Security Alert

Today I had to move a blog off of the MMO Blogroll, but not for the traditional reason of the blog going silent (or vanishing).

Tobold's blog was flagged by Bitdefender for being an infected website.

I checked the alert more fully, and yeah, there's a definite infection there:

Oof.

Alas that I'm unable to contact Tobold, since doing so would require me to visit his blog to then find his email, so I'm kind of stuck here. So, here's hoping that Tobold actually reads blogs and will find this. Or, if someone knows Tobold's email they can contact him about this.

#Blaugust2022

Security Breach at Blizzard

Okay, I'm putting on my security hat and telling people to go to battle.net and change their passwords.

Why?

Blizz announced (in a roundabout way, via a blog post by the Blizzard President Mike Morhaime) that they've been the victim of a security intrusion.  Hackers apparently made off with passwords and some info regarding the authenticator programs, and there's the potential that your battle.net account has been compromised.

While the passwords are bad enough, it's the authenticator program breach that is the real problem.  Without two factor authentication to rely upon, your account is vulnerable.  If you use authenticator software to get your ID token, make sure it's updated to the current version.  No word yet on those people who have ID Badges (like the ones that RSA sends out), but if the breach included the algorithms necessary to generate the tokens, I presume that those will have to eventually need to be replaced.  However, at the moment Blizzard is only saying to make sure the authenticator software you use is up to date.

Here's the link to the WoW Insider entry on the issue:  Blizzard security breach, no evidence that financial data was compromised

On the bright side, Blizz is saying that they make sure the passwords are properly encrypted, which does make me feel better.  That gives people time to get their passwords changed before the old ones are cracked.