Quote Originally Posted by kadaan View Post
Supposedly this was how it was supposed to have been working all along, and they FIXED what they considered a bug and not introduced one.

As Souca stated, this doesn't completely negate the possibility of a man-in-the-middle attack, but it reduces the window of opportunity from 30 seconds down to how ever long it takes for you to press enter after typing the last digit of the code. More security for 99% of authenticators vs 2 minutes of hassle for 5-boxers... it's not too hard to see why Blizzard made the choice they did in fixing the bug.
If they are in the middle, they will just prevent you from even logging in. If it's been a bug for over a year, it's now called a feature. Ask MS how many bugs they have to keep in their versions of Windows because software counts on it working the same way. It adds no security for those 99% of the people in this scenario.

- Souca -