Man in the middle attacks circumventing authenticators

View previous topic View next topic Go down

Man in the middle attacks circumventing authenticators

Post by Umber on Tue 16 Mar 2010, 5:25 am

Man in the middle attacks circumventing authenticators



It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one.

This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users.


Kropaclus
After looking into this, it has been escalated, but it is a Man in the Middle attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

This is still perpetrated by key loggers, and no method is always 100% secure.
source http://forums.wow-europe.com/thread.html?topicId=12730404058&sid=1&pageNo=1#15

To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.

Because the hacker is only receiving the data as it is transmitted, they are not able to log in more than once unless you are repeatedly broadcasting your authenticator code. They cannot change your account information. They are only in your account until they log off or are disconnected. The password is still your password. They are unable to remove or replace the authenticator. Removing the authenticator would require at least three different authenticator codes from you. One to log in to account management, and two for the actual removal. The chances of this happening are incredibly, obscenely low.




If you don't scrub the malware from your computer, they can hijack your account again the next time you try to log in, but the same rules apply. The damage done is limited and temporary. Make sure you do a virus/malware scan to make sure you don't get hijacked a second time, just like you would do with any keylogger.

This security breach is unfortunate, but keep in mind that it's far more difficult to do than the keylogging we've suffered for the last few years. Hackers that used keyloggers could theoretically gather thousands of user names and passwords every day and get around to them at their leisure. Your account information could be stolen today, but it might not be used until two weeks later when the hacker needs to fulfill an order. In the case of a Man in the Middle attack like the ones we're seeing now, that can't be done. Authenticator codes need to be used within 30 seconds or they expire. A Man in the Middle attack needs to be done in real time with a large amount of timing and accuracy. This sort of attack is possible, but we don't expect it will happen as frequently as basic keylogging.

What can you do about this type of attack? The same thing you can do about any attack. Keep your virus scanning software up to date (and update regularly, as this exploit is very new.) Scan regularly. Practice safe surfing. Read the thread in the technical support forums on this issue very closely, remember the warning signs. If you run into anything unusual, do not repeatedly try to log in. Play it safe and run a virus scan. Your authenticator is still protecting you against a vast majority of hacking and keylogging methods, it is certainly not money wasted and you shouldn't remove it in a fit of frustration.

Blizzard is very much aware of the issue and are actively looking for a solution.

Edit: This is a PC only attack, at the moment. Mac users are immune to this particular virus, however they are not immune in general. Mac users must practice the same security methods as PC users.

Tags: account-security, authenticator, breaking, exploit, keylogger, keyloggers, malware, man-in-the-middle, safe-surfing, security, security-exploit, technical-support


Tech support open today

In the aftermath of one of the biggest patches WoW has ever seen, many realms are still experiencing some technical issues. Talents and items are going missing, world and instance servers are down, and I've heard at least one report of trash mobs in Naxxramas suddenly breaking out in song.

Okay, I might have made that one up. The point still stands: problems exist in the realms right now. Blizzard knows this too, and they've decided to keep their technical support department open today until 7 PM Pacific time (10 PM Eastern). Usually they're only open on weekdays. Support will be available over the phone, through email, and in the tech support forums, as usual. Eyonix has posted a list of the methods to contact tech support, so check it out if you're having problems.

Urgent authentication database maintenance underway


The opening announcement on the login screen has just let us know that there is urgent maintenance being performed on the authentication servers. The maintenance will continue until 1:00 p.m. PDT / 4:00 p.m. EDT.

During this time you may or may not be able to log into the game. Pretty much the luck of the draw and beyond your control.

Account management and posting on the forums will be offline during this time as well, so the troll's trolling will have to terrifically terminate 'till temporally soon.

We'll update this post when things are back to normal, or if there are additional issues.



Patch day resources from Blizzard



Vaneras over on the WoW EU forums put up a post today listing Blizzard resources for WoW players when the patch drops tomorrow. While the post doesn't say "Patch 3.0.2 is tomorrow" it does have the title "10/13 Patch Day Paradise!" But the fact that 3.0.2 is dropping tomorrow isn't really anything new.

The Blizzard resources he provides includes an FAQ on connection and patching issues. Topic covered include being stuck on connecting, having problems with your firewall, game version validation, corrupt patch files, blizzard downloader issues (see our patch mirrors for a quick and easy solution to that), and general patching advice for your operating system of choice.

He also points out the technical support phone numbers (US EU), but usually the fastest solution is to post on the technical support forums (US EU) and you'll get a response very quickly from a fellow player or from a blue.

Thanks to Trevor for the scoop

Ask WoW Insider: WoW runs slow


Welcome to today's edition of Ask WoW Insider, in which we publish your questions for dissection by the peanut gallery -- now with extra snark and commentary by one of our writers. This week Nick writes in:

Hello to all the writers/columnists at WoWinsider! My name is Nick and I would greatly appreciate for your help/advice. My problem is that my PC, runs on windows XP home edition, is very VERY slow. I believe that it is because of an infestation of viruses, even though I run AVG free edition, Avast, and Spyhunter. I scan once a week and nothing comes up. My gameplay in WoW is very...laggy. If I am lucky enough, I'll get maybe, 10-20fps in Azeroth and 7-9fps in outlands/isle of quel'danas. It has been like this for a long time. I play a 70 bloodelf Mage, Evolves, on Lightbringer-US while I live in the east coast, even though its a west coast server. I understand that brings my latency up but still not as bad as 1fps EVERYTIME in shatt. I need some help to speed up my computer and maximize efficiency, any ideas/advice? Anything would help me because I'm desperate and am considering quitting WoW if this continues... :'(
avatar
Umber
Moderator
Moderator

Messages : 92
Glasses : 26712
Standing : 74
Registered : 2010-03-14
Whence : Germany

http://heyro.justdiscussion.com

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Tomboi on Tue 16 Mar 2010, 5:28 am

Ruu Roh.

Will NOTHING stop these hackers? If a ferocious monstrous Core Hound doesn't faze them...I don't know what will.
avatar
Tomboi
Member
Member

Messages : 5
Glasses : 5
Standing : 0
Registered : 2010-03-15

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Avan on Tue 16 Mar 2010, 5:30 am

The way this attack works, *you* never log in in the first place. The scumware alters how your computer handles your internet traffic and actively searches for those packets that would contain your login information. When it detects that WoW's trying to send them out, it *intercepts* them, sending them to a different computer entirely which then sends the log in info, letting whoever is at that computer log in to your account. *You* never log in, in fact you'll just keep getting an "unable to connect" error, rather than something more specific.

Repetitious, I know, but I really wanna drive that point home. If it worked some other way, there's a chance you could bump off whoever's hijacking your stuff, *and they don't ever want you to have that chance.*

Also, if they're stealing your WoW info, they're probably stealing anything else they can(even if they don't directly deal in identity theft, the way these places operate they likely know someone who does, and will happily sell *them* anything else they happen to pick up). Just so you don't go getting a false sense of security from this, or anything.
avatar
Avan
Member
Member

Messages : 10
Glasses : 12
Standing : 0
Registered : 2010-03-16

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Poggg on Tue 16 Mar 2010, 5:31 am

The article says you need to use the code within 30 seconds before it expires. So, press the button on your authenticator. Count to 25, then input the code. The attacker now only has up to 5 seconds to use your code, depending on how long it takes you to input it.

This method isn't going to prevent these attacks entirely, just minimize them further.
avatar
Poggg
Member
Member

Messages : 8
Glasses : 13
Standing : 1
Registered : 2010-03-16

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Felix on Tue 16 Mar 2010, 5:32 am

Security is not easy and as long as we have the valuable stuff hackers want, they won't stop.

So it's important to understand what the authenticator does and does not do for you. Like in that Seinfeld episode, Seinfeld got robbed even though he has the most secure locks on his front door because Kramer forget to close it.

-- The authenticator (multi-factor authentication) protects you from "replay attack", where the bad guys can no longer take their time to hack you two weeks later.
----> They need to take both your password and your auth-code to pretend to be you for a short time. Or they have to physically steal your authenticator.
-- To defend against man-in-the-middle attacks, you need SSL or other end point authentication. Basically SSL protects your data *AFTER* leaving your computer and it promises the data will be unreadable in transist and truely reach it's intended destination unaltered before it can be read.
----> They need to get into your computer to mess with your data BEFORE it leaves the computer.

The good news is that adding an authenticator raise the bar for the hackers to steal your account. But they can still do it if you are not careful... Like even if Kramer remember to close the door, he still has to turn the lock for it to work most effectively.


Additionally, all of these protections are not reliable if the bad guys have malware IN THE COMPUTER. They can literally do anything they want. They can even alter your WoW client itself to connect to them instead of Blizzard to login. It's like locking the front door doesn't really protect you from the thief who's already inside the house.

So we still need to be vigilant about it even with the authenticator.
avatar
Felix
Member
Member

Messages : 24
Glasses : 34
Standing : 0
Registered : 2010-03-16

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Avan on Tue 16 Mar 2010, 5:34 am

"Authenticators can only do so much if you are completely careless otherwise"

And this is what many of us here said when the "omg I gotta get an Authenticator right now!!!!" craze kicked off a couple months ago.

We simply said, if your careless(aka stupid), then your account will still be hacked. Simply put, technology is no substitute for common sense.

The reaction? Flaming, down voting, stupid Mac vs. PC arguements, and even more stupid MADE UP stories about about how people took every precaution, but some hacker still got them by "hacking his buddies wife's account, pretending to be her when his buddy logged on, and tricking him into giving her full guild bank access"...

...seriously, I still can't believe that someone expected us to believe that story....anyway...

The bottom line is, there were two sides to this. People who said authenticators are great and would protect us all and those who said authenticators are useful as another security measure, but not the end all.

I guess we have a winner to that debate from the article a couple months back...
avatar
Avan
Member
Member

Messages : 10
Glasses : 12
Standing : 0
Registered : 2010-03-16

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Thebvp on Tue 16 Mar 2010, 5:34 am

My justification for my authenticator is similar to explanations of how to escape from a bear - you don't have to be the most secure, you just have to be more secure than the millions of other people who are easier and more profitable to hack.
avatar
Thebvp
Member
Member

Messages : 12
Glasses : 12
Standing : 0
Registered : 2010-03-16

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Heyro on Tue 16 Mar 2010, 5:35 am

Wait, bears are hacking WoW accounts now? OH GOD
avatar
Heyro
Administrator
Administrator

Messages : 244
Glasses : 35059
Standing : 394
Registered : 2010-02-22

http://www.deezer.com/profile/750437615

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Гость on Tue 16 Mar 2010, 5:36 am

Authenticators can only do so much if you are completely careless otherwise
avatar
Гость
Guest


Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Umber on Tue 16 Mar 2010, 5:37 am

Before downrating McCombs, please make sure you know the reference. I wouldn't be surprised if that line isn't uttered by some Goblin in Azeroth.
avatar
Umber
Moderator
Moderator

Messages : 92
Glasses : 26712
Standing : 74
Registered : 2010-03-14
Whence : Germany

http://heyro.justdiscussion.com

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Umber on Tue 16 Mar 2010, 5:40 am

Patch 3.3.3 PTR patch notes [Updated]



The official Patch 3.3.3 patch notes have just been posted to the official site, so we're likely to see the PTR incredibly soon, if it isn't up right now. You can find the patch notes in full below. Do note, however, that this is Patch 3.3.3 and not Patch 3.3.5. This will not include the Ruby Sanctum raid dungeon.

Some highlights:
Death Knights: Icy Touch: This ability now causes a very high amount of threat while the death knight is in Frost Presence.
Many aura abilities such as Unleashed Rage, Abomination's Might, and Elemental Oath are now passive auras and do no need to be triggered by certain strikes.
Frozo the Renowned has moved into the Dalaran Magus Commerce Exchange and will be trading your Frozen Orbs for various other trade goods. We do not yet know what these items are, but we'll be sure to look as soon as we get on the PTR.
Look behind the break for the rest of the Patch 3.3.3 patch notes.

These patch notes are up to date as of March 10th, 2010.

General
Copied Test Realm characters are not copied with their achievement history in order to better facilitate the character copy process.
PvP
The amount of Honor awarded for an Honorable Kill has been increased by 100% for characters of all levels. This change will effectively double the amount of Honor received from Honorable Kills, or for completing Battleground and Wintergrasp objectives; however, the amount of experience gained from completing Battleground objectives and the amount of Honor rewarded for completing each Wintergrasp quest remain unchanged.
Battlegrounds

The Random Battleground system has been added! Similar to the Random Dungeon system in the Dungeon Finder, players can now queue for a random Battleground.

The Random Battleground option can be found in the Battleground tab of the PvP frame and is only available for level 80 characters at this time.
If this option is selected, players may not queue for specific Battlegrounds and a random Battleground simultaneously.
Similar to the Random Dungeon system, players will not know for which Battleground they are chosen when selected from the queue until they zone into the Battleground.
The Random Battleground option will only allow a group size of 5 players to queue together.
Bonus rewards will be offered for choosing the Random Battleground option.[ul]
Winning a Battleground using the Random Battleground option for the first time in a day will award players with 30 Honorable Kills worth of additional Honor currency and 25 Arena points.
Winning additional Battlegrounds using the Random Battleground option after the first random win will award players with 15 Honorable Kills worth of additional Honor currency.
Losing a Battleground using the Random Battleground option will award players with 5 Honorable Kills worth of additional Honor currency.
Daily Battleground quests have been removed in place of the Random Battleground option.
Battlegrounds will no longer award Marks of Honor.

Players with existing Marks of Honor can still turn them in to their respective faction's quest givers, including individual marks for those who may have more marks for one Battleground than another.
Items which previously required Marks of Honor will have their costs adjusted to remove these requirements.
Whenever a Battleground has the holiday bonus active, it will now be referred to as "Call to Arms" in the Battleground tab and Calendar. In addition, Call to Arms Battleground Honor rewards have been changed.

Choosing a specific Battleground with the Call to Arms bonus active will yield the exact same rewards as when choosing the Random Battleground option.

Winning a Call to Arms Battleground for the first time in a day will award players with 30 Honorable Kills worth of additional Honor currency and 25 Arena points.
Additional Call to Arms Battleground victories after the first win for a player that day will award them with 15 Honorable Kills worth of additional Honor currency.
Losing a Call to Arms Battleground will award players with 5 Honorable Kills worth of additional Honor currency.
When using the Random Battleground option, players will not receive additional rewards if the Battleground chosen is under the Call to Arms bonuses. In addition, the rewards for the first victory of the day cannot be earned more than once, regardless of whether or not it is obtained from the Random Battleground system or the Call to Arms Battleground.
Wintergrasp

The internal balance system now only changes when a faction achieves 2 consecutive defenses after an initial capture of Wintergrasp, up from 1. More details can be found on our PvP Discussion forum: http://forums.worldofwarcraft.com/thread.html?topicId=23329393344
Dungeons & Raids
Culling of Stratholme

Players may now skip the initial introduction dialog to this dungeon once they have completed it at least once.
World Event Bosses

Holiday bosses (such as Ahune for the Fire Festival) will now be accessible through the Dungeon Finder.

Players must use the Dungeon Finder or speak to special holiday NPCs in the world to queue up and access these bosses.
Upon accepting a queue for any holiday boss, the party will be ported directly to the necessary area for confronting that boss.
The previous summoning criteria for these bosses have been removed. Players can queue up for and fight each World Event boss as many times as they want for any standard loot that they may drop.
All rare holiday items (such as The Horseman's Reins) will have a chance of being found in holiday-themed loot troves which will drop once for each player in the party no more than once per day, in the same manner that doing the Random Dungeon daily quest will provide a specific reward the first time it is completed in a day.

Classes: General
Several raid buffs have had their ranges increased to 100 yards, up from 45 yards, to prevent select buffs from repeatedly getting applied and removed during highly mobile encounters. Some buffs, such as paladin auras, totems, shouts and Blood Pact are intentionally meant to have shorter ranges and remain unchanged.
Death Knights
Icy Touch: This ability now causes a very high amount of threat while the death knight is in Frost Presence.
Chains of Ice: The ability now innately applies Frost Fever to a target.
Rune of Razorice: Now stacks 5 stacks of 2% Frost Vulnerability instead of 10 stacks of 1% Frost Vulnerability. Proc chance changed to 100%.
Talents

Blood

Abomination's Might: This effect is now passive instead of being a proc on certain strikes. Rank 1 is 5% attack power and Rank 2 is 10% attack power. The self strength buff remains unchanged.
Will of the Necropolis: There is no longer a cooldown on the frequency at which this talent can be activated. In addition, this ability can now also be triggered by damage which deals less than 5% of your health.
Frost

Endless Winter: No longer causes Frost Fever to be applied by Chains of Ice, but instead grants 2/4% strength.
Icy Talons: The personal haste benefit provided by this talent is no longer exclusive with other sources of melee haste. This will allow death knights to always swing 4/6/12/16/20% faster when Frost Fever is applied. Windfury Totem and the party/raid component of Improved Icy Talons still do not stack.
Improved Icy Talons: This effect is now passive instead of being a proc. The self haste buff remains unchanged.
Nerves of Cold Steel: Now increases off-hand damage by 8/16/25%, up from 5/10/15%.
Unbreakable Armor: The amount of strength granted is now 20%, up from 10%.
Unholy

Scourge Strike: Now deals 70% weapon damage, plus 12% of physical damage done as shadow damage for each of the death knight's diseases on the target. The net result should be larger strikes with no diseases present, while maximum damage with all diseases applied to the target should stay the same.
Unholy Blight: In addition to its previous effects, this talent now also prevents diseases from being dispelled from victims afflicted by Unholy Blight.
Druids
Nature's Grasp: Now has 3 charges, up from 1.
Talents

Balance

Starfall: The damage done by this spell has been significantly increased.
Typhoon: Mana cost reduced to 25%, down from 32%.
Feral Combat

Mangle: The debuff from this talent now lasts 60 seconds, up from 12 seconds.
Hunters
Talents

Beast Mastery

Ferocious Inspiration: This ability is now an aura and provides 1/2/3% damage to all party or raid members within 100 yards and boosts the damage of Steady Shot by 3/6/9%.
Pet Talents

Heart of the Phoenix: Cooldown reduced to 8 minutes, down from 10 minutes.
Mages
Frostbolt: Spell power scaling on this spell has been increased by approximately 5%.
Talents

Arcane

Arcane Empowerment: This effect is now passive instead of being a proc off of critical strikes. The self damage buff remains unchanged.
Incanter's Absorption: This talent now only grants additional spell power when damage is absorbed by Mana Shield, Frost Ward, Fire Ward, or Ice Barrier. The limit of 5% of the mage's health on the spell power buff has been removed.
Fire

Burning Soul: Threat reduction is now 10/20%, up from 5/10%.
Combustion: The cooldown on this spell is now 2 minutes, down from 3 minutes.
Empowered Fire: This talent now also applies to Pyroblast damage.
Torment the Weak: This talent now also applies to Pyroblast damage.
Frost

Brain Freeze: This talent now allows your next Fireball or Frostfire Bolt to be instant and cost no mana. There is a small internal cooldown to keep the Frostfire Bolt from immediately triggering Brain Freeze again.
Priests
Talents

Discipline

Renewed Hope: now has a 60-second duration, up from 20 seconds, but a 20-second cooldown.

Rogues
Rupture: The damage-over-time component of this ability can now produce critical strikes.
Talents

Subtlety

Filthy Tricks: Now Reduces the cooldown by 5/10 seconds and energy cost by 5/10 of Tricks of the Trade, Distract and Shadowstep abilities, and reduces the cooldown of Preparation by 1.5/3 minutes.
Ghostly Strike: If the rogue has a dagger equipped, this ability now deals 180% weapon damage instead of 125%.
Hemorrhage: If the rogue has a dagger equipped, this ability now deals 160% weapon damage instead of 110%.
Serrated Blades: This talent now allows the rogue to ignore up to 3/6/9% of the target's armor, rather than a fixed amount of armor ignored per level of the rogue.
Slaughter from the Shadows: Now adds 1/2/3/4/5% damage to all attacks and reduces the energy cost of Backstab and Ambush by 4/8/12/16/20, up from 3/6/9/12/15.
Waylay: The debuff from this talent can now be caused by Backstab in addition to Ambush and can be triggered by all hits from these abilities rather than just critical strikes, but the snare component is now 50%, down from 70%.
Shaman

Flame Shock: The damage-over-time component of this ability can now produce critical strikes and is affected by spell haste.
Talents

Elemental Combat

Elemental Oath: This ability is now always on as a passive aura.
Enhancement

Unleashed Rage: This ability is now always on as a passive aura.
Warlocks
Immolate: The damage-over-time component of this spell can now produce critical strikes.
Life Tap: This spell no longer scales with spirit, and instead scales with spell power.
Talents

Affliction

Dark Pact: This ability no longer requires line-of-sight with the summoned demon, and the range has been increased from 30 yards to 100 yards.
Demonology

Demonic Pact: This effect now has a 45-second duration, up from 12 seconds, and a 20-second internal cooldown.
Warriors
Revenge: Damage done by this ability (base and scaling) increased by 50%.
Thunderclap: This ability now counts as a ranged attack, granting it double damage on critical strikes instead of 150% and ranged miss chance, and still cannot be dodged or parried.
Talents

Arms

Bladestorm: Warriors can now be Disarmed while under the effects of this ability.
Trauma: The debuff from this talent now lasts 60 seconds, up from 15 seconds.
Fury

Rampage: This effect is now passive instead of being a proc from critical strikes.
Protection

Improved Revenge: This talent can no longer trigger a stun, and instead causes Revenge to strike an additional target for 50/100% of Revenge's damage.
Vitality: Now boosts Stamina by 3/6/9%, up from 2/4/6%. Strength and expertise benefits have not changed.

Items
Frozo the Renowned has moved into the Dalaran Magus Commerce Exchange and will be trading your Frozen Orbs for various other trade goods.
Glyphs

Death Knights

Glyph of Disease: When this glyph causes Frost Fever to be refreshed, it will now also trigger a refresh of Icy Talons.
Druids

Glyph of Focus: Now increases the damage done by Starfall by 10%, down from 20%.
Glyph of Mangle: This glyph now provides 10% increased damage done by Mangle instead of increasing the duration of the debuff.
Mages

Glyph of Fireball: No longer increases critical strike chance of Fireball. Instead, it now reduces the cast time of Fireball by 0.15 seconds.
Mechanostriders: Summoning any of these mounts is now perfectly mechanical-sounding!
Priest Tier-10 4-Piece Healing Set Bonus: Redesigned. This bonus now increases the effectiveness of the caster's Power Word: Shield and Renew spells by 5%.
Shaman Tier-10 4-Piece Elemental set Bonus: This bonus has been slightly adjusted to account for the fact that haste now modifies Flame Shock's periodic damage ticks. The bonus now makes the shaman's Lava Burst cause Flame Shock to tick at least two additional times before expiring.
Professions
Runed Orbs: Recipes which require this item have had their material requirements significantly reduced.
Engineering

The Pet Bombling and Lil' Smoky non-combat pets are no longer Bind-on-Pickup.
Fishing

The "Monsterbelly Appetite" daily fishing quest has changed so it now takes place outside the Violet Hold in Dalaran. The quest still requires a Severed Arm and has been renamed to "Disarmed!"
Inscription

Most recipes that required 2 inks now only require 1.
Mining

Titansteel Bar: Creating this item no longer results in a cooldown.
Tailoring

Glacial Bag: Creating this item now invokes a 7-day cooldown.
The cooldown and location requirements have been removed from creating Moonshroud, Spellweave and Ebonweave.
Quests
Many quests which require vehicles have had their vehicle mechanics updated and improved in the interest of fun
User Interface
All Alert pop-ups now have new and fresh Alert icons.
Auction House

If the Auction House on a realm is unavailable for any reason, an alert will pop up informing players who attempt to access it.
Players can now Right-Click to place an item in the Auction frame.
Entire stacks of a specific item type can be placed in the Auction frame and several options have been added for choosing how to list auctions.

Stack Size: If a stack of items has been added to the Auction frame, players can select the size of the stack they wish to sell. If an invalid stack size is entered (i.e. a stack of 21 Saronite Ore), the Create Auction button will be grayed out.
Number of Stacks: In addition to selecting the size of a stack, players can select how many stacks of an item they wish to sell (i.e. if a player has a total of 43 Saronite Ore in the Auction frame, they can choose to list 2 stacks of 20, 4 stacks of 10, 8 stacks of 5, 43 stacks of 1, etc. If the number and amount of stacks listed results in a remainder, the left-over items will be placed back in the player's bags automatically).
Stack Size and Number of Stacks are linked mathematically so that altering the variables of one may automatically calculate the amount of the other (i.e. if a player puts 20 in the Stack Size field and 43 Saronite Ore are in the Auction frame, the Number of Stacks field will change to 2 by default. If a player only wishes to sell one stack of 20 Saronite Ore, the Number of Stacks field can be manually changed to 1).
Price: Players can now choose to input the price of an item Per Stack or Per Item by selecting either option from a pull-down. If Per Item is selected and a player is selling a stack of that item, the Auction House will multiply the selected Per Item price by the amount of that item in the stack. If Per Stack is selected, the player can enter the total price he or she wishes to charge for each stack of that item being listed.
Auction Post Completion Bar: If multiple items or stacks of items are being listed at once by a player, a Posting completion bar will appear showing the total progress of each individual auction being listed once the Create Auction button is selected. The greater the number of individual listings being made in a single press of the Create Auction button, the longer this process will take. Players can still browse the Auction House while the Posting completion bar is in progress, but moving around will interrupt the progress, similar to moving while attempting to create multiple bandages with First Aid. Just as with creating bandages, auctions that were completed prior to the character moving or otherwise canceling the action will successfully be listed.

Dungeon Finder

The Deserter debuff given to players who leave a dungeon prematurely when queuing via the Random Dungeon option has been increased to 30 minutes, up from 15 minutes. The cooldown for using the Random Dungeon option remains 15 minutes.
The Random Dungeon cooldown is no longer displayed as a debuff. Instead, players will see the cooldown time remaining displayed in the Dungeon Finder window when Random Dungeon or Random Heroic Dungeon is selected from the pull-down.
If a player in your party has the Deserter debuff, or is on cooldown from the Random Dungeon option, his or her character name will be displayed in the Dungeon Finder window listed as "On Cooldown," preventing the group from queuing.
Anyone in a dungeon party can now re-queue their group for a dungeon, as players will still be prompted whether or not to accept their chosen role.
Players who use the Vote Kick option will now be prompted to provide a reason for kicking a party member. This reason will be presented to everyone in the party except for the person voted to be kicked.
When joining as a group, more generous level requirements will be used instead of Random Dungeon level requirements so that players of different levels joining together will be eligible for a greater number of dungeons.
Parties randomly created via the Dungeon Finder will always be arranged in the party interface from top to bottom in the following order: tank, healer, damage, damage, damage.
If a random party is created via the Dungeon Finder and a player cannot roll Need on an item, a reason will now be provided.
Authenticator Frame: If a player has a Battle.net Authenticator attached to his or her account and selects Remember Account Name at the login screen, the next time that player logs into World of Warcraft, a field to input the Authenticator code will be displayed below the password field.
The World Map will now provide an option to display different levels of a multi-layered dungeon, zone, or city (i.e. players can view the map of the Dalaran Sewers without having to be in that location).
Quest Tracking Feature

The Quest Tracking Objectives Frame can now be widened via the Interface Options menu.
The short description for a tracked quest is now displayed on the Map in the quest pane.
Quest items in a player's inventory which begin quests now each have an exclamation point overlaid on their icons to make them more easily identifiable.
If a players selects Track Low Level Quests, the quest objectives will no longer appear dim on the Map, nor will the exclamation points appear dim over NPC heads or on the Mini-Map.
Objectives Frame

The Objectives Frame will now list the number of quests displayed at the top. In addition, players can now click on the word "Objectives" at the top of the Objectives Frame for a list of sorting and filtering options which will determine how quests are ordered. Any quests or achievements filtered or sorted out of the Objectives Frame are still being tracked and are simply hidden in this frame.

Sorting[ul]
Sort by most difficult quests.
Sort by least difficult quests.
Sort by quests closest in proximity to the player (this will automatically update as players travel around).
Manual sorting: This allows players to Right-Click on each quest name in the Objectives Frame and determine in what order they should be placed.
Filtering

Toggle achievement tracking.
Toggle completed quest tracking.
Toggle tracking quest objectives in other zones.
Players can now Shift + Click on a quest objective or check the Track Quest box on the Map to track a quest in the Objectives Frame.
For additional notes on Lua and XML changes please visit the UI & Macros Forum: http://forums.worldofwarcraft.com/board.html?sid=1&forumId=11114
Technical
Frame Rate: A maximum capacity of 200 frames per second has been added. To disable the frame rate limit, the following line should be added to the Config.wtf file: SET maxFPS "0".
Bug Fixes
When speaking to an NPC for which a player has 2 or more quests and not all of them are complete, the incomplete quests will now correctly show as a gray question marks in the dialog box. In addition, repeatable quests will be properly colored as blue exclamation points or question marks in the dialog box for NPCs with multiple quests available, or for which the player has multiple quests in progress or completed.
avatar
Umber
Moderator
Moderator

Messages : 92
Glasses : 26712
Standing : 74
Registered : 2010-03-14
Whence : Germany

http://heyro.justdiscussion.com

Back to top Go down

Re: Man in the middle attacks circumventing authenticators

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum