Jan 22nd 2010 2:11PM @Sparcrypt
While you missed my original intent, you did actually misstate something.
Authenticators are actually close to the be-all end-all to securing your WoW account (I would go so far as to say 95%). If you have an authenticator fob or authenticator software for your phone, then you have effectively introduced the two-pass authentication system on to your account using both the privately held password and the public/private key system of the authenticator device. This is typically considered the best form of user security for establishing communications between two parties.
The final step to being 100% secure is to only divulge your authentication code on Blizzard controlled sites protected with SSL certificates. Most modern browsers show prominent certificate information in the title bar or address bar.
Everything you recommend is great for general computer security, but the message is simple: You can go from being 100% vulnerable to partially vulnerable by implementing the author and your recommended security steps. You can go from partially vulnerable to 100% secure by introducing the authenticator to your account's security features and following the recommended security steps of only entering your auth code on a verified Blizzard owned site.
Jan 21st 2010 8:23PM The funny thing about this whole thread of Sparcrypt's is that it fails to acknowledge the most obvious:
Authenticators are a form of security based on public key identification. Anyone who is serious about security will never suggest that you can safely play WoW without fear of compromise unless you use one. Every single post that suggests otherwise is doing a disservice to the author of this article as she is clearly concerned with the reality of compromises and how it can affect anyone.
Sep 14th 2009 5:39PM The primary problem with all the Mac OS X arguments is that they all fail to address where the WoW client runs: userspace. It's one thing to suggest that the computer is impervious to attack, and in general, short of rootkit type attacks, that argument is valid and it will be fine. But there is no such sandbox protection if a keylogger thread gets launched from your browser and you fire up your WoW client and type in your password (unless you're using fast user switching and playing WoW on a user account with no other apps running, in which case you are forcing a sandbox protection).
You can argue til you are blue in the face that you're smarter than that, and you'll never get hacked because of your platform, but you're wrong. I played exclusively on a Mac since launch and got compromised. I have a fairly extensive knowledge of computer systems, but it wasn't enough to protect me. I was very happy to order my hardware based authenticator the day they were announced. Mixing the standard password based security with a secondary OTP value means that I have an extra layer of security that is strong enough for the world's financial system and many corporations. I fail to see how this is bad, even if you are capable of keeping your system otherwise secure.
As far as this Authenticator update, the issue is that the serial number data is probably stored within a file under the application's package space, but the iPhone OS does a good job of sandboxing application data. Blizzard failed to pre-flight the install with a backup of this data, so that it would be usable by the update. Keep in mind that all iPhone app "updates" are really complete reinstallation tasks, and that the app developer has to do the housework to keep data loss to a minimum. It wasn't "buggy", it was just incomplete. I got the app update on Friday, failed to remove the authenticator but was able to call them before they closed at 8PM PDT and get the situation resolved.
Apr 19th 2009 8:14AM Just yesterday I saw another old honor title used creatively: "Knight Elfpriest".
Apr 7th 2009 4:34PM 1) Please leave Whisperwind alone. What did we ever do to you?
2) Whisperwind is a PvE server. Good luck stopping me on Saturday as I mercilessly slaughter any baby seal in the protest area with many of my like-minded friends who would prefer that the Ron Paul fans and the PETA protesters of the world go take their digital fantasies somewhere else... like outside, where the big room with the blue ceiling is.
Jan 9th 2009 10:06AM @Mitch Do you have an actual link to that statement?
Historically, they've been interested in making the playing fields even, so saying that they don't want people clearing Naxx getting T8+ gear seems like nonsense. If that had been the case in BC, wouldn't they have just not put it into the game?
Saying the opposite of what they actually do in game seems pretty self-defeating and idiotic. They are the ultimate arbiters of what gear is accessible to which characters.
The statement actually seems like something a lot of players want, rather than what Blizzard will ever do.
Jan 9th 2009 9:07AM They kept adding higher iLvl gear to G'eras and ultimately the Sunwell Isle vendor using the same badges. Why would they change that system?
Sep 24th 2008 7:38PM The stoneclaw buff still doesn't address the issue of most of the significant enhancement totems being part of the same element. So basically use stoneclaw and sacrifice your dps or character control. But hey, at least your totems will take 3 whacks by a level 1 character to kill instead of 1! (Please note that 3 is an exaggeration for effect, it may only be 2 by the time this is released to live servers.)
Aug 13th 2008 6:23PM I experienced some issues with playing WoW earlier this year as a TWC customer. It was a pretty easy decision on how to fix it, change providers! It's called a free market for a reason, and voting with your feet and your dollars should inform the ISP that their service's reliability has a value, and failure to perform will force you to find a provider who can deliver it to you.
Feb 25th 2008 3:38PM I too only play on a Mac (I haven't had a PC at home for about 6 years). I had my account compromised in late October. Thankfully, I was able to have everything restored. Like #4, I don't know how it happened, but there's apparently attacks that are platform-independent. WoW is a huge market, and as the eBay and gold black markets demonstrate that there is financial gain, it's not surprising that one of the first attack vectors on the Mac would target the game.