Bucket Guild | FUBU BH Forums

The thing is that if people actually know their way around a computer, I bet there are a lot more lucrative ways to use their skills than exporting WoW accounts to China.

RETIRED.
[armory loc="US,Bleeding Hollow"]Mayonaise[/armory]
[armory loc="US,Bleeding Hollow"]Jerkonaise[/armory]

breaking into your house and stealing it?

Akina: bitch I will stab you in the face

Almost every website serves their ads through a 3rd party company, lots of the viruses come from the ads. So even if you're on a "safe" website, there's stuff embedded from 3rd party places on there that they have no control over.

Brawlsack

Taking an extended hiatus from gaming

An authenticator is fairly clever (I don't actually have one) because it really just forces a potential thief to cycle through a million possible numbers before he can even get to password input.

If destruction exists, we must destroy everything.
Shuruppak Yuratuhl
Slaad Shrpk Breizh

I like the NoScript addon as well

Dvergar /
Quisling

+ http://noscript.net/

Calling BS. All NSA work is top secret and it's very illegal to disclose even the existence of a contract, and they probably front their work through puppet companies.

Authenticators are self-contained. They can't be "disrupted" or "rendered useless". A hacker with a ton of time and processing power could get enough codes from packet sniffing to guess at the authenticator's cipher, but there would be no point in doing so unless someone can spend months and millions of dollars on hacking one account.

Aestu of Bleeding Hollow...

Nihilism is a copout.

So, I read this and I think I had an attempted hack about an hour and fifteen minutes ago. I had just killed a forsaken lock for the 7th time and was logging to my horde account to tell him enough was enough and I had to get back to work when I got a pop up error on my log in screen, not a website, that said my account had been locked. This was where you would normally get an error if you fat fingered y our password. I clicked the link on it and it took me to the real battle.net site to reset my password. I changed the password and could log into the game, but I then logged out and changed my password again. I sent a long (all 1000 characters) email to blizz asking what the hell happened but I am still waiting for a response.


Just more evidence that Blizz favors horde, that bastard I was killing did not stand a chance, lol.

9 level 90s and 10 85s, Damn I need another hobby.

Not totally true. I actually did used to work for a military contractor in a network security research group and one of our clients was the A COMPANY IN MARYLAND. Not all of A COMPANY IN MARYLAND work is necessarily top secret. And after holding a security clearance you start to realize that top secret is really not that big of a deal. It took me a year to get my Top Secret SCI lifestyle polygraph for the A COMPANY IN MARYLAND after all of the background checks went through. It took me a shorter amount of time to get something called Secret SAP. The SAP portions of all projects I worked on were much more classified than any Top Secret work I did.

Also, without getting into too much detail about the authenticator technology (and without doing any research), they are time hashed in a way. Also why you cannot substitute authenticators. Each one probably has their serial number incorporated into the key. Then when you press your authenticator button it takes that number (+whatever salt) and modifies it by the time you press it (also probably date). When you enter that into the login, the server does the same calculation, if the numbers match, then you are set.

In order to break that you are going to need the salt, the serial number, the exact time (to the second or possibly millisecond) along with the login user email and password. It is definitely possible, but when you compare the worth to what you are trying to crack, the initiative drops way down.

Jw, how does this help?

Also, just to be clear:
I have not researched the process of authenticators at all, but that's just my best guess and assumption as to how it works based on work I have done in the past. Do not take what I said as fact

I think Henq has the right idea on how it works.

That's exactly how it works.

The number works for a longer duration than a second though.

The viruses that targetted the authenticators didn't actually target the authenticators, they'd just bullshit the part that asked for the number.

You'd type it in, thinking it was the game, but then that number would siphon off to whoever and it would tell you it didn't match (which you know isn't uncommon if you've used one).

They'd enter it legitimately and pluck off whatever while you sat there going ... wat?

Similar thing has been done to Steam login. People were getting fake log in windows.

The way authenticators were explained was as follows. The serial number on your authenticator is linked to an algorihm. Said algorithm is then linked to your account via the battlenet account managment. This algorithm uses 30 second intervals to reset (this is why if you type in your authentication key and wait a few seconds it may bomb becasue the number has changed). These serial numbers are unique to your account. In order for someone to hack your account they would have to do one of two things. Either replicate the algorithm that your authenticator uses, then know how your serial number is used in that equation, and then apply it to your account. This technology would be much better suited for bank heist. The other, and documented, way would be the "man in the middle" attack. This is where you would usually see an unsecure wireless network come into play. The attacker would have to recieve a live view of your pc, know your password and be able to time your authenticator within 30 seconds to wait for you to log in, then log themselves in with that keycode, clear your characters and steal your gold before you go wtf and log back in yourself. Again, technology that would be put to much better use on other crimes.

We thought of using these types of security devices with a some of our equipment until we saw the prices involved so we did a little bit of research but not every detail. Alot of this was in blue post when they first had a report of the man in the middle attacks.

9 level 90s and 10 85s, Damn I need another hobby.