IGNWORLD GAME : Ignworld.com >Account> Items> Store

Welcome, Guest. Please login or register.

Username :

Password :


Forget your password? Click here
IgnworldWow & Aion CommunityWow Discussion
  
1
Turn to
1
of
1
Page
Author Topic: How Blizzard could secure WoW from keyloggers (Read 95 times)
lovegame
Newbie
Head
reg: 2010-02-07
posts:6

How Blizzard could secure WoW from keyloggers
« on: March 10, 2010 »
Ok, so I have been doing a bit ofresearch. I know I promised that I would upload a video but it's goingto be more trouble than its worth without having a virtual machinerunning windows handy. I may set one up at some point, but not rightnow.

Standard keyloggers work by hooking in to windows messages and lookingat them before they get to their destination. The following is anexample of how this works.

  • Keylogger establishes hook
  • You type something on the keyboard such as the letter a in your username
  • Windowssends a "message" to the application, such as WoW, saying "Hey! theuser wants you to know they just pressed the 'a' key" or some suchthing.
  • Keylogger sees the message before WoW does and makes a note of it.

Users of later versions of windows will be familiar with the "Desktop"you see when you press Ctrl+Alt+Delete to change your password andsuch. The reasons for this setup are two fold.

  • Applications can't interceptCtrl+Alt+Delete and set up a fake "Enter your password screen" (Doesn'tmatter for this research, just including it for completeness)
  • The desktop it creates is secure and windows on it can't be hooked as they were above.

The good news is that 3rd party applications, such as the one I wroteto test this theory can use the same methods. I created an applicationthat does the following.

  • Create a desktop with a more restrictive set of security permissions than the standard desktop.
  • Switch to that desktop
  • Launch world of warcraft, telling it to use my new secure desktop.
  • All my keys are belong to me!


One of the security features of these additional desktops is to denyapplications from setting "Hooks" on windows running on them. This iswhat bests keyloggers. They can't hook into the window so can't seewhat messages are being sent.

last editorlovegame Last edit by 2010-03-10 22:40
moomoo
Newbie
Head
reg: 2010-02-04
posts:4

re: How Blizzard could secure WoW from keyloggers
« on: March 10, 2010 »
Do you intend to forward this info to Blizzard? Sounds promising (at least from my very non-geek perspective ^^)                                                                                               
  
1
Turn to
1
of
1
Page
Viewed Posts New Posts Top Posts Locked Posts
Strongly recommend : News | Videos | Comics | Articles | Album
IGNWORLD Copyright 2009,IGNWORLD Inc.All Right Reserved