+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 43 of 43
Gaming Thread, Wow account hacked while on holiday in Fun Stuff; Originally Posted by CHR1S PC is scanned daily and up to date. I have checked running processes and services, startup ...
  1. #31

    Join Date
    Mar 2011
    Posts
    631
    Thank Post
    52
    Thanked 106 Times in 76 Posts
    Rep Power
    63
    Quote Originally Posted by CHR1S View Post
    PC is scanned daily and up to date. I have checked running processes and services, startup even ran hijackthis and spybot for good measure.
    I'm racking my brain to think if I have accessed battle.net anywhere other than my iphone/ipad and that PC.

    And no, I haven't fallen for a phishing scam, that I can be certain of.
    It sounds to me much like the situation which arises with a large amount of credit and debit card fraud, where the people who run the system have been bribed. If it were a normal user, I'd expect a hack on the PC, but a geek? Unlikely that the PC has been hacked.

  2. #32

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,065
    Thank Post
    379
    Thanked 424 Times in 314 Posts
    Rep Power
    361
    Quote Originally Posted by CHR1S View Post
    I'm racking my brain to think if I have accessed battle.net anywhere other than my iphone/ipad and that PC.
    What about compromised public access points?

    or someone using something like Droidsheep to collect logon information?

  3. #33

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    Quote Originally Posted by JJonas View Post
    What about compromised public access points?

    or someone using something like Droidsheep to collect logon information?
    This is what I'm thinking, does the wow app pass the security info in plaintext, etc etc

  4. #34

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,432
    Thank Post
    1,432
    Thanked 1,160 Times in 794 Posts
    Rep Power
    705
    Quote Originally Posted by Sdrawkcab View Post
    Yeah you're right, after doing some googling it appears that the keyring auth produces a 6 digit code where the smartphone app produces an 8 digit code. Surely that would mean the smartphone app is technically more secure then?
    Not necessarily, depends on how the app is written...

    Quote Originally Posted by CHR1S View Post
    This is what I'm thinking, does the wow app pass the security info in plaintext, etc etc
    With a dedicated hardware authenticator (I've not seen them, don't know how they work, so I may be way off here) I imagine it has the sole purpose of generating a key for you, probably based on it's own preset seed and the current time, linked to your account and verified on the server - can't get safer than that, even if your browser passes the key in plain text, it'll mean nothing to anyone within a minute or so.

    With an app, there are tons of potential security flaws, as @CHR1S points out...

  5. #35

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    No, I mean the wow armoury app on iOS, that uses your username and password and has no authenticator for it.

  6. #36


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,087
    Thank Post
    361
    Thanked 600 Times in 383 Posts
    Rep Power
    246
    Quote Originally Posted by Sdrawkcab View Post
    [PEDANT MODE ENGAGE]
    This isn't true. The same algorithm is used to generate the key for the hardware authenticator as for the software one. The only difference is the platform it runs on. The hardware auths are better in my opinion because you can't accidentally uninstall them, but that's not the same as being more secure.
    [/pedant]
    [paranoia][pedant]I am more concerned with the possibility of data on my phone being stolen. Since I have the WoW Armory App, if I were to use the Authenticator, it would mean my WoW login details and authenticator details are contained on the same device. I consider this insecure. I also consider the possibility of the authenticator algorithm being replicated a higher risk with a 'software' version than the hardware version. With the hardware version, in order to replicate it a potential account-thief would have to have access to the physical device, but that device does not contain account details so it would be hard to match it against my account. Yes, potentially given enough computing power they could brute force the algorithm replication but that would be more hassle than it was worth. My saying that IMO the software authenticator is less secure is based on the ease-of-theft of the data and the fact that my account details for my WoW account would be contained on a single device via the authenticator and armory app, NOT that the authenticator algorithm is different or less effective. Perhaps I should have clarified my view...[/pedant][/paranoia]
    Last edited by AMLightfoot; 20th April 2012 at 10:15 AM.

  7. #37

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    All this for a game.....

  8. #38

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    8,854
    Thank Post
    588
    Thanked 1,902 Times in 1,315 Posts
    Blog Entries
    19
    Rep Power
    805
    Quote Originally Posted by CHR1S View Post
    All this for a game.....
    WoW - It takes over your life.

  9. #39

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    The plot thickens, today my twitter account was hacked. I exclusively use that on iPhone and iPad only!
    I think one of the hotels I accessed their wifi was compromised, no other option now.

  10. #40

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,432
    Thank Post
    1,432
    Thanked 1,160 Times in 794 Posts
    Rep Power
    705
    Quote Originally Posted by CHR1S View Post
    The plot thickens, today my twitter account was hacked. I exclusively use that on iPhone and iPad only!
    I think one of the hotels I accessed their wifi was compromised, no other option now.
    Did you need a username and password to access their WiFi?

    I won't use hot spots unless I'm given a unique username and password, all too easy to set up a laptop to receive connections and sniff out passwords etc...

  11. #41


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,087
    Thank Post
    361
    Thanked 600 Times in 383 Posts
    Rep Power
    246
    Oh dear, full password reset. I hate having to do that - I've got so many accounts I lose track of them, a full password reset usually takes several days for me :-S I wonder how long it will be before we can start suing institutions for loss of personal fidelity based on their poor security (although before other users start flaming me and telling me it's impossible, I AM aware that there are usually disclaimers and 'Insitution X is not responsible for loss of data when using our WiFi system' blah blah blah blah) but with the increase in use of smart phones and tablet devices and the amount of data we use/store/transmit, the provider of the WiFi service must start to take steps to ensure the safety of that data.

    I was at a hotel this weekend in the middle of nowhere with no 3G signal and barely enough signal to make a phone call, had the hotel WiFi actually supported my smartphone instead of repeatedly redirecting me to their venues advert I would have had no choice but to send work-related data over their WiFi (had I in fact been staying there as a consequence of work, which I wasn't, so I turned WiFi off and waited until I got home to check my Facebook account and look at the pictures of my friends wedding).

    If you don't mind my asking, which hotels were you staying in as I think we'd all be interested to know whether compromised WiFi might affect one of us at some point?

  12. #42

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,130
    Thank Post
    1,907
    Thanked 1,341 Times in 740 Posts
    Blog Entries
    3
    Rep Power
    394
    We were in Amsterdam a year back and someone in a flat adjacent to our hotel had set up a wireless access point with the same SSID as the hotel so they could harvest login details. The head of security at the hotel said it was a common problem.

  13. #43

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,486
    Thank Post
    1,570
    Thanked 459 Times in 300 Posts
    Rep Power
    212
    Omi San Francisco, The Moana Surf Rider Waikiki and the Hilton Grand Vacations Elara in Vegas, I also jumped on the airport wifi in San Fran and Vegas and a restaurant in Vegas too.

    Live and learn eh!

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Replies: 6
    Last Post: 28th January 2011, 01:54 PM
  2. Keep shared documents while on domain
    By Jackd in forum Wireless Networks
    Replies: 0
    Last Post: 21st January 2008, 12:23 AM
  3. Replies: 3
    Last Post: 22nd October 2007, 10:35 AM
  4. Clear User accounts password attributes on mass.
    By tosca925 in forum How do you do....it?
    Replies: 2
    Last Post: 8th June 2007, 03:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •