- Prices that would make Zimbabwe look like a model of inflationary restraint, and:
- What happens when money -- in this case, gold -- loses meaning.
Posts with tag hacking
We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:
Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.
While defrauding people and taking their money isn't anything new, getting busted over it while selling WoW accounts is. From what we understand, the arrest is not for the actual trading and selling of accounts, but for the fraud that went on in the process. The fraud in this case is a criminal matter with very real implications for Mr. Bouffard, whereas the buying and selling of WoW accounts is against the agreed upon Terms of Service, but not against any criminal code.
We've been hearing a lot about misbehaving WoWers lately, from the cougar who ran off with a fifteen year old boy, to Blizzard helping international authorities track fugitives online. This appears to be just the latest in a string of cases for Jack "Hang 'em High" McCoy to lay some law and order down on.
First, how many of you have had your accounts stolen, or know someone that had theirs stolen? Chances are good every single person that reads this post will raise their hand to that question. The problem is not a small one. I'm in a rather large guild, and every few weeks someone has their account stolen and the little bits of our guild bank they have access to go with them. My large guild is also just one guild in a larger guild alliance which suffers the same problems. Every two weeks or so, someone I see online on a regular basis gets their account stolen.
But what's really interesting about this piece is that it seems to treat goldselling as more of an "opportunity" than anything else. The people running the companies are making money, the employees are getting a roof over their head and a steady paycheck, and even the guy making the film talks about how governments should start taking a cut of this industry. Nowhere is it actually mentioned that Blizzard considers these companies to be against the terms of service, or that many times the gold obtained by these companies isn't earned through simple grinding, but by hacking, keylogging, and exploiting. Even if (emphasis on the if) these companies are making millions of dollars a year, they're stealing accounts and cheating in-game to do it.
Rowenna Davis also did interviews with both the gold farmer and a player in the UK buying money from him (bannz0red?), but again, there's no insight at all from the player whose account was hacked and bank was looted, or the player who is able to earn as much gold as they need and have a life outside the game (there are plenty of those to go around). Would have been nice to see the issue from players who aren't actually breaking the game's terms of service.
Article Update: According to MMOwned, they are moving servers, which is the reason their site is offline for some.
Attempts to reach the sites prove unsuccessful.
This is a good thing for everyone that wants to have a more legitimate gameplay experience in WoW, as both of these sites actively encouraged people to exploit bugs, break the ToS, and do all other sorts of tom-foolery that destroyed the game for legitimate players.
Our tipster mentioned that these sites were taken down in part by action taken by Blizzard, however we don't have any proof of that.
I've selected the angry baby picture for this article, since that's how the exploiters and account traders are feeling right now. Buh-bye.
The good news is that, like most virus scares (ever notice that all of the virus warnings come from companies that happen to make their money on antivirus software? In this case, it's Trend Micro, spreading as much FUD as they can), this warning is probably overblown -- even if you are using a browser full of holes like IE, you have to wander off your beaten path of trusted sites to get in trouble. So don't click random links or follow spambait on the forums or in your email, and you'll probably be fine. But again, installing and using another browser is so easy (and will help you so much in the long run) that you might as well give up IE anyway.
Thanks to everybody who sent this in! And yes, I used the old login screen for this post's picture. But don't you kind of miss it?
Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.
Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.
In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues.
In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.
Yesterday, I reported to you that Google (via Stopbadware.org) had marked wowui.incgamers.com (which redirects to wowui.worldofwar.net) as a bad site. Today, the site is reported as clean according to the same report (you can check it out here).
Rushter of Incgamers.com explained to us on the comments of the previous article that the problem was with a seperate attack on a different hosted site (which was quickly dealt with, and unrelated to worldofwar.net, says Rushster), but Google marked the whole site as bad. The worldofwar.net UI database was unaffected, he says, and after some back and forth, Google has now dropped the warning.
Of course, it's still always a good idea to check your computer for viruses, trojans, and keyloggers regularly, and realize that no website is completely safe (though having a good defense always helps). That said, at the moment it looks like wowui.incgamers.com, also known as wowui.worldofwar.net, is a safe spot to grab your addons from.
Here at WoW Insider, we've noticed an unusual and disturbing glut of people having trouble with being keylogged or otherwise hacked soon after installing new addons lately (which wouldn't be a surprise -- lots of people were grabbing addons after patch 2.4, so that makes them a likely route for attackers). While it's too early to make any definite connections, It seems like there's one new lead that's just popped up: popular addon site wowui.incgamers.com (not linked for obvious reasons) is apparently passing off bad files, according to reports from Stopbadware.org and other anonymous sources.
If you've been using the site for your addons, especially in the past week or so, it might be a good idea to exercise some caution and run your favorite anti-virus or anti-malware program. The site has already been in trouble recently with reports that their UICentral addon updater (now discontinued) was using copyrighted code, and now it looks like there's more trouble abrewing for them.Update: Wowui.incgamers not infested with malware. Full story here.
This freeware program purports to work not by blocking installation of keyloggers, but by preventing them from logging your keys once installed. Lifehacker tested it by loading a keylogger and reported that it seemed to work, at least in that case, as the keylogger's log file was completely empty.
Of course, you probably shouldn't just install this program and go off clicking strange links willy nilly, but it does look like it could be one more line of defense in the ever escalating battle to protect your computer and your account from those who would steal it. Plus, it's free, so that's even better.
[Thanks for the forward, DrDiesel!]
In Blizzard's attempts to get rid of gold farmers and hackers, one of their most annoyingly persistent enemies has been the WoWGlider bot, now known as MMOGlider. They've been throwing suits and countersuits at each other for a few years now, but the latest salvo seems to have gone against Blizzard, the Game Activist reports. Blizzard was trying to subpoena Joe Thaler, owner of Lavish Software LLC, maker of programs such as EQPlayNice. While Lavish Software's programs do not appear to be cheat programs on their own, they did make a deal with MDY Industries, maker of MMOGlider, to use the programs within MMOGlider.
According the judge's decision, Blizzard was hoping to obtain all documentation related to the deal, all communication between Thaler and Lavish and MDY and its owner, Michael Donnelly. They also wanted a list of all WoW accounts owned by Thaler and Lavish, as well as the contents of the WTF folders of every installation of WOW used by Thaler and Lavish Entertainment. Unfortunately, the Judge ruled that Blizzard was demanding information that could compromise Lavish's trade secrets and client confidentiality, and that the demand for the information within 9 days did not give Thaler and Lavish enough time to respond an gather information.
It's worth noting that the judge did specifically say that Blizzard could file another subpoena that would be more narrow in scope and allow more time for Lavish and Mr. Thaler to respond, so this is probably not a fatal blow to Blizzard by any means. I personally hope not. I've never had much patience for bots, or people who feel they have a civil right to cheat at games, so I'm rooting for the big bad corporation on this one. What about you?
Thanks for the link, Tyrsenus.
In a tactic that even Don Corleone himself would be angry at, gold sellers have sunken to a new low. John M. wrote in to tell us the tale of a fellow guild mate who fell under the gaze of a gold seller who took his account hostage, demanding payment from his guild. Sit back, open up a new window with this Godfather music, and read on after the break.
I'm gonna make you an offer you can't refuse.