Possible Security Risk?

JAMerica · 02-26-2008, 10:51 AM

I figured with the rash of account hacking people have suffered, I figured I'd throw this up.

I noticed that through the wow armoury, you can log in with your account name and pwd to see the guild bank contents. Unfortunately, as far as I can tell, this login procedure does not appear encrypted in any manner (i.e. no https).

Seems like a pretty major oversight on blizz's part to me. I would suggest not entering your account information through the armoury.

*EDIT* There is link to do a secure login on the upper right corner of the armoury page (https://www.wowarmory.com/login.xml), however if you go view the guild bank you will receive a login prompt that is not encrypted/secure (http://www.wowarmory.com/login.xml).

**ThaDoctah** · 02-26-2008, 10:56 AM

I call conspiracy!

ScratchMonkey · 02-26-2008, 01:35 PM

It's like the real world banks that designed there websites for IE and locked out competitors with much faster security response like Firefox.

Blizzard makes a lot of noise about security. This suggests that maybe they're not so serious, after all.

You should start a SlashDot story about it. I'll bet that would be a good Clue-by-Four!

**orion808** · 02-27-2008, 01:39 PM

02-26-2008, 10:51 AM	#1 (permalink)
JAMerica Join Date: Feb 2007 Posts: 532	Possible Security Risk? I figured with the rash of account hacking people have suffered, I figured I'd throw this up. I noticed that through the wow armoury, you can log in with your account name and pwd to see the guild bank contents. Unfortunately, as far as I can tell, this login procedure does not appear encrypted in any manner (i.e. no https). Seems like a pretty major oversight on blizz's part to me. I would suggest not entering your account information through the armoury. EDIT There is link to do a secure login on the upper right corner of the armoury page (https://www.wowarmory.com/login.xml), however if you go view the guild bank you will receive a login prompt that is not encrypted/secure (http://www.wowarmory.com/login.xml). __________________ -------------------------------------------- Jamerius (Feral Druid) Last edited by JAMerica; 02-26-2008 at 02:03 PM.

02-26-2008, 10:56 AM	#2 (permalink)
ThaDoctah Join Date: Aug 2007 Location: Toronto, ONT Age: 26 Posts: 1,364	Re: Possible Security Risk? I call conspiracy! __________________ \|TG-8th Mercs\| * New to TG? Start here * Become a Supporting Member <Someone give me more training STAT!>

02-26-2008, 01:35 PM	#3 (permalink)
ScratchMonkey Join Date: Aug 2005 Location: San Pablo, California Posts: 4,565	Re: Possible Security Risk? It's like the real world banks that designed there websites for IE and locked out competitors with much faster security response like Firefox. Blizzard makes a lot of noise about security. This suggests that maybe they're not so serious, after all. You should start a SlashDot story about it. I'll bet that would be a good Clue-by-Four! __________________

02-27-2008, 01:39 PM	#4 (permalink)
orion808 Join Date: Nov 2004 Location: Florida, US Age: 28 Posts: 2,346	Re: Possible Security Risk? ouch __________________

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Sponsored links

Sponsored links