Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Blizzard's Warcraft servers compromised by hackers (wow-europe.com) 1

Phil Duffy writes: "Blizzard's Warcraft servers compromised by hackers

Blizzard's World of Warcraft servers have been compromised by hackers and are allowing users' accounts to be logged into and modified without the owner's authorization. This is a repeat of the issue that Blizzard's Diablo II servers experienced in December 2000. Accounts are logged into, characters are stripped of their items, used to farm gold, and are even deleted. Through the experience related below as well as others posted on the official World of Warcraft forum (forums.wow-europe.com), it is obvious that this is a security issue originating with Blizzard and not with the end user.

When contacting Blizzard's account support for assistance on resolving the issue, players are constantly pressured to buy a Blizzard authenticator for their account. However, various players' experiences have proven that this authenticator can be removed by social engineering. Game Masters (in-game assistance) are slow to respond and can do little to resolve the issue and prevent the account from being logged into once hacked, regardless of account name change, password resets, booting the hacker from the server, etc. Account support has been able to track the IP of a hacker and yet still been unable to prevent reconnection.

These hacking incidents seem to initiate when the player's account is merged into a Battle.net account without their permission. The Battle.net account setup and merge process is inherently insecure and allows account modification without the confirmation of the account owner via the original email address. A standard security feature for most sites is that any account modification must be confirmed through the registered email. Even Youtube is superior to Battle.net in this respect. If you try to log into Youtube and have forgotten your password, you may initiate a password change request which is then sent to the registered email address. Once the email is received, a link may be selected within it to return the user to the Youtube password reset screen. However, if you forget your Battle.net account, or feel like hacking into one, you may initiate a password change request on the Battle.net site and are immediately prompted to answer your security question. Once the correct answer is entered, a new password may be chosen. The only verification required is the answer to the security question. And let's be honest, it's not too difficult to figure out a mother's maiden name. Also, submitting the answer may be attempted any number of times. The only notification the owner receives in their email, is a message stating that the password was changed and that they may contact account support if they did not initiate this change. Given this standard procedure Blizzard has chosen, their only responsible course of action is to provide 24-hour account support. However, Blizzard Europe does not provide evening or weekend support. For a company that receives over $190 million per month in subscriptions, their account support center is either severely understaffed or simply does not choose to provide adequate account support and security.

Even for accounts that are originally hacked through an end user's compromised computer, such as through a keylogger, the user is unable to resecure their account once they have regained access to it and resolved their computer's security problem. This is because even once they have regained access to their account, unmerged it from the unauthorized Battle.net account, removed any added Blizzard authenticator, and changed their email and/or password for it, they are unable to change their security question and answer. Once you obtain the security answer for an account, you may always reset the password for it. This feature is another indication that this current security breach is on Blizzard's end. As seen from the experience related below, the account password was never changed by the hacker. If the hacker was using a keylogger and/or had access to the user's personal system, they could have easily locked the user out of their account.

Below is a post from the official World of Warcraft — Europe forum. It is referenced with the writer's permission. It was submitted to the wow-europe.com forum on September 4, 2009. At the time that this story is submitted to the media, there has been no forum response from Blizzard to the request for assistance, although multiple players have responded that they have experienced a similar situation. The original post and responses is located at http://forums.wow-europe.com/thread.html?topicId=10711183739&sid=1.


Battle.net / Login servers Compromised

Early this week, I posted regarding this issue, and my post was deleted. I'm now posting again hoping that Blizzard might actually deal with a problem that is very real.

Two of my accounts were hacked on Sunday, Aug. 30th. The hacker bound my account to a battle.net account. I scanned my PC with AVG, Spybot and Avast, which all came back clean. I called Blizzard on Monday to have my account unbound.

So, Blizzard unbinds my account, resets my password, and when I try to log in with the new password, the hacker is still on my account. I log into my 2nd account, contact a GM, the GM kicks the hacker offline, and then I log in as well as change all my passwords. Within 1 hour the hacker is back on my account. Then I bind my account to my own battle.net account, change the passwords etc, and within minutes the hacker is back on the account. At this point I call my wife who is at her office. I give her the passwords to my battle.net and email and ask her to change them from her work. She works in IT support; her system is on a secured network and has never had Warcraft run on it. Within 2 minutes the hacker is back on my account. Throughout this time I've been logged into my 2nd account watching him, and at this point I've given up.

I wait till the next day as Blizzard phone support is closed for the evening. Tuesday I call Blizzard again. I get the same person on the phone as on Monday. This person was no use at all. When I ask her why this is happening, she can't give me an answer other than "buy an authenticator". Then she says she only works in Billing. I ask to speak to someone in technical support; she refuses to do that, but she asks for my contact number and says she will have technical support call me. So I give her my number and wait for technical support. What a surprise... no phone call.

So I call them again. This is now Wednesday, and I get someone who seems to actually know something. He checks IP logs. At first he can't see anything, but just then the hacker logs onto my account. I tell him "He is on right now", so he contacts a GM. I tell him everything that's happened. He finds it hard to believe, so he sets up a new battle.net account for me on his PC. I make a new email address, the GM kicks the hacker and all seems well. He also suggests that the only thing to do is to format the PC and get an authenticator if this happens again. Well, within an hour the hacker is back on again.

At this point I am really tired. I log onto Blizzard's store, and I try to buy 2 authenticators. They are sold out, so I drive to Best Buy and I buy one new 500g SATA drive and one brand new Laptop. I disconnect my desktop, I unplug both of my old SATA drives, I put in the new drive and I format it and install windows XP. On my new laptop, I make a new email address, and I change my passwords and email address for my battle.net account. I download WoW while Windows is installing on my desktop. 3 hours later it's downloaded and installed. I log on, and the hacker is on my account. He gets disconnected several times because I'm also connecting. He seems to give up and logs off. Thursday goes by and there's no sign of the hacker on either account. I check Blizzard's website, and they have authenticators back in stock. I order two. Today comes, I wake up, I log on and guess what? Hacker's back on my account farming again. I try to call Blizzard, this time very angry, and phones are closed early since it's Friday. And, of course, down all weekend.

Now, I have worked in IT support for Morgan Stanley. I have a CCNA. My wife works in IT support for a major pharmaceutical company. We are hardly IT illiterate. I have never in all my years and experience seen anything like this. What this tells me is that Blizzard's database on their login server or another area has been compromised. I would like some kind of response if anyone, particularly Blizzard, can give a straight and honest answer about this issue."


Journal Journal: Slashdot port scanning

My logs today revealed the following two port scans.

Fri, 2009-09-04 15:24:10 - TCP Packet - Source: Destination:X.X.X.X - [PORT SCAN]
Fri, 2009-09-04 15:24:12 - TCP Packet - Source: Destination:X.X.X.X - [PORT SCAN]

So I left wondering why slashdot is port scanning from


Submission + - Inside Mac OS X Snow Leopard Exchange Support (appleinsider.com)

imamac writes: Apple Insider has an interesting perspective on the MS Exchange support built into Mac OS X 10.6 and how it essentially frees Apple from all things Microsoft.

Windows Enthusiasts like to spin Apple's support for Exchange on the iPhone and in Snow Leopard as endorsement of Microsoft in the server space. From another angle, Apple is reducing its dependance upon Microsoft's client software, weakening Microsoft's ability to hold back and dumb down its Mac offerings at Apple's expense. More importantly, Apple is providing its users with additional options that benefit both Mac users and the open source community.


Submission + - Wordpress.org Warns of Active Worm Hacking Blogs (wordpress.org)

Erik writes: "Wordpress, the popular open-source Content Management System (CMS) for many thousands of bloggers worldwide, is under attack from a "clever" worm that automatically compromises unpatched versions of the Wordpress system. The particularly nasty bug crawls the web for vulnerable Wordpress installations, installing malware, deleting content, and generally wreaking havoc wherever it can. Today, Wordpress founder Matt Mullenweg eloquently implored Wordpress bloggers to update more frequently. Originally, updating the Wordpress system was a rather laborious process, however newer versions offer fast and simple one-click upgrades. The two most recent versions of Wordpress (2.8.3 and 2.8.4) cannot be attacked by the worm discovered this week, and blogs hosted at Wordpress.com are also apparently immune."

Submission + - Is a CS PhD worth it ?

An anonymous reader writes: I am CS grad working in a startup. The job is pretty enjoyable and the people around me are great. However, thinking of life beyond this startup scares me, since most job postings seem to be full of buzz words (SOAP/XML/RoR etc) and my current job involves none of these (one of the reasons which makes it fun). For a long time, I have been thinking whether I should chuck it all and go back to school for a PhD. I am extremely passionate about CS and can pretty much imagine myself working in CS-related areas for the rest of my career. The problem is that I am not sure whether the 4 year or so effort is worth it.
Is finding a challenging CS related job really difficult for a guy with just an MS degree ?
Do PhD holding/about to acquire slashdotters have any regrets about getting it ?
More importantly in these times of economic hardship, does it make any sense to chuck a high paying job for 4-5 years of almost no earnings and uncertain future?
PC Games (Games)

SOE Also Making a New Star Wars MMOG? 49

Hand Solo writes 'Ten Ton Hammer has an inside scoop on SOE making a new browser-based MMOG based on Star Wars. Rumor is that it will be run on the Free Realms platform. This is generating a lot of buzz around the net. Quoting: 'Former and current Star Wars Galaxies players can still remember the sting of the 'New Game Experience' that changed the face of that game for everyone. SOE has repeatedly said that they have learned from their mistakes, and plan to not repeat them. If SOE isn't expressly targeting the hardcore segment this time around, they (unlike BioWare) won't have quite the same initial level of expectations to deal with. Don't let us give you the impression that SOE plans to take on BioWare, and their highly anticipated MMOG debut, The Old Republic, particularly given the engine the game is rumored to be based on. More plausible is that it will be based off the Clone Wars CGI animated film, offering a more stylized approach to the universe. "

Feed Engadget: Controversial Palm Pre ads judged to be effective, still creepy (engadget.com)

Palm's slightly disturbing Pre ads continue to make news, putting to rest any doubts about their effectiveness. Hot on the heels of ad agency Modernista totally loving that you're "creeped out" by them, analyst MediaCurves has done a little online study --"little" meaning a small sample group of only 305 viewers. Still, the results are interesting, with half of all respondents feeling inspired or happy after viewing the commercial, nine percent feeling disturbed. Sixteen percent were, however, confused, but that didn't stop 21 percent from saying the commercial was "extremely effective," and 46 percent indicating "somewhat effective." At the read link you can watch the ad with a line graph drawn over it rating peoples' interest realtime, generally going up when the phone is shown (the "bing, bing, bing" segment) and down the rest of the time, perhaps inspiring a new series of Pre adverts with more time for demos and less for dazed-sounding, tight-haired, 60-foot-tall women.

[Via everythingpre]

Filed under: Cellphones

Controversial Palm Pre ads judged to be effective, still creepy originally appeared on Engadget on Tue, 11 Aug 2009 09:22:00 EST. Please see our terms for use of feeds.

Read|Permalink|Email this|Comments

Role Playing (Games)

Submission + - Blizzard ignores huge problem in Warcraft

blast3r writes: "Blizzard has been aware of a serious problem where players are unable to enter Instances (Dungeons) where at some times it can take over and hour to get in. The problem originated earlier this year when they were trying to fix over population of these instances which would often cause the instance to crash and the players would have to start over. They are saying they need to tweak hardware (July 2, 2009) yet refuse to give updates to their customers and are even banning those that are complaining in this thread. This is not a very good situation for Blizzard especially since Blizzcon is just around the corner. So what did Blizzard do with the hundreds of millions of dollars they made between early this year and the release of patch 3.2? Everyone knows that new patches generates more traffic. In any event, their PR people probably need to be prepared to meat some disgruntled customers!"

Submission + - Chevrolet Volt: 230 MPG IN THE CITY!

Anonymous Coward writes: "Chevrolet announces the Volt has a MPG rating of 230 IN THE CITY!


"The Chevrolet Volt, GM's electric car that's expected to go on sale in late 2010, is projected to get an estimated 230 miles per gallon, the automaker announced Tuesday."

"The Volt's lithium-ion batteries will hold enough juice to drive the car for about 40 miles, GM has said. Once the car goes beyond that, a small gasoline engine will turn on, generating electricity to power the wheels for longer drives."

"So let's say the car is driven 50 miles in a day. For the first 40 miles, no gas is used and during the last 10 miles, 0.2 gallons are used. That's the equivalent of 250 miles per gallon. But, if the driver continues on to 80 miles, total fuel economy would drop to about 100 mpg. And if the driver goes 300 miles, the fuel economy would be a just 62.5 mpg.""

Slashdot Top Deals

Bringing computers into the home won't change either one, but may revitalize the corner saloon.