World of Warcraft plugs security gap

Great you lose your keys and your locked out of more than your house . The customer service cogs at blizz grind so slowly that you will be waiting weeks to get your account unlocked , Simple answer to keyloggers really . 

Stay off the crappy sites that host them . 99% of all hacked WoW accounts are down to the end user being terminally stupid .

If your pc and account password is secure why on earth would you need this pointless gizmo .

Not all users are terminally stupid, if you travel a lot and/or use computers you don't have 100% control over (sharing, quite a concept) this is a nice layer of security that is hard to circumvent for any automated or simple attack.

But if you only live in your mom's basement and nobody else on the planet touches "your" computer that dad's credit card paid for, maybe you wouldn't think of other people not exactly like you.

$7/user is pretty cheap too, large corp/gov't contracts have paid much more than this for large orders of auth token systems.

You just get hit with spyware. Smitfraud.C.gp, for example, leads to numerous other infections including keyloggers. How do you get such an evil program? One wrong click on an ad (i.e. trying to close it) that popped up while surfing. My friend clicked on a purported off-site picture link from Allakhazam of all places. The following weekend I got a call to check out his PC. His account had been taken, cleaned out, and left for dead.

He doesn't surf anywhere else normally, except for maybe the weather channel. The only other place he had clicked on a link was at Allakhazam after looking up a quest. So yeah, stick to the "safe" sites, and you still might get screwed.

FYI, I think this is a good idea. I have had one for my paypal / ebay account for over a year now. No problems.

So go ahead and make sweeping statements about users. I personally wish you the best of luck. Still, if you're account is hacked remember that it's all your fault and don't bother reporting it.

FYI, OTP generators are never pointless from a security standpoint. Heck I wish more places offered them, including banks, the credit card companies, et al.

FYI, PayPal has been doing this exact same thing for a while.

Spyware isnt just the problem for people with bad security habits, and 99% of hacked wow accounts are not due to stupidity of the end user. That assumption itself is stupid and misleading. A coworker of mine (who does not play WoW) but Lineage2 lost his account and credit card information due to malware installed on a hard drive he recently purchased. A second case that I know of, from a guildmate, was due to java script embedded into into an add.

You can run Foxfire with the NoScript version enabled, you can update your anti-virus, run a firewall, but chances are good you are going to loose some information as todays hackers/information peddlers are getting smarter and better at what they do.

This is a relatively cheap and effective solution to this problem. OTP generators are being used extensively and effectively by most companies out there with mobile resources (laptops). Why not WoW?

the easy fix to key loggers is using a USB keyboard with built in encryption and a key exchange with the program. This is also a pretty decent way to kill off bot programs from playing the game as well. 

Here is how it works. The application performs a secure key exchange with the key board. yeah this means the keyboard has to keep track of multiple keys and which application has focus as each application will have a different auto generated key. After the key exchange all key presses are encrypted. So to keep the security up for every key typed a packet of encrypted information gets sent to the application which can decrypt the packet.

If the user is typing fast then multiple keystrokes can be sent in a packet.

The benefit of this is that key loggers can't know what keys are being pressed and bot programs can no longer be used as cheats, unless you build up a robot to press the keys.

I've been sitting on this idea for awhile, but I cat quite figure out how the keyboard keeps track of the application focus. either way the idea is out in the wild now, so I expect to see one for sale by years end.