Posts Tagged ‘gold selling’

Why the Optional Blizzard Authenticator will Become Quite Mandatory

Blizzard announced a new tool in the arsenal of measures to combat account theft, their authenticator. In short, you buy the authenticator for a small sum of money, tie it to one or more Blizzard game accounts, and from then on, whenever you want to log in, you will be prompted to type in not just your username and password, but also a short authentication code.

The authenticator should be a little RSA-like device which generates a new random code every minute or so, akin to what many banks are providing for e-banking. This will immediately make keyloggers moot – the key will be long expired by the time the information they provide is being used.

That doesn’t make WoW accounts hack-proof, by the way. It just raises the difficulty of doing so by several notches. Considering that at the same time, due among others to the new dailies, wow currency prices are dropping faster than ever, what we have here is a concerted approach by Blizzard to make the cost of cracking an account way too high compared to the potential profits it could generate.

But let’s not fool ourselves. By that same measure, as soon as the “optional” authenticator starts spreading, the pressure on the accounts not using it will intensify big time. As the pool of easy target decreases, attempts of account theft on them will start to multiply.

If you value your accounts at all, and I know you do, you’ll be well advised to buy the authenticator as soon as possible. If that’s not immediately possible, here’s a practical recommandation to limit your exposure a bit.

Go and download Ubuntu 8.x

You can now either burn it on CD then boot on it, or mount it using daemon tools, then run it under Windows and launch the “lite” installation version. In that case, it won’t repartition your hard drives, it will just install like a normal windows application and then show up as a Windows boot option when you restart (you can later deinstall it simply by using the windows control panel’ add/remove program option).

In either case, run Ubuntu, then launch Firefox and change your password regularly. Very regularly. Weekly.

Yes, I’m saying that you should download a full 700 MB ISO of a perfectly good operating system just for the sole purpose of changing your password weekly. Why Ubuntu? Because it’s so simple that even a half-wit like me can use it. And if I can do it, you all can.

Too much of a hassle? Fork out the money for the Blizzard authenticator. It’s only optional until it launches.

On Similar Matters

Broken Toys on Pierce vs Deboneville Lawsuit

For people living on the moon, Broken Toys is the blog of one of the earliest MMOG commentators out there, Scott Jennings (formerly known as Lum the Mad). He has recently posted and reported about the latest lawsuit in the ever-growing charade surrounding IGE’s past and present activities. It appears that the sleazier fringes of the American leeches, those who give lawyers everywhere a bad name, are trying to gag commentary putting the already heavily battered reputation of their client under further light.

For reference, IGE’s name and their unsavory execs have had a long history of dabbling with RMT and gold selling in most MMOs, in a blatant violation of their Terms of Service. They have bought up successively thottbot, Allakhazam and wowhead, in a move which I’m quite ready to liken to efforts made by the Mob at various times to buy legitimate businesses with dirty money in order to feign respectability, and while these three sites will swear, honest-to-god, that they have no ties anymore to their allegedly former TOS-breaking parent (and they could even be of good faith with their beliefs), enough evidence to the contrary surfaced through the many pending lawsuits around IGE to question just how much these ties are broken, if at all.

The point here, however, is that Scott has to edit his post to comply with a lawyer’s bullying. Since Altitis is neither operated nor hosted in the USA, though, the original piece below is reposted for posterity. The words below are of course not mine, I’m not smart enough for that.

Pierce To Yantis To Evers To Chance: The Rise And Fall Of IGE

MMOcitizen.com, a website operated by the law firm currently bringing a class action lawsuit against IGE, obtained and published a copy of a complaint in another lawsuit involving IGE: this one brought against former CEO Brock Pierce last year by co-founder Alan Debonneville.

For almost 5 years, Debonneville has dedicated his entire life to the creation, development, and success of IGE US, LLC (”IGE”). IGE’s meteoric rise from an under funded startup to the market leader culminated in a Goldman-Sachs investment of $60,000,000, which set the value of IGE at the time of $220,000,000. While Pierce, a flamboyant former child actor, has always been the public face of IGE, Debonneville has been the tireless working founder, responsible for the expansion and operation of the company.

The filing goes into great detail about IGE’s rise and fall from Debonneville’s point of view, with, just in case you weren’t already glued to your PDF files, added dirt from the dot-com-money-and-man-boy-love days of DEN.

After living and working in Spain for a few months, Debonneville observed that Rector and Pierce had a very close relationship, one that did not seem normal between a 40-year old man and a 20-year old young man…

…Apparently, there were a multitude of charges related to the prior operation of a company specifying that Pierce, Rector, and Shackley had stolen money from the company and wasted corporate assets for things like the purchase of illicit drugs, living a lavish lifestyle, and criminal allegations of transporting a minor across state lines for sexual purposes. Upon learning this information, Debonneville questioned Pierce regarding the allegations, and Pierce stated that the claims were false and contrived as a setup by some competitors and former employees…

Wild enough? It gets… something. Worse? Better? Uwe Boll?

Debonneville was told by Pierce that the “Spanish FBI” came to their house with a “SWAT” team in helicopters, kicked in their door, shot their dog, and threw all of them in jail.

The complaint eventually leaves the Mallorca Vice portion of history and gives a breezy history of much of what we knew already – IGE’s quick rise and huge cash infusions, and the use of that in a quest to purchase respectability through hiring executives and purchasing websites. Eventually, it all falls apart around the time of the Goldman Sachs investment as the principals began to fall out over arguing over how to divide up the huge amount of stock, which is dealt in the document (from Debonneville’s viewpoint, of course) in point-by-point detail.

Debonneville was starting to discover that Pierce had not only lied to Debonneville about the Yantis Stock Repurchase, but also that Pierce had benefited personally to the detriment of Debonneville from the Salyer and Maslow sale of stock. Of course, Debonneville was shocked to learn that Pierce had sold any of Pierce’s stock in IGE…

…On July 14, 2006, in an apparent attempt to convince Debonneville that his interest in IGE was becoming worth less and less money, Debonneville was sent an article regarding a crackdown on the sale and purchase of game items for cash in Korea. The implication was that IGE’s recent acquisition of Itemmania, a Korean online house, was going to be a failure. In hindsight, it appears that this was just another one of Pierce’s attempts to manipulate Debonneville into selling his stock to Pierce for a less than fair value, certainly for less than Pierce realized on the sale to Maverick. Today, it is likely that this may in fact be IGE’s most valuable remaining asset…

And just in case you started nodding off with tales of stock screwballery… enter everyone’s friend in space, Jonathan Yantis.

Yantis also advised Debonneville that if a deal was not reached with IGE, Yantis had already put a network in place to compete with and destroy IGE. Yantis stated that through the hiring of certain individuals who he had a long time business relationship with, Yantis would sell currency that had been exploited or duped.

Exploiting or duping is a process whereby an outsider hacks the game program into creating currency for the individual or duplicating an item and then selling it over and over which also results the creation of currency. These actions allow for the exploiter/duper to create an endless supply of currency without any real cost to that currenct. This is something Yantis has done in the past and made large profits from. The exploiter/duper would typically receive a commission for any currency sold of about 40% of the sales price. Due to the currency being exploited, Yantis was and would be able to sell currency at a price significantly below market, since the cost of the currency sold was non existent. This also allowed for an infinite supply to be created in what could take as little time as a few minutes.

Yantis indicated that this was also how he could turn the trading arm of IGE around and make it profitable, almost instantly. Pierce was aware of Yantis’ intent to use these exploits. In fact, Pierce counted on them as part of the rationale behind why Yantis should be brought back to work for IGE.

A clearer explanation of the toxic effects of RMT on online gaming has yet to be written. (I know. I tried.)

I’m sure that as this hits the commentariat there will be more to be said. Oh, there will be more.

On Similar Matters

The Bastard is everywhere

Even in my Aksimet moderation queue.

glodsoon in my spam catcher

Caught the bastard, though. And no, I have no second thoughts about publishing the bastard’s IP.

On Similar Matters

Gold Spam in the Blogger part of the WoW Blogosphere

Within 24 hours, several of our blogging peers have reported being hit by gold ads in their comments, and have therefore tightened the requirements for commenting.

Unfortunately, where Gmail shines with its rather strong antispam mechanisms, Blogger currently has little to offer in terms of automation.

For those wondering how things are on WordPress, here is how it works:

  • WordPress can do either full manual moderation or use some basic filtering rules which will place the comments running against those in a moderation queue (filtering by words and by amount of hyperlinks)
  • Various plugins can provide more and smarter antispam filtering, the most common one being Akismet (which works well for me).

Using Akismet, at the time of this writing 122 spams have been held for review, and so far I haven’t had a single false positive yet. Nothing else has been sent up to moderation so far (though Akismet probably catches them all anyway). Part of the moderation duties is simply logging onto my dashboard once a day, clicking the Akismet queue, browsing through the spam and hitting “delete all”.

Altitis still has a moderate readership, though, so the workload associated to comment spam fighting remains very light. This has also allowed me to leave comments unhindered by word verification methods so far. If I were to implement those, there’s a bunch of plugins available to do the job here too.

And that’s pretty much the exact shade of green on my patch of grass.

On Similar Matters

How to Improve your Account Security

As you will have noticed, there’s a widespread account hacking activity going on at the moment, and many people, me included, aren’t exactly happy about the customer service options currently provided by Blizzard.

However, to be perfectly clear about one thing, keeping your PC secure isn’t anybody but your own business. And as this story from BRK’s guild shows, when you’re an officer and have guild bank access, you are a particularly fat goose to pluck and just changing the account password without cleaning up your computer first leaves the door wide open for an account thief to get back and start over.

We aren’t computer security experts, though, and some of the things may appear daunting and complex. Further, there’s little to no way to stop a really determined cracker to get in. There are however a couple of measures to take to ensure the casual fishing expeditions will come out empty, and they are tied both to tools and behaviour.

So without further ado, here are a couple of recommendations to tighten up your (windows-based, sorry Mac and Linux users) PC:

1. Get a decent personal Firewall. The default Microsoft one is pretty much worthless. If you don’t know where to start, I recommend either ZoneAlarm or Comodo Personal Firewall, which are both free for private use. Or just check out various tests and reviews and pick what gets the best mix of useability and security. If you’re reading independent test reviews, make sure to also check out feedback they got by various firewall producers, and you’ll probably do best to stay clear off these where the manufacturer blames the testing methodology.

2. Get an antivirus software. This should actually be as natural as protecting yourself during a certain type of real world encounters, but if you actually have no antivirus installed, go and get the free AVG antivirus from Grisoft. Install it, update it, then run a full scan

3. If you haven’t done so already, switch away from Internet Explorer, and use for instance Firefox. If you pick that one, also get the NoScript addon.

4. Get a spybot / adware cleaner, and run that one too. I’m personally partial to Ad-Aware but there’s plenty of decent ones out there too.

You should have a pretty much clean slate at this stage. Regarding the firewall, make sure that you set it so that it asks you before authorizing an application to reach the internet, and be wise about what you let go out. If you’re not sharing a printer between several computers, for instance, the Microsoft Spooler doesn’t need internet access. The default windows Explorer (not the browser)? Why does this even want to access the internet? Use caution. If something with a strange name requests access to the net, google for it before deciding.

5. Now we switch to user behaviour. Keyloggers are the most widespread tool used to gain control of your account. Now if you don’t type in your username when you log onto WoW, the only thing a hacker can get is your password. So remember to check the option to have the logon screen remember your username from now on.

6. If you are more than one player to access WoW on the same box, the best option to keep your accounts separate is to first have each of you using a separate windows user account, and second, to actually create multiple WoW installation folders. Yes, it’s a disk space hog, but that’s the safest way to ensure that if the worst came to worst, only one account is actually compromised

7. The simplest way a cracker will try to get you to download a keylogger or other malware is through AddOns. Here you should be extremely cautious in what you get from where.  Always run a virus check on any package you downloaded before you install it. Don’t hesitate to scan the content of an addon folder either – normally the legit files will be limited to .lua, .toc, .xml and some graphical files. Anything else may be fishy. Learn to know who maintains your most popular addons, read the comments from other users off the addon download site, and fundamentally distrust a new major version popping up out of the blue from someone who you never heard of. Read the patch and release notes, if you’ve been using Titan Panel 2.x for a year and suddenly Titan 3 gets released by someone other than the previous maintainer, there should be enough changes in there that there’s actually a difference. If you want to go further, open the new package and compare the different .lua files to the previous one, if basically only the .toc got changed but the main addonname.lua file is the same size, something might be fishy.

In general, err on the side of paranoia.

Now if you have been hacked, once your account has been locked, before you do anything else, do the following:

  • Get a Linux Live CD image and burn it to a CD. Yes, I know, you’re on windows and that’s complicated stuff. Just do it, for instance Knoppix does the trick
  • Boot from the Live CD, locate the browser (it’s called Konqueror on Knoppix for instance)
  • Do all your WoW account administration from here, in particular the password changes
  • Once you reboot, redo a full virus and spyware scan. If nothing has been found at all, consider your PC still compromised. Reinstalling the OS may be painful but your fastest option
  • Only when you are positive that your PC is clean can you return to the game.

Yes, it’s complicated, and it’s not funny, but get used to it or get used to be hacked (and distrusted with guild bank access). That’s, unfortunately, pretty much the price for safety.

Other basic security rules: make sure you get an unique and reasonably complicated password for WoW – if you use the same username and password than for everything else, your computer but potentially also your blog, your guild web site and your forums may get compromised. Did I say err on the side of paranoia?

For Guild Masters, make sure there’s a procedure in place allowing to remove guild bank access from a hacked member, even when you’re not around. If it’s a top officer nobody but you can demote in your absence, make it clear that you only promote people mature enough to /gquit once they return ingame, to get reinvited at a lower rank without bank access for a “security period” of two to four weeks.

On Similar Matters

Blessing of Silence

Levelling a young alt? Fed up with the constant invites to get spammed by level 1 orc warriors? At long last, Blizzard has taken action.

Says Drysc:

We applied a small hotfix early this morning to include an additional restriction to trial accounts.

Trial accounts may no longer invite players to a party. They can still, however; accept invites from subscriber accounts who they may wish to group with.

And there comes blessed silence and quiet, at long last.

On Similar Matters

World of Warcraft™ and Blizzard Entertainment® are all trademarks or registered trademarks of Blizzard Entertainment in the United States and/or other countries. These terms and all related materials, logos, and images are copyright © Blizzard Entertainment. This site is in no way associated with Blizzard Entertainment®