Wow account hacked

[BrianStephan]

Very gd point

 

[davemc]

The worst that could happen is that the freebie contains a worm which logs your details.

I still don't see how a process that can be imitated is a solution to a hacking problem.

 

[BrianStephan]

The authenticator genererates a 8 digit code every 30 seconds so its impossible to guess and if u dont have the phone physically with you then u wont know what that number is

 

[PsyWulf]

The worst that could happen is that the freebie contains a worm which logs your details.

I still don't see how a process that can be imitated is a solution to a hacking problem.

The authenticator generates a code that you attach to your bnet,which is basically like a seed value,for this code it connects to the internet. Thereafter it never connects to the net unless you need to resynch the code. So unless it's telepathic it ain't reporting a login code back

 

[Odom]

Best of luck getting everything back, not to worry tho Blizzard are generally very good with this kind of thing now days.

Also, suggest formatting your computer.

 

[davemc]

The authenticator generates a code that you attach to your bnet,which is basically like a seed value,for this code it connects to the internet. Thereafter it never connects to the net unless you need to resynch the code. So unless it's telepathic it ain't reporting a login code back

So, all I have to do is get the last 3 codes code that you entered, and then run my seed program until I match the last 3 codes you entered using different seeds, and wham, I'll know the next code you will be entering.

See, I have duplicated the awesome security measure. Sure, it's a bit more involved, but, the end result is exactly the same. You contact Blizzard and ask to have your stuff returned. Blizzard eventually complies.

Blizzard could simply make it more difficult to wipe out the contents of a character.

What I really don't understand is how on earth the perpetrator's get anything out of the deal. Blizzard traces the transactions to them, and then reverses the transaction.

It's all so lame.

 

[Esea]

so what if I lose my phone whit the app on ?

 

[PsyWulf]

So, all I have to do is get the last 3 codes code that you entered, and then run my seed program until I match the last 3 codes you entered using different seeds, and wham, I'll know the next code you will be entering.

See, I have duplicated the awesome security measure. Sure, it's a bit more involved, but, the end result is exactly the same. You contact Blizzard and ask to have your stuff returned. Blizzard eventually complies.

Blizzard could simply make it more difficult to wipe out the contents of a character.

What I really don't understand is how on earth the perpetrator's get anything out of the deal. Blizzard traces the transactions to them, and then reverses the transaction.

It's all so lame.

And if this seed value is combined with some other values ( signup date etc ) which not even you remember your app is basically impervious? Good job security hound! Next time I develop a banking system with OTPs i'll be sure to ask you how to bypass it

6x5 Digit value entered into the BNet account is how many permutations exactly?

Run along

The gold is sold for real money,reversing the gold itself is simple,but the money has changed hands already. So yes goldbuyers probably lose out,but you won't see many "OMG i BOUGHT GOLD AND BLIZZARD TOOK IT AWAY" posts would you?

 

[zippy]

so what if I lose my phone whit the app on ?

If you manage to "lose" your phone to the same people who can hack your account, then you probably deserve it.

 

[Esea]

lose my phone as in stolen or just plain lost ! How do I loginto my account then smartass

 

[BrianStephan]

Thats what I said its the only fault with the system

 

[PsyWulf]

lose my phone as in stolen or just plain lost ! How do I loginto my account then smartass

Phone customer support,answer a few questions on your account details ( cd key,secret question ) fax/mail a copy of identification and they detach the authenticator,usually happens the same day

 

[Esea]

so by makein your account less likely to be "hacked" you run the risk of lockin yourself out of your own account

 

[PsyWulf]

so by makein your account less likely to be "hacked" you run the risk of lockin yourself out of your own account

More locks on the doors,more keys to lose. If you don't trust yourself enough to keep your keys safe you deserve to have your house burglarized

 

[Levelup]

Thanks for all the input.

I have no idea how they got my password, but i do use my gmail account as login...
I had never been hacked until i migrated to Battle.net...

I now have a 10digit password

I looked into the blizz authenticator for the phone, but dont see my models.

I have the samsung star and the samasung F700 both are touchscreen
Anyone know which authenticator for samsung fones would work

I really hate being naked...
Still no response from blizzard.

GUild bank was most likely emptied, as I said cant see it as I am no longer in the guild :/

I have never felt so unsafe... I had just installed windows 7 ultimate, and had G-Data antivirus and firewall enabled.

 

[Esea]

More locks on the doors,more keys to lose. If you don't trust yourself enough to keep your keys safe you deserve to have your house burglarized

So if I drive my car and get highjacked and my phone is in the car I deserve it ?

 

[J0n0]

Stop buying gold?

Serioulsy now, how do people manage to get their accounts hacked? Not to mention get all the wow spam and scam emails? I use a Gmail address and havent received a single email of a scam or from goldsellers.

 

[davemc]

And if this seed value is combined with some other values ( signup date etc ) which not even you remember your app is basically impervious? Good job security hound! Next time I develop a banking system with OTPs i'll be sure to ask you how to bypass it

So, this simple device now has a calendar built into it, interesting. I wonder how the heck I missed that, could it be that it actually is not a digital clock like you are insinuating?

6x5 Digit value entered into the BNet account is how many permutations exactly?

The seed is 30 digits long. The amount of permutations to run forward to to hit the 3 known entries is probably 180 (days). So, we're looking at generating a 30 digit number, then running the permutation forward 180 times, then the next 30 digit number for all the 30 digit number possible.
That's roughly 30^29 * 180.
Hardly a tough excercise.

Run along

The gold is sold for real money,reversing the gold itself is simple,but the money has changed hands already. So yes goldbuyers probably lose out,but you won't see many "OMG i BOUGHT GOLD AND BLIZZARD TOOK IT AWAY" posts would you?

As somebody already said, don't buy gold.
But, that's not the point.
The hacker:
- gets the gold-buyers ready to receive the gold.
- hacks that account.
- transfers the gold to the gold buyers.
- blizzard reverses the transaction.

If Blizzard reversed the transaction every time this happened, then people would stop buying gold. Obviously Blizzard is not reversing every transaction.

And, why on earth are level 1 accounts allowed to whisper multitudes of people sequentially?

I am quite certain that Blizzard allows gold sellers to thrive, and that this hacking problem is one that they have created.

 

[PsyWulf]

So if I drive my car and get highjacked and my phone is in the car I deserve it ?

If you have the keyfob attached to your car keys yes.

The fact that the keyfob can be emulated on your phone is purely convenience but with convenience comes added risk. Or do you keep your bank cards and passwords and keys on the same keychain just so its easier to carry?

 

[PsyWulf]

So, this simple device now has a calendar built into it, interesting. I wonder how the heck I missed that, could it be that it actually is not a digital clock like you are insinuating?The seed is 30 digits long. The amount of permutations to run forward to to hit the 3 known entries is probably 180 (days). So, we're looking at generating a 30 digit number, then running the permutation forward 180 times, then the next 30 digit number for all the 30 digit number possible.
That's roughly 30^29 * 180.
Hardly a tough excercise.As somebody already said, don't buy gold.
But, that's not the point.
The hacker:
- gets the gold-buyers ready to receive the gold.
- hacks that account.
- transfers the gold to the gold buyers.
- blizzard reverses the transaction.

If Blizzard reversed the transaction every time this happened, then people would stop buying gold. Obviously Blizzard is not reversing every transaction.

And, why on earth are level 1 accounts allowed to whisper multitudes of people sequentially?

I am quite certain that Blizzard allows gold sellers to thrive, and that this hacking problem is one that they have created.

Yeah I forgot cellphones and java have no date/time functions amirite?
And why have a resynch feature builtin to the authenticator if it's just as simple as seed + formula = answer everytime? Some newfangled hidden variable that could cause slight differences in timing for the generation of codes? Hells mary thems sum weird stuffs ya got there

Your certainty is a bunch of tripe considering how much has been spent developing an app and the keyfob attaching to your security panel for something they would be "condoning" by turning a blind eye.

Blocking level1's from whispering is fine,they can just hit 1 mob and level to lvl2,or 3,or 4? Your ideas are cute but then why not just block people from any form of interaction before they hit lvl80,gogo world of solocraft

The gold hacking transaction isn't a purely 1 to 1
They use multiple mule accounts,like a wire transfer between 5-6 accounts would take banks far longer to track and reverse. Are you really that far behind?

Infact i'm done with you entirely,your arguments are baseless and too easy to refute for me to bother