Dec 31st 2008 2:47PM Agreed. The IE7 flaw was a pretty big one, especially with it being released before MS could respond with a patch. It sure did get them in gear to patch the browser though.
Dec 31st 2008 2:39PM Cy,
You are pretty much embodying everything that you've complained about to me in your post. Read my post a little more objectively and without emotion and you'll understand the intent of my comment.
For instance, "Is it likely? Probably not". There goes a paragraph of your post to me.
I'm stating that there are too many invalidated assumptions in his post to us. We get the feeling that he's worked for Blizzard in the past, he could still be, never have, or hasn't worked for Blizzard in years. As with much of the "myth busting" the whole article is based on assumption with no facts. That is the theme of my comments, regardless of how much your twisted mind wants to take it out of context.
Dec 31st 2008 2:07PM No one uses just plain keyloggers any more. The majority of malware out there now also send screenshots along with text.
Dec 31st 2008 2:05PM Sarek, yet all security vulnerabilities come from overlooked possibilities. There's no sure fire way to protect from an exploit, many comments in this article agree with that. Likely the detail that is overlooked is the one that people will exploit. Brushing something off as tinfoil hat is not a security professional trait.
Dec 31st 2008 1:59PM "No sane database administrator would EVER store plain-text passwords."
You'd be surprised on this one.
Also with the invention of rainbow tables it wouldn't take long to deencrypt a password. Hacker gets in, rars up the files and then starts attacking the data from the comfort of their own home, or another remote compromised computer. Its simplicity is frightening, and the scope of the problem is low-played when it comes to announcements to the general public. No one is going to freely disclose a compromise unless required by law, and even then it's not always disclosed.
Dec 31st 2008 1:45PM I have to completely disagree with your first myth and use your bias towards the rest of the myths to invalidate your position on this terribly irresponsible entry. Minus the common sense on a few items, your views are subjective based on previous experience. This does not make you an authority on computer security, nor the current business practices of Blizzard.
Myth 1, granted hackers will go for the lowest hanging fruit there is still a gold mine of wealth to be had from Blizzard's data servers. No network is 100% failsafe and to assume such is what separates a pretender from a security expert. I could see where it would be more profitable to funnel in game gold through proxies to sell as opposed to committing credit card fraud, which has far worse consequences legally speaking. It's a fair bit easier to mask gold transfers than it would be to make direct charges off of credit cards that, once detected, would be invalidated and reissued. So you are dead wrong on your assumption that a person with a store of credit card numbers would utilize them to "print their own money". Usually the profit comes off of selling numbers themselves to 3rd parties who take the risk of fraud. But once again, once the initial transactions occur and the problem traced back to the compromised database, all the cards are reissued and the entire list is worthless.
The Blizzard authenticator... once again assumptions are being made that something cannot be cracked, when it's been proven time and time again that all security measures are not flawless. Take a cryptography class and you'll have a good idea as to methods to use to bypass encryption. One thing I've noticed about the authenticator is that it is produced in China. Who's to say that some internal employee in the plant doesn't have the keys to the kingdom? Multi-factor authentication is a large step in the right direction of securing account information, but certain steps must take place to ensure that the token you possess is manufactured with strict controls to ensure validity. I wonder what is in place at the China plant.
I agree with copying and pasting passwords instead of entering them in as keystrokes is not a secure practice. It's an attempt at security through obscurity. If a person owns your machine, they have access to your text file, and if it's not encrypted they don't even have to wait for you to log in to see what your password is.
Blizzard could very well be in cahoots with gold farmers. Is it likely? Probably not, but unless you are an executive you can't really say for sure. Now that Activision has their hand in the pot it's anyone's guess as to how they want to generate revenue. We are already seeing advertisements on the forums for paid accounts, once could argue that advertisers could take advantage of exploits to install key loggers onto your machine just from going to blizzard official forums. Aren't they getting enough money from subscriptions?
I'm sorry, but I don't buy any of this post and rate it as by far the worst thing i've ready on wowinsider. It's this kind of "I'm sure and don't argue with me" kind of thinking that makes computer users become lax with security. The fact of the matter is that any of these scenarios could be true, and remediation plans should be in place to limit the destruction once a system has been compromised.
Please for the sake of everyone, don't make a security thread if you are not a security professional.
Dec 18th 2008 9:18PM Being a small goods vendor is not the role of a mage. Sorry.
Dec 18th 2008 5:23PM Great, I'll add this to my list of things people will bug me for as a mage. Port plz? Can I hv watr plx? SLOW FALL ME OFF TO MINES! Much like portal reagents, slow fall costs resources, and people rarely compensate.
Nov 14th 2008 10:17PM I have one of these, not a bad mousepad.
Nov 14th 2008 4:05PM I'd also like to add that even though I took part in the skull/crystals I had no idea about the crates in BB until I just read above. And by the time I heard about the attack at Org, the servers were down for an entire day and the event was over. Even though I was logged into the game and playing, I had no idea that any of that was going on. I feel robbed out of a memory that I should have been a part of.