Blizzard security token beaten

[Didis]

World of Warcraft Security Tokens Beaten with Malware


Security tokens are the latest and greatest in game security for World of Warcraft and other games ... and they have been beaten. Attacks that several people, including myself, have previously speculated about.

The attack is pretty straightforward. Hackers get a piece of malware onto a victim's computer. When the victim player logs into World of Warcraft, the malware intercepts the code and sends it to the crooks who use it to login and loot the account.

There are a couple of problems here. The security token generates "one-time passwords" that are actually good for a short period of time (a matter of minutes due to the sloppiness of clocks).

There are some potential countermeasures that Blizzard can take to thwart this attack, some of which are more fragile and easy to implement than others.

Where there is money on the table, hackers will try to find a way.

While the attack has been described as a "man-in-the-middle", it is actually a "man-on-the-side" attack - it is high tech shoulder surfing.

While this is pretty disturbing for games like World of Warcraft, it is of greater concern for banks and other financial firms using similar security tools.

A. Ziebart (2010), "Man in the middle attacks circumventing authenticators", http://www.wow.com/2010/02/28/man-in...uthenticators/

[Didis]

Zucht wanneer en hoe kunnen we nu is normaal zonder dat ik continu achterom moet kijken gamen.

arrrrrrgggghhhhh a corsair bandit....kill kill

[Yammie]

Pfff, en ik was zo ontzettend te spreken over dit stukje hardware