Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Frackin script kiddies!!



On Wed, Aug 4, 2010 at 11:36 PM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On Aug 4, 2010, at 10:51 PM, Derek Martin wrote:
>>
>> But, to your knowledge, one case occured. ?In twenty years. ?I'd say
>> that qualifies as "extremely unlikely" -- wouldn't you?
>
> Every day, World of Warcraft accounts are stolen via MitM attacks. ?They grab account credentials and Authenticator codes, log into the Battle.net account administration, remove the victim's Authenticator and add the attacker's own. ?I personally know three players that this has happened to within the past year.

This statement rather surprised me.   From what I can tell from some
quick web searching, the "MitM" WoW attacks which are happening are
key loggers/trojans running on the end user system.  Not some
router/computer doing something on equipment that you don't
control/have physical access to.   This is the first time, I've ever
heard this kind of security failure
called a MitM attack and I suspect that others will have understood it
differently as well.

Clearly, running trojaned software on the local machine is going to
cause problems for secure communications.   However, that is not the
same thing as an attack that simply uses the ability to replace/modify
data packets in the communications channel to gain access to
information or insert commands into the channel.

If the "MitM" WoW attacks you are talking about are something other
then key logger type security breaches please let me know.  I would be
very interested in how they are accomplishing it.

Thanks,
Bill Bogstad







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org