Security: July 2008 Archives

I have noticed a high occurrence of flash ads on sites lately. These are not unusual, in their essence. The problem with flash ads is that either by limitations of code or intentional omission, they often do not display a URL. When these appear on game sites, especially ones which are a haven for WoW players like DeathKnight.info, I grow incredibly concerned about my security. Until I have an Authenticator in my hands, I will remain very cautious of my security.

Right now I surf on my laptop and game on my desktop, still being incredibly careful what I download and where I surf to. You never know if a trojan will know to look for zip files or other known packaging used in the Mod community. I do not know if the URL issue is a coded one or a Flash based flaw, but I refuse to risk myself and my account on the chance of a cool product or game that is marketed to people like me.

Add to this the chance of so far unknown holes in Flash or other multimedia ad methods, the prevalence of gold farming, leveling guide, and power leveling ads on any site that has Warcraft or MMO in it's keywords, and you really become concerned about clicking much of any link on the sites you visit online.

I wonder, though, a I paranoid? I know a lot of folks thing that all these big security measures that even the less secure take are too much, and I go much further in my own technology. Would you go so far as to refuse to click any Flash based links? Would you take security measures like weekly trojan searches, multi PC use, and other such measures? Or are you one of the many that thinks a decent browser and some addons for it is enough?

Yesterday I posted a thread about the Blizzard Authenticator being sold out on the General forums, and the thread got to 3 pages before Blizzard put their own sticky about the topic, and even addressed the US only concerns I have previously expressed. The thread, though, was dominated by one clear message which I found both foolhardy and completely misinformed. Add to that a healthy dose of 'WTF' factor, and you begin to see a really disturbing picture of the WoW community.

The first bit that really annoyed me was from Celada of Lothar. 

Its a false sense of security... Nothing beat knowledge and a litle bit of common sense. You can about 100% protect yourself with

Firefox
-addons
--FlashBlock
--Adblock Plus
--Noscript

Celeda, you talk about a false sense of security? Tell me the FCC and many other government agencies from around the world have a false sense of security in this form of multi layer authentication. You have a false sense of security if you think that such measures have any form of security to them. With new bugs and holes being found all the time, all it takes is a single day of being unpatched for your computer to be infected with a keylogger. How many mod sites have found trojans in their code? Almost all of them, and everyone has them as trusted.

Next up we have Celeda's response to my points about a true false sense of security coming from Firefox:

Ive been playing this game since beta never once been keylogged
Cause im not stupid enough to click any links i dont know

Blizz can sell false sense of security all day, that cant sell common sense and they cannot cure stupid

Just because you have not, does not mean you will not. Past actions do not dictate future results, especially with the rising value of WoW account info ont he black market.

Now to this gem from Kybeorie of Baelgun

Clue:

Someone has a trojan on your computer.
You have the authenticator.
They can't login to your wow account, but they are STILL LOGGING YOUR KEYS. The difference is that now you don't know it, because your wow account is ok. So you go merrily about your business, while your mother is now sending some money "you need to borrow", because you said so in an email, to some address far away

All due respect, Kybeorie, if you are using those Firefox addons as your only protection from trojans and keyloggers, you deserve to be scammed. Also, if your mother can't pick up a phone and check with you to make sure a sudden 'I need money' email is real, well, then your mom needs some lessons in common sense, cause I know my mom is smart enough to actually talk to me when I ask to borrow money.

In the end, this is not the be all and end all of protection, but it is not a false sense of security. This is a very secure additional form of security for your WoW account. If you feel your Firefox plus addons method of security is fine, great. It just means that when Blizzard does start shipping these to Canada, I won't have to wait in line behind you to get mine. I, though, will be very comfortable paying a lowly $7 USD for this increased measure of security.

According to the writer of the isheepthings blog, the Blizzard Authenticator, after about two and a half days on sale, is listed on the Blizzard store as sold out. This all happened with no Canadian being able to order one themselves unless they had a US shipping address. There are those who advise that Canadians go and order from the European store, but to my knowledge the Authenticator was never available from there, only showing Sold Out for the entire duration.

[Update: Blizzard has now posted both about the sell out and the lack of availability to Canadians. Thank you Blizzard for answering the questions I and others had.]