There's always enough interest in the Blizzard Authenticator that we wanted to make sure our readership (who is clearly smarter than the average bear) is aware that it's back in stock. There's been a little rockiness, as Daniel put it, and there's sometimes a little question whether it's actually available. This time looks to be for real, and with an added benefit -- the Authenticator is now available in New Zealand, Canada, Australia, and Latin America.

The Authenticator has had some history behind it already. It's an obvious preventive against the many and varied keyloggers. There's nothing worse than getting your account hacked, since it often puts both you and your Guild in danger of getting robbed blind. There was an issue reported a while back about someone getting hacked even though they were using the Authenticator, though Belfaire confirmed that the Authenticator wasn't actually removed. Also, as I mentioned, there've been some oddities in whether it's in stock and if the order process goes smoothly. Trying to place an order for the Authenticator today, one of your intrepid Insider reporters saw style-sheet errors similar to the time of Failoc, the Fail Murloc.

Still, it's an added level of protection for you and your account. If you're at all worried about the security of your WoW account, you should see about picking one up.

We created a lot of waves with this post about Blizzard's Authenticator key allegedly failing -- as you know if you've been listening to the podcast, lots of people have emailed us with their own input on the situation, alternately thanking us for making it known that the Authenticator wasn't 100% secure, and lambasting us for being "ignorant" about how Blizzard's security token works. At the base of the story, there are two things we know are true: that someone was using the Authenticator on their account, and then was subsequently hacked. For that reason, we've stood by the "Authenticator fails" story -- while having an Authenticator on your account is a helpful line of defense, it, like all other computer security measures, isn't a 100% guarantee against getting hacked.

Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.

Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.

Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies. Someone in this forum thread apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account.

Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator. But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked.

The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable.

[Via BRK]

Update: Married IRL has more analysis, including a comment that confirms all you really need to get past the Authenticator is the user's secret question answer, usual address information, and the original CD key. If the standard for getting an Authenticator removed really is a Photo ID, it's fairly clear that Blizzard's reps aren't doing their jobs right.

More after the break.

There has been a YouTube video that has been circulating around the internet lately claiming to show how to get into the Wrath of the Lich King beta via a backdoor security flaw. The video directs you to another site, which you then must enter your user name and password that you use to get into WoW. Surprise, surprise: this is nothing but another trick to steal your account.

This video has been showing up in links around the WoW community lately just about as much as a certain great music video. This initially caught my attention when it was posted here in our comments a few times.

Since the real beta signups are under way, and access to the beta is expected to begin any time, we were expecting and indeed seeing a large uptick in the number of beta scams. Be sure to protect yourself.

The Blizzard Authenticator is currently sold out on the Blizzard Store. I'm sure there will be plenty more to come, when they're ready. I bought one as soon as I heard they were available. Although my experience with the Blizzard Store was not great, it was certainly better than some others. After my order was placed, every time I checked on in, I what appeared to be a rag doll murloc who informed me that an error occurred on the page.

My authenticator has arrived. Thanks to the free shipping from the Blizzard online store, I saved $0.59 in United States Postal Service postage. To be honest, I'm just glad to have my security token. The token come with a single piece of documentation, which directs the user to the security token FAQ page.

I expected the authenticator to be slightly larger. It's approximately the same size as the clicker for my Mustang. I have not yet devised a tether for it, but the device will soon be leashed to my computer.

We had heard that there were problems with the Blizzard Authenticator (a few people who'd ordered them had gotten their money refunded by Blizzard), but apparently there are at least a few going out. Mania got hers -- she says that it works great, that she has already associated it with her accounts, and that she's thrilled with her purchase.

Not everybody is so lucky -- reader Tweaky emailed us to say that his order was supposed to go out UPS Next Day Air, but after it didn't show up and he had a tussle with Customer Support, he then found out it was actually going through the USPS and that it would show up late. No word on whether he's seen his yet or not. A few people commented on our last post that they actually had shipping returned to them, so maybe Blizzard originally planned to send some UPS, and then had to switch to a cheaper mailing method.

At this point, Blizzard has the keyfob sold out on their website, and there's no indication when we'll see any more (soon, probably). It appears that not only did they vastly underestimate demand for the Authenticator, but that people are seriously concerned about the security of their World of Warcraft account. No other game company has ever offered anything like this before, but given the response, it could soon become a standard.

I spend most of my evenings perusing the North American and European WoW Foums for interesting topics for our Forum Post of the Day feature. I've come across all kinds of threads from the uplifting, to the whiney, to the popular discussion. They are a great resource for tips and strategies.

Blizzard welcomes constructive criticism and suggestions from the WoW community. You are welcome to be a part of it as well. There are a few things you should know about the forums.

We've already reported that the Blizzard Authenticator is sold out, but here's another twist to the story. WoW Insider reader Ryan told us that he placed his order last Monday, before the sell out was announced.

However, instead of getting his Authenticator, he instead got an unexplained refund. With no other word from Blizzard, they simply canceled the order and refunded the money. He talked to a coworker who had also ordered the Authenticator and found that he had the same experience. As of yet, Blizzard has not explained the refund to him.

It's likely that Ryan was simply unlucky enough to place his order after they'd sold out but before they'd officially announced it, but there's other somewhat unfortunate implications. If they're refunding his order instead of honoring it, it suggests that they don't expect to have any new Authenticators ready for quite some time.

It looks like I'm not the only one keen on getting a shiny, new account authenticator. The Blizzard Store is currently marked as "Sold Out" on the product. Tyren posted on the General Discussion forum that it will be several weeks before they will be available for purchase once again.

I believe that those who have placed their orders are still slated to receive them, though I have received no word on my order. I ordered mine Tuesday morning, and the order status is currently sitting as processed. If they follow the shipping schedule in the email, the devices should be sent out at some point tomorrow. I'll give a full review once my token arrives at my doorstep.

I'm giddy again. Why? Because I just placed an order for new Blizzard Authenticator. I am not the least bit phased about the price. Given the time frame between when Blizzard announces that they will do something and when they actually come through, I'm surprised this has come so quickly after the announcement. Sooner is better than later. I know what it's like to lose control of my account to a keylogger.

Operating under the assumption that they will operate both of my accounts, I placed an order for two: one for me and one for my better half. I shall let you know when the doohickey arrives if this is, in fact, the case. I also believe that they make a great gift, so I bought one for my mom as well. Shipping for this product is free, but you do have to pay your state sales tax (Nevada state sales tax for two, Michigan tax for one). The shipping disclosure states:

Alright, so the splash screen mystery is dramatic. Whatever the important announcement is, I don't think they could come up with one that makes me happier than the new authenticator. I will be first in line to buy mine once it comes out. It seems that most of us are with me. We've been clamoring for better authentication, and we're going to get it.

A one-time charge of six and a half bucks for an extra layer of security seems like a smoking deal to me. It hasn't occurred to me to be bothered by the price. Tuhrell of Malrone believes that the authenticators should be distributed by Blizzard for free. Vallana of Thaurissan is on a short list of responders in the thread that agreed with the original poster. She believes that her $15/month is enough to spend on WoW and is "not retarded enough to get hacked so I really don't need it."

Our columnists work day and night to push out terrific weekly columns and features here at WoW Insider -- in fact, they write so much that you might miss some of it. That's why, every Tuesday, we cover our most popular features from the last week in WoW. If you didn't catch them the first time around, get your baseball glove out and keep your eye on the ball, because here they are again.

	Ask WoW Insider: /roll abuse? Problems with the /roll system? We ask readers like you to sound off.
	Hybrid Theory: Shaman and the Wrath alpha What's up in Wrath for the totem tossers?
	Tank Talk: The better (and lesser) angels of our nature The tank raiding column gives some good tips for dealing with that little voice in the back of your head who says "go DPS!"
	Ask a Lore Nerd: The evil-o-meter Among other questions, the Lore Nerd answers who the most evil being is in the WoW universe. You know, besides Bobby Kotick. We keed!
	WoW, Casually: Is it feasible to play PvE casually? Can you play PvE without losing your life? Of course!

More great features after the break. Gotta click 'em all!

Arena Junkies is one of the most reputable online sources for. . .arena junkies. Its posters are numbered predominately among the 2000+ Arena Rated teams, and thus the site serves as a key resource for arena veterans and up-and-comers alike. Arena Junkies hosts dozens of forums, macros, strategies, and example Arena-centric Talent builds. Arena Junkies is also an official part of the Blizzard Fan Site Program. Oh, and they've got their own T-Shirts.

Which is why it can be so troubling to see they've been attacked by one of Vaneras's malicious "eVillains." The eVillain posted a "malicious applet" in their Interface forums, planting a virus which apparently spread to the hosting server itself. Naxos warns forum-goers that if any Junkie clicked on the link responsible for the attack, he or she should be careful that their system isn't under any danger. With the rising number of keyloggers and account theft, that kind of precaution is starting to get common for even the most casual WoW player.

Naxos definitely seems to have a handle on the problem, though. Arena Junkies reverted to its last-saved backup, from very early that morning, and now Arena Junkies is back to running smoothly. According to Naxos, the virus itself was a variation of the i-worm/stration virus. Links to the virus have, understandably, been removed.

It's unclear whether this attack was an attack of opportunity, or if someone has it out for the Arena Junkies. As Bio puts it: "He prob sucks at the arena."

According to reports, a new wave of exploits has appeared taking advantage of a vulnerability Adobe Flash Player. Allegedly over 200,000 web sites now have redirects to malware, including keyloggers, through embedded Flash. And we all know how evil keyloggers can be. Flash Player 9.0.115.0 appear to be the affected version.

Adobe quickly responded to the issue, saying that the vulnerability is fixed in 9.0.124.0, the latest version of the player, so to make yourself secure, all you need to do is update your Flash. To check what version you are running, go to this Adobe page. Keeping your software up-to-date is one of the best ways to close security holes; if you're truly paranoid, you could always go the route of adding Flashblock and/or No-Script into your browser. And be sure to keep an eye on our new Azeroth Security Advisor column for more tips on how to keep yourself from being compromised. Once again, to update your Flash and patch this vulnerability go to Adobe's "Get Flash" page.

Update: It is possible that certain versions of 124 (namely, the standalone version for Linux and the standalone version with debug capabilities for Windows) are also affected by the exploits. At this time it is recommended to disable Flash if you are running those versions.

Update 2: It is currently believed that all versions of 124 are safe. Nevertheless, caution is generally a good idea.