Battle.net authenticator process updated with smarter log-in detection

Reader Comments (Page 1 of 1)

6-19-2011 @ 11:53AM

Joseph Smith said...

"so they may use system info and a combination of all of the above to generate unique keys for systems"

And once the hackers determine what the algorithm is to determine this information, all they need to do is insert code into their keyloggers to capture this from your computer along with your username/pwd. Since this hash is UNCHANGING, it will always be valid. Unlike the authenticator, which IS a continuously changing code.

Alternatively, they can just continue using man in the middle attacks, which instead of stealing your authenticator code, will steal the 'location id' that blizz has put in.

I don't pretend to know what's happening on Blizzard's side for the authentication, but then I'm not the party that's interested in finding ways around it. Trust me when I say that the gold farmers are already hard at work trying to determine how to get around Blizzard's code without needing the authenticator information, now that the possibility exists.

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.