Jul 11th 2011 2:33PM "Herbivore boys" and "carnivore girls." It's a mixed up, muddled up, shook up world.
Jul 8th 2011 9:31PM -----
cyanea85 Jul 8th 2011 2:42AM
Why would they then change that and risk going back to rampantly high hacked accounts if they didn't think what they were changing to was as robust as having you enter your code everytime?
Just because they believe something, doesn't mean they're right. The industry is full of examples. I think Blizzard has nothing but good intentions (and yes - I think their Authenticators were a great step). But knowing the history of infosec, I'm concerned that Blizzard has made a fundamental yet sadly common mistake of believing they can implement secret sauce that's better than vetted solutions.
Jul 8th 2011 1:02AM -----
cyanea85 Jul 8th 2011 12:40AM
They're not making this shit up as they go. There's still serious security functionality at work even when you aren't required to type in your Authenticator code everytime.
We don't know how "serious" the security is. They've arbitrarily replaced a vetted system for an unknown system. And that's the rub. Security is hard. It's easy to make mistakes.
Jul 8th 2011 12:20AM -----
DonNochay Jul 7th 2011 11:23PM
Interesting. Are you God perhaps? Because you're obviously claiming to be omnipotent and all-knowing. Quit making massive assumptions.
Play the odds. The devices present a challenge to overcome. Doing so would imply that the implementation is flawed, the device has been removed, or the attacker is successfully managing a man-in-the-middle attack. Any one of those possibilities would be a big deal - and very interesting. But the attacks aren't (or should be) trivial and so with the raised expectation of difficulty comes the raised expectation of proof. Details that demonstrate these possibilities are realized tend to be lacking.
"Hackers" take an a mystic air in our digital world. People attribute all manner of supernatural digital abilities to the wiley hacker. Little wonder in a world that inhabits what many consider to be magic black boxes. But the reality is that hackers do have limitations. Overcoming them is part of the joy in understanding how said black boxes work; its what makes hackers tick. But those limitations exist.
Where that leaves us within WoW is a lot of urban myth. When you start to scratch the surface, you might find some details that uncover realized possibilities. But quite often you find smoke, mirrors, rumors, and outright fantasy.
Jul 8th 2011 12:00AM -----
visuallynoisy Jul 7th 2011 9:03PM
I don't understand... I've had this for my Windows 7 Phone for maybe half a year now?
Maybe what you're running is the 3rd party project based on the information gleaned from the Android version.
Jul 7th 2011 11:57PM -----
rhorle Jul 7th 2011 8:57PM
Blizzard paid zero R&D cause they don't manufacture the physical authenticator.
Keep in mind that Vasco doesn't do the software authenticators (Vasco representatives have been very clear to make that plain in public). As far as we know, those are an in-house Blizzard activity. So there will certainly be development cost involved there. Then there's some additional development towards integrating everything. Devil's in the details and we don't know the exact details of the actual cost. But it's very unlikely to be zero for the entire project - pre-packaged hardware product or not.
Jul 7th 2011 8:41PM Gotta love a conspiracy theorist banging on the "follow the money" drum while exposing their ignorance.
Tokens are probably costing Blizzard around $9 each unit - the best price I've been able to find so far is $9.20 per unit in lots of 1000 - 10000 units . And that's without customized graphics. But that's just the token. Support contracts and per-user licensing for a Vasco back-end authentication server could be around $32 per user (which doesn't account for the expense of personnel supporting that infrastructure). Which is a steal compared to some competing products. RSA SecurID tokens go for $50ea not including authentication infrastructure, licensing, and support contracts.
Granted - I'm not a Blizzard insider. I don't know exactly how much their pricing is. But it's a reasonable guess that they going to be getting similar pricing as anyone else looking to buy the same product. Still, they could have hashed out a real sweetheart deal that drops their pricing even further. But that would be a hell of a deal to break even with the retail price of the Authenticators, much less hit a profit which could be reasonably labeled as a "cash grab".
One other comment... there are no guarantees in the realm of information security. There is nothing you can do to "mean you won't get hacked". But one can identify risks and mitigate those risks to the point that you are a difficult target and less likely to be compromised. I have never had my desktop system nor my WoW account compromised. But I bought a hardware Authenticator. $6 is a bargain for excellent technology that you've ignorantly dismissed as a "silly little toy." (Although if one were to now start talking about what Blizzard has done to potentially undermine that technology recently, it'd be a different conversation).
Jul 7th 2011 11:52AM -----
Ilmyrn Jul 7th 2011 11:30AM
Now THERE'S a Tinfoil Hat article.
Jul 5th 2011 3:52PM I remember just before the first BG was out (WSG). That previous April Fools Day joke was introducing the much-anticipated BG feature as a WCII mini-game played between you and an opposing faction player.
Jul 5th 2011 3:50PM -----
Amaxe Jul 5th 2011 1:57PM
Personally I miss the whole Dishonorable thing, though friends who were hardcore PvPers (I was casual and only got up to Sergeant Major) tell me they don't.
I have to say, I don't miss it. It was a nice idea. It just didn't work out too well.
Our group was involved in a fair amount of world PvP. Astranaar was our main defense point. As such, we were constantly responding to attacks and heading out to do some in-kind. Nothing ruined an evening of good battles than someone screwing up, killing a civillian, and then having various individuals rage out of the raid due to lost honor. It didn't happen often; our crew was pretty good at avoiding these things. But it wasn't always just our crew. And in the heat of battle, mistakes are made.
With that in mind, killing quest hubs happened before dishonorable kills. Killing quest hubs continued with DKs (we had one rogue who used to love ripping Astranaar to pieces and wore his dishonor as a badge of pride). If killing quest hubs happened more after DKs were removed, then it was probably pent up rage from previously lost honor. ;) I don't really think DKs solved much or made the game much more enjoyable (and I'm not a griefer who thinks ganking newbies is the reason to be on a PvP server).