Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies. Someone in this forum thread apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account.

Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator. But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked.

The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable.

[Via BRK]

Update: Married IRL has more analysis, including a comment that confirms all you really need to get past the Authenticator is the user's secret question answer, usual address information, and the original CD key. If the standard for getting an Authenticator removed really is a Photo ID, it's fairly clear that Blizzard's reps aren't doing their jobs right.

More after the break.

There has been a YouTube video that has been circulating around the internet lately claiming to show how to get into the Wrath of the Lich King beta via a backdoor security flaw. The video directs you to another site, which you then must enter your user name and password that you use to get into WoW. Surprise, surprise: this is nothing but another trick to steal your account.

This video has been showing up in links around the WoW community lately just about as much as a certain great music video. This initially caught my attention when it was posted here in our comments a few times.

Since the real beta signups are under way, and access to the beta is expected to begin any time, we were expecting and indeed seeing a large uptick in the number of beta scams. Be sure to protect yourself.

The Blizzard Authenticator is currently sold out on the Blizzard Store. I'm sure there will be plenty more to come, when they're ready. I bought one as soon as I heard they were available. Although my experience with the Blizzard Store was not great, it was certainly better than some others. After my order was placed, every time I checked on in, I what appeared to be a rag doll murloc who informed me that an error occurred on the page.

My authenticator has arrived. Thanks to the free shipping from the Blizzard online store, I saved $0.59 in United States Postal Service postage. To be honest, I'm just glad to have my security token. The token come with a single piece of documentation, which directs the user to the security token FAQ page.

I expected the authenticator to be slightly larger. It's approximately the same size as the clicker for my Mustang. I have not yet devised a tether for it, but the device will soon be leashed to my computer.

We had heard that there were problems with the Blizzard Authenticator (a few people who'd ordered them had gotten their money refunded by Blizzard), but apparently there are at least a few going out. Mania got hers -- she says that it works great, that she has already associated it with her accounts, and that she's thrilled with her purchase.

Not everybody is so lucky -- reader Tweaky emailed us to say that his order was supposed to go out UPS Next Day Air, but after it didn't show up and he had a tussle with Customer Support, he then found out it was actually going through the USPS and that it would show up late. No word on whether he's seen his yet or not. A few people commented on our last post that they actually had shipping returned to them, so maybe Blizzard originally planned to send some UPS, and then had to switch to a cheaper mailing method.

At this point, Blizzard has the keyfob sold out on their website, and there's no indication when we'll see any more (soon, probably). It appears that not only did they vastly underestimate demand for the Authenticator, but that people are seriously concerned about the security of their World of Warcraft account. No other game company has ever offered anything like this before, but given the response, it could soon become a standard.

I spend most of my evenings perusing the North American and European WoW Foums for interesting topics for our Forum Post of the Day feature. I've come across all kinds of threads from the uplifting, to the whiney, to the popular discussion. They are a great resource for tips and strategies.

Blizzard welcomes constructive criticism and suggestions from the WoW community. You are welcome to be a part of it as well. There are a few things you should know about the forums.

We've already reported that the Blizzard Authenticator is sold out, but here's another twist to the story. WoW Insider reader Ryan told us that he placed his order last Monday, before the sell out was announced.

However, instead of getting his Authenticator, he instead got an unexplained refund. With no other word from Blizzard, they simply canceled the order and refunded the money. He talked to a coworker who had also ordered the Authenticator and found that he had the same experience. As of yet, Blizzard has not explained the refund to him.

It's likely that Ryan was simply unlucky enough to place his order after they'd sold out but before they'd officially announced it, but there's other somewhat unfortunate implications. If they're refunding his order instead of honoring it, it suggests that they don't expect to have any new Authenticators ready for quite some time.

It looks like I'm not the only one keen on getting a shiny, new account authenticator. The Blizzard Store is currently marked as "Sold Out" on the product. Tyren posted on the General Discussion forum that it will be several weeks before they will be available for purchase once again.

I believe that those who have placed their orders are still slated to receive them, though I have received no word on my order. I ordered mine Tuesday morning, and the order status is currently sitting as processed. If they follow the shipping schedule in the email, the devices should be sent out at some point tomorrow. I'll give a full review once my token arrives at my doorstep.

I'm giddy again. Why? Because I just placed an order for new Blizzard Authenticator. I am not the least bit phased about the price. Given the time frame between when Blizzard announces that they will do something and when they actually come through, I'm surprised this has come so quickly after the announcement. Sooner is better than later. I know what it's like to lose control of my account to a keylogger.

Operating under the assumption that they will operate both of my accounts, I placed an order for two: one for me and one for my better half. I shall let you know when the doohickey arrives if this is, in fact, the case. I also believe that they make a great gift, so I bought one for my mom as well. Shipping for this product is free, but you do have to pay your state sales tax (Nevada state sales tax for two, Michigan tax for one). The shipping disclosure states:

Alright, so the splash screen mystery is dramatic. Whatever the important announcement is, I don't think they could come up with one that makes me happier than the new authenticator. I will be first in line to buy mine once it comes out. It seems that most of us are with me. We've been clamoring for better authentication, and we're going to get it.

A one-time charge of six and a half bucks for an extra layer of security seems like a smoking deal to me. It hasn't occurred to me to be bothered by the price. Tuhrell of Malrone believes that the authenticators should be distributed by Blizzard for free. Vallana of Thaurissan is on a short list of responders in the thread that agreed with the original poster. She believes that her $15/month is enough to spend on WoW and is "not retarded enough to get hacked so I really don't need it."

Our columnists work day and night to push out terrific weekly columns and features here at WoW Insider -- in fact, they write so much that you might miss some of it. That's why, every Tuesday, we cover our most popular features from the last week in WoW. If you didn't catch them the first time around, get your baseball glove out and keep your eye on the ball, because here they are again.

	Ask WoW Insider: /roll abuse? Problems with the /roll system? We ask readers like you to sound off.
	Hybrid Theory: Shaman and the Wrath alpha What's up in Wrath for the totem tossers?
	Tank Talk: The better (and lesser) angels of our nature The tank raiding column gives some good tips for dealing with that little voice in the back of your head who says "go DPS!"
	Ask a Lore Nerd: The evil-o-meter Among other questions, the Lore Nerd answers who the most evil being is in the WoW universe. You know, besides Bobby Kotick. We keed!
	WoW, Casually: Is it feasible to play PvE casually? Can you play PvE without losing your life? Of course!

More great features after the break. Gotta click 'em all!

Arena Junkies is one of the most reputable online sources for. . .arena junkies. Its posters are numbered predominately among the 2000+ Arena Rated teams, and thus the site serves as a key resource for arena veterans and up-and-comers alike. Arena Junkies hosts dozens of forums, macros, strategies, and example Arena-centric Talent builds. Arena Junkies is also an official part of the Blizzard Fan Site Program. Oh, and they've got their own T-Shirts.

Which is why it can be so troubling to see they've been attacked by one of Vaneras's malicious "eVillains." The eVillain posted a "malicious applet" in their Interface forums, planting a virus which apparently spread to the hosting server itself. Naxos warns forum-goers that if any Junkie clicked on the link responsible for the attack, he or she should be careful that their system isn't under any danger. With the rising number of keyloggers and account theft, that kind of precaution is starting to get common for even the most casual WoW player.

Naxos definitely seems to have a handle on the problem, though. Arena Junkies reverted to its last-saved backup, from very early that morning, and now Arena Junkies is back to running smoothly. According to Naxos, the virus itself was a variation of the i-worm/stration virus. Links to the virus have, understandably, been removed.

It's unclear whether this attack was an attack of opportunity, or if someone has it out for the Arena Junkies. As Bio puts it: "He prob sucks at the arena."

According to reports, a new wave of exploits has appeared taking advantage of a vulnerability Adobe Flash Player. Allegedly over 200,000 web sites now have redirects to malware, including keyloggers, through embedded Flash. And we all know how evil keyloggers can be. Flash Player 9.0.115.0 appear to be the affected version.

Adobe quickly responded to the issue, saying that the vulnerability is fixed in 9.0.124.0, the latest version of the player, so to make yourself secure, all you need to do is update your Flash. To check what version you are running, go to this Adobe page. Keeping your software up-to-date is one of the best ways to close security holes; if you're truly paranoid, you could always go the route of adding Flashblock and/or No-Script into your browser. And be sure to keep an eye on our new Azeroth Security Advisor column for more tips on how to keep yourself from being compromised. Once again, to update your Flash and patch this vulnerability go to Adobe's "Get Flash" page.

Update: It is possible that certain versions of 124 (namely, the standalone version for Linux and the standalone version with debug capabilities for Windows) are also affected by the exploits. At this time it is recommended to disable Flash if you are running those versions.

Update 2: It is currently believed that all versions of 124 are safe. Nevertheless, caution is generally a good idea.

Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

So you've made it to the top. You're in a 1337 raid guild that can sleepwalk through heroic instances. The PvP teams that are lucky enough to have you grace them with your presence are first in your battle group. Your favorite hobbies include disenchanting purples and watching the n00bs pass out when they inspect your gear. You've been around since beta and everywhere you go people know your name. Yep is sure is great to be you(r toon). /emote pat self on back.

Then it happens. You login to find that somebody in your guild is the object of much ROFLMAO and that somebody is you. Your stomach drops out and your heart goes into overdrive as you read that chat. Now everybody in your guild knows your real name, home address, social security number, political affiliation, and drivers license number. But wait it gets better! Your arch rival just posted links to your online dating profiles, anarchist news group posts you made back in high school, and your criminal history. You've been RL PWN3D in the worst possible way.

Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

Welcome back to the Azeroth Security Advisor. Last week I discussed two of the three ways Blizzard keeps an eye on your computer. This week I'll cover the controversial Warden program whose discovery in Oct 2005 by Greg Hoglund caused a great deal of outrage and confusion not unlike accidentally joining a pickup group full of rogues. Reactions have been so strong that some trolls dwelling in their parents basements are still alternately posting "OMFG BLIZ HACKZ CALL COPS!!!" or "U SIGNED EULA SO STFU N00B!!!!!" depending on which of their medications are kicking in at the time. Most people forgot to care one way or the other within a few weeks and went back to life as usual. Lucky for Blizzard apathy is the universal solvent for organized resistance otherwise they might be facing a class action lawsuit by now.

The Warden's core mission is to continuously audit your PC for suspicious activity while you play. First it reads all the DLL's loaded into the WoW process space, which is a perfectly legitimate activity any way you slice it. After that, the Warden ditches its friendly park ranger hat for a ski mask and takes a look around the rest of your PC. It reads the text in the title bar of every window you have open including that really embarrassing Furry fan site you don't want your friends to know about. Yes Nekudotayim, Bliz knows about your pr0nz.! The Warden then creates a hash code (think fingerprint) of each window title and compares the results to a list of "banning hashes" for potential matches and subsequent divine retribution.

Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.

If you play World of Warcraft you agreed to the Terms of Use Agreement and End User License Agreement even if you don't know it. If you're like most gamers you "agreed" with all the forethought and consideration of a lab rat agreeing to run a maze in exchange for a yummy pellet of rat chow. Scurry, scurry, click, click... yum! Let's face it, when you're just two clicks away from playing the hottest MMORPG on the planet those screens usually go by just as fast as they appear. But what else besides deep fat fried MMO goodness is contained within the WoW client you're running?

One of things you agreed to while merrily clearing those pesky EULA and Terms of Use screens after every patch is that Blizzard "MAY" monitor your PC's RAM and CPU processes for "unauthorized" 3rd party programs that by Blizzard's "sole determination" may or may not be deemed naughty. Naughty in this case includes but is not limited to teleporting, data mining, exploiting bugs, facilitating bots and generally doing an end run around the game mechanics for fun and profit. In reality the WoW.exe DOES monitor your system, silently, thoroughly, and every 15 seconds.