Skip to Content
7-24-2008 @ 3:21PM
Who cares that the protocol was not followed….the protocol is what has and will fail! Does Blizzard know what you look like? Does blizzard have a single document with your signature? Answer: NOYou want a secure account….it starts and ends with a secure PC (or Mac). If Blizzard really wants to stop hacks they need to start officially “supporting” the popular add-ons and providing a secure site to load them from. Until that happens accounts will forever be at risk.
7-25-2008 @ 10:26AM
Say what? Addons are incapable of doing I/O except to saved variables, and they don't load until well after you've typed the password and the authenticator code. Whatever happened in the case cited in the article, it wasn't the fault of an addon. The *closest* your comment gets to being on topic is that there have and can be problems with the automatic updaters some sites promote, and some of the addon sites have had malware injected (such as through hosted advertising). If you use an autoupdater, which is an exe on a PC, you're an idiot asking to be owned. That exe could contain anything, and you have no way to know. Beyond that, Blizz would only be better protected aginst malware injection if they're site staff is well trained in security procedures. There's nothing inherent in owning the game IP that would make their site more secure.My vote for what happened is a combination of a keylogger and a mistake by a support rep.
7-25-2008 @ 11:32AM
Well, you say my thread is off point and then go ahead and exemplify exactly why it is in fact on point...thxAnyway. To clarify, my point is that the authenticator was a poor attempt to bandaid a severed limb that is account security. The "add-ons" in WoW have and always will be the the "hackers" best friend and front door in. Every account that is or will be hacked starts with the user opening the door for key-loggers, etc, by downloading malicious addons or files. I absolutley agree that users are 95% at fault by not knowing the source of their files and there contents. But, most WoW players are not coding geniuses and simply have to trust "unreliable" sources to get addons. Do you check the code and files in your Omen.zip when it comes across? Would you know a key logger exe if it where in there? I know I wouldn't. All I am suggesting is that Blizzard provides secure addons.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.