theory be able to boot the user (and making it impossible to log in again for a certain time frame).
    The hack in the original post worked just by key logging or monitoring input and blocking the connection to the real authentication server. With the ZTIC, if malicious code was intercepting the connection, the user should stop (hopefully) and wonder why the security token was inactive/invalid!

    Here is IBM's official video on the ZTIC: http://www.youtube.com/watch?v=mPZrkeHMDJ8&fmt=18

    In their demo, they are showing how to protect the connection to the secure server and validate the data in the case it was modified. The user is still entering information on the Malware Computer and seeing everything as normal. Hackers in these cases don't want to modify the data, but instead send it somewhere else without using the OTP.

  5. #245

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Aragon
    In their demo, they are showing how to protect the connection to the secure server and validate the data in the case it was modified. The user is still entering information on the Malware Computer and seeing everything as normal. Hackers in these cases don't want to modify the data, but instead send it somewhere else without using the OTP.
    Forgive me if I am slow here, but what good is the user name and the static password for the hacker, as long as he cannot use a generated one-time password to actually log in? I still fail to see how this is not strengthening account security drastically...?

  6. #246

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    The hacker wants to steal the data entered BEFORE it reaches the network and become encrypted.
    The ZTIC wants to validate the data to make sure what you entered matches what the server sees.

    ZTIC is protecting the stream of data to a secure server by showing you the information on a secure non-infected device and asking for your confirmation.

    To gain access to a battle.net account, all I need is a username (email) and password. If I can get this information, I can login somewhere else with or without the ZTIC. If we add an authenticator, then all that changes is the time Window that I can use that OTP. Since the OTP is invalid once used, I would need to prevent the OTP entered from ever being sent to Battle.net. This doesn't mean I have to change it; only block it. If changed, it is possible for the ZTIC to display a prompt on the mini device confirming that the OTP I used was the one I typed in. If I just block or redirect it, the ZTIC has no information to validate and remains idle.

    Think of ZTIC as just another computer and miniature monitor. It is a system you trust not to be infected with malware so what it displays is true information. This doesn't stop the user from entering information on the malware system and allowing their information to leak out.

    If ZTIC integrated a OTP generator for login, then it would protect against these attacks.

  7. #247

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Aragon
    If ZTIC integrated a OTP generator for login, then it would protect against these attacks.
    To be honest, I kinda assumed that that was already integrated in such a device, compared to having 2 different devices for authentication purposes...

    By the way, you have an authenticator attached to your account, but can log in to battle.net without it? ???
    That is not something I am allowed to do at least!

  8. #248

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    If I mis-worded something, I apologize. Once an Authenticator has been added to the account, it is required for most battle.net logons.


    http://www.pcworld.com/businesscente...usb_stick.html

    ZTIC is also a smart-card reader and can accept a person's bank card for verification. Once a PIN (personal identification number) is verified, a transaction can be initiated through a Web browser.
    One other added level of protection is if ZTIC is used with a smart card reader ($$$this is what's not cheap$$$), it would be the equivalent of typing a OTP or static password into the device thus protecting against this attack as well (password never typed into the untrusted device).

    Web browsers, however, are a point of weakness for online banking because of so-called man-in-the-middle attacks.

    Hackers have created malicious software programs than can modify data as it is sent to a bank's Web server but then display the information the consumer intended in the browser. As a result, a person's bank account could be emptied. Man-in-the-middle attacks are also effective even if the bank's customer is using a one-time password generator.
    Replace Web browsers with any program on a computer. In this case, even the WoW client.

    The ZTIC, however, bypasses the browser and goes directly to the bank. It ensures that the data exchanged is accurate.

    For example, say a bank customer wants to transfer money. The customer will input US$100 into a form in the browser. The bank's servers will then try to confirm the amount. During a man-in-the-middle attack, the attacker is capable of transferring $1,000 but can modify the confirmation message to still show $100.

    Since it has a direct secure connection with the bank's servers, the ZTIC will show the amount that actually has been requested to be sent. So even if the browser shows a confirmation for $100, the ZTIC will show $1,000, indicating a man-in-the-middle attack in progress, Baentsch said. The user would know to reject the transaction and press the red "x" button on the ZTIC.

    "If malware is attacking your online banking transaction, it will show you something strange has happened," Baentsch said.
    Much of this man-in-the-middle attack talks about modifying the data, not protecting the login details. We assume that if the ZTIC is showing strange information the user has time to call the bank and stop transfers or other fraudulent activity. The account could be monitored for unauthorized access for further investigation and the PC's trust would certainly be under scrutiny.

  9. #249

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Aragon
    Much of this man-in-the-middle attack talks about modifying the data, not protecting the login details. We assume that if the ZTIC is showing strange information the user has time to call the bank and stop transfers or other fraudulent activity. The account could be monitored for unauthorized access for further investigation and the PC's trust would certainly be under scrutiny.
    The secure connection is between the dongle (ZTIC) and the server. The dongle and the server can do password-authenticated key agreement based on OTPs, and since the dongle cannot be modified by the attacker you are immune to the end host modification attack (e.g., "man in the browser"). Your client on the PC simply tells the dongle to execute a transaction (e.g., wire X amount of money to Y) instead of directly communicating with the server. The dongle can then display the actual transaction that it is about to perform and allows the user to cancel it on the spot if it is fraudulent.

  10. #250

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I have become very frustrated with the state of PC security. We have a few computers at home and my wife's laptop ended up becoming infected with a trojan that Symantec AV Corp, Microsoft Security Essentials and Spyware Doctor all would not detect. The only reason I found it was looking through the system32 folder and noticing a suspicious dll with a recent modification date.

    Pair this along with the fact that there are constantly zero day exploits for IE and it is to the point that you need a dedicated PC for gaming that you don't do any browsing, facebook, etc on. That is what I have ended up doing. I have VMWare Workstation installed and I do all my browsing on an Ubuntu VM; on the main host PC I rarely open IE or do any other browsing.

  11. #251

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Isn't the hack problem easy to fix by splitting the 6 digit into two 3 digits? While logging in the system first asks for the first 3 digits (which ofcourse can only be used once) and then asks for the last 3 digits. When the trojan gives an error after you used the first 3 digits, you wont be able to show him the last 3 digits. When the trojan gives you an error after the last 3 digits, he will not be able to use the first 3 because you already used them.

  12. #252

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    There aren't that many zero day exploits for IE any more. They just seem common because of past history and the larger amount of news that happens when one is found. Of course, I'm referring to using the latest technology available such as IE 8 and Windows 7.

    I would suggest you try Kaspersky or ESET or some other AntiVirus that includes HIPS functionality or a better firewall with anti leak capabilities (Comodo Firewall Free).

    As for the 3 digits, what you need to understand is once malware is running on the computer, it can do anything it has rights to do. In the case of malware loading inside a program like WoW.exe, there is nothing to stop it from just accepting the first 3 digits and then accepting the last 3 digits and sending that info to the hacker. On the other hand, if you thought you were infected, you could put the wrong info and question why it was accepted.

    The way the authentication system works, this would require more load and complexity on the servers and more trouble for most of the normal non-hacked users.

    What Blizzard could do to protect against this dll injection is have the wow executable watch for injected threads and dlls and remove them from memory... or at least warn about them. Some legitimate programs do this (like Logitech mouse/keyboard software) and this security could break their functionality or produce a lot of fake warnings (massive support calls inc). Even if this done, dedicated hackers will only move to lower levels of attacks (rootkits at user to kernel level) to bypass this security. Fortunately, Microsoft has made Vista/7 x64-bit mostly immune to the kernel hacking so perhaps this threat will shrink when people stop using a 9 year old OS.

  13. #253

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    I'd be shocked more out of curiosity than sorrow if they decided to pick me to hack with authenticator.

  14. #254

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by Aragon

    As for the 3 digits, what you need to understand is once malware is running on the computer, it can do anything it has rights to do. In the case of malware loading inside a program like WoW.exe, there is nothing to stop it from just accepting the first 3 digits and then accepting the last 3 digits and sending that info to the hacker. On the other hand, if you thought you were infected, you could put the wrong info and question why it was accepted.
    Ah you are right about that. I already thought that my solution wouldn't work, but I had to give it a shot.

  15. #255

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    oh noes.....teh tadpoles.......
    I once killed a ret pally, but he was on half HP, Afk, and i think he was an NPC

  16. #256

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Though is it not the case that the dongle communicates via your PC ?
    It cannot connect to the server through its own means so the PC is used as a conduit for that, and so is just as vulnerable to an attack, perhaps more secure but does not eliminate that same vulnerability.
    Quote Originally Posted by DeadmanWalking View Post
    Your forgot to include the part where we blame casuals for everything because blizzard is catering to casuals when casuals got jack squat for new content the entire expansion, like new dungeons and scenarios.
    Quote Originally Posted by Reinaerd View Post
    T'is good to see there are still people valiantly putting the "Ass" in assumption.

  17. #257

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    o damn i better watch out. some how im glad my dad has a proxy on my internet.

  18. #258
    Brewmaster Spray's Avatar
    15+ Year Old Account
    Join Date
    Mar 2008
    Location
    /over/here.php
    Posts
    1,319

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Quote Originally Posted by TobiasX
    7 words: You Are Not More Safe On A Mac.
    actually, it's 8 words.

  19. #259

    Re: Authenticator Accounts Hacked, ICC Quests, Crimson Deathcharger

    Get a IMAC and a Authenticator and u can't be hacked ;D

  20. #260
    The first site I Google'd said that "emcore.dll" was the virus. So I searched for that on my computer and I deleted as many of the files (actually named "wbemcore.dll") and later I did more research and apparently wbemcore.dll is a safe program and the extensions are the viruses. None of my scans (AVG, Avast!, Malwarebytes) picked up on the file.
    Can anyone confirm that it is actually the extension that is the virus? I got rid of the extension and the only 2 files that are left are the ones in Windows/sys32 and Windows/servicepacksomething
    I'm scared to log in :s



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •