Skip to Content
1-12-2010 @ 2:14AM
Exercises for people with brains:1. Count how many times the pro-mandatory crowd has resorted to vicious verbal attacks against posts arguing against the supposed benefits and necessity of mandatory authenticators.2. Same as #1, but only include comments that also claim that the other side "isn't listening."3. Count how many people honestly believe that hackers are wizards that can do the impossible. Compare to how many people honestly believe in ghosts. The results should amuse you.Fun times.I posted a challenge around page 6/7-ish, challenging people to get my account hacked. I provided three character names and the server they're on. Here they are again: Arlia, Homard, and Makubex on Fenris. If it's as easy to get hacked as so many are claiming, that should be MORE than enough.I'm an honest guy: if I get hacked, I'll not only return and admit it, I'll get a freaking authenticator. As I said before: BRING IT ON.
1-12-2010 @ 9:22AM
I don't believe anyone has said that specific accounts are targeted and "hacked". So your challenge is moot. And a very attractive strawman.Account are compromised through relatively low effort activities such as the spread of keyloggers and phishing. There are other possible attack vectors, but I think they are all relatively low probability.Why should a miscreant go to the effort of trying to compromise your account when he can instead spread a keylogging trojan via BitTorrent and get other people's account information sent to him?
1-12-2010 @ 11:06AM
EXACTLY.And why do you think those activities work?No amount of authenticators are going to stop people from falling for web scams. Wow, their WoW account is safe; too bad nothing else on their machine is anymore, thanks to downloading and opening that attachment from their friend's email address in that email that said friend would never write.
1-12-2010 @ 12:31PM
Those activities (phishing, keylogging) work because, like it or not, there are enough people using the internet who are not "computer people". Would you trust your parents to secure their computer? Your neighbor? The clerk at the grocery store? Any one of these people could be playing WoW, and susceptible to account compromise.In a perfect world, we would all be technically savvy enough to protect our computers and data. However, it's not a perfect world. And we all have to deal with the consequences of that. Blizzard has no way of determine who is and who is not capable of securing their computer.As this discussion is about Blizzard's authenticators and the security of your WoW account, I am going to choose to ignore your irrelevant conclusion regarding total system security.I am neither opposed to, nor in favor of mandatory authenticators. On a voluntary basis, I am of the opinion that you are not doing all that you can to protect your data and WoW account if you do not have an authenticator. Even though I was at low risk of compromise I chose to get an authenticator. Prior to getting the authenticator I was already:1) Running a Juniper Netscreen SSG-5 appliance at the edge of my home network. It has the Anti-Virus, Deep Inspection and Web Filtering features enabled. They are all configured and active. My screening and policy rules are restrictive.2) My OS and all applications are patched and up to date. My OS choice is irrelevant to this discussion, but I do run Mac OS X. Just because there are presently no known WoW keyloggers for it today does not mean there won't be tomorrow.3) I run AV on my system daily and against any downloaded file.4) I do not use BitTorrent/Limewire/the current P2P client du jour for acquiring music/warez/whatever. I do use BitTorrent for downloading LINUX ISO's related to work, but they are AV scanned and I confirm the MD5 and SHA1 checksums before use.Even with all of that, I chose to get an authenticator.Ultimately, as things stand today, it's your choice to get an authenticator or not. You pay your $15/month to Blizzard and you accept their TOS. If they change the TOS to require an authenticator, you will get to choose to accept the new terms, or to cancel your account.
1-12-2010 @ 1:13PM
Thank you, Sherlock, for pointing out the pathetically obvious. "And a bird goes tweet" and whatnot.Irony: my commenting on total system security is irrelevant... yet you chose to go into wildly explicit detail into the nature of your home network. Pot, kettle, black? I think so.And yeah, I'm not doing everything I possibly can to secure my WoW account. I could go and actually buy network security appliances (you could have said "router" btw, and yeah that particular comment isn't relevant, so please don't take 5 paragraphs to point that out) and Battle.Net Authenticators.Similarly I could buy a boot for my car. Without one, I'm not doing everything I possibly can to protect that car.
1-12-2010 @ 2:48PM
The details of my home network were intended to illustrate that even for those who are careful, the addition of an authenticator is not a bad idea. Total system security as it applies to protecting your WoW account is not irrelevant."No amount of authenticators are going to stop people from falling for web scams. Wow, their WoW account is safe; too bad nothing else on their machine is anymore, thanks to downloading and opening that attachment from their friend's email address in that email that said friend would never write." The irrelevancy is in your implied argument that a user should not bother protecting their WoW account by any means available, simply because other things on their computer are compromised. Yes, people will continue to fall victim to web scams. However, an authenticator will help prevent the compromise of their WoW account.I would never call a Juniper SSG appliance a router. It's an unified threat management appliance which has routing functions. I would never ask a Cisco router (2600, 3600, etc), Juniper J-series or any other dedicated routing platform to handle security functions. IOS and JUNOS are not firewall releases. PIX OS and ScreenOS are.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.