Married IRL

Busy Week

This is what we’re doing this week:

Entertaining the Canadians!

<3

Demetria and Anarac have come to visit Rhode Island and so Jas and I are showing them around. Yayness!

Mini update

- Sorry for the hiatus, we had 0 internet for a good three days this week.  Missed many raids, it was sad. T.T

- Last time I talked to our hacked guildie, Blizzard employees seem to be “ignoring” any questions she has about the authenticator.  This does not bode well for the future.

- Ratkin weekend so not going to be around much.

- PvPing on Moon since it’s AV weekend.  I was in an AB yesterday to get some marks for my S2 shoulders and BRK ATE MY FACE! (Hobbes was scary.)  But we still won that AB funnily enough…

- Jason’s still farting around with the Beta and I am overwhelmed with jealousy.  The area around the nexus looks AWESOME.

- September is getting closer and closer and this means… AC BBQ!  /dance

KK, shower time.  Toodles for now!

On Security

So, a while ago Blizzard came out with their Authenticators, a two-part token authentication system.  Super cool.  We have had a number of guildies hacked in the past, as I’m sure most of you have seen.  So, Cay and I got one, as did a large proportion of our guild.  And when they finally came in, we hooked them up and breathed a sigh of relief.  This made hacking our accounts much less likely.

Unfortunately, it’s apparently only “less likely,” not “impossible.”

This morning, one of our holy paladins (who bought the authenticator and tied it to her account) tried to log in.  She got an invalid password a number of times, so she went through account management to reset her password.  She logged in again, and the character selection screen popped up.

Did you spot the problem?

That’s right, it went straight to the character selection screen - without requesting her authentication code.  When she logged her character on, she was in Stormwind, in her PvP gear, with no gold and no PvE gear.

So, the fact is that this hacker somehow managed to get the security token removed from her account.  Now, this isn’t something that could be done with a keylogger - the token information is all kept in Blizzard’s system.  And from what I understand, you’re not supposed to be able to remove a token from the account without at LEAST speaking personally to customer support.  There is no “remove token” option in your account management page, so even if Blizz’s WEBSITE was somehow hacked to allow someone to bypass the need for a token to get into account management, the hacker still shouldn’t be able to remove the token to the account.

This raises two distinct possibilities.

The less likely of the two is that Blizzard’s account servers/authentication servers have been hacked directly.  Why do I think this is less likely?  Because it would mean that some hacker, somewhere, has access to EVERY World of Warcraft account in the US at least.  I can’t imagine a security hole that big, at least, I can’t imagine a security hole that big that wouldn’t quickly become public (the existence, if not the details of the exploit that let it happen) as account after account got hacked.

The more likely of the two is that Blizzard’s policy on how to handle the tokens has gaps in it.  Whether someone at Blizzard removed a token for an email request, or the hacker actually had the gonads to phone them up and somehow social engineered his way into getting the token removed from the account, this is the most likely scenario.

Either way, it doesn’t make me all warm and fuzzy about my accounts security.  I hate to say it, but I’d RATHER it be the second possibility, at least then it’s a stupid person, rather than a gaping security flaw.  But either way, it is inexcusable.  Even if our friend was infected with every keylogger known to man, those keyloggers can’t crack the token.  That has to be done by Blizzard, or someone with access to their systems.

Actually, that opens up another possibility I hadn’t thought of until now.  It could be a Blizzard employee doing the hacking.

So what about it, Blizz?  How did this happen?  How was the system compromised?  Because in this case, you can’t point to the customer.  The fault ultimately lies, incontrovertibly, with you and your system.  Whether it is your computer system or your customer support agents remains to be seen.

Believe me, I’ll be asking this on the official forums when I can post there.

As soon as I get home.  To my security key.  :/

Update 1:  The player in question has spoken to a GM. They’ve started the standard retrieval process, but the GM was unable to say how, when, or why the token was removed from the account.

Gone for the weekend

Gonna play some Ratkin goodness at a friends house.

And I’m so unprepared. But that’s good. It’s how a Rat should be ^.^

Oh and I must remember to tell you about my experience in SSC yesterday, as I lead a raid on Rakzha.  It was preeeeeeeetty interesting!

Oh!  One more thing:  FIO GOT A JOB!  It’s for 30 days right now, this trial period stuff, which is GREAT cause he has 30 days to let them see how AWESOME he is.  BUT ZOMG!  HE’S GOT ONE! /happy dance

Have a good weekend all!

Random Thoughts

Wrath of the Lich King. Coming out sometime in the future, pretty soon, but not that soon. I think we’ve got the entire summer to get as much raiding done as possible before the expansion hits. Here’s hoping we get to see Illidan! XD

This is an adorable picture btw. Just too funny.

Katamari Damacy this early in the morning makes me bouncy.

Fio’s making me pancakes for my berfday. /cheer

I need to update my list of stuff to do. Now that Squeake’s all tanking and stuff, I have to update. Hrm…

I miss my old domain. T.T RIP silentstephi.com

Playing in LARP is fun again. Getting to play something other than a werewolf is also turning out to be nifty. Ratkin are also batshit crazy.

I’m looking forward to steak tonight. Mmmmm, steak.

Eventually I’ll have another priestly thing to post. Eventually. I swear.

It’s epicly sucks that my level 55 mage can’t get the Ogrimar flame. I was there, on the tent but the freakin’ revelers aggro’d onto her, hit her from UNDER the tent and she went splat. /huff

The summer fest outfit is AWESOME in so many ways.

I can’t wait for the new patch. Stephi needs to go VROOM!

I don’t feel a year older… Oo

Fire Fire!

Sooooo pretty!  I’m getting XP on Phelyx today, but I made like 500g running around Azeroth getting the blossoms for that awesome outfit!

Weeeeeee Fire!

30?!?!!!1one!!!

I just saw the patch notes from 2.4.3

Z.O.M.G.

Here’s the link to the official notes:

http://www.worldofwarcraft.com/patchnotes/test-realm-patchnotes.html

But, what’s got me all HOOBAWAH?

Apprentice riding at 30. 30! Ok, so I only have 2 toons that will benefit from this but… alt making/leveling just got retardedly easier. Imagine having your mount for STV. IMAGINE IT! I can… omg, I see many other alts for other realms… SHUSH! DON’T SAY ANYTHING TO FIO!

<.<

Oh and one more thing:

Bansidhe is freakin’ AWESOME!

These are just sooooooo awesome! <3  Thank you!!!

It’s the wait that kills ya…

I just got my internet back today from the Father’s Day black out, so I’m catching up on a lot of things, but!  I had to mention, that this awesome lady is making me a sig… of well, you’ll see.

I can’t wait to see it! ^.^

All of her sigs that I’ve seen have just looked boatloads of awesome.  Ratter’s was the first one I saw and hit made me go “Ooooh shiny!”

Wishful Thinking

Who’s Got a Kitty?

I does! Sab’s sitting next to me on her spiftastic Black Battlestrider, which is only appropriate for the Goblin Rocket Launcher wielding dwarf priesty.

^.^

Remind me again to NEVER EVER do that grind again. K? If I look as if I have visions of black mounts in the future, STEER ME CLEAR!

Please? I like my sanity.

Oh and yea, btw, I won’t be posting during raid again in the foreseeable future.

It’s a bad night when the MT is really tired and just gave up smoking the day before O.O