Poster: Merwen at 8/11/2006 8:15:53 PM PDT
Subject: Protect yourself! |
| |
This comes from lvl60 undead warlock Magnesium of Stormscale, he has asked me to post on his behalf as he no longer has access to his account:
First off there are several risks to your account use that should be aware of. Following the comfortable level of paranoia always works best for me. This means be suspicious of the circumstances in which you access your account. I would never access my online banking information from a public computer such as a library or an internet café, just the same as I would never access my WoW account from these same public places. This means resisting the urge to check on your world of warcraft account status from web pages, logging in to respond to forum posts, or of course logging in to play your account. This goes for kiosk type setups as well. The main reason for distrust is the possibility of keystroke logging.
Keystroke logging:
Inline: http://www.thinkgeek.com/gadgets/security/5a05/
Software: http://www.keylogger.org/
Account naming is probably something that is too late for most of us, as we already have accounts which we sign on to, but in case someone sees this before purchasing WoW and creating their account they should name the account something memorable but difficult to devise. This means it should not be an account name they use for any other public logons (such as ebay or public forums), should not be their first and/or last name, and not the name of their character they intend on creating. Also the password should be relatively long and complicated, say over 8 characters and consisting of upper and lower case letters and numbers. Standard best practices for passwords are that they arent easily guessed if anyone knows your interests, family members, birthday, phone number, or anything else guessable.
Using a friends computer to play your game is a tough call that only you can make. How certain can you be that s/hes got a trustworthy computing environment? It does beg the question of how certain can any of us be that our computing environment is secure? Ignoring the risk of using wireless keyboards or network devices (encryption is weak if used at all, but threat must be local to exploit) here are some threats that threaten our accounts.
Trojans: These programs get their name from the Greek Trojan horse fable. These programs trick people to install them by purporting it will perform some task that you want done but is actually a disguised program to do something malicious. Trojans are common on peer-to-peer sharing networks and often disguised as Warez of CD cracking tools. Below are a list of Trojans that I found specifically made to steal your WoW account.
bopninja: http://www.pestpatrol.com/spywarecenter/pest.aspx?id=453097792
PSW.Win32.WOW.x: http://www.net-security.org/virus_news.php?id=628
Infostealer.Wowcraft: http://www.symantec.com/security_response/writeup.jsp?docid=2005-073115-1710-99&tabid=2
Rootkits: Nasty pieces of software designed to root your system or take administrative control over it allowing it to open back doors or run software you dont know about. The objective of rootkits is to run at ring0 in your system, which is at kernel mode. This means more control then even the administrator has as its running as the operating system itself. Sounds bad? Well consider that not only nasty programmers who are trying to steal your information are trying to do this but so are companies trying to protect their digital rights as well such as Sony BMG music. If youve listened to any Sony BMG cds on your computer, then chances are youve got a ring0 rootkit installed that is invisible to you and running invisible programs and services. Read the link below for more details, and please run the patch just in case:
Sony BMG music CD: http://www.theregister.co.uk/2005/11/04/secfocus_wow_bot/
Software security vulnerabilities: Programs are programmed in obscure programming languages and made for certain intentions. Eventually someone will try to use a program in a way not originally intended and may even get it to break in an interesting and unique way which allow greater access or the ability to run other programs. These are known as vulnerabilities which can be exploited to compromise the integrity of the system. Some are made public, while others are kept secret for the safety of the community or as a weapon no one else might know about. The worst vulnerabilities are remotely exploitable and give system level access. Microsoft announces and releases patches to vulnerabilities within their products every second Tuesday of the month at http://www.microsoft.com/technet/security/current.aspx . One such bad problem this month is a remotely exploitable hole in every version of windows that is supported by Microsoft can be found at http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx and a description of how even using a browser can lead to compromise of your system can be read at http://internetgames.about.com/b/a/208955.htm
These types of vulnerabilities exist for Apple systems as well, so dont go blaming Microsoft for everything, or thinking that your safe if youre on a Mac.
Phishing: emails or websites that direct you through a link to login and check on your account because they claim to have been hacked or offering you bonuses if you do are always scams. This has been a big problem for online banking customers for years now and will probably occur for world of warcraft as popularity rises. The pages that they link to typically look identical to web pages that require account logins, but are not the legitimate site.
In conclusion, be protective of your account details. Make sure youre logging in from a system that is fully patched and that you fully trust everyone who has the right to install software on your system. If your system is acting funny, do some investigating as to why. Dont install software if you dont trust where it came from and always scan programs with a virus scanner before running them for the first time. Dont operate your computer as an administrator unless you require that level of access, and limit the autonomy that your web browser has.
Merwen gains 35 happiness.
| | | http://forums.worldofwarcraft.com/thread.aspx?fn=wow-customer-service&t=105801&p=#post105801 | | | Poster: Pavonum at 8/12/2006 12:36:36 AM PDT
Subject: Re: Protect yourself! |
| |
What a wonderful and informative guide this is, Merwen! Thank you so much for posting it for the sake of those players who wish to avoid the pitfalls that may lead to account compromise; may this act as a light in the darkness, and guide us all to a safer, more secure account. Please give my regards, and best wishes, to Magnesium. :)
Ce sont ces fenêtres qui m'appellent...
| | | http://forums.worldofwarcraft.com/thread.aspx?fn=wow-customer-service&t=105801&p=#post106041 | Poster: Kaone at 8/12/2006 9:45:16 AM PDT
Subject: Re: Protect yourself! |
| |
This summary by Merwen is well worth a careful read by every World of Warcraft player. Being aware of and making smart decisions regarding the security risks in the post above, combined with never sharing your account information with anyone ever should reduce the risk of your account being compromised to nearly zero.
Half King of Beasts + half Monarch of the Skies = ?
| | | http://forums.worldofwarcraft.com/thread.aspx?fn=wow-customer-service&t=105801&p=#post106184 |
View all recent official Blue Posts
|
