hacks

[Azami]

What a mess.....you gunna get an authenticator now?

probably not.

 

[john3610]

That's actually one of the rules for being in a position that gets extended guild bank access huh.

 

[Azami]

That's actually one of the rules for being in a position that gets extended guild bank access huh.

Keep me at member then when I get back then.

There's a legitimate reason why I'm not getting one, but I'd rather not say right now but it makes sense if you heard it or can figure it out.

 

[Flamethrøwer]

the people who spotted my toons taking things from the bank, do you know approximately what time it was?

I did the demoting - I checked at approximately noon eastern time, and it said you withdrew items four hours ago. So that would be about 8am eastern, 5am pacific.

 

[Flamethrøwer]

Keep me at member then when I get back then.

There's a legitimate reason why I'm not getting one, but I'd rather not say right now but it makes sense if you heard it or can figure it out.

Send me a forum mail and let me know the situation if you don't mind - I'd be interested to know. Maybe we can work something out about bank access.

 

[john3610]

That's actually one of the rules for being in a position that gets extended guild bank access huh.

I don't know why my post says "huh" at the end. That may have come across as calling you out.. lol. It was supposed to stop at "access".

I just figured out why it says "huh"!! I tried to type "ha ha" as one word and the mac I'm on automatically changes it to "huh" lol. That's annoying... any idea how to change that? It also changes lol to loll.

 

[Goodwone]

it is only required that guild leaders/officers have authenticators.

but, vets or ac's would be nice and certainly helpful to the guild to protect your accounts with them also. everyone

let us know how things coming along Azami!

 

[Azami]

I'm going to be gone for most of this coming week so hopefully you don't see any of my toons coming online for a bit and if they do then that means I didn't do a very good job lol. I should be back after the suspension on my account is lifted.

Also, as an aside random note the hackers sold weird things that had to be recovered that I find randomly hilarious such as:
Dalaran Fireworks
Tabards
Shatter Rounds (but not Iceblade Arrows >_>)
Simple Grinder
Mirren's Drinking Hat
Battered Steam Tonk Controller
Don Carlos' Famous Hat
Blue Crashin' Thrashin' Racer Controller
Ankh
Gnomish Army Knife
and of course....
Noggenfogger Elixirs & Savory Deviate Delights

 

[skvsr]

Blizzard's Authenticator ... Hacked?

Allanon, guild leader of The Forgiven and a bit of a scholar, posted this about authenticators. After reading this, I ordered one as quick as I could. I certainly hope Azami can get his situation worked out so he can get and use one.

Oh - the original is at Blizzard's Authenticator ... Hacked?

Ok, sorry, I had to grab your attention. I have seen an increase of misinformation out there so I wanted a place in general to talk about this. There are rumors out there that Blizzard's Authenticator has been hacked. The only method I am aware, of based on the underlying protocols used, in which your account can be compromised is what is known as man-in-the-middle attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack) or some form of social engineering. I would like sure with you some technical details which you might find interesting.

1. Blizzard's tokens are made by Vasco and are part of their DIGIPASS GO 6 line of authenticators (http://www.vasco.com/products/digipa...ipass_go6.aspx)

2. This is not RSA's technology but it is similar. To quote from a knowledgeable source I found on Elististjerks (http://elitistjerks.com/f15/t27560-b...henticator/p5/) site.

3. The code generated is based on a random seed generator plus the time (the authenticator has a built-in clock). For more on random seed generators, please read - http://en.wikipedia.org/wiki/Hardwar...mber_generator


4. The crypto algorithm used is rumored to be either the 3DES or AES (http://www.pgp.net/pgpnet/pgp-faq/pg...ssary.html#des). Both of these algorithm's are actively in use by the US Military and various Intel agencies.

5. Blizzard's authenticator is one layer of security, it is no substitute for safe computing. Please read the following from Blizzard's support forums for more details - http://forums.worldofwarcraft.com/th...02231244&sid=1

I would like to share the following from an older ZDNet article I had which explains a bit about "breaking" these protocols.

http://www.zdnet.com/blog/ou/is-encr...-crackable/204

"The last big factor in encryption myths and bit size inflation is salesmen and marketers because bigger numbers always sound nicer. I’ve had salesmen come in to my office and try to tell me that RSA or AES encryption was worthless and that I should be using their product which uses some kind of 1000 bit wonder-crypto solution. All it takes is one company to try and out do their competitors and pitch their products using 4096-bit RSA and the next company will come along and pitch 16384-bit RSA keys in their product. Many IT consultants will shy away from quoting smaller bit sizes because they’re afraid to be out done by their competitors.

Ah, but what about the dreaded massively distributed cracking brute force method for attacking something like 128 bit RC5 encryption? There are massive zombie farms of infected computers throughout the world and some may have gotten as big as 1 million infected computers. What if that entire army was unleashed upon the commonly used 128 bit RC5 encryption? Surprisingly, the answer is not much. For the sake of argument, let’s say we unleash 4.3 billion computers for the purpose of distributed cracking. This means that it would be 4.3 billion or 2 to the 32 times faster than a single computer. This means we could simply take 2 to the 128 combinations for 128-bit encryption and divide it by 2 to the 32 which means that 2 to the 96 bits are left. With 96 bits left, it’s still 4.3 billion times stronger than 64 bit encryption. 64 bit encryption happens to be the world record for the biggest RC5 bit key cracked in 2002 which took nearly 5 years to achieve for a massive distributed attack.

Now that we know that the distributed attacks will only shave off a few bits, what about Moore’s law which historically meant that computers roughly doubled in speed every 18 months? That means in 48 years we can shave another 32 bits off the encryption armor which means 5 trillion future computers might get lucky in 5 years to find the key for RC5 128-bit encryption. But with 256-bit AES encryption, that moves the date out another 192 years before computers are predicted to be fast enough to even attempt a massively distributed attack. To give you an idea how big 256 bits is, it’s roughly equal to the number of atoms in the universe!"

Please share any sources you may have come across. I am truly interested in this topic and have several crypto books in my library (don't ask cause I actually don't like math).

__________________

 

[Azami]

So, I logged back in for the first time today and placed everything back where it belonged (mostly). Just gotta see if my precautions and cleanings were good enough.
If anybody is logging on today see if my toon is online or not and if it is look for me in vent, I'll be sitting in vent all day. So contact me if my toon is acting strange.