Home Buy WOW Gold News FEEDBACK Contact Us About Us FAQ  
Customer login
Email
Password
 
MMORPG News

 
News

Man in the middle attacks circumventing authenticators

 

It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users

Kropaclus
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.

To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

Because the hacker is only receiving the data as it is transmitted, they are not able to log in more than once unless you are repeatedly broadcasting your authenticator code. They cannot change your account information. They are only in your account until they log off or are disconnected. The password is still your password. They are unable to remove or replace the authenticator. Removing the authenticator would require at least three different authenticator codes from you. One to log in to account management, and two for the actual removal. The chances of this happening are incredibly, obscenely low.
If you don't scrub the malware from your computer, they can hijack your account again the next time you try to log in, but the same rules apply. The damage done is limited and temporary. Make sure you do a virus/malware scan to make sure you don't get hijacked a second time, just like you would do with any keylogger.

This security breach is unfortunate, but keep in mind that it's far more difficult to do than the keylogging we've suffered for the last few years. Hackers that used keyloggers could theoretically gather thousands of user names and passwords every day and get around to them at their leisure. Your account information could be stolen today, but it might not be used until two weeks later when the hacker needs to fulfill an order. In the case of a Man in the Middle attack like the ones we're seeing now, that can't be done. Authenticator codes need to be used within 30 seconds or they expire. A Man in the Middle attack needs to be done in real time with a large amount of timing and accuracy. This sort of attack is possible, but we don't expect it will happen as frequently as basic keylogging.

What can you do about this type of attack? The same thing you can do about any attack. Keep your virus scanning software up to date (and update regularly, as this exploit is very new.) Scan regularly. Practice safe surfing. Read the thread in the technical support forums on this issue very closely, remember the warning signs. If you run into anything unusual, do not repeatedly try to log in. Play it safe and run a virus scan. Your authenticator is still protecting you against a vast majority of hacking and keylogging methods, it is certainly not money wasted and you shouldn't remove it in a fit of frustration.

Blizzard is very much aware of the issue and are actively looking for a solution.

Edit: This is a PC only attack, at the moment. Mac users are immune to this particular virus, however they are not immune in general. Mac users must practice the same security methods as PC users.

Tags: account-security, authenticator, breaking, exploit, keylogger, keyloggers, malware, man-in-the-middle, safe-surfing, security, security-exploit, technical-support

Filed under: Account Security

Why Blizzard can't (and won't) sell gold
In any discussion concerning botting, farming, hacking, or gold-buying, someone inevitably makes the argument that Blizzard should cut out the middlemen and sell gold to players themselves. I wanted to use this article to explain why this would not necessarily be a good idea. We don't need to get into the legal situation, or examine why assigning a real-world price to in-game currency edges us closer to a world where in-game property can be taxed. All I have to do is tell you a story from the not-too-distant past that involves:

  1. Prices that would make Zimbabwe look like a model of inflationary restraint, and:
  2. What happens when money -- in this case, gold -- loses meaning.


On the Wrath of the Lich King beta servers, one of the largest differences between them and their live counterparts was the astronomical price of almost everything on the auction house. You could expect to pay 600-800 gold for a single blue-quality gem, and equally inflated prices for enchanting materials, flasks, and other raid consumables. Were you planning on gearing a character to raid at 80? Here's hoping you had 30-50K gold at your disposal, or the sympathy of a craftsman who could provide enchants or consumables at far below "market price."

So what happened?

If you've never transferred a character to a beta or PTR server before, this is what happens; copying a character takes a snapshot of what the character has in its bags, bank, and gold reserves when you click the transfer button. Experienced players typically send all of their banker's gold and valuable items to a character they're planning to transfer, so that the "snapshot" taken is of a character with all of your account's gold and marketable items. Because you can usually copy multiple characters, it's possible to reproduce an incredibly valuable character several times over. Do you have 25,000 gold on your main when you transfer it to the PTR? And you've got three character copies total, and you copied your main three times?

Congratulations; you now have 75,000 gold on the PTR as a result of the 5-minute time investment it takes to copy the toon three times.

To some extent the PTR economies are always a bit weird as a result of this practice -- people want to test things on the PTR without having to worry about gold -- but things were even weirder on the beta servers. A lot of guilds planned to learn tier 7 raid content there, and they didn't ever want to deal with gold as an issue. As such, many of them loaded transfer characters with as much gold as they could carry from the guild bank (after transferring, the player in question could simply re-deposit the gold back in the bank on the live servers), reproducing a guild's savings dozens of times over on the beta.

Imagine a server with guilds that could literally "make money" by just reproducing a toon with a lot of stuff on it.

That would be beta -- and, as a result, the enormous inflation on the beta auction house, because gold simply ceased to have much meaning.

Any economist could tell you that this was the inevitable result of:
  • Players who could increase their gold reserves with no effort, cost, or consequences, and:
  • Players didn't care how much gold they were spending because it had no impact on their "real" character -- just its disposable PTR/beta counterpart.
When individual gold reserves skyrocket on a server-wide basis, prices inevitably rise when people are: a) able to afford more expensive goods, and b) willing to pay for them. That's OK if your characters are already wealthy, but it's a pretty raw deal for new players or anyone who's rerolled on the server in question; there won't be anything on the auction house that they'd realistically be able to afford, particularly if the person in question is a brand new player who's unfamiliar with the game's economic system. It's like asking someone on food stamps to find low-cost housing in downtown San Francisco -- it ain't gonna happen.

If you've ever wondered why there are so many "gold sinks" around, why repair bills remain in the game, why crafting professions tend to be expensive, and why equipping and raiding on a high-level character requires so much gold, that's why; it's part of Blizzard's effort to keep players paying for things, thus curbing (somewhat) the inevitable trend towards inflation.

The general idea behind Blizzard caving to player requests and selling gold on an official basis is that they'd be able to put the gold-sellers -- and through them, an entire network of hackers and phishers -- out of business. To be frank, I think it's a bit optimistic to assume this, if for no other reason than the price war over gold that would likely result, and the fact that Blizzard is at a competitive disadvantage.

If Blizzard:
  • Sells gold at a higher price than existing gold-sellers: Then people who already buy gold against the terms of use will continue to do so from gold-sellers, because the only selling point to "Blizzard gold" would be that it's legal -- and that's not a sufficient incentive for people already comfortable with ignoring the rules. Moreover, for newer players it would have the unfortunate effect of making it seem like Blizzard condones buying gold if they sell it themselves.
  • Sells gold at a lower price than existing gold-sellers: It runs the risk of encouraging hyper-inflation on servers. Gold is already pretty cheap, consequence (I suspect) of hackers' increasingly sophisticated means of parting players from their accounts. Blizzard running the prices down to drive gold-sellers out of business would be the definition of a Pyrrhic victory. The more inexpensive that gold gets, the more that buying it becomes a rational choice over spending the time to farm it in-game or taking the risk of playing the auction house -- and the closer we edge to the situation on the beta servers.
The bottom line is that selling gold would not be a panacea to present monetary ills, even aside from the advantages it would afford players with greater disposable IRL income. Blizzard cares about what happens if WoW's in-game economy goes to hell. Gold-sellers do not, and -- perversely -- their "product" becomes more attractive as server inflation rises.

Tags: account-hacking, account-security, buying-gold, gold, gold-buyer, gold-buying, gold-farming, hacker, hackers, hacking, wow-gold, wow-gold-farming

Filed under: Analysis / Opinion, Blizzard

Cataclysm Expansion 2010

This BlizzCon we're hearing a lot about the ways guilds will be changing in Cataclysm. Not only will you be able to contribute to your guild by doing the things you already do like daily questing and PvP, your guild will be able to use its new abilities to directly benefit the members in various way. Even more intriguing is the talk of being able to transfer an entire guild to a new server at once.

However, even as things change for guilds, one thing remains the same: you will not be getting a guild hall. You're going to have to keep hanging around on the streets with us Hoi Polloi, I'm afraid. Still, what we are getting is extremely thought provoking on its own.
Frankly, the idea of leveling up your guild is not one I would have ever had on my own, so kudos to the folks at Blizzard for completely blindsiding me. At present we're hearing that there will be 20 levels of guild experience, and that levels will be earned though things people in guilds do anyway like killing bosses, playing in the new rated BGs and arena matches, and through progression in professions and reputations in game.

As guilds level, they'll gain access to guild talent specs, with talents that can directly make life easier for the guild's membership.Talents that will allow for mass resurrection and reduced repairs have been mentioned, although we're also hearing that "We're not going to be character talents in the guild talents. We don't want to put talents players have to have in the guild talents, ie: they have to have this talent in order to kill this boss." That seems like a very smart move to me, making guild talents provide convenience and perks rather than necessary boss killing abilities. Other possibilities not yet confirmed but mentioned in the Systems Panel were allowing for mass Guild server transfers (rather than the situation as it is now, with individual members having to transfer and then recreate the guild on the new server) and allowing guilds to purchase bank tabs via the leveling system. Guild Achievements will also be a part of the new system.

Other parts of the new guild system are guild vendors (selling reagents for guild currency earned during the leveling process) and guild heirloom gear, also purchased with guild currency and allowing you to level faster. These items will be bound to guilds and thus leaving the guild loses you the item. There will also be a Looking for Guild system similar to the current LFG system for grouping, and there will be a variety of new Guild UI options, including being able to look at other guild member's profession books and a percentage of all gold looted being sent as a bonus to the guild's bank. You'll even be able as a guild to invite other guilds to events like raids.

This is all rather astonishing stuff that should help make guilds a more involved element of gameplay. I'm extremely interested to see how this all plays out.

 

Player Housing and Upcoming Features
A lot of roleplayers seem to want player housing, but I have my doubts as to how well it would actually work out. On one hand, it would be nice to have a place in the game that we could actually make our own, and customize to some degree. We could go there and have private conversations open only to people we want there, so we wouldn't have to worry about random people wandering by and trying to annoy us.

On the other hand, I fear that player housing wouldn't get much use among many players unless there were really clever tricks that could connect it intimately to the rest of the game world. If Blizzard just put in some extra instance doorways in a city, where a designated portal just led you to your own guild's special house, people might show up there for guild meetings, but most of the time they would want to be out in the world doing things, questing, crafting, or fighting in PvP. It could be nice to use the guild house as a place to hang out when you're just chatting with friends instead of adventuring, but if it's too far out of the way then people would never bother going there.

In order to make it work, every guild house would have to have some sort of private portal mechanism, so that people could easily go there when they want a break from questing for a few minutes. If they make it like the PvP Battleground queue so that whenever you open a portal from a certain spot you can just portal back to that spot whenever you want to leave, then it could really be the sort of place people meet up in on a fairly regular basis during their play time. They could go there to get items from a personal bank, guild bank, or even trade items with one another and then go back to their other activities.

Faster delivery and more safe

Buy Cheap WOW GOLD!

Buy cheap WOW Gold in stock?
MMOGAH  is committed to offer World of Warcraft Gold buyers for the lowest price.
Safe and fast delivery makes our online store famous to the worldwide WOW Gold buyers for five years!
We guarantee to have your really cheap wow gold in stock!
World of Warcraft power leveling in both EU and US servers are available in our store.
Our WOW Gold can be bought from either servers, too.
As a leading provider of cheap wow gold and virtual currency, our store guarantees to offer 5-minute fast delivery,
7x24 customer service and online support.

Blizzard allowing cash for items and gold in the future?

See this little guy? Isn’t he adorable? He’s Mini KT, the Littlest Lich – and he can be yours for the low low price of $10 USD. That’s right, I said $10 DOLLARS, not 10 gold, and he’s not the only pet you can get in-game for that amount of money.

Remember back when we noticed that interesting new pets were appearing in the source files of the game? I was intrigued by the Pandaren Monk pet, but WoW.com also noticed a Core Hound Pup along with Lil KT up there a while back on the PTRs. Speculation ran rampant that they were potentially collector’s edition pets for Cataclysm, but now we know their true purpose: Blizzard will sell them in-game, through their Blizzard Store online, and likely through Battle.net at some point.

If you drop the ten bucks on the Pandaren Monk, half of that purchase will go to the Make-A-Wish foundation, which is a pretty good reason to spring for it.

In any event though, this is Blizzard’s first dabblings in micro-transactions in World of Warcraft, and it’s gotten more than a few people pretty riled up. Many other MMOs that have gone before WoW (and likely those that will come after) that used micro-transactions to get more real money out of the players who are subscribed, and most free MMOs use micro-transactions to get money out of players who can sign up and play for free, but if they want the best gear or a custom avatar or better graphics, they have to shell out a little cash.

The argument on both sides of this is immense, loud, and pretty empassioned: some people herald micro-transactions as the end of World of Warcraft entirely, both as a popular game and as a professional, high-quality one, labeling micro-transactions as the mark of MMOs that are on the decline. The other side sees this as another fantastic way that players who are willing to pay for it can customize their characters, and look forward to other potential options like special RP clothes, custom avatar appearances, and more.

Personally I can see the logic of both sides of the equation, but I have to call attention to the fact that Blizzard has essentially already given players what they want for real money in-game in the form of faction changes, race changes, server transfers, and so on. Even appearance changes (which cost in-game money, not real money) came at player behest. I’m completely on-board with the thought that only MMOs that need money or are moving to a “free to play” model currently make heavy use of micro-transactions, but World of Warcraft certainly isn’t there, and it’s certainly not on the decline.

So the moral of the story? If you don’t want to spend real money for an in-game pet, don’t buy one. If there are enough people who agree with you, it’ll be unpopular and Blizzard will shut it down. If on the other hand there’s a demand for it and people love the idea, it’ll grow in popularity and more items will likely be added to the store. In any event, it’s likely not the end of World of Warcraft as we know it – that’s going to happen in Cataclysm.

 

  BACK
 
 
 
TRACK YOUR ORDER
Order ID:
E-mail:
mmogahsnow
mmogah2009@hotmail.com
 
happysnow0215@hotmail.com

mmogahzmh@yahoo.com has been verified with TrustWho. Click Here to learn more.
 

cheap wow gold

All content copyright © 2009 MMOGAH.com. All rights reserved.