Defend Yourself
Lassirra got hacked, and we hope those &^#*!*s DIAF, as well.
There are reports of a new, Flash-based keylogging scam. Coincidence? Maybe, maybe not, but we’re going to be proactive, just in case.
We’ve installed Flashblock and, even though we’ve made sure we’ve installed the latest version of Flash on all our computers, we’re not allowing any Flash content on our machines at all.
WoWInsider has a nice roundup of links and an explanation of the whole shenanigans.
Comments
26 Responses to “Defend Yourself”
Leave a Reply
-
Got Something To Say?
Email icon provided by Nexodyne. -
-
-
BRK's Site Meter
-
BRK License Agreement
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
-
BRK's RSS Feeds
Once again, thanks for the heads-up BRK!
I’ve been adopting the practice of copying and pasting my username (if there is not an option to remember my username) as well as my password from a file, I believe I got the idea from somewhere in the blogosphere. Is that still safe from these flash-based key loggers?
/sigh
This is plain sick.
It is becoming a chore to protect yourself from this. And to an extent Blizz could help dealing with it if they dealt with the goldsellers.
We all know they don’t farm the gold anymore. Especially not after the recent bot-raid.
Blizz, do something visible to us, show us you care, give us at least an illusion that something is being done. Like cutting all trials off from chats, or cutting all chars below level 7 off. Anything that is felt within the game itself.
man a higher ranking guild official’s account was hacked and we lost 12 epic gems from the bank =( its a pain for sure
And so we move ever closer to a time where I do all my internetty stuff on the laptop and only use my desktop for playing WoW. I use Firefox and NoScript, updated my Flash and still always live in fear of logging in and finding my hunter naked on the character select screen.
As for Blizz doing more to stop the gold spammers, I’m not sure that cutting trial accounts off from chat is entirely fair to the genuine people trialling the game. Perhaps cut the trial accounts off altogether. A player that gets her account hacked to kingdom come and loses everything is a player that might just think “Sod it!” and move over to Conan.
On a side note…
DIAF? Um… Dies In A Fire? It fits even though DIACC is more usual… Help us out a little with your abbreviations, BRK! You don’t want to get me started on the first time I ever saw MQoSRDPS. I suggest a glossary!
Next stop: Keyloggers hacked into BRK’s Hunter guide videos.
Should I just stop visiting the internet? Mmm that might be the best recourse.
When we will finally get a strong password method like the chinese…. come on blizzard let’s stop all the hack !
This is just psychotic. Is there a single serious guild in the game with more than 100 active accounts who has not had someone in the guild get hacked? This is do or die time for Blizzard. With several decent MMOs coming out that already have people threatening to quit WoW, I have to wonder if they’re really doing anything about it at all.
Condolences to Lass, as I’m as big a fan of Hunter’s Mark as I am of BRK.
Hope she gets back on her feet and back to blogging soon.
@Felandra: There is nothing Blizz can do to prevent keyloggers from being installed on someone’s machine.
@Mingo
-force regular password changes
-do a “full stop” of other processes during the login screen (easy on vista, at least)
-make warden scan for keyloggers
-ask a security question if a user logs in from an unusual IP
-use a clickable onscreen keypad for password input
-spam fake keystrokes during password input
that’s 6 ideas, all of which other software companies have implemented in some form. it took me as long to type them as to think of them. blizz is not hamstrung, they’re merely disinterested in the welfare of players who’ll keep paying even if they get hacked.
is protecting an account into which a person has put 10, 30, or 50 days of play time worth extra security? hell yes. there’s PLENTY that blizz could do.
@ Nick S.
Actually, I think dealing with hacked accounts is a serious resource hog for Blizzard.
Imagine how time-consuming it must be to investigate every single case of a hacked account.
Because, Blizzard has to be certain it’s a hack, not someone trying to get out of a scam or trying to hide his botting…
This all for something they don’t have much grip on. After all, it’s your responsibillity to keep your system free of keyloggers, no Blizzard’s.
And on the suggestions you make :
Warden checking for keyloggers : Don’t they already do that? I suppose it will depend on how up-to-date they keep their blacklists.
Security question for different IP : I got a dynamic IP, the question will pop every time I log on. So it will be logged as easily as my password…
Fake keystroke spamming : Nice suggestion, but who says they’re not doing that yet?
Clickable keypad : Don’t keyloggers track that as well. Runescape had something like that, but it didn’t stop the keylogging…
I think the best thing Blizzard can do is create some social awareness.
I figure half of the people that buy gold are not aware where it actually comes from. And that Blizz will most likely take it from them as soon as they find out it comes from a hacked account, which is just a matter of time…
“I figure half of the people that buy gold are not aware where it actually comes from.”
And that is a big part of it.
But do we see anything about it? No. Blizzard could technically kill off a lot of the goldselling simply by adding a text to loadscreen saying somethings like “Goldsellers generally get their gold from hacked accounts, don’t buy it, you are ruining the game for another player somewhere.”
That would take away the ‘casual’ goldbuyers, those who just want that extra thing. It won’t affect the ’screw everyone else as long I get what I want’ players.
That sort of change would help generate positive feedback for Blizz I’m sure. People would feel something is being done and that Blizz takes the problem seriously.
And locking trials out of chats… Well they are locked out of leveling past level 10. I didn’t use the chat function at ALL until I entered the Barrens the first time. By then I had made my mind up. So really, they won’t lose many over this. But the amount of older players that would stay when not harassed by goldsellers all day long (seriously being spammed in raids is really annoying) would be considerable.
Logged on to WoW this morning to have a secuirty message from Blizzard about Flash. They advised that the latest version does nothave the flaw in it and say to download the latest version. Done just that.
Why is it Blizzards fault?
The login is 2 factor authentication..
–A logger needs to know your USERNAME and PASSWORD
So how do they get this information? Maybe you use your computer to go to websites such as BRK and you create a username and PW identical to the one you use for WoW? Maybe you use the WoW forums? Maybe you tell people? MAYBE.. you click yes to everything to install your MODS. Maybe you are gullible and pey for power levelling or gold farming? (LMAO)
I actually in game suckered a kid once and stole his account just by social engineering him…. just kidding.
BUT I did.. once go to a place called Cyber Jocks and some kids left his KB to get some food and go to the bathroom.. well his account was WIDE open. made myself a char on his realm…. Sold all his soulbound stuff and mailed all the gold/bank/guild bank junk to myself.. took only a few minutes to whipe him clean. Logged his character out, repeatred this on his ALT and logged out again as if he went AFK. Logged back into my char/different realm. And LMAO when he came back and started to yell and scream that he was hacked. I was like “duuude, that blows…” I then logged out of wow and went home.
Another method.. “Wireless” password sniffing.. Woohoo! That is easy.
Social Engineering!.. hey BRK, do me a favor and log into my account for me and check my mailbox. My username is JackSparrow, password is 123qwe.
FYI - my password for WoW is 16 characters long
4 numbers
4 lowercase
4 uppercase
4 special character
Best advice.. use your work computer or another computer to research WoW. And don’t surf “bad junk” on your computer at home. Maybe you’re not all that ingenious. But do you not think that that site know has all your information? That’s easy to get.
Maybe it was just his tone but is any1 hoping that Key Logger guy (see post above) gets hacked so he can feel what its like to have days of blood, sweat and effort wiped out, with only the hope that the poor blizzard customer services can salvage it…..after several weeks of gut wrenching wait mostly likely.
Apologies if I read your post wrong but try to have some sympathy for someone in a horrible situation.
With the size scope of the internet and the, literally, thousands upon thousands of viruses and malicous adware, sites, etc out there it is becoming almost impossible to avoid problems like this.
One of my guildies works in IT and regularly berates us about computer security. Hes the guy we go to with any computer problems (hardware, software…you name it). Yet he was hacked and completely cleaned out. We lost out guild MT for almost a month while waiting for blizzard to investigate. Eventually, he got his tanking gear back but was missing his off-spec gear and a lot of other items he had farmed. Now i dont know his exact setup but i know he went to extreme effort to secure his PC.
Also I play WoW on a laptop which was loaned to me as part of my job and as such would never consider uisng it to visit risque sites or links or download suspect programmes, etc. yet still running Spybot and Norton I still find tracking cookies and bits of trojans kicking about on a regular basis.
My point is that no matter what effort you go to to protect yourself things like this can happen. So how about you climb down off that pedestal and show a little kindness…especially when you dont know all the facts.
@Beaker
Sarcastic yes…
But seriously, If you used your system only for WoW.. Then your in good shape. How do I surf the web. With another computer.. or a virtual computer on my computer.
Yes, I am sypathetic.. but then you need to have a sense of humor about things.
Life is too short to sit here and blame Blizzard and everyone but yourself for something that you can avoid.
It’s a game, it’s about power.
I can login to my account get hacked and quit the game and spend more time with the kids.. great!!
I can also log in rape the guild bank. make a few thousand. Tell everyone I was hacked.. tell them I have tickets open.. tell them I got some eq back.. and be a few K richer.
Seriously, if you got your account HACKED - why would the hacker not change your PW and prevent you from logging back in. AND even better delete your damn characters.
90% of hacking is an inside job…
I have often though about being a Ninja then turn around and be like HACKED **** great excuse for attention and get rich quick sceme
@everyone
not being insensative. Just wearing the black hat. Would rather have you form your own opinion
Suggestion: Get a Mac
@ all previous post > True blizzard cannot secure all the wow player machine, but why they don’t deploy the same password system as the wow chinese players ? It’s a very strong password system with alot of visual validation & virtual key it would be enough to break at least 99,99% of the keyloggers out there, bank and other sensible website do it, why blizzard don’t do it for other countries ? the system is here no need to devellop one, very little ressource consumming, and alot of happy player, come on blizzard do IT !
Macs are not immune to code execution through poorly-written mass market software.
In a recent hacking competition featuring a Mac, an Ubuntu Linux box and a Vista box, it was the Mac that was penetrated FIRST! Through execution of arbitrary code using a buffer overrun exploit in Adobe Flash (or possibly Reader).
Think about that all you Mac syncophants, the next time you’re typing in your password or bank details…
As someone has mentioned above, there are way too many malware floating around on the internet, half of those free virus scans are malwares themselves. I wonder if one day comes when microsoft decides to activate a hidden line of code in their operating system and hacks everyone’s bank account simultaneously…that’ll be fun. Hard to decide who to trust these days.
@key logger
I did indeed form my own opinion and due to your sh!tty attitude and piss poor grammar I decided you are a tosser.
So you’re sympathetic….well where exactly did you show it?
Also where exactly did I or anyone blame blizzard for this problem (all I saw was some well thought out suggestions on how they could fix it)?
Your opinion seems to be that everyone, in fact, has hacked themselves in order to rob their fellow guildies and con blizzard into returning items they never had…obviously you are so cynically accepting this view that you are ignoring the problems with your whack job theory such as not all people who are hacked have guild bank access or that blizzard cannot track activities.
You also seemed to miss the point of my post that was that you can run into problems almost anywhere on the internet these days. You and I may have access to 2 computers but how many others can say the same? With your pretentious posts you strike me as someone who relishes in other people’s misery.
Grow up.
Thank You!. I do not want to be controversial.. just want to say… that…
But - you missed my point obviously.
1) Protect yourself from hacking. Don’t do something that will or could get you hacked.
2) People want power, stealing is part of the game. If you choose to Ninja or steal mats or intentionally whipe a group. Good for you.
3) It’s only a game. BUT your computer is your property. If you get hacked. That is your fault. Take steps to protect yourself.
4) My grammar is better than yours.
Like I care anyways.
5) I like misery. I want to /pvp you now. If I win.. you can /bow to me. If you win.. I will /bow to you.
6) Honestly, like I said. I was giving an alternate view and it can or can not be my view. Just expressing my right to have a opinion. Maybe go back -re-read what I posted. Do not thinkor put my post in a tone. **Think** “LOL tone**
Now say sorry and kiss my Toes… Now.
Do you still “Luv” me
Muahahaha!!
@Jonty
I never said that they are immune, but as I understood this keylogger, it uses flash to piggyback a keylogger onto your system, so it would be a process that persists after the death of the flash (when you leave that page) so, it would have to be either a DOS process or a BSD process but not both, so therefore from this, the Mac is still secure from it.
@Valthan
Think you missed my point. I wasn’t being particularly specific to this particular vulnerability.
I’d like to re-iterate that if your system is exposed to some kind of buffer overrun exploit, miscreants can generally execute whatever code they want on your system, whether this be a keylogger, trojan, etc.
i.e. It is not your computer any more
Macs and Windows boxes are certainly not immune to this method of attack.
[...] Sites you may be interested in Time Boss Pro v2.3.7.1 | Rapidshare Free Downloads, Letsdown.netBigRedKitty ? Defend Yourself Tags event log monitor monitor software log monitor key logger key log spy software instant [...]