http://www.blizzard.com/store/details.xml?id=1100000182

Got tired of people saying their accounts got hacked. I don't want to be "that guy". Sucks we have to spend money out of fear. Ohh well just an extra level of security for me then. :wacko:

http://www.blizzard.com/store/details.xml?id=1100000182

Got tired of people saying their accounts got hacked. I don't want to be "that guy". Sucks we have to spend money out of fear. Ohh well just an extra level of security for me then. :wacko:Got three of them, never activated them. Not sure that I will since I'm on the fence about playing post expansion.

Yup, I have one, and it brings a huge relief, and peace of mind. With boxing bring more attention to my accounts, I want this little extra bit of security. And its price is laughably low.

IMO it should come in the box.

I have one. Its a pain but the peace of mind is well worth it. Note of caution, If you ever need to remove it from your account or change the authenticator on the account in any way, you HAVE to call billing department.

<-- early adopter of the authenticator.

I've never been hacked on my WoW account -- but my Guild Wars account was hacked back in the day. I used to be a major fan -- I averaged 16/hours played per day (yes, this was college) and was ranked 116th in the world. After I was hacked, I haven't been able to play -- it was just too painful to log in and see my characters trashed. GW isn't even a gear-based game, but I had put time into getting my characters the "perfect" looking gear and overnight it was pretty much ruined.

If a $7 device will help prevent that sort of thing from happening again, it's worth its weight in gold to me.

I wouldn't even consider myself a high risk candidate for keyloggers -- I'm smart about what I download and what links I click, I run antivirus and a firewall, I don't fall for phishing emails. However, it's not about my risk in comparison to others -- it's about my personal risk versus gain. I thought about what I personally would feel like if my accounts got hacked and whether or not that's worth $7 and the inconvenience of typing in a number every time I log in. And, to me at least, it's well worth it. Remember that, while Blizzard is generally benevolent about retrieving lost gear/items/gold due to hackers, they don't have to -- it's the user's responsibility to maintain their account security. Restoration can take upwards of a week and sometimes things can't be restored just the way they were.

Anyway, to me it's well worth the "inconvenience" of typing the same number into the login screen (using my multiplexer mwahahaha). Remember -- 1 authenticator can work for multiple accounts. You can share it (the authenticator) with your family, but remember that you need the number from the authenticator every time you log into the game or the armory (the wow forums do not require the authenticator number). Suvega has one for his accounts and I have one for mine since we're not ALWAYS attached at the hip ;)

http://www.blizzard.com/store/details.xml?id=1100000182

Got tired of people saying their accounts got hacked. I don't want to be "that guy". Sucks we have to spend money out of fear. Ohh well just an extra level of security for me then. :wacko:Got three of them, never activated them. Not sure that I will since I'm on the fence about playing post expansion.

Just curious why you picked up three? I thought I read in the FAQ that one will work for multiple accounts.

everyone should get one.

i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.

I've got one associated with my 7 accounts. It's no more trouble than typing a password, I leave it sit on my keyboard 24/7 because if someone I don't trust is in my house, I already have a different problem.

Just curious why you picked up three? I thought I read in the FAQ that one will work for multiple accounts.Two to use so if one breaks I'm not at the mercy of the billing department. One extra because my cat will find and hide one or two of them at some later date.

i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.

The could be brute force hacked in like 20 seconds.Standard part of a normal brute force list is postal codes in normal and zip+4 formats. You'd never believe how common it is.

i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.

The could be brute force hacked in like 20 seconds.Standard part of a normal brute force list is postal codes in normal and zip+4 formats. You'd never believe how common it is.not to mention the fact that it's pretty easy to get someone's ip address, and from there narrow down the location. i'd change my password if i were you kromtor

I wanted one and they were sold out. I checked every day for a few months. I was thinking of buying 10 of them when they became available. Then keep one and sell the rest when they ran out of stock again. I’d figure history would repeat, and we would go a few months until they got them back in stock. That’s when I’d sell them. I was thinking eBay with a price of $50-100. Why? Because that’s what I would have paid for one back when I was checking that page every single day.

I didn’t do that though. I bought 3 and only use one. The other 2 are for back up. I figure the battery would go, and I’d be prepared. Using it is easy. It’s just habit now. So there’s no hassle. I do think about it all the time. I feel my accounts are so much safer now because of it.

I know some people will say it’s not worth it. I remember people taking one side or the other. All I can say is two things;
#1 its $6.50.
#2 I’ll tell you my password if you tell me yours.

I figure the battery would go, and I’d be prepared.YOU ARE NOT PREPARED!
imo

well, add one more to the list. I LOVE mine, as it has been said, for $7 there is no excuse to not get one. $7 to protect 5 accounts, even if you only have one account, and a level 1 noob on it. that $7 insurance plan could save you $19.99 for the price of a battle chest.
So lets see.
Vanilla wow $25 x5 = $100
Burning Crusade, 1 colelctors, 4 normal, $170
Wrath, 1 collectors, 4 normal, $230
rough guess of about 3 years worth of monthly payments = $576
that's a $7 insurance policy that is almost 99% protection over $1076
no brainer

I got some questions about this. Largely because people are using fear as a reason to buy one, and saying things like "it's a no brainer". Both of which raise red flags to me - even on a $7 purchase.

First off, assuming your machine is not infected with keyloggers, how can anyone hack your account if they don't even know your account name? Without some amazing social engineering, or breaking into your machine, how is anyone going to even know where to start hacking your account?

Assuming someone HAS your account name... You failed and now your password can be hacked. Perhaps it's time to get one of these devices.


The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers :)

The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers :)

I think a authenticator is cheaper than a mac ;)

... I could be wrong, though. ;) I don't own a mac.



Macs aren't hack-proof. Nothing is hack-proof. Not even *gasp* authenticators, which TECHNICALLY could be reverse engineered. Macs just are a smaller target population than Windows. If it were the other way around, the few windows users would be supposedly "hack free" and all viruses would be developed for Macs.

As for the safety of the authenticator, it's just another line of defense that should be utilized along with proper virus protections like antivirus, firewalls, smart users who don't throw their accountname/password into phishing sites, users who use strongly typed passwords/SQA's/account names (capitals other than the first letter, numericals, symbols, non-dictionary words)...

The more hoops to jump through, the less "worth it" it is for those hackers to make a profit off of your account -- cost (time) vs gain. Make it more costly for hackers to get into your account, the less likely they are going to make a buck, which means they're less likely to want to bother.

Authenticator is a nice idea, if I didn't already use a Logitech G15 and a login macro I would invest in one myself.

Just curious why you picked up three? I thought I read in the FAQ that one will work for multiple accounts.Two to use so if one breaks I'm not at the mercy of the billing department. One extra because my cat will find and hide one or two of them at some later date.Ok, this is amusing as shit.

First, you can only associate one authenticator with an account.
Second, each authenticator will give a unique number every 60 seconds or so...
Third, having one authenticator associated with the accounts means that when you lose one or it dies, you are still at the mercy of teh billing department.
Fourth, see above... cats, loss, etc...

All said and done, you have three and the only thing it's going to save you is a window of time without having an authenticator on the account if you lose one because once you manage to get Blizz to remove the old one, you can instantly add a new one instead of reordering...

Only stupid people who do stupid things, or allow stupid people to do stupid things on their computer should ever really need one, but it does add a level of comfort.

If someone got hacked they did one of the following:

1. Gave out thier info to a "Friend".

2. Browsed some stupid porn or warez site, or downloaded stuff that any idiot should know not to do.

3. Picked a simple password/accountname setup.

Having said that, I have one for my 5 accounts, & love it. I have my occasional moments of stupidity & this adds a little extra security.

What I really don't like about Blizzard is that passwords are not case sensitive.

Password, password, PASSWORD, PaSSwoRD etc.. all work fine, if your account password was password.
Pretty stupid system for passwords in that regard.

The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers :)

I think a authenticator is cheaper than a mac ;)

... I could be wrong, though. ;) I don't own a mac.



Macs aren't hack-proof. Nothing is hack-proof. Not even *gasp* authenticators, which TECHNICALLY could be reverse engineered. Macs just are a smaller target population than Windows. If it were the other way around, the few windows users would be supposedly "hack free" and all viruses would be developed for Macs.

As for the safety of the authenticator, it's just another line of defense that should be utilized along with proper virus protections like antivirus, firewalls, smart users who don't throw their accountname/password into phishing sites, users who use strongly typed passwords/SQA's/account names (capitals other than the first letter, numericals, symbols, non-dictionary words)...

The more hoops to jump through, the less "worth it" it is for those hackers to make a profit off of your account -- cost (time) vs gain. Make it more costly for hackers to get into your account, the less likely they are going to make a buck, which means they're less likely to want to bother.I'm a Mac user, have been since the Mac II. (I also use Windows, so no PC vs. Mac nonsense, please, been there done that 10 years ago).

Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.

However:

Despite our invulnerability, the Flash exploit earlier this year could have opened up the door to ALL platforms being compromised, and it points out the gold sellers and exploiters are getting creative. Stealing accounts is now a billion dollar industry, and you know they're all trying to figure out how to get all those Mac accounts they can't touch right now.

There's also an issue right now with a fake copy of QuestHelper leading to a massive wave of account thefts, read up on it in the CSF. Windows only, as it's believed the installer throws an EXE onto the hard drive, which won't run on a Mac, but they could make a break-through with the Mac, eventually. Lots of legit apps need an admin password, and it's only a matter of time before they figure out how to sneak one in with a legit program.

The most worrisome issue I have is, the Mac virus/trojan software industry is asleep at the wheel - if the exploiters do manage to crack the Mac OS, we will have to wait for them to play catch up, before our systems are safe again.

So, it makes 1000% sense to practice account security and computer security, even though we are for the most part safe right now from keyloggers and such. Change your passwords often, make sure you keep all your e-mail accounts current, make sure you know your secret answer, and keep an eye on Mac security software and sites. An Authenticator is simply a no-brainer for *anyone*, Mac or Windows. I'm ordering one for my accounts (it figures, now that they're available, I'm short on cash, lol). It's better to have one, in case that day comes when the Mac OS is exploited - it's your best bet to protect your accounts, period.

I don't see it as an "if" situation, I see it as a "when". The more Macs are sold (and they are gaining market share), the more the hacker/exploiter crowd will apply effort to break in.

Another issue I've been looking at is the WEP issue - now that it's seen as basically unsecure, I would urge anyone using it with a machine that plays wow to replace their router with a secure one. I know in my apartment complex, my router gets pinged constantly from attempted log-ins.

I love my authenticator, and I can't believe I survived without it! Lucky for me tho Blizzcon gave them away and now both my boyfriend and I are happily using them :)

Even tho I got mine for free, I would have spent the $7 as soon as I had the extra cash because the peace of mind is worth so much more.

How does the authenticator show up anyways? After you login does an extra window come up with the 30/60 second "code" or it is a seperate field in the main login screen? I wouldn't mind using one, except I would want to be able to log in to all 5 of my accounts once instead of typing 5 different numbers in 5 windows.

With all the costs Blizzard must have with hacked accounts (it must be at least $20 per account in time spent on customer service, phones, GMs, etc) I am really suprised it wasn't included free in WOTLK. would have been a smart move.

How does the authenticator show up anyways? After you login does an extra window come up with the 30/60 second "code" or it is a seperate field in the main login screen? I wouldn't mind using one, except I would want to be able to log in to all 5 of my accounts once instead of typing 5 different numbers in 5 windows.

With all the costs Blizzard must have with hacked accounts (it must be at least $20 per account in time spent on customer service, phones, GMs, etc) I am really suprised it wasn't included free in WOTLK. would have been a smart move.

As I read the info you just put the number it generates at the end of your password.

How does the authenticator show up anyways? After you login does an extra window come up with the 30/60 second "code" or it is a seperate field in the main login screen? I wouldn't mind using one, except I would want to be able to log in to all 5 of my accounts once instead of typing 5 different numbers in 5 windows.

With all the costs Blizzard must have with hacked accounts (it must be at least $20 per account in time spent on customer service, phones, GMs, etc) I am really suprised it wasn't included free in WOTLK. would have been a smart move.You log in just like normal, once it knows your account name the client prompts you for a PIN which you type in. In my case I broadcast keystrokes to all 5 to password it up, then I do the same with the PIN... rarely do I hit a conflict where one won't log in, it does happen but very rare. I just relog that client.

The only thing it's caused issues with for me is rarely I have a desire to check account data at work, and since I'm a big fan of a small keychain I don't have my FOB on the keys... it sits at home on my desk... so I can't squander working hours worrying about a game... hrm, thats probably a plus ;).

After 4 years of playing my main account was hacked last night. Well I guess you can call it that. It must have been brute force or at least I suppose it was. I do not browse the web with my gaming computer. Either way I logged on last night and low and behold I had a level 60 something Death Knight on my account. Strangely they created the DK on the server I play on. If they would have created it on another server I might not have noticed it.

I log into said DK, at the same time I am logging into my accounts from another computer and changing passwords.

The DK had about 40G on it and some blue items. No money is missing from my Guild Bank and no items from any of my toons so I must have caught them just in time. In time for what I am not sure because after I reported it to Blizzard they left the DK on my account with the 40G and the blues.

Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.

So does Vista ('http://en.wikipedia.org/wiki/User_Account_Control'). However, the "majority of users" either just get impatient and click "yes, whatever" or specifically turn the feature off because "it's annoying".

;)

http://en.wikipedia.org/wiki/Comparison_of_privilege_authorization_features

The thing is, by assuming that the administrator prompt (for both mac and windows) PREVENTS these sort of hacks from taking place is assuming that the USER themselves knows NOT to click "OK, yes, install this". And that's a VERY, VERY big assumption. If Mac were the primary OS for the average user, you're assuming the AVERAGE USER knows what's good and what's not good to install on their computer -- and if people are still falling for phishing email scams I think you can see the logical fallacy ('http://futuremark.yougamers.com/forum/showthread.php?t=23914').

You can only protect a person from themselves for so long. These sort of people probably don't use macs for the same laziness. However, if they DID use macs, rest assured they'd complain about, just click through, or find some way to turn off the admin elevation features of the Mac just like they do Windows.

What I'm saying is -- yes, there are less viruses developed for Mac because there's less users USING Mac. The security is in the hands of a user, and additional devices/measures to protect a user from themselves is exactly what an authenticator is (and so is strong passwords, smart users, antivirus software and firewalls).

What I'm NOT saying is that Mac is INsecure. I'm also not saying Windows is INsecure. I'm just saying NOTHING is 100% foolproof -- not Windows, not Mac, not Firewalls, not Antivirus, not strong passwords, not smart users, not authenticators. Given enough incentive, there's always a way to get in. What you want to do as a user who holds the keys to something that is SUPPOSED to not have real-money value but, in reality, does -- make it hard enough to get into your accounts that it's not WORTH the potential monetary gain to do so.

You can remove the authenticator on the website BTW, as long as you haven't lost it. It's only if you no longer have access to your authenticator do you need to call billing.

I have one, and I consider it well worth the investment.

I would have one except Blizzard wont ship to a PO Box, and where I live I have no other option. The post office does not deliver to my address, and things addressed to my street get RtS. Free post office box FtL. ;(

i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.

If some one finds out his pasword, send it to me so i know where he lives and can pay him and his family a "visit" :)

SWEET more junk for the landfilll. Put your ipods and iphones in that pile as well.

SWEET more junk for the landfilll. Put your ipods and iphones in that pile as well.

http://www.pcrecycle.net/

At least, that's what I use here in Seattle. They even stop by my work every so often to pick up consumer electronics to recycle.


Plus, well, it is illegal to put them in the trash or take them to a landfill (computers, monitors, televisions, and cell phones).

Get off your high horse. Not everyone contributes to landfills.

IMO, if you don't use green transit and recycle yourself, you have no business criticizing others. In fact, let's just cut the crud and shorten it to "you have no business criticizing others". Lead by example -- say "Hey, guys... When you're done with your authenticators, remember to recycle them!". Much more appropriate than "You all suck because I used psychic powers to determine that all of your authenticators are going to be landfill trash in some 3rd world country so I have the right to judge you all for something that I have no proof that you did or will do".

The latter is forum troll behavior.

Wow what happened in here?

I don't trust the authenticator, because by using it the weakest element becomes the Blizzard helpdesk:
http://www.wowinsider.com/2008/07/24/authenticator-fails-removed-from-account-without-users-permiss/
http://www.wowinsider.com/2008/08/05/authenticator-failure-revisited-blizzard-responds/4
.. and from experience, I never trust helpdesks :)

Ken:

You don't trust the authenticater, because the weakest element "becomes" the Blizzard helpdesk ?

I believe that logic is flawed, the Blizzard helpdesk doesn't become weaker, it is as it has always been. Authenticator or no authenticator.

And if you read Belfaire's comments directly in the associated threads, you will find that: The authenticator was never removed from the account in question, the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator, and that the account most likely was accessed by someone other than the account-holder. Only the last bit is a little vague, but that is understandable.

You don't weaken a chain by adding a stronger link. The chain is the same as before. However, now you can be fairly certain the chain won't break where you added the stronger link.

/Naylix

Ken:

You don't trust the authenticater, because the weakest element "becomes" the Blizzard helpdesk ?
I believe that logic is flawed, the Blizzard helpdesk doesn't become weaker, it is as it has always been. Authenticator or no authenticator.
Now there is another bit of information that someone could get his hands on, to make the helpdesk believe you're the owner of an account.


And if you read Belfaire's comments directly in the associated threads, you will find that: The authenticator was never removed from the account in question, the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator, and that the account most likely was accessed by someone other than the account-holder. Only the last bit is a little vague, but that is understandable.

You don't weaken a chain by adding a stronger link. The chain is the same as before. However, now you can be fairly certain the chain won't break where you added the stronger link.

/Naylix
This is the only thing that matters to me related to this issue: someone found another means of breaking through *a* security level and these means were assisted by the authenticator.

"the password was changed on the account by a person calling helpdesk and providing personal information AND the serialnumber from the Authenticator"

If a system is compromised (e.g. by a keylogger), it 's easy to get the Authenticator information. You enter the serial number of the authenticator to register it, so this information could be logged by an external program. The only benefit is that you only have to do this once and don't enter it every time you log in.
In fact, if a system is compromised, it wouldn't be difficult to just inject webpages into the browser(that look like the blizzard account pages) to ask the user to re-enter his serial number, just like they do with bank account hi-jacking.
If you have an idea of how social engineering works(or just know how to look for info on the internet), you will understand how it is not that difficult to find personal information.

[edit] In the end, the validator adds 'some kind' of indirect protection, since you don't have to re-enter your password constantly, but it also adds another piece of information (its serial) that someone could get just as easily as a password.

Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.The thing is, by assuming that the administrator prompt (for both mac and windows) PREVENTS these sort of hacks from taking place is assuming that the USER themselves knows NOT to click "OK, yes, install this". And that's a VERY, VERY big assumption. If Mac were the primary OS for the average user, you're assuming the AVERAGE USER knows what's good and what's not good to install on their computer -- and if people are still falling for phishing email scams I think you can see the logical fallacy ('http://futuremark.yougamers.com/forum/showthread.php?t=23914').
Just to supply some further information, while training is one of, if not the most important factories when it comes to security of any type, Mac's do have some advantage over windows specifically in training the users.

Windows has always been about ease of use over security, in doing so they have allowed the third party programmers to get away with a lot of sloppy coding. The habit had been to just access anything they wanted at any time, hence the reason so many people just ran as local administrator. So their applications would work.
With this happening users were never given notice when stuff was installed, this is bad. With Vista came a couple changes, first the default user is no longer the local admin. Second, any time an application requests access to something that requires admin rights, the UAC will alert the user and give them a two button press to choose. The problem here lies with so many applications living in the days of being able to do anything they want that everything asks for permission. This desensatizes the user who no longer cars, they just want their system to work.
OSX works a little differently, here the first thing has always been to create a non-admin account to be used on the system. Applications have never had free reign to do what they want, so they work within their allowed access. So their applications would work. OSX has always had a UAC style functionality, but again it only activates when something requiring admin privlages requests access. This is a LOT less frequently because applications are simply not allowed free reign to the system. In addition to this when access is requested, it does ask for the full admin password, this keeps others from installing malicious software on your system, and makes you at least give a second thought to what you are doing.

With all this in mind, I am not saying OSX is better because the software has no holes, I am saying that it has been integral in conditioning both the programers and users int a better focus on security. Windows has always forgone security for ease of use.

@ Tynk:
Another benefit for OS X users is that there are a lot less virusses/trojans/keyloggers made for that OS.

@ Tynk:
Another benefit for OS X users is that there are a lot less virusses/trojans/keyloggers made for that OS.Yup, and as the userbase of the OS grows (and it is) so will the virus/trojan/keylogger base. The larger the userbase, the bigger the profits by exploiting it, the more exploits you will find.

Just as Mozilla is a secure browser compared to IE, this will (actually has) change drastically as Mozilla gains market share.

The idea that Macs are "safer" than PCs because virii / hacks / whatever are not often directly targeted to the Mac OS is a basic example of Security through Obscurity / Minority.

http://en.wikipedia.org/wiki/Security_through_obscurity

It is often regarded as a very bad and very dangerous method of security. Time to get your head out of the sand and realize just because you're running ______ OS you're safe and don't have to worry about threats.

This is probably off-topic by now cause this thread has derailed, but I just ordered mine today. The only reason I didn't order earlier was I thought they were still out of stock. Looking forward to trying it out.

Time to get your head out of the sand and realize just because you're running ______ OS you're safe and don't have to worry about threats.

Add "Browser" to that statement and you'll hit the nail on the head.

As for macs having less viruses -- check my previous posts if you want my opinion. (which is basically the same as supernova)



And, perhaps, Macs are the minority for the exact reason that Tynk explained -- Windows was (is?) more focused on user-friendliness. But even if we threw users at the Mac OS, I still feel that they wouldn't learn just because Macs ALWAYS had a admin-account elevation.

I mean, I told my friends time and time again about spam mails and phishing and chainmail junk... and yet I STILL get emails like... "If you forward this message to 10 people, a little leprechaun will appear on your monitor! But only after you click 'send'" or "Bill Gates is giving away free money to those who forward this email!" and whatnot. Even with my warnings and it being, oh... 2008, they still fall for that crap.

If Macs were the OS of choice, you can't just pick and choose the "smart" users and I'm not convinced that users will BECOME smart via usage. If that were true, all Vista users would be smarter as long as they USED UAC. But since pretty much all admin-elevation security methods are as simple as a single click to make the "nag window" go away, they're not learning anything. In fact, MOST of the time they're learning this: "If I click this box, it goes away and nothing bad happens." And that later develops to "If nothing bad happens, why do I have to click a stupid box all the time?" Not until they get a virus do they understand WHY they have to THINK before clicking "ok".




In any case, I'm done with my OT-ness, though the derail was still in the realm of account security. ;)

Back on topic, I love the feeling of additional security. I have used mine for two months now, and have no complaints, not even about having extra keystrokes in my login regimen.

I will actually be giving these away as Christmas presents to a number of my friends.

i just make my password my zip code and then never let anyone know my address. that way i know both me and my account are always safe.

I lol'd... I hope you're kidding. Bad idea. I would recommend that you read this ('http://www.microsoft.com/protect/yourself/password/create.mspx')site for some password selection advice. Your IP address is recorded each time you log in, or post on a forum (including this one)....and whatever you do.. don't go here ('http://www.hostip.info/'). 8o

http://www.carrierroutes.com/ZIPCodes.html

How many ZIP Codes are there in the United States?
There are approximately 43,000 ZIP Codes in the United States. This number can fluctuate by a few thousand ZIP Codes annually, depending on the number of changes made.

What is a three digit ZIP Code?
This refers to the first three digits of any ZIP Code. The first digit, 0-9 designates the general area of the country with numbers starting lower in the east and increasing as you move west. For example 0 covers Maine while 9 refers to California. The next two digits referred to one of the 455 Sectional Center Facilities (SCFs) in the US.

0 = Connecticut (CT), Massachusetts (MA), Maine (ME), New Hampshire (NH), New Jersey (NJ), Puerto Rico (PR), Rhode Island (RI), Vermont (VT), Virgin Islands (VI)
1 = Delaware (DE), New York (NY), Pennsylvania (PA)
2 = District of Columbia (DC), Maryland (MD), North Carolina (NC), South Carolina (SC), Virginia (VA), West Virginia (WV)
3 = Alabama (AL), Florida (FL), Georgia (GA), Mississippi (MS), Tennessee (TN)
4 = Indiana (IN), Kentucky (KY), Michigan (MI), Ohio (OH)
5 = Iowa (IA), Minnesota (MN), Montana (MT), North Dakota (ND), South Dakota (SD), Wisconsin (WI)
6 = Illinois (IL), Kansas (KS), Missouri (MO), Nebraska (NE)
7 = Arkansas (AR), Louisiana (LA), Oklahoma (OK), Texas (TX)
8 = Arizona (AZ), Colorado (CO), Idaho (ID), New Mexico (NM), Nevada (NV), Utah (UT), Wyoming (WY)
9 = Alaska (AK), American Samoa (AS), California (CA), Guam (GU), Hawaii (HI), Oregon (OR), Washington (WA)

@ Tynk:
Another benefit for OS X users is that there are a lot less virusses/trojans/keyloggers made for that OS.Yup, and as the userbase of the OS grows (and it is) so will the virus/trojan/keylogger base. The larger the userbase, the bigger the profits by exploiting it, the more exploits you will find.

Just as Mozilla is a secure browser compared to IE, this will (actually has) change drastically as Mozilla gains market share.
I don't think you understood my statement. I was talking about the amount of virusses available for OS X right now, not about possible future developments.


The idea that Macs are "safer" than PCs because virii / hacks / whatever are not often directly targeted to the Mac OS is a basic example of Security through Obscurity / Minority.

http://en.wikipedia.org/wiki/Security_through_obscurity

It is often regarded as a very bad and very dangerous method of security. Time to get your head out of the sand and realize just because you're running ______ OS you're safe and don't have to worry about threats.
You can scrap the 'security through obscurity' because that's something quite different.
Nobody said that OS X was safe, it's just that momentarily it's safer than Windows [insert version].

And for what it's worth: I'm a Windows user by the way, not an Apple fanboy.

First off, assuming your machine is not infected with keyloggers, how can anyone hack your account if they don't even know your account name? Without some amazing social engineering, or breaking into your machine, how is anyone going to even know where to start hacking your account?

Assuming someone HAS your account name... You failed and now your password can be hacked. Perhaps it's time to get one of these devices.

The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers :)

Whoa. While keyloggers may represent the single largest security threat, getting a bunch of WoW account names would, in fact, be relatively simple.

Do you consider your incoming email to be secure? The internet SMTP and TCP/IP routing protocols 1. send email in plain-text over open networks, and 2. use whatever relay route they can through open servers to deliver a message from Blizzard to you.

Are you aware that Blizzard includes your account name right in the e-mail in a variety of standardized form letters regarding account activiation, etc? I.e., "Congratulations! You've successfully created your World of Warcraft account. Your account name is: "

All that is needed is access to one compromised relay server and you could easily grep out any account names that have routed through that server. The same thing applies at the level of a local area network/router compromise.

After that, it's just a matter of brute force password attacking. I don't know if Blizzard locks the account after a certain number of failures, which would mitigate brute force attempts. However, getting your account name is something that could easily happen regardless of how secure your personal PC/Mac and home network is.

You can scrap the 'security through obscurity' because that's something quite different.
Nobody said that OS X was safe, it's just that momentarily it's safer than Windows [insert version].

If your definition of "safety" is "likelihood of attack", I suppose that's accurate. What we're saying is that the "likelihood of attack" is directly related to the population size using that particular platform because of the quoted "security through obscurity" -- and that can change at any time so it shouldn't be considered reliable.

So I guess we're in accord: Macs are less likely to be attacked AT THE MOMENT, but that statement should be taken with a grain of salt since we cannot predict the future popularity of various OS'es.

I mean, by the very statement "Switch to Macs, Macs are (at the moment) safer" you're undermining your (well, not yours since you don't use it) own security by attempting to gather a large population base. Technically, it's in your best interests of security to prevent people from adopting the Mac OS. ;) Amirite? hehe

The idea that Macs are "safer" than PCs because virii / hacks / whatever are not often directly targeted to the Mac OS is a basic example of Security through Obscurity / Minority.

http://en.wikipedia.org/wiki/Security_through_obscurity

It is often regarded as a very bad and very dangerous method of security. Time to get your head out of the sand and realize just because you're running ______ OS you're safe and don't have to worry about threats.
You can scrap the 'security through obscurity' because that's something quite different.
Nobody said that OS X was safe, it's just that momentarily it's safer than Windows [insert version].

And for what it's worth: I'm a Windows user by the way, not an Apple fanboy.I'm not a fanboy either. I'm very much a zealot of smart computing, rather than an OS. Every OS has its pros and cons, and it is simply a matter of being smart in what you do.

You can scrap the 'security through obscurity' because that's something quite different.
Nobody said that OS X was safe, it's just that momentarily it's safer than Windows [insert version].

If your definition of "safety" is "likelihood of attack", I suppose that's accurate. What we're saying is that the "likelihood of attack" is directly related to the population size using that particular platform because of the quoted "security through obscurity" -- and that can change at any time so it shouldn't be considered reliable.
Indeed, that's what I meant: the likelihood of being attacked on system X.
Still I don't see how security through obscurity applies to this. The fact that you're not as likely to be attacked on OS X has nothing to do with a system where its owners believe that security flaws will not be discovered. However, it has everything to do with market importance and virus effectiveness.


So I guess we're in accord: Macs are less likely to be attacked AT THE MOMENT, but that statement should be taken with a grain of salt since we cannot predict the future popularity of various OS'es.
Yep. And for a while it should remain so. Even though the market share of OS X might be growing, it's still going to take a while to become big enough to become of interest for virus writers and script kiddies. And even if it gets that far, it's going to take even longer before a big enough virus threat that starts to compare with the current virus threat for Windows computers.


I mean, by the very statement "Switch to Macs, Macs are (at the moment) safer" you're undermining your (well, not yours since you don't use it) own security by attempting to gather a large population base. Technically, it's in your best interests of security to prevent people from adopting the Mac OS. ;) Amirite? hehe
Hahaha, that's absolutely true!

<- Linux user. Yes, I run wow and keyclone in Linux.

Linux > Mac

ken:

I completely agree, if the pc you use to access the wow-europe website is compromised BEFORE you get your account/password and/or Autenticator - then yes, you are pretty much screwed and probably has been for a while. Even more so, bank accounts, personal photos of Vyndree's lingerie (honestly, I found them on facebook, and the chick sorta looks like her) and whatever else is at stake.

My point still remains: If you have an account, with a username and a password, it's 2factor authentication. Username can in a number of ways be compromised (using a netcafé and forget to clear the "remember account name"-tick.). The password can be logged at the very same netcafé, because someone added a USB-keylogger in the back of the pc you happened to be using. The authenticator, if you give out the serial number or forget it lying next to that PC, is also a possible risk. But, you're looking at 3factor authentication. If someone close to you wants to "hack" your account, then it will probably happen. They visit you, you go to the bathroom, they rummage through your desktopdrawers and find the authenticator. It's all possible.

But if they don't have the serial. If you wanna be paranoid, then keep it in your pants! (don't read anymore into that!). Never leave the authenticator anywhere else than in your keychain. It's an RSA-eliptic encryption, generating the 6digit pin. This can be copied, provided you have the private key (which you don't, because then blizzard is really in trouble) AND the serialnumber. Without these 2 items, cracking the RSA factor is currently VERY hard. Think NSA/CIA hard, and they wouldn't even bother, they would just ship you off to Guantanamo and waterboard you for six months. Faster and cheaper than trying to crack an RSA key. Or in this case, just walk into Blizzard headquarters with a "national security" badge and get any information they want.

The authenticator is the third factor. Keep it on you, and a person will need both username, a password and a physical item to gain access to your account. If you loose all 3, then I simply cannot help you and I would recommend you stay away from the internet. And the world. And cars. And never be trusted with anything that needs to be kept remotely safe.

/Naylix

Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.

However:

Despite our invulnerability, the Flash exploit earlier this year could have opened up the door to ALL platforms being compromised, and it points out the gold sellers and exploiters are getting creative. Stealing accounts is now a billion dollar industry, and you know they're all trying to figure out how to get all those Mac accounts they can't touch right now.

There's also an issue right now with a fake copy of QuestHelper leading to a massive wave of account thefts, read up on it in the CSF. Windows only, as it's believed the installer throws an EXE onto the hard drive, which won't run on a Mac, but they could make a break-through with the Mac, eventually. Lots of legit apps need an admin password, and it's only a matter of time before they figure out how to sneak one in with a legit program.
Yeah my wife is proof of this. She runs a mac, and was always very sure of her security. But she, and another friend on a Mac, got hit by the questhelper hack.

I will actually be giving these away as Christmas presents to a number of my friends.
I don't trust the authenticator, because by using it the weakest element becomes the Blizzard helpdesk:
http://www.wowinsider.com/2008/07/24/authenticator-fails-removed-from-account-without-users-permiss/
http://www.wowinsider.com/2008/08/05/authenticator-failure-revisited-blizzard-responds/4
.. and from experience, I never trust helpdesks :)Just an FYI, I actually am in info security, and this I just found funny. My mind works in a way where I am always trying to find the hole someone else could use to cause problems.
So let me pose a scenario.


Step 1: I buy 15 authenticators, copy the serial numbers down
Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.
Step 3: Profit

Step 1: I buy 15 authenticators, copy the serial numbers down
Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.
Step 2: sell them online
Step 3: even more Profit

FTFY :)

My acount got hacked once and i dont know how i dont go to website other that myspace google facebook thottbot and wowhead. i have a laptop for the unsafe ones. and i never give my info out but i got hacked 25k gold all epics and twinkgear everything gone. i guess i owned in pvp to much. :( but this authenticator sounds like a good idea now do i need one per acount? or one for all 10 accounts?

You can have 1 for up to 10 accounts.

My acount got hacked once and i dont know how i dont go to website other that myspace google facebook thottbot and wowhead. i have a laptop for the unsafe ones. and i never give my info out but i got hacked 25k gold all epics and twinkgear everything gone. i guess i owned in pvp to much. :( but this authenticator sounds like a good idea now do i need one per acount? or one for all 10 accounts?Both of those sites are a cesspool created for the procreation of idiocy and trojans. While face book is better, MySpace was VERY poorly coded when it comes to security in favor of ease of use for the users creating the site. This allows for anyone and everyone to drop what ever they want into embedded links and flash on the site.

Just because you know the name of a website, just because everyone knows the name of the website does not meaen the site is safe to go to without protection.

If you must browse on your gaming pc, take a few steps to help protect you.
1: Do not run Internet Explorer (I know lots of people will scream at this, but the simple fact is ActiveX is one of the worst implementations of client side scripting being used)
2: If you can, run firefox with a couple add-ons
a: Add-Block (a black list of known malware sites and banner sites, this keeps many embeded links from every being downloaded by your computer)
b: No-Script (a per site script whitelist. It blocks all scripts until you explicitly tell it to allow a site. This keeps embeded malware from installing on your system)
3: Run a blacklist software, I use Spyware blaster, it is free to use, very low cost for automatic updates
4: Run an active spy ware scanner (I use Ad-Aware, also free to use, cery low cost for automatic scanning)
5: Run a good virus scanner with up to date virus signature database (I use Avast! free for home users and very low resource usage)

And while no one ever listens to me when I say this... stay away from the social networking sites. At least ones that allow users to create their own content.

Vyndree's lingerie

I dunno about lingerie... I do have pictures of skirts and belly chains and the like, though. They're also in the "RL Pics" thread if you missed it. ;)

I'd consider myself pretty open on the intarwebs, if only to dispell the following myths:
Girls do not exist on the intarwebz.
Girls do not play video games.
Girls who play video games are hideous.
Girls who play video games suck at the games they play.
Girls who play video games can't PvP.
Girls do not exist on the intarwebz.



As for look-alikes... *cough cough* Copycat ('http://dual-boxing.com/forums/index.php?page=Thread&threadID=16907') *cough cough* I haven't really found many people who look like me IRL. I'm a half-breed, and I've been mistaken for everything from Hawaiian to Japanese.


Oh, and concur particularly on the horror that is Myspace.

I mean, really. You put CODE into your "About Me" section to change your colors/layout and it actually PARSES it? Hideously glaring example of why its design is so poor -- and it's very hard to build on poor design.

Facebook was put together much better, though I'd shy away from all the "apps" since you don't know where the heck they came from.

Just an FYI, I actually am in info security, and this I just found funny. My mind works in a way where I am always trying to find the hole someone else could use to cause problems.
So let me pose a scenario.


Step 1: I buy 15 authenticators, copy the serial numbers down
Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.
Step 3: Profit







Step 1: I buy 15 authenticators, copy the serial numbers down
Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.
Step 2: sell them online
Step 3: even more Profit

FTFY :)Great ideas. Sell them on Ebay and require they tell me their account names. Add shipping address and VIOALA, a great start to stealing someones account. I guess this is one reason why Blizz puts a quantity limit of 3/transaction, to limit resale.

In all seriousness, they are going to my brothers and good friends, all of whom have told me their un/pw before and never change their pw.....

got one at blizzcon. havent activated it yet... i guess i should go and do that.. >_>