Skip to Content
3-18-2011 @ 3:38PM
I love that WoW is safe while the tokens used by the huge global company I work for aren't.
3-18-2011 @ 3:45PM
What makes you certain that wow is safe?
3-18-2011 @ 3:47PM
I'm sorry that you were unable to properly interpret my comment as "WoW is unaffected by this particular hack." Next time I will endeavor to remember to post all comments in the form of a complex diagram showing my exact meaning and excluding all other possible ridiculous interpretations.
3-18-2011 @ 3:52PM
The article indicates that EMC had their networks infiltrated, not that someone has figured out how to remotely predict the 6-digit key a given RSA device will cough up.Now, the questions are: 1. why didn't EMC use their own product to enhance security ?2. did the people who hacked EMC use access to the EMC network that is not protected by a RSA key?
3-18-2011 @ 3:57PM
Along with the complex diagrams, please include interesting or informative content as well.
3-18-2011 @ 4:03PM
@pwn3d:Here is a diagram I believe may assist you in comprehending this comment thread.http://i54.tinypic.com/257davm.jpg
3-18-2011 @ 4:07PM
What's not interesting about our MMO video game accounts being more secure than, say, the network of a cyber-intelligence firm like HBGary or whatever undisclosed major corporation for which Sleutel works?
3-18-2011 @ 4:11PM
3-18-2011 @ 4:40PM
Okay, since Sleutel won't explain it to you, allow me.According to the article, the data that was hacked was more along the lines of source code to how the fobs work.The Blizzard authenticator is already well known and if you want to make an app that imitates the Blizzard authenticator, you can.The data that is missing as to why WoW is safe is the combination of the internal key unique to the fob, the exact time the database server has, which it uses to encode they key and come up with the expected authenticator code, and what account that fob is associated with.As long as that database is safe, which it is, which those that use RSA is still, and so on, then your account is safe.
3-18-2011 @ 5:47PM
Sleutel there is no reason to be an arrogant ass. He quite rightly asks you how you know. And the fact is you don't know. You want to believe. Of course a company is going to say they are safe, no company is going to say "we are totally insecure, and if you use our services you may get hacked."People believe that statement, but they don't know.
3-18-2011 @ 11:13PM
I actually could write at some length about PKI, security tokens and wow security specifically since I have a background on those topics. But seeing what posts get highlighted and what gets voted down around here illustrates to me that my time would be better spent explaining the concept of newspapers to my dog. A few people wanted to discuss the subject, but a few seem determined to blather on this subject which they know little about as they seem to do with every other topic.
3-18-2011 @ 11:56PM
@pwn3d:It was nice that you turned that hardtoken keyfob in to lost and found that one time, but I'm not sure it quite qualifies as a "background."
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.