|
Wed, Oct 22 2008 8:00 PM
|
|
|
Rumors of Curse's database being hacked are still going around and I was just wondering if this has turned up any truth?
[edited by: shynez79 at 8:44 PM (GMT -6) on 22 Oct 2008]
|
|
|
|
|
Thu, Oct 23 2008 12:35 PM
|
|
|
No truth to this at all. Where did you see/hear this?
|
|
|
|
|
Sat, May 9 2009 11:19 PM
|
|
|
Well for one I was told by a Guildy as his son was hacked 5 times and no longer plays... he only downloaded addons through Curse manager and there is really no other way it could have happened.
also I was hacked today and I only use Curse as well... no idea how my account got hacked any other way.. not sure though but just incase I deleted my client and removed ALL addons till further notice and my account is in the proccess of gettin Unbanned... and ALL of my gear recovered.. the bastards actually even deleted some of my Characters
|
|
|
|
|
Mon, May 11 2009 11:25 AM
|
|
|
Could have been a dodgy link you followed on the offical forums, a website you visted which was linked on your guilds forums etc etc. So many reasons it also couldn't be curse.
But hey who's one to change a popular scapegoat?
|
|
|
|
|
Mon, May 11 2009 2:10 PM
|
|
|
I don't post on guild forums and I am a bit more computer avvy than that as I always check the Address of the site I am on. I just switched to Curse too since WoWmatrix goin downhill... who knows?
|
|
|
|
|
Tue, May 12 2009 5:21 PM
|
|
|
It is far easier to infect a computer with malicious data than most people can imagine, Curse is the least of your problems. Here are a few ways you can be infected:
Email: Phishing scams being the biggest threat of all. They attempt to trick you into clicking on a link which redirects you from a website that you think you are going to, to one that is setup specifically to compromise your system. The only defense against this is common sense and anti-virus software.
Email: Embedded images/Opening attachments. If you use the preview panel in outlook/outlook express, You can cause that embedded data you think is a picture to infect your computer. It is very easy to do this. Never view an email if you don't know who the sender is. If you think it's a bogus email call the sender and ask. 10 seconds on the phone can save hours of downtime.
Firewalls: As much as the windows firewall sucks for gaming, it does a decent job of stopping people from looking into your ports and trying to wiggle into your computer through the side door. Run the windows firewall. If you have a router with a built in firewall, keep the firmware updated.
Home Networks: Most people now days have their computers running on a network of some sort. Any infected computer on a network can infect the rest. By the time you identify the infected computer and clean it, chances are the others have been infected, and once that computer is cleaned, the others can infect it 5 minutes later.
Update your software: Security patches come out for a reason. When they come out, install them. Failing to install that Adobe Arcobat Reader patch can allow someone to gain control of your system and do what they want.
URLs in general: If you need to get to a website, it is always a good idea to go to google and search for that webpage specifically. Following bad links that people think are good is the #1 way to infect your system.
Above all else. Be proactive. Setup regular virus scans. Be wary of all URLs and email attachments. If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.
|
|
|
|
|
Wed, May 13 2009 8:39 AM
|
|
|
 Quote: Originally Posted by spazmeister  If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.
They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.
[edited by: Spookie at 8:43 AM (GMT -6) on 13 May 2009]
|
|
|
|
|
Wed, May 13 2009 9:50 AM
|
|
|
I find your lack of proof disturbing.
|
|
|
|
|
Wed, May 13 2009 12:43 PM
|
|
|
Quote: Originally Posted by Spookie Quote: Originally Posted by spazmeister If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.
They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.
Right...
|
|
|
|
|
Wed, May 13 2009 1:09 PM
|
|
|
Quote: Originally Posted by Hostile Right...
Oh right I see you have some other view care to share? I'm inclined to agree with them. I use one at the moment and the number of times a repeat key comes up is shocking.
[edited by: Spookie at 1:11 PM (GMT -6) on 13 May 2009]
|
|
|
|
|
Wed, May 13 2009 1:31 PM
|
|
|
I've used the keyfob authenticator for 7 months and recently switched to the iPhone authenticator app. I have never seen a repeat key.
Is it possible that a key could be generated more than once? Of course it is, the keys are generated randomly but I would think that the chances are highly unlikely. But I have a hard time believing, without proof, that anyone's authenticator is generating the same key more than once time, much less frequently enough that it would be noticed.
I'm still waiting for you to post a link that substantiates your claims.
[edited by: Hostile at 1:33 PM (GMT -6) on 13 May 2009]
Fixed some grammar. |
|
|
|
|
Wed, May 13 2009 2:12 PM
|
|
|
Quote: Originally Posted by Spookie Quote: Originally Posted by spazmeister If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.
They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.
Still waiting for you to provide proof of your claims.
|
|
|
|
|
Wed, May 13 2009 5:52 PM
|
|
|
Quote: Originally Posted by Spookie They take about 10 mins to reverse engineer according to the guys at WoWI.
Which WoWI are you talking about? WoWInterface, or Wow Insider?
|
|
|
|
|
Thu, May 14 2009 9:10 AM
|
|
|
You obviously know nothing about 2-factor authentication or actual security. These cannot be "reverse engineered", as it is not a secret how they work. These are not something Blizzard invented, but are rather Vasco Digipass tokens. These same tokens are used for authentication at any high-security systems. My company uses them to access our secured production network. The tokens have a seed value stored inside them along with a clock. When you push the button, the seed value and the time are combined and then run through an encryption algorithm to output a number. Once you enter that number, the server does the same on it's side and makes sure they match. There is no way to "reverse" the algorithm process to obtain the internal key. The point of encryption is they are all based on one-way math. The only way for a hacker to beat the authenticators is to call up Blizzard and somehow convince them to remove the device from the account.
|
|
|
|
|
Thu, May 14 2009 10:26 AM
|
|
|
What he said/
Quote: Originally Posted by Deaden99 When you push the button, the seed value and the time are combined and then run through an encryption algorithm to output a number. Once you enter that number, the server does the same on it's side and makes sure they match. There is no way to "reverse" the algorithm process to obtain the internal key. The point of encryption is they are all based on one-way math. The only way for a hacker to beat the authenticators is to call up Blizzard and somehow convince them to remove the device from the account.
But I will clarify one thing in regards to the Blizzard authenticators specifically- pressing the button on the authenticator doesn't generate the key. The button only turns the screen on and off. The keyfob is continously generating the keys whether the screen is activated or not. Just a small point, but it's led to some confusion in the official wow boards with people thinking that their authenticator is generating the same key more than once.
|
|
|
|
|
Thu, May 14 2009 6:12 PM
|
|
|
Quote: Originally Posted by Cairenn Which WoWI are you talking about? WoWInterface, or Wow Insider?
Your site Cairenn.
Quote: Originally Posted by Hostile I'm still waiting for you to post a link that substantiates your claims.
My claims? Their claims, did I say I know anything about key fob security at some point? What I said was if someone wants your account they will find some way to obtain it. You've taken what I said out of context.
Quote: Originally Posted by Hostile Just a small point, but it's led to some confusion in the official wow boards with people thinking that their authenticator is generating the same key more than once.
In that case I must be very lucky to see the same key twice.
[edited by: Spookie at 6:12 PM (GMT -6) on 14 May 2009]
|
|
|
|
|
Thu, May 14 2009 8:53 PM
|
|
|
Quote: Originally Posted by Spookie Quote: Originally Posted by Cairenn Which WoWI are you talking about? WoWInterface, or Wow Insider?
Your site Cairenn.
Interesting. I don't recall any of my staff commenting about them (not saying they didn't, just saying I don't recall it). I do know that some community members have talked about how secure (or not) they are, though.
|
|
|
|
|
Fri, May 15 2009 11:18 AM
|
|
|
Quote: Originally Posted by Cairenn Interesting. I don't recall any of my staff commenting about them (not saying they didn't, just saying I don't recall it). I do know that some community members have talked about how secure (or not) they are, though.
Oh no it wasn't your staff, don't get me wrong I'm sure you keep them on a tight leash! :P
I think tek may have mentioned it (I think. I did just update one of his addons which maybe why his name pops to mind).
|
|
|
|
