Blizzard Breaks World of Warcraft Again for Linux
Password stealing malware targeting popular MMORPGs such as World of Warcraft for instance, has become so prevalent,
that video game developers are taking their hallmark model a footstep further, past introducing 2-factor authentication into play. And while marketable, is the new authentication layer actually useful in a real life state of affairs? Depends. From Blizzard'due south press release :
"Blizzard Entertainment, Inc. today introduced an optional extra layer of security for World of Warcraft®, its laurels-winning massively multiplayer online role-playing game. Designed to attach to a keychain, the lightweight and waterproof Blizzard® Authenticator is an electronic device that generates a six-digit security code at the press of a button. This code is unique, valid only one time, and active for a limited fourth dimension; it must be provided along with the account name and countersign when signing in to the Earth of Warcraft account linked to it.
This optional security measure volition be bachelor for a cost of €half dozen.00 at the 2008 Blizzard Amusement Worldwide Invitational, which takes place June 28-29 in Paris, France. In addition, the Blizzard Authenticator will be fabricated bachelor for purchase via Blizzard Entertainment's European websites in the near hereafter for a toll of €6.00 plus shipping.
"It's important to us that World of Warcraft offers a safe and enjoyable game environment," said Mike Morhaime, CEO and cofounder of Blizzard Entertainment. "One aspect of that is helping players avoid account compromise, so nosotros're pleased to make this boosted layer of security bachelor to them."
Mike Morhaim's comment speaks for itself, since the two-gene authentication cannot prevent account compromise since a host that's already malware infected has already obtained and sent back the accounting data. What the two-cistron authentication aims to achieve is ruin the efficient arroyo of abusing the hundreds of thousands of already obtained passwords. And as always, it'south usability versus security, since there are flaws allowing the featherbed of the two-factor authentication.
For example, the two-gene hallmark is notwithstanding optional, meaning that a great number of gamers wouldn't bother embracing it, and the higher the number of these, the more likely that the old fashioned management of hundreds of compromised accounts volition proceed in its curent form. And with the number of people playing MMORPSs nowadays, this proportion of gamers that aren't using two-gene authentication would again remain vulnerable to the electric current types of password stealing malware. Timing is everything, and the worldwide launch of the token shouldn't have been appear before it was available to every gamer out there, since I anticipate "a wholesale summertime promotion of stolen goods" before the compromised business relationship holders associate their accounts with the Blizzard authenticator and outset using information technology.
Equally for the future development of malware targeting WoW gamers, an interesting propagation vector Tempest Worm used in early on 2007 is the perfect illustration for what'due south to come up. Next to using artificial Blogspot accounts, Tempest Worm infected hosts were waiting for the terminate user to authenticate herself by filling in all the CAPTCHAs, a CAPTCHA that Storm Worm cannot and doesn't even demand to break at legitimate blogs and forums. So once the end user authenticated herself, the at present authenticated Storm Worm started posting links and web log posts redirecting to malware patiently waiting for the end user to provide Storm with admission to its assets. Which is exactly that nosotros've seen seeing on the Ebanking malware front since 2007, and what nosotros'll be seeing in password stealers in the short squad - adapting to the process and bypassing it entirely with the aid of the malware infected gamer, a state of affairs where SSL and two-factor authentication aren't an obstruction.
Since the stolen passwords are a commodity, but the authentication cannot be achieved remotely, countersign stealers for MMORPG'southward have the potential to mature into automated virtual asset stealers. Which is what they are afterwards anyhow.
Source: https://www.zdnet.com/article/blizzard-introducing-two-factor-authentication-for-wow-gamers/
0 Response to "Blizzard Breaks World of Warcraft Again for Linux"
Post a Comment