General Discussion

Re: Curse hack?

Spookie — Fri, 15 May 2009 16:18:51 GMT

Quote:

Originally Posted by Cairenn Cairenn" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Interesting. I don't recall any of my staff commenting about them (not saying they didn't, just saying I don't recall it). I do know that some community members have talked about how secure (or not) they are, though.

Oh no it wasn't your staff, don't get me wrong I'm sure you keep them on a tight leash! :P

I think tek may have mentioned it (I think. I did just update one of his addons which maybe why his name pops to mind).

Re: Curse hack?

Cairenn — Fri, 15 May 2009 01:53:44 GMT

Quote:

Originally Posted by Spookie Spookie" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Quote:
Originally Posted by Cairenn Cairenn" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Which WoWI are you talking about? WoWInterface, or Wow Insider?

Your site Cairenn.

Interesting. I don't recall any of my staff commenting about them (not saying they didn't, just saying I don't recall it). I do know that some community members have talked about how secure (or not) they are, though.

Re: Curse hack?

Spookie — Thu, 14 May 2009 23:12:05 GMT

Quote:

Originally Posted by Cairenn Cairenn" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Which WoWI are you talking about? WoWInterface, or Wow Insider?

Your site Cairenn.

Quote:

Originally Posted by Hostile Hostile" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
I'm still waiting for you to post a link that substantiates your claims.

My claims? Their claims, did I say I know anything about key fob security at some point? What I said was if someone wants your account they will find some way to obtain it. You've taken what I said out of context.

Quote:

Originally Posted by Hostile Hostile" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Just a small point, but it's led to some confusion in the official wow boards with people thinking that their authenticator is generating the same key more than once.

In that case I must be very lucky to see the same key twice.

Re: Curse hack?

Hostile — Thu, 14 May 2009 15:26:27 GMT

What he said/

Quote:

Originally Posted by Deaden99 Deaden99" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
When you push the button, the seed value and the time are combined and then run through an encryption algorithm to output a number. Once you enter that number, the server does the same on it's side and makes sure they match. There is no way to "reverse" the algorithm process to obtain the internal key. The point of encryption is they are all based on one-way math. The only way for a hacker to beat the authenticators is to call up Blizzard and somehow convince them to remove the device from the account.

But I will clarify one thing in regards to the Blizzard authenticators specifically- pressing the button on the authenticator doesn't generate the key. The button only turns the screen on and off. The keyfob is continously generating the keys whether the screen is activated or not. Just a small point, but it's led to some confusion in the official wow boards with people thinking that their authenticator is generating the same key more than once.

Re: Curse hack?

Deaden99 — Thu, 14 May 2009 14:10:24 GMT

You obviously know nothing about 2-factor authentication or actual security. These cannot be "reverse engineered", as it is not a secret how they work. These are not something Blizzard invented, but are rather Vasco Digipass tokens. These same tokens are used for authentication at any high-security systems. My company uses them to access our secured production network. The tokens have a seed value stored inside them along with a clock. When you push the button, the seed value and the time are combined and then run through an encryption algorithm to output a number. Once you enter that number, the server does the same on it's side and makes sure they match. There is no way to "reverse" the algorithm process to obtain the internal key. The point of encryption is they are all based on one-way math. The only way for a hacker to beat the authenticators is to call up Blizzard and somehow convince them to remove the device from the account.

Re: Curse hack?

Cairenn — Wed, 13 May 2009 22:52:11 GMT

Quote:

Originally Posted by Spookie Spookie" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
They take about 10 mins to reverse engineer according to the guys at WoWI.

Which WoWI are you talking about? WoWInterface, or Wow Insider?

Re: Curse hack?

spazmeister — Wed, 13 May 2009 19:12:30 GMT

Quote:

Originally Posted by Spookie Spookie" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>

Quote:
Originally Posted by spazmeister spazmeister" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.

They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.

Still waiting for you to provide proof of your claims.

Re: Curse hack?

Hostile — Wed, 13 May 2009 18:31:53 GMT

I've used the keyfob authenticator for 7 months and recently switched to the iPhone authenticator app. I have never seen a repeat key.

Is it possible that a key could be generated more than once? Of course it is, the keys are generated randomly but I would think that the chances are highly unlikely. But I have a hard time believing, without proof, that anyone's authenticator is generating the same key more than once time, much less frequently enough that it would be noticed.

I'm still waiting for you to post a link that substantiates your claims.

Re: Curse hack?

Spookie — Wed, 13 May 2009 18:09:40 GMT

Quote:

Originally Posted by Hostile Hostile" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
Right...

Oh right I see you have some other view care to share? I'm inclined to agree with them. I use one at the moment and the number of times a repeat key comes up is shocking.

Re: Curse hack?

Hostile — Wed, 13 May 2009 17:43:04 GMT

Quote:

Originally Posted by Spookie Spookie" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>

Quote:
Originally Posted by spazmeister spazmeister" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.

They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.

Right...

Re: Curse hack?

spazmeister — Wed, 13 May 2009 14:50:30 GMT

I find your lack of proof disturbing.

Re: Curse hack?

Spookie — Wed, 13 May 2009 13:39:51 GMT

Quote:

Originally Posted by spazmeister spazmeister" src="/Themes/Common/v6/images/forums/btn-lastpost.gif"/>
If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.

They take about 10 mins to reverse engineer according to the guys at WoWI. Don't think that's the be all and end all of your security. If someone wants your account they will get it.

Re: Curse hack?

spazmeister — Tue, 12 May 2009 22:21:09 GMT

It is far easier to infect a computer with malicious data than most people can imagine, Curse is the least of your problems. Here are a few ways you can be infected:

Email: Phishing scams being the biggest threat of all. They attempt to trick you into clicking on a link which redirects you from a website that you think you are going to, to one that is setup specifically to compromise your system. The only defense against this is common sense and anti-virus software.

Email: Embedded images/Opening attachments. If you use the preview panel in outlook/outlook express, You can cause that embedded data you think is a picture to infect your computer. It is very easy to do this. Never view an email if you don't know who the sender is. If you think it's a bogus email call the sender and ask. 10 seconds on the phone can save hours of downtime.

Firewalls: As much as the windows firewall sucks for gaming, it does a decent job of stopping people from looking into your ports and trying to wiggle into your computer through the side door. Run the windows firewall. If you have a router with a built in firewall, keep the firmware updated.

Home Networks: Most people now days have their computers running on a network of some sort. Any infected computer on a network can infect the rest. By the time you identify the infected computer and clean it, chances are the others have been infected, and once that computer is cleaned, the others can infect it 5 minutes later.

Update your software: Security patches come out for a reason. When they come out, install them. Failing to install that Adobe Arcobat Reader patch can allow someone to gain control of your system and do what they want.

URLs in general: If you need to get to a website, it is always a good idea to go to google and search for that webpage specifically. Following bad links that people think are good is the #1 way to infect your system.

Above all else. Be proactive. Setup regular virus scans. Be wary of all URLs and email attachments. If you are worried about someone getting into your WoW account, spend the $6.50 and get a blizzard authenticator. No one will be able to get into your account without it.

Re: Curse hack?

drewseidler — Mon, 11 May 2009 19:10:33 GMT

I don't post on guild forums and I am a bit more computer avvy than that as I always check the Address of the site I am on. I just switched to Curse too since WoWmatrix goin downhill... who knows?

Re: Curse hack?

Spookie — Mon, 11 May 2009 16:25:13 GMT

Could have been a dodgy link you followed on the offical forums, a website you visted which was linked on your guilds forums etc etc. So many reasons it also couldn't be curse.

But hey who's one to change a popular scapegoat?