This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Live
PTR
10.2.7
PTR
10.2.6
Beta
Hackers are so annoying.
Post Reply
Return to board index
Post by
434523
This post was from a user who has deleted their account.
Post by
303152
This post was from a user who has deleted their account.
Post by
xaratherus
he does he has 2 virus protection programs(avast/norton). That update daily automatically also has spyware/adware blocker/scanners. Runs boot scans on boot ups and scans before he goes to bed. He is fanatic about computer security he also has one of those jump drives that once he unplugs it locks his computer. His job is computer security he can obviously detect fishing emails I honestly dont know how they got his password.
So he'll spend $50+ on two Antivirus Solutions, but not $6 for an authenticator?
Your "friend" seems like a real intelligent guy.
Not to mention, as others have pointed out, it's actually far less effective to have multiple antivirus software suites running on one machine; they often conflict, not to mention the nightmare the combined scans would play with system resources.
Post by
587886
This post was from a user who has deleted their account.
Post by
eviltwinz8
I mean how does a company that make 200 million a month have worse customer support than most if not all freeware games that I have played.
I mean how can your friend work as a computer security tech and not be able to afford $6 for an authenticator?
He makes a valid point, you'd think he'd atleast buy an iPhone or iPod touch and download the free app.
I have both, The app and the 5$ authenticator.
P.S. Norton...Wtf?
Post by
446461
This post was from a user who has deleted their account.
Post by
Meggie
I spoke to a blizz employee about this once they claimed its mainly addons (curse, wow-interface, etc...) that steal your passwords....I think it's rouge blizz employees selling passwords to gold sites, etc... In all bad things it's usually an inside job.
Blizzard employing rouges makes me feel unsure.
However, mods can not steal your account info. It's the fancy proggies you "need" to install the bait. Downloading the curse install program from the wrong site is a good way to get hacked.
Another approach is to accidentally paste your email and password into the wrong authentication webform. YES pasting your email and password into genuine the curse site WILL get you hacked.
Post by
524425
This post was from a user who has deleted their account.
Post by
xerae550
Blizzard employing rouges makes me feel unsure.Yeah I mean, they always spray makeup
everywhere
. It's
such
a pain to clean up.
Rouges are so overpowdered.
Post by
badassnewbie
First, 2 antivirus pograms isnt normaly good as they tend to fight each other.
Second, i would like to put a big ? on the Norton aswell.
I have a hard time believing "your friend" works as a computer security tech and thinks it's a good idea to run two antivirus programs.
Don't use your Battle.net email or password for ANYTHING else. Period. Use aojkniunviuashek@gmail.com if you have to. Just set gmail up to forward all email to your preferred address. Use a
password generator
to help with secure passwords.
Either
you
your friend did something stupid or you're full of #$%^. One or the other.
This.
Post by
TheReal
Might also want to start in safe mode without networking and launch WoW, THEN run a virus scan without attempting to enter a password. Enabling priority booting on your antivirus may also help. I'm just throwing stuff out there now because I have no freaking idea.
Post by
eveo
Oh, and the authenticator can be "hacked" as well. You're all screwed.
CAN be. Not WILL be. It's a single virus called emcor.dll that is responsible, and you can bet your ass that every antivirus software available has it listed in definitions and is watching for anything that behaves like it. As long as your antivirus is current and you scan on a semi-regular basis, you'll be fine.
Absolutely wrong, an anti-virus really has nothing to do with it. RAT's, backdoors, keyloggers and what not can easily scale past any AV if you have decent knowledge of computer security (i.e., patching, module hiding etc)
If you use a hotmail account, you can be screwed. You won't prevent it, if they want to, they will. ALSO another way to get WoW accounts is hacking large databases (sites like infinity ward, gaming sites in general) and extracting names from those.
Trust me, I speak from experience :)
Bottom line, authenticator, for now.
1 last thing people still forget, your account can be hacked with addons, so, dont try an addon just because it look cool and is on curse cause curse.com mean nothing.
How exactly is an addon supposed to steal your password? Addons are text files, nothing more. When wow starts it reads those text files for valid commands to execute, so unless blizzard decides to add a command that reads your password and mails it to a third party, addons are completely safe..
If you unpack an addon and find that it contains an executable file, don't click that file, just remove it without starting it. Addons should contain .toc, .lua and .xml files only, all pure text files. If you find stuff like .exe and .com files, stay away from them and just delete..
An addon installer like for instance Curse Client is a whole other story. A client like that is an executable that you double-click to run and that may or may not be infested with a keylogger too.. Stay away from those installers, download the addons manually and install them manually..
TL;DR: As long as your addon doesn't include any executables it's perfectly safe.
You are too extremely misinformed. Addons could actually easily steal your passwords. There are many methods to do so, none of which contain an executable. Common sense plays no part in debunking methods of hacking and stealing, yours has driven you in the wrong direction. You are extremely mistaken if you think only executables can harm you.
I'm just loling at the number of people who didn't read the whole "WoW passwords are NOT case-sensitive", yet they bother with capital letters. Can't remember where it said, but I remember seeing this early on in my "WoW days".
If someone uses Norton, and/or uses 2 AV, I do seriously question their IT sec skills.
Also people who only think 'loggers only come from pr0n sites - there has been a good number from "reputable" sites, who had their flash ads compromised. I seem to remember hearing recently that a guild site host became compromised in this fashion.
Heard chunkloads get their accounts abused from signing up on forums with the same email and password as they use for WoW. D'oh.
With viruses in general, have heard a couple of stories of sites being directly compromised via an SQL attack - either through stealing data directly or populating a db field with the code to load up an iframe or similar.
Once came across a school website, where the hackers replaced the index page to forward to loading up a PDF ><.
Also copy/paste is very flimsy method. Clipboard reading may or may not be in keyloggers that do the rounds, but if enough people do this method, then I won't be surprised if they do/will scrape the clipboard on ctrl+c/ctrl+v.
You are on the right track. SQL injections most definitely play an important part in the theft of accounts. Just saying, trojans can do anything on your computer, anything.
Might also want to start in safe mode without networking and launch WoW, THEN run a virus scan without attempting to enter a password. Enabling priority booting on your antivirus may also help. I'm just throwing stuff out there now because I have no freaking idea.
At least you admit it.
Blizzard employing rouges makes me feel unsure.
However, mods can not steal your account info. It's the fancy proggies you "need" to install the bait. Downloading the curse install program from the wrong site is a good way to get hacked.
Another approach is to accidentally paste your email and password into the wrong authentication webform. YES pasting your email and password into genuine the curse site WILL get you hacked.
First off, completely wrong. Depending on the level of the GM, 0 being user and 4 being full admin, they can do whatever they want (level 4). They can spawn accounts, classes for that account as well as priveleges. By the way, blizzard employees are idiots for registering their accounts on other sites using the same authentication as their bnet accounts. hint hint.
Post by
292411
This post was from a user who has deleted their account.
Post by
512471
This post was from a user who has deleted their account.
Post by
eveo
Then don't try, because you won't.TL;DR: As long as your addon doesn't include any executables it's perfectly safe.
You are too extremely misinformed. Addons could actually easily steal your passwords. There are many methods to do so, none of which contain an executable. Common sense plays no part in debunking methods of hacking and stealing, yours has driven you in the wrong direction. You are extremely mistaken if you think only executables can harm you.
Please elaborate how a pure text file, parsed by warcraft, is able to steal your password. You mention that "There are many methods to do so" so please describe one.
Not pertaining directly to World of Warcraft per se, but scripting in general. For example, the WoW script could possibly need a connection to a website, say it's a stats mod. When it connects to that website, you can't reject the connection ingame, since there is no browser ingame. Upon visit to that website, it could execute a javascript script, and whatever that script is programmed to do, it will. I used to steal steam accounts through this method. Spam a link, that link is a blank page, upon visit a file is downloaded to your computer and executed and you'd have no idea.
Nothing is ever fool proof.
Post by
292411
This post was from a user who has deleted their account.
Post by
Meggie
Lets say I write a plain letter and mail it to you, instructing you to go to your bank, withdraw all your money and mail it to me, that doesn't enable me to steal your money unless you actually choose to obey those commands.
^ But but but retribtanks and DKs faceroll popups in real life
Post by
106545
This post was from a user who has deleted their account.
Post by
TheReal
Nothing is ever fool proof.
This is the only damned thing you've said that I agree with. If you're going to claim that I'm absolutely wrong about something, then at least say what it is you think I'm wrong about instead of hiding behind vague remarks.
Oh, and the authenticator can be "hacked" as well. You're all screwed.
CAN be. Not WILL be. It's a single virus called emcor.dll that is responsible, and you can bet your ass that every antivirus software available has it listed in definitions and is watching for anything that behaves like it. As long as your antivirus is current and you scan on a semi-regular basis, you'll be fine.
Absolutely wrong, an anti-virus really has nothing to do with it. RAT's, backdoors, keyloggers and what not can easily scale past any AV if you have decent knowledge of computer security (i.e., patching, module hiding etc)
Yes, despite your inflammatory remark, an antivirus has
everything
to do with preventing the emcor.dll man in the middle attack. If you want to be taken more seriously, use debate language instead of argument language. In any case, I'll continue using my authenticator and remain not-too-comfortable about my WoW account's security. The authenticator + common sense is the best combination for account security these days, and one of those is in short supply.
Edit: How in the world would you think that
any
passwords arent case sensitive? feel free to try it btw, as Ive gotten a Password Incorrect message missing a capitalization.
Just tried it. FEedEDthEtroLLz2DaY worked just as well as feededthetrollz2day.
Post by
ChairmanKaga
So much stupid in this thread, it's hard to figure out where to start.
he does he has 2 virus protection programs(avast/norton).
Running 2 AV programs at the same time causes more problems than it solves.
What's so bad about Norton?
Nothing, just a bunch of ignorant haters that haven't bothered looking at the 2009 or 2010 version. Symantec has disembarked from the failboat, folks. One of the best AV available at the moment.
Now those people that still use McAfee....those I pity.
Oh, and the authenticator can be "hacked" as well.
But the authenticator hack is several orders of magnitude harder than a simple phishing job. It requires an actual local host compromise, like a trojan virus.
People that call the authenticator "hackable" and use that as an excuse to not buy one are ignorant morons.
An addon installer like for instance Curse Client is a whole other story. A client like that is an executable that you double-click to run and that may or may not be infested with a keylogger too.. Stay away from those installers, download the addons manually and install them manually.
*yawn*...can we get away from this sort of ridiculous FUD, please?
If you download TOTALLYCOOLADDON.EXE from
www.totallylegitsite.ru
and run it, you deserve what you get.
Stop trying to equate that with downloading legit software (like Curse Client) from legit sites (like Curse). Seriously, it makes you sound like either an idiot or some kind of shill for a competing addon site.
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.