… a level at a time.

Archive for February, 2010

No more server hopping.. maybe.

I haven’t done a ton with Mass Effect 2 lately… it’s not one of  those games I can just start and stop when I want. I get hooked in the story and don’t want to stop playing. I’ve had too much homework to take any real-time to dedicate to it. Hoping one of the next few weekends prove to be more viable for a bit of time spent progressing through it.

I still haven’t finished Assassin’s Creed or started AC2. I’m debating if I’ll ever finish it, I might just start the second and skip out on the last bit of the first. I’d rather not though, but with school and starting up World of Warcraft again, I don’t know if I’ll ever have the desire to finish Assassin’s Creed.

Speaking of WoW…. my brothers started playing again a week or so ago. They refused to start on another server or transfer, and my friends and I were already set on Staghelm and we didn’t plan on moving.

I guess it’s a good thing I never transferred my Paladin [Texhnolyze] to Staghelm. Even though I don’t play him anymore. I’ve fallen in love with the Death Knight and Mage, I’ve spent all my time playing on one of those two.

I’m also messing around with a new Rogue a little bit; my brothers, one of my nephews, and I all started new characters together. We’re staying relatively the same level so we can group up for quests and instances together.

I have gotten stuck server hopping so I can play with my best friends and my brothers before. I hate server hopping, I’m bad enough with alts on a single server…

But as it stands now, it looks like all my real-life friends that I play WoW with are leaving the game “for good.” If they do stop playing though, I will be going back to playing on Silvermoon “full-time” [as much as I can without screwing up school and work], which will be nice: no more server hopping. Also, if they stop playing, I *will* be transferring my Mage [Stasís] over to Silvermoon. I wonder if I can convince them to toss me any extra gold & spare mats before they stop playing [haha, doubtful]!

I’m also debating swapping Authenticators for WoW. I have one of the key-chain ones, but I also have the HTC Hero that runs the Android OS. Now there is the Authenticator application available for download on the Android Market. I always have my phone on me, I don’t always have the key-chain Authenticator with me.

I really wish I could go to PAX East this year, really I want to go to any PAX. I’ve never been to a gaming convention. Unfortunately due to obligations, finances, school, & work… actually getting to go is not gonna happen, again.


*Copied and pasted the following post from here*


We interrupt your regularly scheduled blog for a Public Service Announcement. This is a post I put up on my guild forums a while back, but with the recent report of a supposed account hack to an authenticator-enabled account, I figured I’d repost here for mass consumption. In regards to the above link, I’m calling BS until I see more about it, and this post should explain why I feel that way. I’m far more likely to believe that the account was compromised by some manner of social engineering (be it a Blizzard look-alike phishing site, an irl “friend” theft, a shared account, or some other manner – any and all of which involve user error) than I am to believe that one of the most widely-considered secure systems in the world, used by banks, casinos, credit bureaus, government agencies, and high-profile data security firms has been circumvented by Chinese wow hackers to be used for in-game gold theft rather than, say, nearly any other possible use of such technology/cracking ability. I just don’t buy it. Read on, and be informed.

How the Blizzard Authenticator works, and why it improves security.

The Blizzard Authenticators are once again in stock!

Click here for orders in the United States
Click here for orders in Canada, New Zealand, and Latin America


On 26/06/08, Blizzard announced the Blizzard Authenticator, a device that provides your WoW account with an extra layer of security. They sell this device in their Blizzard Store for $6.50. You may consider buying it, but is the extra security really worth the money? How much more secure does it make your account? This post will explain how this device works, and exactly why it makes your account more secure.

===How the authenticator works===

The Blizzard Authenticator is a token that you can put for example on your keychain. It has a little display that, once your press the button will generate a 6-digit number that changes every minute.

This number is used as a 1-time password. This means the password is only valid once. When you use it to log in, the code becomes invalid and any hacker trying to access your account later with the same number won’t be able to log in.

A hacker wanting to access your account will now, in addition to keylogging your username and password, have to physically break into your house and steal the authenticator to see what number it displays. But hackers are clever people. Isn’t there any way for them to know which number the authenticator is going to display? The answer is no, and here’s why.

Every authenticator has a little built-in clock. This clock keeps track of the number of seconds since, for example the WoW release date, Tigole’s birthday or whenever. Each authenticator also has a unique key, which it uses to encrypt this number of seconds into what looks like a completely random number. There is no way, without knowing the encryption key, to guess what number is going to be displayed at any point in time. Even if the hacker has all the numbers you entered before, he can’t extrapolate that into what number will be showing next.

The hacker also can’t hack into the device itself to find out it’s key, because it doesn’t connect to the computer in any way. Even if the hacker were the mailman who delivered the authenticator to your house, he would have to open it up and extract the hardware that contained the key. These devices are generally tamper-resistant and will purge themselves when opened.

So, if the hacker can’t know your 1-time password, how is Blizzard going to know? The difference is, Blizzard has the key for every authenticator they made. When you log in, blizzard looks up which authenticator is associated with your account, and finds the matching key. They then use this key to decrypt the number you entered into the number of seconds the authenticator has been counting. They then verify that this number matches the current time.

Even if the time on your authenticator doesn’t exactly match the time on blizzard’s server, they still allow you to log in within a minute or so of the defined time, just in case the clock in your authenticator is running a little slower or faster than normal. This still does not allow hackers to use the number from a minute ago, because when you log in successfully, that number is then disabled and prevented from being used again.

If you still think someone may eventually find a way around it, this security measure is used by businesses and government agencies around the world to provide security, and they have a lot more sensitive information to guard than the login information to a WoW account. One of my good friends, who is a VIP services lead at Mohegan Sun, saw me log in once and went “wow, *I* use one of those to get into secure areas at work.” This is a tested method that has proven itself to be secure.

===Is existing security not already enough?===

While the authenticator provides an extra security layer strong enough to make your account virtually unhacklable, you can already secure your computer a lot. Is the authenticator really needed?

If you’re running Firefox with Noscript, Flashblock, adblockers, 5 different virus and spyware scanners, a NAT router with it’s ports strictly regulated, using Linux/MacOS X or another operating system, and other security measures I can’t think of at the moment, you are probably really secure. The danger is hackers finding a new way to enter your system that isn’t being guarded yet. Until the vulnerability is patched, or instructions to disable the exploited software are issued, you could potentially get infected with a virus or other malicious software during that short time. The more security measures you take, the lower the chance you will be vulnerable. But security is an ever-changing thing. You have to keep things up-to-date constantly in order to stay secure.

Using an authenticator is completely optional, but it does solve the problem by taking another approach. Instead of preventing keyloggers from getting onto your system, it makes you virtually immune to them. They can try, but with a login code that is always changing logging your keystrokes won’t be any good.

If you wish to better secure your system without buying an authenticator, instructions are given in stickies on the WoW forums, links to which are provided at the end of this post.

Then there is the issue of cost. Blizzard is offering these for $6.50, but should they? It would be a lot better if they provided them for free right? Well, I doubt Blizzard is making money on these. The manufacturing and distribution of these tokens costs them money, and $6.50 is actually pretty cheap. Market prices for these devices can be around $50.

I myself have been playing for over five years, so that’s roughly $900 this game has cost me already, and I’m not even counting the money I payed for the original game and the expansions (or my second account, or name changes, or transfers). I’m not going to mind another $6.50, especially since it provides me the peace of mind of never risking account theft. I purchased one the day I took Guild Leader, because the security and safety of my guild is far, far more important to me than $6.50 or the three seconds extra it takes me to log in every day.

As an aside, there are to date no known account hacks1 to an authenticator-enabled account. There’s really no reason not to have one.

===More Information===

If you wish to learn more about this authentication technology, most of the information for this post was obtained from the Security Now podcast. All episodes are freely available for download on http://www.grc.com/securitynow.htm. Transcripts are also available. The particular episode that deals with the authenticator technology is #90: Multifactor Authentication, the part which covers some of the information above starting 20 minutes into the episode.

===Useful Links===

Buy the Blizzard Authenticator:
Unites States
Canada, New Zealand, Latin America

More information about the Blizzard Authenticator:

Support page: http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986]http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24986
FAQ page: http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660]http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24660
Activating your authenticator: http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24987]http://us.blizzard.com/support/article.xml?locale=en_US&articleId=24987

Links for securing your system against keyloggers (no authenticator required):

Protect your PC guide: http://forums.wow-europe.com/thread.html?topicId=273198555]http://forums.wow-europe.com/thread.html?topicId=273198555
Avoid getting hacked: http://forums.wow-europe.com/thread.html?topicId=102690401]http://forums.wow-europe.com/thread.html?topicId=102690401
Account security: http://forums.wow-europe.com/thread.html?topicId=35983697]http://forums.wow-europe.com/thread.html?topicId=35983697
How to recover a compromised account: http://forums.wow-europe.com/thread.html?topicId=17191745]http://forums.wow-europe.com/thread.html?topicId=17191745

*this post shamelessly stolen/paraphrased from Ysgarth. (I’d link directly, but I honestly lost the original)

Not only does having an authenticator save you trouble, it saves your guild leader trouble. You see, every time a member gets hacked, each of their toons steals items/money/whatever they can get from the gbank. When the hacked accountholder goes through their restoration process, GMs only help with THEIR account. The gbank is considered to be an extension of the Guild Leader’s account/responsibility, and as a result, *they* have to put in a ticket, too. This makes GLs like me die the little death every time.  Don’t make us pay for your negligence!

1Again, a unsubstantiated report arises now and then, as I mention above. Until I see an official report from Blizzard or some tech industry standard saying keyfobs aren’t as secure as we thought, I don’t buy it – the science just isn’t there. Most importantly, though, it is still important to remember that although authenticators do, to the best of our knowledge, make your account hack-proof, they do not, in fact, make them doing dumb stuff-proof. In order to have your authenticated account compromised, you have to fall for a phishing/fake site; you have to give your account info/keyfob/unused current number out to someone; you have to be gullible enough to do exactly what Blizzard has said to never do – NEVER GIVE OUT YOUR INFO. Never! Don’t enter your account info into a linked site, ever. Go to what you know to be the real login site, always. Don’t tell anyone your account name, your password, your keyfob serial number, anything.

I’ll repeat – never trust another player, and never trust a link. Ever.

And get an authenticator.

Free time, time to continue.

Classes are burning a lot more time than I originally thought they would. I’m sure after I get into the swing of being back in school, things will even out and I’ll be able to game a bit more.

I haven’t gotten to play a ton of Mass Effect 2 yet [only two, maybe three hours]… but from what I have played, wow. Especially that beginning sequence.

There are still some issues with bump map loading that existed in the first, but it’s nowhere near as frequent.

They tweaked the combat system slightly. I think the changes they made are a nice improvement, it’s a lot more fluid.

I’ve renewed my World of Warcraft account again. I’m not playing on Silvermoon anymore, at least not as my main server. I started playing on Staghelm again, up and running with some real life friends.

Stasís is now 80, and has full Tier 9 gear, and epics from random heroics. She still has two blues equipped [cloak & a trinket], but that’s only because I haven’t found replacement gear yet [or gotten enough badges to exchange for upgrades].

Played a bit last night, decided to tank a few instances on my Death Knight [Iscariott, 61] just so I could avoid the  fifteen minute [or more] queue as DPS. According to every group I got into, I’m really good at tanking compared to most other “low level” DKs. I stuck with a few people from the first group and did chain instances.

After a few runs, a Balance Druid that was three levels higher than me joined the group, almost immediately he complained that it was “another shitty DK tank.” Both the healer one of the DPS that was with us told him to shut-up because I was good compared to most DKs. He didn’t believe them at first, but after a few pulls, he admitted… “wow, a DK at this level that can hold agro, that never happens!”

I’m debating if I want to transfer my Paladin [Texhnolyze] over to Staghelm, or if I want to just leave him on Silvermoon. I might transfer him eventually, when I have more time and money.