I follow a few of the WoW communties on LiveJournal and other places, and have gotten a heads-up that there may be a problem with a potential keylogger with both the recent update of the Recount mod and the Curse Updater.

It seems the incidences of hacking on individual accounts has gone up recently.

Strega and I have ordered our Blizz Authenticators as a CYA thing.

I just wanted to give the group a heads-up. I don't want to see any guildie get hacked.

'Noxie

I can second this information though it didn't involve the recount mod, but it is definitely connected to the Curse Updater though. The guess is that someone hacked one of the mirrors used to update the mods and have begun adding keyloggers to the mod files.

Not sure if this is also affecting the mods downloaded directly from the site or not, but the authenticator is the best way to go. Received mine about a week ago and have gotten used to it already.

Definitely makes you feel safe knowing that you're virtually hack proof now.

Well this is no good at all......

Was asking where they are at, but now I remember those things. The little USB devices with a passcode, hope it works.

After further research, it appears the problem is directly related to the curse updated and not the mods.

For those looking for the authentication key, go here http://www.blizzard.com/store/details.xml?id=1100000182. It's a lot cheaper than I thought, so think I'll pick one up myself.

-Stab

Seems like rock solid tech to me, Aries. Wrote down a code and used it once. Then logged out and tried it again with the same code, gives the wrong login info page.

Second test involved getting a code from the authenticator, letting the internal clock time out and generate a new code, logged in with a new code. Logged out and tried last code, bad log in info page again.

I dunno how they keep these in sync like they do, but you basically can't log in with any info but what the authenticator has on the screen at the time of log in.

Question about the authenticator.

Ok, let's say I buy the authenticator and have to use that to log in. I have to assume that this just uses a random key generator. That being said. What is stopping the "hackers" from just buying one of their own and using it to log into your account? Or is it somehow tied to your account?

Just trying to figure out if this is really gonna help protect me.

-Thanks

You register the authenticator serial number to your account, and no matter how many times I try, I can't get Razor's authenticator to let me into my account. There has to be some form of uplink to the authentication servers that Blizzard never said anything about.

Wow.....that's impressive for only 7 bucks. Think I'll be picking one up now. Thanks for the heads up guys.

I got mine the other day!!!

Generally the way these work is using some form of encryption driven off of the current time. Each authenticator is assigned a different encryption key. Blizzard has a record of the encryption key that goes with the serial number of the authenticator that gets shipped. When you activate it, you tell Blizzard which serial number you got... they use that to look up which encryption key your authenticator is using. When you press the button on the authenticator, it generates an "password" that is really the time you pressed the button, encrypted. When it gets to them, they decrypt it and check the time to see if it has "expired" yet.

Many corporations (including the one I work for) issue these to employees to log into the corporate network over VPN.

Ah, that makes sense. Thanks for that info, I'll stop brooding over that now. :)