WoW Security Warning

A World of Warcraft Account Security Warning from Blizzard about a recent increase in unauthorized World of Warcraft account-logins:
There’s been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

We’re in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.
View : : :
16.
 
Re: WoW Security Warning
Jun 26, 2013, 02:08
16.
Re: WoW Security Warning Jun 26, 2013, 02:08
Jun 26, 2013, 02:08
 
PropheT wrote on Jun 25, 2013, 16:38:
m00t wrote on Jun 25, 2013, 12:42:
What I don't know for sure is if the cookie is tied to a specific machine, made non-transferable by some technical method. (overcome if you use a custom login program because you just lie, but prevents it from being copied and used with the normal launcher)

My understanding is that it keeps an encrypted cookie (if that's the right term here I guess) locally stored to the machine, but the system still requires IP range verification in order to region lock the account. Even with the cookie stored locally the account still requires authentication if you move outside of the network range where you originally set the check file, so if you live in NY and someone tries to access your account from Oregon, for example, it doesn't matter if that cookie is there or not; it forces authentication for the account to confirm ownership.

Blizzard still denies that people with authenticators are getting accounts compromised, and just by the way the tool works it's hard to see how they're wrong. The only way I can see it not being secure is if you use the mobile auth on a jailbroken/non-rooted phone.

Basically true, yes. I think there is an unavoidable local flaw if your machine is compromised. They don't have to run the WoW Client, there are almost certainly malware apps that can connect and issue commands as though they were the client and the person on the machine wouldn't even notice.

If windows users practiced (and were not prevented from practicing by the design of windows) good security practices by not browsing on a full privilege account, it'd be a lot harder to have a meaningful client breach.
Date
Subject
Author
1.
Jun 25, 2013Jun 25 2013
3.
Jun 25, 2013Jun 25 2013
2.
Jun 25, 2013Jun 25 2013
4.
Jun 25, 2013Jun 25 2013
5.
Jun 25, 2013Jun 25 2013
9.
Jun 25, 2013Jun 25 2013
 16.
Jun 26, 2013Jun 26 2013
  Re: WoW Security Warning
6.
Jun 25, 2013Jun 25 2013
7.
Jun 25, 2013Jun 25 2013
8.
Jun 25, 2013Jun 25 2013
10.
Jun 25, 2013Jun 25 2013
13.
Jun 25, 2013Jun 25 2013
15.
Jun 25, 2013Jun 25 2013
11.
Jun 25, 2013Jun 25 2013
12.
Jun 25, 2013Jun 25 2013
14.
Jun 25, 2013Jun 25 2013