Skip to Content
8-06-2008 @ 7:29AM
Mike,Please take the time to read about security before spreading this FUD.The only way that account could have been compromised is either by social engineering (someone managed to get physical access to the "hacked" person's authenticator to log in) or from a "man in the middle" vector; such as for example a poisoned DNS cache that redirects the WoW login to a fake server, capturing details before passing it onto the real Blizzard servers, but even in that case (a) it would have to be a very fast one-time attack as the authenticator token would rotate within the minute and (b) it would require a trojan to have been installed on the client computer in the first place. Either situation still points to the user being at fault, either for passing on their account and fob to a "trusted" colleague or for nto being vigilant on the malware front. The problem is most definitely not with Blizzard or the Authenticator system which you so clearly show little to no knowledge of understanding.These keyfobs have been around for a long time and there is little to no evidence of them being circumvented without MiM or Trojans, which is probably why they are used by a lot of government agencies as part of their VPN authentication (e.g. my mate's dad who is an FBI agent uses an RSA fob). They are hardware-oriented and as such very difficult to tamper with.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.