MMO Gaming: The Importance of Security 2012 edition

Blizzard is being sued. They are being sued, because someone figured out that maybe Blizzard isn't upping their security because they want to use it to sell Authenticators, which is described as a hidden cost. It doesn't matter that someone has figured out a way to reverse engineer the authenticators, hell I even knew that was coming once they released the mobile version. What matters isn't about the fact that Blizzard makes $2.60 on every authenticator made. What matters is that people think they need one, to protect their account from being hacked. Blizzard has stated multiple times that customers wouldn't have been hacked, if only they had used an authenticator (hidden cost).

HideMyAss.com

The truth of the matter is, you don't need one - if you have common sense. OK, let me rephrase that, because in reality even common sense didn't matter, when Blizzard got hacked back in May 2012. You know that time. It's the time when I warned everyone to change their passwords, because I figured out the truth of why people were losing items on their D3 accounts, and Blizzard was replacing stuff at face value... of course Blizzard didn't admit to it until after 10M sales of D3 a couple months later... but again it doesn't matter... for this story at least.

Common sense is what has kept all of my different gaming accounts safe. It should do the same for you, if you use common sense anyways. Let me share with you what I do, to keep them all safe...

First off my virus scanner. I know there are a lot of different options out there, I know that some of you use Norton's or Mcafee, or maybe Eset, or even AVG. I don't. I use Avast AntiVirus on both my phone and on my computer. Really, I cannot tell you the amount of times it's saved me from trojans, keyloggers, and RATs (Remote admin tools). No really, I can't. But I trust it. I trust it more then running any of the other softwares out there, and being that I am paranoid AND a cheat site owner, you should trust me in this matter.

Next is my firewall. I actually have double protection here. I have a router with built in firewall, which is my hardware firewall. I have an old Linksys Router, but with DD-WRT as my firmware. What this means, is that I have better firmware with more options then any standard router. The software turns my $20 router into the equivalent of a $200 router (or more). For my software firewall, I am using Comodo. I had some bad issues with them on Windows Vista when it first came out, but after hosing my system, it's much better then any alternative I have been able to find. It doesn't just work as a firewall, but a backup AV/Spyware checker. Nothing gets out, without my permission. So this means even if I did have a keylogger on my system, there would be no way for it to send my keystrokes to an outside source. Of course I don't have a keylogger though.

For anti-spyware I still fall back to the same one I have used since Win 98 was around. I use Spybot Search & Destroy. It's had a few changes since it first came out, but it's greatest feature is that it isn't in itself Spyware, such as AdAware and IOBit's Malware Fighter. Spybot will scan for Rootkits, Spyware, and more unwanted files.

Unfortunately these days, the above isn't the only type of protection you need. And this is where the common sense comes in. No matter what kind of protection you think you have, it won't stop an intruder from accessing your account, if you give the information away. You see, I can download a key-logger, have it on my system for weeks, and never have to worry about my account. But if I go enter the information on someone's collection site, then all that software means nothing.

Phishing is one of the most common ways to get someone to give you their information. This coupled with a legit looking website url, and you are screwed... unless you think first. First and foremost, it's important to remember to ALWAYS enter in the game site you want to visit, by typing it in the URL Bar, and not following a link. It's common practice to make innocuous looking url's. For example, following a link that leads to blizard.com, battlenet.net, or rift-game.com is the same as giving your account information away, when you try to login. So when you get an email which states there is something wrong with your account, hover over the link, and look at the URL. Even if it looks legit, it might be fake...

It's also important to only use the associated email with games. This means if you register on a fan site, make sure to use a email address which is NOT a gaming account one. I can't tell you the amount of emails I get to various email accounts which tell me I have a problem with my account... but I only use one email address for my WoW account, and it's not published anywhere, nor used for any other game. By the way - you should have one email, for each game, but even if you don't, try not to group new games with old games. So should your email account get compromised, then at least you only lose access to one game, not many.

Strong passwords are important. For years I had been using the same password for all my games. Albeit it was a hard one to guess, and unlikely to be brute forced, but if just one game account were to go down, then it's possible that others could as well. This is where a password manager is highly recommended. I do use Lastpass, which offers online and offline versions, as well as a version for my phone, and phone's browser. However there are alternatives like KeePass and some others. If you don't want to bother with a password manager, then at least follow some password rules... no birthdays, no sports-teams (I figured out a boss' password because of this  👿 ), no family names, no pets names, no deities (God/Jesus/Mohammad), no repeating characters. Random characters works great for this via a password manager, but they aren't always easy to remember. However one thing which works really well, is using numbers in place of letters. For example, if I had a pet named BooBoo, I could make it 8oOB0o!, and while I would know what the password was, even if I told anyone else the password is "BooBoo", no one would be able to figure it out. It's important to use capital letters, numbers, small letters, and symbols in passwords.

Another piece of advice I want to warn you about is so called hacks. I remember a buddy telling me (before he grew a conscience) that he could acquire 800 accounts a month. He simply made YouTube videos showing people a hack, and letting watchers know they could get the hack, by filling out a form with their account information, at which point their account would magically have GM powers... (common sense rules here people).

Along the above line of info, also goes hacks which people make for games. If you don't know the person, there might be a chance that the hack someone just gave you has a keylogger or trojan. Scan first, ask questions later. Run it in a sandbox, and check to see if it tries to make an outside connection. If it does, it's probably malicious software. Comodo provides a free sandbox, but you can also try Sandboxie.

Did you know, that if you use a free WiFi connection, that your information can be hacked with a few simple tools as well? This means if you go to a cybercafe, library, or even a local food chain to play a quick game, that you can actually not only be hacked, but become to victim of identity theft. This is again one of those common sense things. In this situation, it doesn't matter what software protections you use. Heck it doesn't even matter if you have an authenticator, because of the types of attacks which can be made over WiFi, it's possible to steal more then just game access. This is where protection with Hide My Ass VPN Service, comes into play. If you play on a laptop, or even just surf on one on an open connection, you need to protect your proverbial ass.

The last way to lose your account information... bad power-levelers. These are the guys you searched for, which were so cheap, that they had to be legit. This follows the rules of idiocy. I have no problem with someone using a power-leveling company - hell, I own one! But paying someone to hack your account is brutal. I know what you're thinking... you can always get your money back... but when they go in, level your account, and then rip you off for everything you own, I can't feel sorry for you. That's why they were so cheap. Instead, find yourself a legit powerleveling company, and stop wasting your money on the other guys.

Buy Fast Gold & Safe Hand Leveling

If Blizzard had added a coinlock notification, like Rift has, I don't think there would be a problem. Coinlock makes you put in a code, before you can buy, sell, or trade items in Rift. There is also a big warning at the bottom of the screen that there is a coinlock. Sure, Blizzard does have an IP lock, but Rift goes a step past that with a computer lock. Even a computer which is on the same IP can be locked. Multiple computers on the same IP can indicate gold farmers.

Is there anything else Blizzard could do? Sure, they could make you change your password every 90 days, and ensure it's not related to a SQA, Birthday, or Deity. They could teach you to make better passwords. They could add a double layer of protection, such as a PIN code which has to be added in with mouse movements via an onscreen keyboard. There are a number of things they could do, but instead they are telling you to use an Authenticator (which can be hacked). The lawsuit against them, is not without merit.

Leave a Reply

Your email address will not be published. Required fields are marked *

s2Member®