+ Post New Thread
Page 3 of 3 FirstFirst 123
Results 31 to 43 of 43
Gaming Thread, Wow account hacked while on holiday in Fun Stuff; Originally Posted by CHR1S PC is scanned daily and up to date. I have checked running processes and services, startup ...
  1. #31

    Join Date
    Mar 2011
    Posts
    631
    Thank Post
    52
    Thanked 106 Times in 76 Posts
    Rep Power
    63
    Quote Originally Posted by CHR1S View Post
    PC is scanned daily and up to date. I have checked running processes and services, startup even ran hijackthis and spybot for good measure.
    I'm racking my brain to think if I have accessed battle.net anywhere other than my iphone/ipad and that PC.

    And no, I haven't fallen for a phishing scam, that I can be certain of.
    It sounds to me much like the situation which arises with a large amount of credit and debit card fraud, where the people who run the system have been bribed. If it were a normal user, I'd expect a hack on the PC, but a geek? Unlikely that the PC has been hacked.

  2. #32

    JJonas's Avatar
    Join Date
    Jan 2008
    Location
    North Walsham, Norfolk
    Posts
    3,090
    Thank Post
    382
    Thanked 429 Times in 318 Posts
    Rep Power
    383
    Quote Originally Posted by CHR1S View Post
    I'm racking my brain to think if I have accessed battle.net anywhere other than my iphone/ipad and that PC.
    What about compromised public access points?

    or someone using something like Droidsheep to collect logon information?

  3. #33

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Quote Originally Posted by JJonas View Post
    What about compromised public access points?

    or someone using something like Droidsheep to collect logon information?
    This is what I'm thinking, does the wow app pass the security info in plaintext, etc etc

  4. #34

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,447
    Thank Post
    1,438
    Thanked 1,168 Times in 797 Posts
    Rep Power
    707
    Quote Originally Posted by Sdrawkcab View Post
    Yeah you're right, after doing some googling it appears that the keyring auth produces a 6 digit code where the smartphone app produces an 8 digit code. Surely that would mean the smartphone app is technically more secure then?
    Not necessarily, depends on how the app is written...

    Quote Originally Posted by CHR1S View Post
    This is what I'm thinking, does the wow app pass the security info in plaintext, etc etc
    With a dedicated hardware authenticator (I've not seen them, don't know how they work, so I may be way off here) I imagine it has the sole purpose of generating a key for you, probably based on it's own preset seed and the current time, linked to your account and verified on the server - can't get safer than that, even if your browser passes the key in plain text, it'll mean nothing to anyone within a minute or so.

    With an app, there are tons of potential security flaws, as @CHR1S points out...

  5. #35

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    No, I mean the wow armoury app on iOS, that uses your username and password and has no authenticator for it.

  6. #36


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,136
    Thank Post
    370
    Thanked 615 Times in 392 Posts
    Rep Power
    250
    Quote Originally Posted by Sdrawkcab View Post
    [PEDANT MODE ENGAGE]
    This isn't true. The same algorithm is used to generate the key for the hardware authenticator as for the software one. The only difference is the platform it runs on. The hardware auths are better in my opinion because you can't accidentally uninstall them, but that's not the same as being more secure.
    [/pedant]
    [paranoia][pedant]I am more concerned with the possibility of data on my phone being stolen. Since I have the WoW Armory App, if I were to use the Authenticator, it would mean my WoW login details and authenticator details are contained on the same device. I consider this insecure. I also consider the possibility of the authenticator algorithm being replicated a higher risk with a 'software' version than the hardware version. With the hardware version, in order to replicate it a potential account-thief would have to have access to the physical device, but that device does not contain account details so it would be hard to match it against my account. Yes, potentially given enough computing power they could brute force the algorithm replication but that would be more hassle than it was worth. My saying that IMO the software authenticator is less secure is based on the ease-of-theft of the data and the fact that my account details for my WoW account would be contained on a single device via the authenticator and armory app, NOT that the authenticator algorithm is different or less effective. Perhaps I should have clarified my view...[/pedant][/paranoia]
    Last edited by AMLightfoot; 20th April 2012 at 10:15 AM.

  7. #37

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    All this for a game.....

  8. #38

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,033
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by CHR1S View Post
    All this for a game.....
    WoW - It takes over your life.

  9. #39

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    The plot thickens, today my twitter account was hacked. I exclusively use that on iPhone and iPad only!
    I think one of the hotels I accessed their wifi was compromised, no other option now.

  10. #40

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,447
    Thank Post
    1,438
    Thanked 1,168 Times in 797 Posts
    Rep Power
    707
    Quote Originally Posted by CHR1S View Post
    The plot thickens, today my twitter account was hacked. I exclusively use that on iPhone and iPad only!
    I think one of the hotels I accessed their wifi was compromised, no other option now.
    Did you need a username and password to access their WiFi?

    I won't use hot spots unless I'm given a unique username and password, all too easy to set up a laptop to receive connections and sniff out passwords etc...

  11. #41


    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,136
    Thank Post
    370
    Thanked 615 Times in 392 Posts
    Rep Power
    250
    Oh dear, full password reset. I hate having to do that - I've got so many accounts I lose track of them, a full password reset usually takes several days for me :-S I wonder how long it will be before we can start suing institutions for loss of personal fidelity based on their poor security (although before other users start flaming me and telling me it's impossible, I AM aware that there are usually disclaimers and 'Insitution X is not responsible for loss of data when using our WiFi system' blah blah blah blah) but with the increase in use of smart phones and tablet devices and the amount of data we use/store/transmit, the provider of the WiFi service must start to take steps to ensure the safety of that data.

    I was at a hotel this weekend in the middle of nowhere with no 3G signal and barely enough signal to make a phone call, had the hotel WiFi actually supported my smartphone instead of repeatedly redirecting me to their venues advert I would have had no choice but to send work-related data over their WiFi (had I in fact been staying there as a consequence of work, which I wasn't, so I turned WiFi off and waited until I got home to check my Facebook account and look at the pictures of my friends wedding).

    If you don't mind my asking, which hotels were you staying in as I think we'd all be interested to know whether compromised WiFi might affect one of us at some point?

  12. #42

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,135
    Thank Post
    1,908
    Thanked 1,343 Times in 742 Posts
    Blog Entries
    3
    Rep Power
    395
    We were in Amsterdam a year back and someone in a flat adjacent to our hotel had set up a wireless access point with the same SSID as the hotel so they could harvest login details. The head of security at the hotel said it was a common problem.

  13. #43

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,489
    Thank Post
    1,575
    Thanked 479 Times in 302 Posts
    Rep Power
    215
    Omi San Francisco, The Moana Surf Rider Waikiki and the Hilton Grand Vacations Elara in Vegas, I also jumped on the airport wifi in San Fran and Vegas and a restaurant in Vegas too.

    Live and learn eh!

SHARE:
+ Post New Thread
Page 3 of 3 FirstFirst 123

Similar Threads

  1. Replies: 6
    Last Post: 28th January 2011, 01:54 PM
  2. Keep shared documents while on domain
    By Jackd in forum Wireless Networks
    Replies: 0
    Last Post: 21st January 2008, 12:23 AM
  3. Replies: 3
    Last Post: 22nd October 2007, 10:35 AM
  4. Clear User accounts password attributes on mass.
    By tosca925 in forum How do you do....it?
    Replies: 2
    Last Post: 8th June 2007, 03:15 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •