Posts with tag security

Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Mathew McCurley takes you through the world running parallel to the games we love and enjoy, full of rules, regulations, and esoteroic topics that slip through the cracks.

Data breaches cost a lot of money, consumer satisfaction, and trust. In the MMO world, the trust that exists between the game's developer and the player is a tricky relationship to navigate and extremely fickle. Any number of wrong moves or postures can turn your profitable subscription MMO into a public relations nightmare forced to turn the wagon around mid-trip. Security compromises a large part of that MMO trust.

Blizzard has had its fair share of security issues and trust problems between the players and itself. As the first MMO to have to battle hackers and not just gold farmers to the scale present in WoW, Blizzard had to invent its own way to do business in the world as it was -- an insecure place dominated by gray-market gold sellers and account hackers looking to sell to an eager, ready-to-spend playerbase. While WoW isn't the astronomically large service that some others affected by recent and notorious hacks are, it serves as an example of one of the big guys in the industry doing their best to navigate a minefield.

Greg Boyd and Gary Kibel wrote an article for Gamasutra discussing seven steps to improved security in the online and gaming space. After reading over the article, I felt that many of the points discussed had Blizzard and WoW-specific analogs and real-world examples that might shed some light on the security concerns still out there, what WoW has accomplished in the MMO security space.

Email notifications for the Mists of Pandaria beta have started arriving in people's inboxes -- and this means that we'll likely see an upswing in beta invite scams, as well. If you have received an email stating that you've been invited to participate in the Mists beta, be aware of the following:

• Don't click any link in the email. Blizzard will never ask you for your account information via email, nor will it usually provide any kind of link to click on.
• Do head to Battle.net. Type the URL into your browser (don't follow a search or email link) and use the secure login on that page to log into your account.

If you have been invited for the first round of Mists beta, you will see your normal World of Warcraft: Cataclysm account listed under your game accounts -- and underneath that, you will see a listing for World of Warcraft: Mists of Pandaria Beta. If you do not see a link to the Mists of Pandaria beta under your game accounts, you are not in this round of testing, and the email you were sent was a fake.

The same applies with beta keys as well. If you receive a notification with a beta key, do not click on any links in the email. Go to your Battle.net account as listed above, head to Manage My Games, choose Add or Upgrade a Game, and manually enter the beta key. If the beta key works, you're in; if it doesn't work, you may have been the recipient of a fake key.

Remember, any time there is a beta or a trial period for a new game, there will usually be an upswing in attempts to nab accounts, too. Keep your account safe -- and if you made it in the beta, have fun!

---

It's open warfare between Alliance and Horde in Mists of Pandaria, World of Warcraft's next expansion. Jump into five new levels with new talents and class mechanics, try the new monk class, and create a pandaren character to ally with either Horde or Alliance. Look for expansion basics in our Mists FAQ, or dig into our spring press event coverage for more details!

---

Here at OQ, I receive emails all the time about people acting like jerks. Jerks are everywhere, and MMOs certainly have their fair share. Of all the jerks I've heard about, the player from this week's email has to be among the all-time worst. Fortunately, his terrible behavior has a bright side: By sharing this guild's story, other officers can avoid the same fate.

From the start one of our members started to complain about the guild at the start of raiding early cata. However the officers and GM has brush it off as him being annoyed at the game because he hated the expansion. Things went from bad to worst when we started Firelands.

He started to make plans to overthrow the GM of the guild and made fun behind him. He complains the GM is never there supporting the guild because he took a month off due to work reasons. He made fun of our progression even though we manage to get at least 1 heroic mode down. When we got to dragon soul he stop raiding with us all together. Which is fine because our guild is a casual raiding guild and members are free to choose to raid or not. However he complains even more that people in the guild are stupid and we won't ever progress. It got to the point where we kicked him from the guild but the problem didn't stop there.

As part of its continued fight against account hacking and account compromise, Blizzard's customer support department has started a YouTube channel dedicated to hosting how-to videos on security, what to do if your account is hacked, general security tips, and how to use the Battle.net authenticator. Not only are the videos educational and helpful, they are also adorably fun, making security as enjoyable as it possibly can be.

Not only is this an awesome service for Blizzard to put out, the videos offer excellent ideas for online security in general. The tips in the general account security video are great tips to follow, even if you aren't a gamer. Everyone on the internet should be following these security tips. Good on you, Blizzard, for this awesome community service. I don't think we can give the customer support guys enough shout-outs.

---

Brace yourselves for what could be some of most exciting updates to the game recently with patch 4.3. Look at what's ahead: new item storage options, cross-realm raiding, cosmetic armor skinning and your chance to battle the mighty Deathwing -- from astride his back!

---

Given the recent hacking of major companies, could WoW be hacked? In an article posted today at Digital Spy, Lead Game Designer Tom Chilton replies that attempts have been made recently, but Blizzard came through unharmed.

While the question and answer doesn't specifically say LulzSec or Anonymous, I think it's safe to assume LulzSec is the group in question, given the recent high-profile attacks on U.S. government sites and other MMOs, like EVE Online.

Most of LulzSec's work has been focused on DDoS attacks and breaking into servers to create "lulz." During their most recent spree, rumors abounded that WoW was a target; however, nothing came of it. It would now appear nothing came of it thanks to Blizzard's security measures.

Tom Chilton

Several major gaming studios have fallen victim to hackers of late. What measure are Blizzard taking to ensure that WoW is not hit?

We have always tried to be as diligent as we possibly can when it comes to security. Certainly when hacking was going on with other companies recently there were numerous attempts against ourselves also. Fortunately, our security was good enough, so we didn't lose data or anything like that.

We always put a high priority on security, but that's not to say you can ever be impregnable. We're not resting on our laurels saying 'they can't get us'. It's always a possibility, and we take it very serious, but so far, so good.

source

---

If you follow WoW account security, then you've probably heard about (or personally encountered) a recent change to the way Battle.net authenticator devices work. Basically, when you log into the game, the client attempts to determine if you're logging in from your "home" computer or at least a computer you use regularly. It uses several factors to make this determination, such as your MAC address and your IP address. If the information doesn't indicate that the login is taking place from a safe machine, it'll prompt you for your authenticator code. If it is a safe computer, then you'll only be asked for your code randomly, once a week or so.

The change, aimed to make authenticators less of a hassle for those who log on from the same computer quite a bit, caused an odd uproar on the official forums from players who were worried that this change somehow made their account less secure. Addressing these concerns, Blizzard Community Manager Zarhym announced today that Blizzard is working on providing an opt-out option for this convenience feature.

Details were scarce since, as Zarhym noted, Blizzard hasn't quite nailed down specifics yet, but he assured players that it's something Blizzard's been looking into since the authenticator change was first announced.

The full announcement post and followups are after the break.

Android and iOS device users have had the luxury of using the Battle.net Mobile Authenticator, a software version of Blizzard's downright necessary keyfob authenticator, on their phones or tablets for a while now. As of today, Windows 7 Phone users can also take advantage of the Mobile Authenticator by downloading it from the Windows Phone Marketplace.

At this point, there's pretty much no reason not to have an authenticator -- they're 6 bucks and free to ship for a physical device and no cost at all for a software version available for every major mobile platform. Just get it!

Battle.net Mobile Authenticator for Windows® Phone 7 Devices

The Battle.net Mobile Authenticator, an application for mobile phones that provides an extra layer of account security, is now available as a free download for Windows® Phone 7 devices on the Windows Phone Marketplace. The Battle.net Mobile Authenticator provides a one-time password that you use in addition to your regular account name and password when you log in to a Battle.net account to play World of Warcraft or StarCraft II.

Versions for other mobile devices are also available for download here, or you can purchase a physical Battle.net Authenticator from the online Blizzard Store. Visit the Battle.net Mobile Authenticator FAQ for more information, or head to the setup page to get started after you've downloaded the application.

For additional account security advice, check out our Account Security page.

source

---

A substantial updated to the Battle.net authentication system was announced today. Players will soon notice a change to their authenticator log on -- it just might not appear. Blizzard's login servers and authentication system now intelligently track where your account is logging into the game from and, if you're consistently logging in on your home computer, the authentication servers will let you pass, no code needed.

Blizzard wants make the authentication process less intrusive and this is a first step towards that goal. Right now, having to input a code each and every log in is a pain, sure, but it also makes me feel secure. I'm never going to say no to more security, however, and if the system is something that can accurately figure out where I am and let me on, that's great.

This doesn't take into consideration the circumstance where you use an authenticator to prevent access to WoW, even from the home PC. I know some parents who use a simple password that their kids can remember but use the authenticator as the gate to prevent unwanted play. Maybe there will be an opt-out feature of some kind to always ask for the code.

You can check out the Battle.net account security page or check out the Blizzard mobile site for application information. For more information on this specific change to the authenticator system, follow me after the break.

Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play?

Writing The Lawbringer has taught me a lesson in trends. Over the past few months, specific questions are sent to me in topical batches. Sometimes it is a few emails about selling accounts. Other times, I get four to five emails about account security or compromise. May's email topic of choice was transferring accounts to family members.

Blizzard is very restrictive about what you can and cannot change regarding your account information. On the one hand, it is your account, right? Shouldn't you have ultimate control over the information you provide for the facilitation of a service you pay for? On the other hand, there is a certain degree of problem mitigation that comes with restrictive change. If Blizzard can control certain aspects of what you do with your account and the information it is all filed under, problems can get mitigated before they appear. Today's topic is really all about damage mitigation.

Blizzard's Core Hound Pup Adoption Campaign is giving players the chance to win an iPad as well as boost their own account security. In an effort to get more authenticators attached to accounts, Blizzard ponied up some iPads to get the job done. Each month, a screenshot entry is chosen to win one of 12 iPads. Just take a screenshot of you and your security pup companion doing something crazy, out of the ordinary, or just plain awesome, hit up the contest rules page, and you've got a shot at winning. The first four winners have just been announced and their screenshots released.

Many people were quick to wonder and worry about whether the recent hacking of the RSA (the security branch of EMC) had the potential of harming Blizzard's authenticators or authentication software. Fear not, as the blues have chimed in with a response:

RSA Hack and Blizzard Authenticators

Pokzin,

The Blizzard Authenticators are based off modified Vasco tokens. I'm sorry to hear about RSA's troubles, but it will not affect the Blizzard Authenticator.

source

It doesn't look like Blizzard will be harmed by this at all. As a reminder, please keep your account safe by not clicking links in emails that don't appear to be from Blizzard, always check your email headers for incoming email addresses, and if you have any questions about whether an email is legitimate, contact Blizzard first. And do please get an authenticator for your account. Check out some of our own security articles here.

---

Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure.

To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.

---

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW Insider's pages.

Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.

For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.

What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?

---

For a while now, account thieves have been putting authenticators on their stolen accounts to buy more time for their scumbaggery. Blizzard has recently made that more difficult by requiring email confirmation when an authenticator is added to a Battle.net account. Rather than just logging in and putting in the appropriate information, you now have to follow the steps in a confirmation email sent to the address registered in your Battle.net account.

Note: Changing the email address on the account requires not only your password (which the account thieves already have at this point) but also the answer to your security question. So make sure the answer to your security question is not guessable or obtainable by any phishing information. As I have suggested before, if you use a password for your security answer rather than an actual answer, you are adding a very thick level of security. Make it a separate password you use just for security questions, like p45sw0rd (don't use that one).

We don't know how long ago Blizzard added email confirmation The email confirmation has been active since July 27 and we believe it will reduce the workload of Blizzard's customer service. More importantly, this will make getting your account back less painful.

Of course, the best way to prevent someone from stealing your account and then adding an authenticator to it is to put an authenticator on it yourself. There are keyfob and mobile versions available.

[Thanks for the tip, Joel!]