Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Greenbelt, MD 08/22

Regularly scheduled events

WoW Security Warning

A World of Warcraft Account Security Warning from Blizzard about a recent increase in unauthorized World of Warcraft account-logins:

There’s been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

We’re in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

5. Re: WoW Security Warning Jun 25, 2013, 12:42 m00t
 
Speculation on how authenticators work: Specifically in the case where it doesn't require it every time, I believe it leaves an authenticator cookie on the local machine, so if you try to log in with a different machine, it'll still ask you for it. Now, if your machine is compromised, you're screwed either way. If you have a cookie, they probably can just take that (or use malware on your machine to utilize it directly from there), or next time you log in and enter your authenticator, they block the log-in attempt from reaching Blizzard servers and use the auth key, login and password to do it from their machine.

So, authenticators are good if they haven't compromised your machine but they know your login/pass (lazy / bad password management), but as with most security, anyone with full access to your local box can do whatever they want.

What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)
 
Reply Quote Edit Delete Report
 
Subject
Comment
     
 
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
 
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 
          Email me when this topic is updated.
 

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


footer

Blue's News logo