Any of You Get One of These?

[Ken]

You can scrap the 'security through obscurity' because that's something quite different.
Nobody said that OS X was safe, it's just that momentarily it's safer than Windows [insert version].

If your definition of "safety" is "likelihood of attack", I suppose that's accurate. What we're saying is that the "likelihood of attack" is directly related to the population size using that particular platform because of the quoted "security through obscurity" -- and that can change at any time so it shouldn't be considered reliable.

Indeed, that's what I meant: the likelihood of being attacked on system X.
Still I don't see how security through obscurity applies to this. The fact that you're not as likely to be attacked on OS X has nothing to do with a system where its owners believe that security flaws will not be discovered. However, it has everything to do with market importance and virus effectiveness.

So I guess we're in accord: Macs are less likely to be attacked AT THE MOMENT, but that statement should be taken with a grain of salt since we cannot predict the future popularity of various OS'es.

Yep. And for a while it should remain so. Even though the market share of OS X might be growing, it's still going to take a while to become big enough to become of interest for virus writers and script kiddies. And even if it gets that far, it's going to take even longer before a big enough virus threat that starts to compare with the current virus threat for Windows computers.

I mean, by the very statement "Switch to Macs, Macs are (at the moment) safer" you're undermining your (well, not yours since you don't use it) own security by attempting to gather a large population base. Technically, it's in your best interests of security to prevent people from adopting the Mac OS. ;) Amirite? hehe

Hahaha, that's absolutely true!

[Vicker]

<- Linux user. Yes, I run wow and keyclone in Linux.

Linux > Mac

[Naylix]

ken:

I completely agree, if the pc you use to access the wow-europe website is compromised BEFORE you get your account/password and/or Autenticator - then yes, you are pretty much screwed and probably has been for a while. Even more so, bank accounts, personal photos of Vyndree's lingerie (honestly, I found them on facebook, and the chick sorta looks like her) and whatever else is at stake.

My point still remains: If you have an account, with a username and a password, it's 2factor authentication. Username can in a number of ways be compromised (using a netcafé and forget to clear the "remember account name"-tick.). The password can be logged at the very same netcafé, because someone added a USB-keylogger in the back of the pc you happened to be using. The authenticator, if you give out the serial number or forget it lying next to that PC, is also a possible risk. But, you're looking at 3factor authentication. If someone close to you wants to "hack" your account, then it will probably happen. They visit you, you go to the bathroom, they rummage through your desktopdrawers and find the authenticator. It's all possible.

But if they don't have the serial. If you wanna be paranoid, then keep it in your pants! (don't read anymore into that!). Never leave the authenticator anywhere else than in your keychain. It's an RSA-eliptic encryption, generating the 6digit pin. This can be copied, provided you have the private key (which you don't, because then blizzard is really in trouble) AND the serialnumber. Without these 2 items, cracking the RSA factor is currently VERY hard. Think NSA/CIA hard, and they wouldn't even bother, they would just ship you off to Guantanamo and waterboard you for six months. Faster and cheaper than trying to crack an RSA key. Or in this case, just walk into Blizzard headquarters with a "national security" badge and get any information they want.

The authenticator is the third factor. Keep it on you, and a person will need both username, a password and a physical item to gain access to your account. If you loose all 3, then I simply cannot help you and I would recommend you stay away from the internet. And the world. And cars. And never be trusted with anything that needs to be kept remotely safe.

/Naylix

[voodoogriff]

Macs right now are for the most part safe from the majority of keyloggers, as they simply will not work, or they would require you to enter your admin password, and you'd have to be pretty dumb to allow software to be installed requiring that level of security, without checking what is being installed.

However:

Despite our invulnerability, the Flash exploit earlier this year could have opened up the door to ALL platforms being compromised, and it points out the gold sellers and exploiters are getting creative. Stealing accounts is now a billion dollar industry, and you know they're all trying to figure out how to get all those Mac accounts they can't touch right now.

There's also an issue right now with a fake copy of QuestHelper leading to a massive wave of account thefts, read up on it in the CSF. Windows only, as it's believed the installer throws an EXE onto the hard drive, which won't run on a Mac, but they could make a break-through with the Mac, eventually. Lots of legit apps need an admin password, and it's only a matter of time before they figure out how to sneak one in with a legit program.

Yeah my wife is proof of this. She runs a mac, and was always very sure of her security. But she, and another friend on a Mac, got hit by the questhelper hack.

[Tynk]

I will actually be giving these away as Christmas presents to a number of my friends.

I don't trust the authenticator, because by using it the weakest element becomes the Blizzard helpdesk:
http://www.wowinsider.com/2008/07/24...users-permiss/
http://www.wowinsider.com/2008/08/05...ard-responds/4
.. and from experience, I never trust helpdesks :)

Just an FYI, I actually am in info security, and this I just found funny. My mind works in a way where I am always trying to find the hole someone else could use to cause problems.
So let me pose a scenario.


Step 1: I buy 15 authenticators, copy the serial numbers down
Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.
Step 3: Profit

[Ken]

Step 1: I buy 15 authenticators, copy the serial numbers down
[s]Step 2: wrap them up for Christmas presents ensuring I note which authenticator went to which person.[/s]
Step 2: sell them online
Step 3: even more Profit

FTFY :)

[Eldi]

My acount got hacked once and i dont know how i dont go to website other that myspace google facebook thottbot and wowhead. i have a laptop for the unsafe ones. and i never give my info out but i got hacked 25k gold all epics and twinkgear everything gone. i guess i owned in pvp to much. but this authenticator sounds like a good idea now do i need one per acount? or one for all 10 accounts?

[Bigfish]

You can have 1 for up to 10 accounts.

[Tynk]

My acount got hacked once and i dont know how i dont go to website other that myspace google facebook thottbot and wowhead. i have a laptop for the unsafe ones. and i never give my info out but i got hacked 25k gold all epics and twinkgear everything gone. i guess i owned in pvp to much. :( but this authenticator sounds like a good idea now do i need one per acount? or one for all 10 accounts?

Both of those sites are a cesspool created for the procreation of idiocy and trojans. While face book is better, MySpace was VERY poorly coded when it comes to security in favor of ease of use for the users creating the site. This allows for anyone and everyone to drop what ever they want into embedded links and flash on the site.

Just because you know the name of a website, just because everyone knows the name of the website does not meaen the site is safe to go to without protection.

If you must browse on your gaming pc, take a few steps to help protect you.
1: Do not run Internet Explorer (I know lots of people will scream at this, but the simple fact is ActiveX is one of the worst implementations of client side scripting being used)
2: If you can, run firefox with a couple add-ons
a: Add-Block (a black list of known malware sites and banner sites, this keeps many embeded links from every being downloaded by your computer)
b: No-Script (a per site script whitelist. It blocks all scripts until you explicitly tell it to allow a site. This keeps embeded malware from installing on your system)
3: Run a blacklist software, I use Spyware blaster, it is free to use, very low cost for automatic updates
4: Run an active spy ware scanner (I use Ad-Aware, also free to use, cery low cost for automatic scanning)
5: Run a good virus scanner with up to date virus signature database (I use Avast! free for home users and very low resource usage)

And while no one ever listens to me when I say this... stay away from the social networking sites. At least ones that allow users to create their own content.

[Vyndree]

Vyndree's lingerie

I dunno about lingerie... I do have pictures of skirts and belly chains and the like, though. They're also in the "RL Pics" thread if you missed it.

I'd consider myself pretty open on the intarwebs, if only to dispell the following myths:

1. Girls do not exist on the intarwebz.
2. Girls do not play video games.
3. Girls who play video games are hideous.
4. Girls who play video games suck at the games they play.
5. Girls who play video games can't PvP.
6. Girls do not exist on the intarwebz.

As for look-alikes... *cough cough* Copycat *cough cough* I haven't really found many people who look like me IRL. I'm a half-breed, and I've been mistaken for everything from Hawaiian to Japanese.


Oh, and concur particularly on the horror that is Myspace.

I mean, really. You put CODE into your "About Me" section to change your colors/layout and it actually PARSES it? Hideously glaring example of why its design is so poor -- and it's very hard to build on poor design.

Facebook was put together much better, though I'd shy away from all the "apps" since you don't know where the heck they came from.