hacker
Latest
Beware of Blood Elves selling mounts
A friend of mine recently got hit by a pretty devious phishing scam targeting wealthy (in-game) players looking to make legitimate purchases. My friend, we'll call him Cobra, was in a major city when an offer in the Trade Channel caught his eye. A player, we'll call him Bubbles, was offering a Spectral Tiger Mount for 5000 gold. Since this mount is only available as a code on a rare loot card, Cobra contacted Bubbles to inquire. Purchasing codes for in-game items with in-game cash is perfectly legitimate, according to Blizzard, so Cobra did not worry about going against the TOS with this transaction.Bubbles, a level 78 Blood Elf Mage, seemed legitimate. For one thing, he was not a throwaway low level character. Also, he didn't want to take the cash then, but just see it in a trade window to make sure Cobra was in possession of it. So Cobra gave Bubbles his email address only and waited for the email that included the code and a link to where to input the information.
Atlus.com hacked, trojan may have spread to visitors' computers
The folks behind our favorite high school lifestyle sim/dungeon crawler series, Persona, are apparently having some internet woes. It seems that yesterday, a "third-party entity" hacked Atlus' website (currently still down) and managed to embed a trojan that, "may have made its way" onto the system. The publisher is guessing that those who may have been affected by the trojan would have visited its website between 9AM PST and 2:30 PST, give or take.While we're used to whacky press releases from Atlus, this is most certainly not one of those. If you believe you may have been affected by this trojan, the company implores you to "run malware removal software," though, more than likely, you probably aren't reading this if that's the case, eh? All jokes aside, Atlus does seem to sincerely apologize, stating, "The faith and trust of our fans is of the utmost importance to us, a responsibility we don't take lightly." Here's hoping the dirty, dirty haxxorz didn't get to you! [image]
Wealth category removed from Armory statistics
The Armory was updated with achievement and statistic tracking last week to accompany the new game features introducted in patch 3.0.2, along with tools to compare your achievements and stats to other players on your realm. There was a lot of concern over someone the things displayed out in the open for all to see such as the Wealth stat. How much gold you've had, how much you have, things like that. Players felt it made them into targets of sorts, figuring hackers, scammers and phishing sites would focus fire a little more. Heck, some people were just plain uncomfortable with other players seeing their gold stores.It looks like Blizzard actually agrees in this case. If they don't agree, at least they were feeling a little sympathy and wanted to calm some nerves. The Wealth category has been removed completely, and while you can still check up on other achievements and stats, you don't get a free look into someone's money bags anymore. I don't know that how much gold you have on display actually had an effect on who scammers target or not, but it's not like it was important information anyway and you might as well be more safe than sorry. Some stats are fun to see and compare, but I don't know that gold is one of those stats.
Superthreats: Outlaw Planet and Generation Exile
Outlaw Planet Superthreat"In 2019, the mobile internet and sensor networks we rely on to hold our societies together are being hacked, griefed, and gamed."The effects of technology turned against us impacts the democratic process, social networks, and every institution connected to the internet. Sophisticated criminal groups employ 'transparency bombs' in online banking attacks (and "World of Starcraft" players no less). The target financial institutions are major players in the virtual currency market, but the issues resulting from this undermined security affect private citizens as well as the banks.Superstruct Challenge: How can we come together to secure our assets, both real and virtual?
WoW Insider interviews Blizzard on security
Big concerns require authoritative answers, and to get those, you often have to go to the top. That's what our friends at WoW Insider have recently been able to do, getting answers straight from Blizzard, the masters of World of Warcraft. As issues go, it's pretty damn big: not concerns about class balance or content, but about the basic security of your account, the protection currently being provided against hacking, and what the Authenticator key actually does.Blizzard, who actively sought an interview with WoW Insider following a (since contested) report of a customer allegedly having his account hacked while using one of the new Authenticators, explain the specific steps the technology takes to ensure security. They also address player concerns about how reliable the Authenticator is. The bottom line: '... we have no verified occurrences of an account being compromised that has a Blizzard Authenticator attached to it.' The full interview can be read at WoW Insider.For those that don't know, the Authenticator is an optional item (now available through the Blizzard store) that adds an extra layer of security to one or more World of Warcraft accounts. 'It supplies a random digital code that must be entered at login, providing an additional layer of security to help prevent unauthorized account access. Each code is valid for a limited time and can only be used once, so the Blizzard Authenticator must be in the possession of the account holder to log in to the account.'
WoW Insider Interview: Blizzard speaks about Authenticator security
About a month and a half ago, we reported on the story of a player who had apparently gotten their account hacked while they were using the new Blizzard Authenticator key, and it raised a lot of questions in players' minds about the only hardware Blizzard's ever made: just what does the Authenticator do to protect players' accounts? Have Authenticators actually prevented accounts from being hacked? And what would it take to, through social engineering or other methods, actually remove an Authenticator from an account?At the time we published that first story (which was later disputed by a customer support representative), Blizzard contacted us here at WoW Insider, offering to clear up players' concerns about the new keys. We quickly submitted to them a few questions pulled from our own writers and a few submitted by readers, and they've now returned the answers to us -- you can find Blizzard's answers to our questions about the Authenticator after the break. Thanks to Blizzard for answering our questions about how these keys work, and clarifying some of the issues around their security.
Hackers hit LHC computer system, deemed "scary experience"
Those already fearful of the Large Hadron Collider's potential Earth-ending capabilities may want to turn away for this one, as it looks like the situation has managed to get a bit more perilous, with a team of hackers apparently successful in mounting an attack on a system that is "one step away" from the computer system that controls of one of the LHC's massive detectors. According to The Telegraph newspaper, the group, calling itself the "Greek Security Team," left behind a half a dozen files on the system and damaged one CERN file, in addition to displaying the page above on the cmsmon.cern.ch website, which still remained inaccessible as of Friday. Somewhat disconcertingly, one of the scientists working at CERN simply described the incident as a "scary experience," with a CERN spokesperson further adding that they thought it was just someone "making the point that [the system] was hackable." Um, okaaaay.[Via CNET News]
Cloaking device could shield pacemakers from malicious signals
On a number of occasions, we've seen reports suggesting that pacemakers could be sent signals which could instruct them to do all sorts of unwanted things, including shut off completely. Thankfully, the University of Washington's Dr. Tamara Denning has heeded the warnings and created a possible solution. The so-called cloaking device would enable pacemakers to "resist any instructions that come from anyone other than the doctor," though it has yet to be put to the test. in the real world Now, making sure your doc has passed a sufficient amount of background checks is another matter entirely.[Via Switched][Image courtesy of SMH, thanks A.C.E.R.]
Diebold comes clean, admits that its e-voting machines are faulty
For years, Diebold has embarrassed itself by claiming that obvious faults were actually not faults at all, and during the past decade or so, it mastered the act of pointing the finger. Now that it has ironically renamed itself Premier Election Solutions, it's finally coming clean. According to spokesman Chris Riggall, a "critical programming error that can cause votes to be dropped while being electronically transferred from memory cards to a central tallying point" has been part of the software for ten years. The flaw is on both optical scan and touchscreen machines, and while Mr. Riggall asserts that the logic error probably didn't ruin any elections (speaking of logic error...), the outfit's president has confessed to being "distressed" about the ordeal. More like "distressed" about the increasingly bleak future of his company.[Via Techdirt]
PlayStation.com hacked, security firm reports
IT security firm Sophos reports that someone has been messing around with the official US PlayStation website. "Messing around" as in fitting its SingStar and God of War pages with fake ads that tried to make (and may have succeeded in making) visitors believe their computers were riddled with viruses.Phobos says that the bogus pop-ups prompted those who saw them to purchase what turned out to be equally bogus anti-virus software. The "scareware" has since been exterminated by Sony's IT jockeys, but we can only wonder how many hapless gamers were drawn into the hacker's insidious ... web of lies before it was too late.[Via PS3 Fanboy]
SlySoft keeps AnyDVD HD current, circumvents latest BD+
The crew over SlySoft isn't messing around, as just days after the v6.4.1.1 update hit the web, along comes yet another version to run laps around Big Content's best efforts. Posted yesterday, AnyDVD HD 6.4.5.0 adds in support for "a new version" of BD+ that's apparently included on films such as Jumper and a new flavor of AACS. This update also fixes a few minor problems with CSS logging and key retrieval, not to mention quirks found when removing ALPHA-DVD protection. You know the drill, head on down and stay current.[Via CDFreaks]
RF Online server rollback combats cheaters and 500% inflation
RF Online in the Philippines recently had serious issues with dupe hacks, prompting an unannounced rollback of the servers. PlayNoEvil writes that the operator of RF Online for the Philippines, Level Up Games, discovered a dupe exploit and tried to purge it from the servers as well as those who used it. However due to time constraints with unraveling the intricacies of the exploit, the company decided to roll back the game to a point before the exploit was used. Level Up Games issued a statement on the problem: Based on DB evidence, numbers as well as feedback from the community, the GMs, the Vanguards and also from our field agents, there was an oversupply of in-game currency and gold - as high as 500 %. GMTristan of RF Online Philippines clarified the situation further on his blog:
Buying gold is not a victimless crime
For many reasons I've never felt compelled to buy gold or pay for leveling on World of Warcraft. So I had no idea how the process worked. We got a tip from Kyron of Andorhal about a friend whose account was hacked. In addition to having all of his gear and gold stripped from his characters, he had 2 emails in the inbox for cheap items that he'd purchased off the auction house that the hacker had purchased for 500 gold a piece. They recorded the name of the seller from the auction house and confronted him when he next came online. It turns out that person wasn't a gold seller but a gold buyer. He'd been told to put Coarse Thread on the AH at the 500 gold rate and would receive his gold when the hacker purchased the ridiculously priced item. I didn't know how gold-buying worked, but this sounds like a way to exchange gold easily. This is something that blizzard could check into pretty easily. While sometimes players make strange prices in order to dupe would-be buyers, something like Coarse Thread would go unnoticed because most players wouldn't look for such items on the auction house.
How easily can your account be hacked?
You've probably heard the stories before. A friend's roommate's cousin once got his WoW account hacked. The hacker took all of his character's items and gold, and left a few naked, violated characters to fend for themselves. It conjures the same feelings as coming home to find your house has been broken into, or walking out to the driveway in the morning to find your car is gone.There has been a recent phenomenon of hacked accounts lately, more than ever. WoW had a recent problem with Xfire, and several people got their accounts hacked. The leader of Rebel Rising [rawr], one of the top PvP guilds in Guild Wars just got their account hacked and the hacker disbanded the entire [rawr] alliance and deleted the guild. This is a guild that had worked for years to establish itself in the GW PvP community, including its very own tournament cup named after them. But the fact that it can all go away so easily, as it did from one hacker, makes us aware of the inherent dangers and vulnerabilities we face in this environment.
Virtual items trader receives Red Herring award
Red Herring has named Live Gamer, a virtual items trading company, as one of the top 100 privately held companies in North America in 2008. The annual Red Herring 100 North America Awards are given to companies identified as the most promising tech startups. Love it or hate it, RMT is not going away. The virtual trading economy, which includes avatars, items and in-game currencies, is estimated to be a market worth more than USD 1.8 billion. Much of this trading takes place on the black market, exposing buyers and sellers alike to potential fraud. Live Gamer aims to remove the sketchiness from virtual item trades, enabling secure player-to-player trading while taking business away from some of the banes of the MMO world: virtual item thieves.
DARPA aims to create virtual environment for cyberwar simulations
Considering that mechanical beings will be fighting our real wars here in just a few years, it's no shock to see more focus placed on the areas where actual humans will still be the ones waging. DARPA is looking to create what it calls a National Cyber Range, which would essentially act as a training ground for cyber warriors. The setup would enable defense gurus to simulate battle against attacks our on nation's most highly prized data, and of course, give victors over virtual phishing scams immense bragging rights. Come to think of it, Estonia could have totally benefited from something like this last year. [Via Information Week, image courtesy of Sandia]
Koster writes "how to hack an MMO"
Have you ever wanted to walk through walls in MMO? How about telepathically sense the locations of all the good drops in a zone, or make invisible things very, very visible?A blog post by game designer Raph Koster (of Ultima Online and now Metaplace fame) will tell you how! Admittedly, Koster doesn't really go into much detail. Also, he's trying to help developers avoid hacking problems, not giving inside secret tips to hackers. It's still an interesting read, though!He lays out an overview of the various design choices developers make that are exploited by hackers. For example, some developers might choose to trust the client to handle collision detection to reduce lag and increase gameplay responsiveness. Well, a clever hacker can make the client report to the server with false collision information, allowing that hacker to move through walls. It turns out that most designers take a middle-of-the-road approach, meaning that, as Koster puts it: "only bad-ass hackers are cheating, instead of damn near everyone."
Account thieves make mainstream news
Some determined hackers have gone to great lengths to steal MMO accounts. So much so that they've managed to get noticed by the mainstream news outlets. We guess that's what happens when you hack over 10,000 websites just to get your hands on somebody else's MMO account.Essentially, these guys hacked into thousands of websites and added a small amount of code that redirects users into an invisible attack from some China-based servers. Apparently if you've got your antivirus program of choice up-to-date you shouldn't worry. Although the article points out that some of these attacks are directed at ActiveX controls, so update that as well if you haven't recently.We all know how terrible it would be to have our accounts hacked into and stolen. Many of us spend hundreds of hours in our favorite worlds, which many of us also pay for through our credit cards. Strangely enough, Lord of the Rings Online is mentioned as one of the games targeted by the hackers.[via TenTonHammer]
Hackers embed flashing animations on epilepsy support forum
Shortly after hearing a sad tale of a 7-year old cancer patient having his medication and PSP stolen whilst en route to treatment comes yet another story of the world's meanest preying on the innocent. This go 'round, a group of griefers (which appear to be members of Anonymous) managed to invade a support forum established by the nonprofit Epilepsy Foundation and use JavaScript code and messages littered with flashing animations to effectively assault dozens of visitors who suffer from the disorder. The Foundation managed to catch wind of the problem within 12 hours of the attack, and while the boards were closed down temporarily to purge it of offending messages, many readers (such as RyAnne Fultz, pictured) experienced headaches and seizures before rescue arrived. Let's just say we sincerely hope the culprits get what's comin' to 'em.
Linux becomes only OS to escape PWN 2 OWN unscathed
After a week full of Red Bulls, Fruit by the Foot and dreams of In-N-Out, the mighty Sony VAIO loaded with Linux stood as the only machine unhacked by the end of the PWN 2 OWN hacking contest at CanSecWest. As you're well aware by now, the MacBook Air on display was seized in two minutes by the presumably well prepared Charlie Miller, and after two full days of work, Shane Macaulay and a few of his 1337 associates managed to crack the Vista rig on Friday. Reportedly, Shane and his pals weren't expecting to do battle with the extra protected SP1 version of Vista, and while the exact loophole won't be divulged, we are told that it was a cross-platform bug that "took advantage of Java to circumvent Vista's security." In the end, it was reported that some folks on hand had discovered bugs in the Linux OS, but many of them "didn't want to put the work into developing the exploit code that would be required to win the contest."[Image courtesy of TippingPoint]
