WoW Players Targeted By Windows Flaw Exploit

grimwell writes "The BBC is carrying the story that the ANI flaw is being used to target World of Warcraft players, as hackers search for account details. 'Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group ... Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.'" Doubtless, any compromised accounts would quickly see their equipment sold, and the resulting gold transferred to another account. This gold would then be sold for US currency to Real Money Traders like the company IGE.

A cold day in Hell..

[zyl0x]

World of Warcraft is considered a better target for theft than a credit card. What kind of nerds are running those crime syndicates these days? Maybe if Blizzard came down on more of these gold-selling, account-selling, and item-selling service providers, this kind of nonsense wouldn't even be an issue.

Re:A cold day in Hell..

[voice_of_all_reason]

Maybe if Blizzard came down on more of these gold-selling, account-selling, and item-selling service providers, this kind of nonsense wouldn't even be an issue.

I wasn't aware of these fantastic new police powers granted to Deputy Blizzard.

And even if they could, on what grounds could you charge any of those places with a crime?

Re:A cold day in Hell..

[Planesdragon]

And even if they could, on what grounds could you charge any of those places with a crime?

Fraud and unlawful computer access, to start. Racketeering too, and possibly money laundering or false advertising.

Re:A cold day in Hell..

[faloi]

It probably is a better target, or at least safer. There's nothing illegal (AFAIK) about selling accounts and gold, and I imagine it'd be tough to prove who actually stole the account. The worst thing most people who engage in this behavior have to look forward to is an account suspension, whether you're buying or selling.

Re:A cold day in Hell..

[Aladrin]

What hole have you been hiding in? Anything that happens on Blizzard's servers is THEIR property. They can do whatever they like with it. By 'come down on' he means 'ban accounts'. If these 'gold-selling, account-selling, and item-selling service providers' lose more money than they make, they'll have to give up. It takes time and effort to amass stuff to sell, and there are companies -paying- people to amass it. If they have no way to do their thing, they'll have to stop.

Having said that, short of shutting down all the servers, there's no way to stop it. Even having to start from scratch constantly, they'll still make enough money to keep going and hopefully outlast Blizzard's fury. Blizzard can't afford to hire enough people to police this well enough to stop it.

Re:A cold day in Hell..

Or... all of you nerds could go outside once in a while instead of living in a fantasy world.

Captcha: "thawing", exactly what your dick is going to need to do.

Re:A cold day in Hell..

[zyl0x]

Considering that Blizzard explicitly states in their EULA that all items, accounts, and data within is owned exclusively by Blizzard, I would say that they have excellent reason to sue these companies for illegally reselling property that does not belong to them.

Re:A cold day in Hell..

[Sancho]

Their terms of service prohibit the sale of items/gold outside of the game. They can cancel the accounts of people who do this, and order the cancellation of eBay auctions (after all, the 'property' that is sold doesn't belong to the ebayer, it belongs to Blizzard). I'm not sure what steps they could take against non-US sellers, though.

Re:A cold day in Hell..

[Daravon]

Diversify yourself! Write a program to turn some computers into a bot-net for spamming. Create a few phishing sites. After a while you get bored so you write a program just to steal gaming accounts to let people steal ingame crap from people to sell for money. If you're writing the programs for other people, a sale is a sale. If you're doing the rest of the work, then you're just picking up another easy (comparatively) source of income.

Re:A cold day in Hell..

[voice_of_all_reason]

Wut.

Blizzard: You illegally resold our property
Company: How? You owned it the whole time, it was on your server. At what point was the item out of your hands? When was it "sold?"

Re:A cold day in Hell..

[voice_of_all_reason]

You would have to prove the gold/item trading companies were complicit in any of that. It hasn't worked for online auctions, search engines or ISPs, I don't see why it would work here. They say "we are a medium - it's not our job to investigate every sale for crime. You're the police, you do it."

Re:A cold day in Hell..

[Pojut]

If I remember correctly, most companies like IGE don't ask you to pay for the items...they are asking you to pay for their TIME.

This is why they are able to stay in buisness...they aren't selling you gold, they are selling you time. There is nothing illegal about trading gold from one toon to another in-game, and since real world money is exchanged out of the game for a commodity that they don't own (unless Blizzard is Father Time), there isn't much Blizzard can do.

Re:A cold day in Hell..

[0racle]

Nothing, or this problem would have been solved long ago. WoW isn't the first game to have to deal with this.

Re:A cold day in Hell..

[MyIS]

Ah, history is full of examples how making something illegal completely eliminates it. *rolls eyes* More laws make more criminals, and if Blizzard came down on this, they would only drive this arms-race to higher levels. *OR* they could cash in on this (first and foremost), and also improve the game so that IT ISN'T A FRICKEN SECOND JOB!

See, this is why I quit WoW - the fact that 90% of the time one has to "farm" or wait for a raid to assemble, or dully point their running character along some path across the map. I paid them money to escape the daily grind, and look what happened - I got into an even more boring grind. And, of course, there is no way to escape that grind either, because that's the only way to even get to the "fun" 10% of the game.

If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story.

Re:A cold day in Hell..

[ab0mb88]

Blizzard can't afford to hire enough people to police this well enough to stop it.

This seems to me to be a simple matter of creating a script to record all transactions that include so much gold and then filter by transactions per user and transactions that do not include a major item. This could not require that many staff members.

Re:A cold day in Hell..

[Impy+the+Impiuos+Imp]

Actually, that got so irritating with pawn shops that many states require pawn shops to record serial number and seller names of any items they take in.

So yes, playing too dumb can bring the law down on you whether you like it or not.

Re:A cold day in Hell..

[MBGMorden]

If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story. Yep, and they'd lose a lot of paying customers shortly afterwards. Here's the rub with games like WoW: they're largely a pissing contest where people like to gloat about how much better stats they have, how much better their gear is, how high their tradeskills are, etc. (and this is coming from someone who actually does play the game quite regularly).

If they took out the grind, the coveted "status" that so many either love to maintain, or love to strive for, vanishes. Everybody is left with just the game for the game's sake, which while arguably the way it "should be" won't work for WoW because the game engine itself isn't the most interesting thing in the world.

That's mainly why all the gear in TBC was so overpowered compared to the original campaign. People were finally getting to the point where many realized they were NEVER gonna make it into BWL, much less Naxx, and starting to lose interest. They gave them some major gear upgrades so that they can feel like "wow, I'm a badass - this stuff blows away the gear I saw those raiding guys walking around with a few weeks ago". Then they get back on the treadmill to try and reach that status again. Stupid, but if you take away the treadmill a lot of them will see no point.

Re:A cold day in Hell..

[voice_of_all_reason]

Never heard of such restrictions on pawn shops before, but unless there is a serial number on the item itself (handgun), that sounds like a joke. I'll do the same thing I do for online forms. John Smith. 123 Silly Lane.

Re:A cold day in Hell..

[snarlydwarf]

And I hope you have ID to match that. Again, in many states, ID is required.

Business Watch International (see BWIPOLICE.COM, for example) maintain database servers for pawn transactions and many municipalities are changing their laws to require pawn shops report their transactions electronically. (Here in the Eugene, Oregon area, for example, that is now the law. Not paper pawn slips for the police to wade through, but databases they have live access to.)

Of course, it could even be argued that these sorts of laws protect pawn shops from being charged with "Receiving Stolen Goods" as well as the loss associated with paying for an item that is taken by police after it is determined to be stolen.

The reason, though, this doesn't apply online is because the law regarding virtual goods is nebulous. Does The Sword of Death have a value? If no, then what is the crime? If yes, then why is getting it as a drop not considered taxable income?

Re:A cold day in Hell..

[Impy+the+Impiuos+Imp]

Ya know, you can play any number of other games that are halfway decent. Pick up an old copy of Sacrifice or Total Annihilation. It'll look dated, but one thing you aren't doing at any time is grinding.

Do people realize how mathematically futile it is to gain that big piece of equipment that raises your damage by 1%? The inability to change what you are by more than a few percent is their lazy man's way to balance.

If you must have a MMORPG, try City of Heroes. In it, you get:

- Cheap (free) high speed travel powers at level 14. Not paying 10 million dollars at level 40 to get a horse (for christ's sake) that can run at a whopping 1.4x your run speed. Or sixty billion at level 60 to get a horse that can run at 2x your run speed. (Anyone selling you a horse that lame in the real world would have gotten a noose around their neck 200 years ago.)

- True 3D movement -- flight isn't just you running along the ground 10 feet in the air, or reserved to predefined griffen routes.

- More than double your damage output by doubling damage, halfing speed of your attacks, doubling accuracy, etc. by placing "enhancements", which are somewhat easy to come across, and good ones can be bought at the store.

My bastard sword may be plain looking, but I'd take out any 5 level 60's from WoW any day. At least.

Re:A cold day in Hell..

[NewbieProgrammerMan]

I was really glad to see the "overpoweredness" of the gear that I got in Outland, because (for a little while, at least) it significantly reduced the gap between me and the people that can spend 20 hours a day grinding in the game for uber-gear. It was nice to go into a level 70 battleground and have a realistic chance of winning because nobody had an outrageous gear advantage. Sure, that gap will reappear shortly, but it's nice while it lasts. Hopefully there will be more expansions in the future...

Anyway, I've really kinda gotten over the treadmill thing. I may log on and do a quest or two, or go farm for something I need for a little bit, and then log off and do something else. Sometimes that's a nice break from work/homework/housework/yardwork, and I'm glad the game isn't so important to me that I feel the need to treat it like a job. It's just entertainment.

Re:A cold day in Hell..

[voice_of_all_reason]

If yes, then why is getting it as a drop not considered taxable income?

The correllary would be pretty interesting, suing for access to the drop tables if your loot percentage does not match posted approximations.

Re:A cold day in Hell..

[Nasarius]

They're not mutually exclusive, as you imply. In short: make the "grind" fun. Look at Ultima Online circa 1997-2000 for an example of how to do things differently. Yeah, the WoW system is so simple that the grind is all they have, but it doesn't have to be that way.

Re:A cold day in Hell..

[Sancho]

You get to double your damage? That's pretty cool. How fast do your enemies HP increase?

Ultimately, it's all about scale. If any MMO allowed you to vastly increase your power compared to the enemies you are expected to fight at that point in your character's development, the games would be mind-numbingly boring. My guess is that CoH enemies HP increases at a faster rate than WoW's, or that there are other ways in which a scale reasonably similar to WoW is maintained.

A better system might be a system of strengths and weaknesses where you have to constantly change your character in order to adapt (i.e. weapons do different amounts of damage depending upon who is wielding it and who is getting hit). In this way, grinding for a sword that's going to make it easier to kill a particular mob or class of mobs gives you a higher perceived benefit than that extra 1% of damage, but doesn't make you generally overpowered.

Re:A cold day in Hell..

[Samurai+Cat!]

Well there's a way to get around this, if Blizzard were so inclined.

It would involve an added security feature. When an account is created, present the user with a pile of unique graphics (could even be spell/item/etc icons from the game). Make the user pick, say, three out of the pile.

When the user logs in later, present the user with several of these graphics, with ONE of'em being one of their choices from the get to. User clicks on the right graphic, they log in.

It's pretty much purely a visual thing - no keylogger would be able to sniff this out.

If the user forgets his graphic key choices, just have an email reminder process set up.

Re:A cold day in Hell..

[Samurai+Cat!]

Err, "get-GO" not "get to". :P

Re:A cold day in Hell..

[brkello]

Wrong. Everyone wants the shotcut. Even if something is fun to one person, it isn't to another and they are willing to pay to get it done so they can concentrate on what they find fun.

Re:A cold day in Hell..

[xemit]

Funny thing is a group of us were having a similar discussion about the gold trading in another smaller online game. MTV did a special on the RMT. http://www.youtube.com/watch?v=ketOtwjAdO4

Re:A cold day in Hell..

[Graff]

Even easier - stop having people log in.

You should only have to enter your account name and password once, the first time you log onto the account. Blizzard could then encrypt your password along with some details unique to your computer system and use that to automatically verify your account the next time you log in.

If for some reason Blizzard needs to re-create the stored, encrypted password then it could ask you for the password again but with a statement to the effect of "Blizzard can no longer find your stored password. Verify that your computer is not compromised before you re-enter your password."

Also I think that the password you use for your World of Warcraft forum access should be required to be different than the in-game password. That way it would be harder for a keylogger to get your password when you log into the forums. They'll get your forum password but not your account password so all they will be able to do is troll the forums with your characters.

Re:A cold day in Hell..

[Senjutsu]

By you're logic, it's legal for me to sell someone the Brooklyn bridge. After all, New York still owns it after I'm done, so where's the crime?

Re:A cold day in Hell..

[ClamIAm]

Anything that happens on Blizzard's servers is THEIR property. They can do whatever they like with it.

This would be true if Blizzard and their servers resided in Libertarianfantasystan. But this is not the case, so Blizzard and their property are subject to the laws and regulations of the country(ies) they do business in.

Re:A cold day in Hell..

[AndersOSU]

Probably on the grounds of the EULA that you agreed to to run their software and access their servers. Doesn't it basically say that you are entitled to throw money at them, and they can do whatever the hell they want?

Re:A cold day in Hell..

[dknj]

To: Graff
From: BlizzardAnnouncement@blizzard.com
Reply-To: BlizzardSupport@b1izzard.com
Subject: Blizzard can no longer find your stored password

Dear World of Warcraft User,

We are unable to find your stored password. As you know, you should only have to input your username and password once to connect to our WoW servers from your gaming machine. Unfortunately, it would appear that you have done one of the following:

      - Reinstalled Windows or erased a critical part of World of Warcraft
      - Allowed your system to be compromised
      - Are playing World of Warcraft from a guest computer (eg. Internet Cafe, etc)

To resolve this problem, simply respond to this email with your initial full name, telephone number, username, password, and last 4 digits of your credit card that you used to sign up. A Blizzard support representative will contact you within the next 48 hours to ensure your system is free of malware and verifies your identity.

We are extremely sorry for any inconvenience this may have caused you and we will credit your account with a free month of service upon reactivation.

Thank you for choosing Blizzard

Blizzard Support
BlizzardSupport@b1izzard.com

Re:A cold day in Hell..

[Udderdude]

[quote]Sure, that gap will reappear shortly, but it's nice while it lasts.[/quote]

Actually, it looks like Blizzard is taking steps to avoid this. Gear drops from the current high-end 25 man raids aren't really that much more impressive than crafted epics or PvP gear. In some cases, the crafted epics/PvP gear are better than the raid drops!

Re:A cold day in Hell..

[irc.goatse.cx+troll]

Read that on the forums, had the same response(though I didn't post it as others beat me to it): Solves nothing.

Recording mouse movement and clicks is not any harder than recording keystrokes (okay, its more data and a little harder to sort through, but still trivial for any highschol kid with an outdated warez copy of vb).

In your main loop, check the list of open processes or windows and look for WoW. Wait a few seconds before next check if it isn't open.

If it's open, hook the mouse press event. Every click, get the mouse location and store it. Take a screenshot, compress it, store it with.

Also hook the file open event, or sniff the network. Both of these will tell you when the login is finished and you can stop capturing and begin slowly transferring your data so as not to produce any lag.

If its a set number of images you could even compare the images clientside to defeat it. Would be even easier than breaking captchas (which pwncha shows was doable).

Pictures and clicking are no more secure than users and passwords. Both can be sniffed. Both can be seen over the shoulder. Both can be social engineered out.

Though now that I actually think about it.. as worded ("several of these graphics") you wouldn't even need their image they clicked. Just their login and pass, which you could then use to start a login attempt up to the phase where you need to select an image. Note which images are shown. Wait however long you need to wait until their watchdogs go away(so as not to prematurely lock the account due to failed logins). Do it again. Remove any icons that wernt present both times. Repeat until you've got the only icon that was present in all attempts, and there you go.

Of course that's assuming randomized icon selection out of a large probability, obviously you don't have to randomize it each attempt but should instead take a random set of say 6*6 to show in a grid on every login in the accounts lifetime. Still sniffable as described earlier.

Re:A cold day in Hell..

[Graff]

Cute, but this is just social engineering and can be done just as easily with the password system that is currently in-place.

My idea is that Blizzard should try to have people enter their passwords as little as possible because each time you type in a password that's one more chance for a keylogger to capture your password. By only requiring people to enter their passwords the initial time you log in you make it so that a keylogger only has one chance to get your password rather than a chance every single time you log in.

As for the social engineering aspect you will never fully eliminate stupid people doing dumb things like responding to e-mails with sensitive information. The best Blizzard can do is to profile an account and attempt to identify whether or not the owner of the account is using the account. This could be done through the use of unique identifiers to the machine (MAC addresses, IP addresses, hardware TPM info, etc.) but it would have side-effects such as the account not being easily portable between locations.

There will always be some way to take over another person's account, the thing is to take reasonable steps to make this difficult. Only requiring a password once and then keeping an encrypted version of that password for later login sessions will help make it harder to compromise an account.

Re:A cold day in Hell..

[NewbieProgrammerMan]

Oh, wow, that's nice. I hadn't really looked into the gear that you can only get through raids. Maybe it will finally be possible to choose to play the game in a way that doesn't involve sitting around waiting on 25 people to get on with a raid, and still get good gear. :)

Re:A cold day in Hell..

[Kreigaffe]

Except you have to be a crafter, with a particular specialty, to make those epics. And by "PvP" gear you mean "Arena" gear, which..

well, I don't know exactly how the points will work out in the Arena, but rest assured Blizz will not make it easy to attain Arena gear. At all.

Re:A cold day in Hell..

[Snaller]

Anything that happens on Blizzard's servers is THEIR property.

It is of course a sick twisted law that makes something entirely non exsisting PROPERTY.

Having said that, short of shutting down all the servers, there's no way to stop it.

Indeed.

Re:A cold day in Hell..

It really isn't a problem attaining arena gear these days. A five man group dicking around the 1500's will get plenty of points to put toward their stuff. Maybe not a full set of armor every season but still very reasonable.

Re:A cold day in Hell..

I think you are forgetting one of the most important markets -- Internet Cafe players. How would people who play entirely in internet cafes on rented computers secure their accounts using this system?

Re:A cold day in Hell..

[Graff]

Simple, make it a setting just like autofilling the user name is now. Create a preference setting that you can turn on or off depending on if you want it to automatically log you in each time. In an internet cafe setup you turn off the automatic log-in setting and thus each person has to enter in their name and password every time they want to log in.

Re:A cold day in Hell..

[the_mushroom_king]

The reason, though, this doesn't apply online is because the law regarding virtual goods is nebulous. Does The Sword of Death have a value? If no, then what is the crime? If yes, then why is getting it as a drop not considered taxable income?

Don't give them any ideas!

fade to the future

The IRS robot looks sternly at the little man cowering before him, "Mr. Shroom, why did you not include your Sword Of Pwning, currently valued at $324.00 according to e-bay, on your 2010 tax return?"

Re:A cold day in Hell..

[jafuser]

This kind of reminds me of the businesses that "sell" lunar property, or the right to name a star.

Re:A cold day in Hell..

[Impy+the+Impiuos+Imp]

In old EQ, a buddy and I were mid teens ogres. We ran off to wherever it was to get the RTS -- the Runed Totem Staff (that was an awesome thing was how long ago this was.)

We fought our way down to the bottom, and there was a high level wizard who was camping for it -- he hadn't gotten one for 10 hours. After about 10 minutes he left. The first respawn we got one, then the next nothing. Then the third another, and thus after 3 spawns we both had our RTS.

Assuming he wasn't lying, this gave great evidence that they had placed a "no special drops" code if people hung around waiting for a respawn. What further gave me evidence was that I had myself and the other ogre leave the immediate area waiting for a respawn -- we hung out way down the hall where we could still see in.

Perhaps coincidence (though highly unlikely to get 2 of 3 after 10 hours of nothing), or perhaps the wizard was lying and had a sackful of RTSs, but I always doubted their denying there was a distance limiter on special drop spawns.

Re:A cold day in Hell..

[voice_of_all_reason]

That's even more a kick in the face than some of the quests in a mud I play. The reset() function in the room simply won't execute if there is a player present. The quest will never respawn until it hits a reset tick without a player standing there. It isn't impossible to discover, but not exactly publicized. So unless you complain on a channel and someone clues you in, it could be a costly lesson.

Re:Soulbind Gold?

[FredDC]

That would render the wow economy useless... You would only be able to buy from npc's and not from other players.

Re:Soulbind Gold?

[Aladrin]

Right, so money and goods that are yours permanently and don't give you a way to trade with other people... Yeah, great idea. I don't play WoW, but soulbinding (as you describe it) would only be good for a small handful of your goods that you -KNOW- you will never part with.

And you do realize that money is useless if you can't use it, right?

Awflly big brush you're tarring with...

[g051051]

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?

Re:Awflly big brush you're tarring with...

[pslam]

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?

Why, you could click on their web page and note the tagline "IGE, Buy WOW Gold, World of Warcraft Gold, FFXI Gil, Final Fantasy XI Gil, Lineage 2 Adena". These guys are assholes and proud of it. They don't deserve apologists.

Maybe I should also dig up the evidence that in the past they were involved in authoring trojans...

Re:Awflly big brush you're tarring with...

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?

Umm.. the fact that it's an example of the real money traders to which the sentence referred? You know, like "I play card games such as poker," "I wear pants such as chinos," or "I eat lunchmeats such as ham."

Re:Awflly big brush you're tarring with...

[TrumpetX]

Not to mention involved in large-scale economy manipulation in EQ and other games.

Basically, when 1 company buys everything (and buys up competitors who start up buying companies for resale), you're forced to buy from them, they can jack up the price to whatever they want.

The irony of the whole situation is that because they jack up the price of "UberSword001", you're 'forced' (yes, not forced, but you're left with few in-game options aside from farming a ton) to purchase gold/plat from IGE. They use the profits from your purchase to then fund the in-game purchases and jack up the price even further... Each time you buy/sell from IGE they take a bigger and bigger cut.

Re:Awflly big brush you're tarring with...

[g051051]

I understand about IGE, and don't like their business, but it's unjustified in this case to suddenly throw them in at the end in a blurb where the actual article doesn't have any mention of it. Regardless of their sleazy dealings, there's no reason to associate their name with this trojan as if they were connected.

Re:Awflly big brush you're tarring with...

[pslam]

The point is, there would be very little market for these stolen goods if the assholes at IGE didn't exist and there wasn't such a readily available blackmarket for in-game gold for out-of-game cash trading.

Using their "service" is against the game rules and cheating. Every time you buy from them, you are funding this legal (but totally unethical) blackmarket, as well as indirectly funding the illegal criminal element that writes trojans to steal your stuff instead. If it weren't for the IGE link, this wouldn't exist.

Re:Awflly big brush you're tarring with...

[IndustrialComplex]

The market exists already and would have had IGE never existed. IGE is providing a service that makes the market a bit less scary and puts a 'We aren't here to steal your credit card information' face on it.

Re:Awflly big brush you're tarring with...

[pslam]

I hate defeatists.

Re:Awflly big brush you're tarring with...

[Longfinger]

And I hate people that refuse to recognize the truth just because it contradicts their naive fantasies. You'll have far more success solving problems if you're willing to accept the truth about the source of those problems.

The truth is that many WoW players prefer to trade cash for gold instead of time for gold. Until you deal with this demand, you'll never achieve your ideal fantasy world uncorrupted by companies like IGE.

Re:Awflly big brush you're tarring with...

[dave562]

The truth is that many WoW players prefer to trade cash for gold instead of time for gold. Until you deal with this demand, you'll never achieve your ideal fantasy world uncorrupted by companies like IGE.

I am about at that point myself. I play WoW on a casual basis. I started playing about six months ago and my main is up to level 62. I still don't have an epic mount and the amount of time required to get one is ridiculous. I don't even want to spend the time that it would take to come up with 540 gold to learn the stupid skill, so I will probably plunk down $50 or whatever it will cost to buy that much gold. For me it's worth it. It's a shame that WoW is such a time sink. The game itself is pretty fun, but the amount of time that you need to invest in it to experience the "end game" content is absolutely ridiculous. I don't have the time to deal with people getting bent out of shape because I won't run the same instance with them three times in a row so they can try to get a drop.

Re:Awflly big brush you're tarring with...

normal leveling in outlands should net you the gold you need for your land epic by about level 65 (assuming your not blowing large amounts of money in the ah or on tradeskills).

Re:Awflly big brush you're tarring with...

Only three times in a row for a drop? lies!

Re:Awflly big brush you're tarring with...

[Snaller]

These guys are assholes and proud of it.

But at least they never spam people ingame, like the 500 other looser outfits.

Re:Awflly big brush you're tarring with...

[digitalunity]

Do what I did. Grind to 70 avoiding all questing in Netherstorm or Blades Edge mountain. Once you're 70, you get dramatically more gold per quest. Then do your questing and you'll find yourself making 50g-100g per hour, not to mention all the quests are easier than they would have been if you did them at their prescribed level.

I think I was the only person in Outland riding a 60% horse at 70, but I farmed my epic and flying mounts fairly quickly after hitting 70.

Re:Soulbind Gold?

[CastrTroy]

Well, if you could un-soulbind it, then that would probably be a good idea. Also, if you wanted to get rid of some sole binded gold, you could just buy an item, and then sell the item to another character.

Re:Soulbind Gold?

[Daravon]

Most gear is soulbound upon equipping it, but 99% of the stuff you own can still be sold at a vendor for gold. The amount you get depends on the quality of the stuff you're selling. Gold isn't bound to your character. If it was, you wouldn't be able to spend any of it.

Re:Soulbind Gold?

[Sancho]

Soulbinding isn't a choice--it's something that happens to some items (most often quest rewards) that prevents the reward from being transferred/used by other players. Gold cannot be soulbound--as others have pointed out, that would render it somewhat useless. Soulbound items can be sold to NPCs, however they can never be bought back. This does mean that soulbound items would still have value to a hacker who was trying to make real-world money.

Warning for players upon startup

[Sciros]

Is there some sort of big warning popup in WoW for players as they start the game up? (prior to entering a username/password)? I know that Guild Wars has special "news items" alongside the login form that you can read without having to actually log into your account. It would be cool if Blizzard (heck, and ArenaNet) had a giant warning that came up for the next few days informing people of this issue and of the upcoming fix from MS (or am I confusing my vulnerabilities/fixes here?...). That might help folks out perhaps.

Re:Warning for players upon startup

They've got even better than that; if you use the WoW Launcher, the current patch (as of Tuesday/Wednesday) should warn you (using a similar mechanism it uses to check for cheats in memory) if you have the most recently spammed variant of the keylogger (the one discussed here) installed. I wouldn't rely on that if I were you, but it's probably saved a few people.

It was spammed to the realm forums, and used the double-anih exploit renamed to .JPG (it still works if the GDI or Explorer sees it, so IE is the most vulnerable, although Firefox can still accidentally drop the exploit so the shell renders it). They deleted it pretty promptly, but had to stay pretty heavily on top of it.

Of course, it's a trusted-client problem; there's really no way to stop this comprehensively, and ultimately it's not Blizzard's fault if people's machines get cracked (unless actually via bugs in their software) - they're not in any way responsible for the security of their subscriber's computers. They're trying as hard as they can to shut the bots and goldsellers down, but it's an uphill battle against a growing threat.

By the way, MS had finished the patch for the double-anih issue 3 weeks before the disclosure (go ahead, check the dates on the Authenticode signature). They could have pushed out the whole update rollup last month, when they had no patches at all, but they chose to delay it for reasons unknown to me, which has resulted in the situation we have here.

Re:Warning for players upon startup

[rabbit994]

No, they are exploiting ANI. However a patch for this exploit has been released by Microsoft and is available via Windows Update.

Re:Warning for players upon startup

[lukas84]

It's called "Quality Assurance". You should read about it.

Imagine what would happen if Microsoft would ship patches without testing them at all - even with their extensive QA process, problems slip through their fingers. With no QA process, hell would be loose.

Re:Warning for players upon startup

Hell has been loose for a week. Hell is a publically exploited zero-day vulnerability in the wild, and what the resulting hundreds of thousands of infected computers are doing (in this case, mostly credential stealing).

The particular fix in question is a three-line patch adding a new length check to additional anih chunks in a RIFF file. The only thing it's going to break is the exploit.[1]

A previous fix was incomplete, as it added a length check only if the anih chunk was the first encountered. They really should have spotted that the first time around. It's called Quality Assurance - and Microsoft should read about it.

When an important security vulnerability is reported, it should be a first priority to mitigate the vulnerability - organisations which require a longer QA period (such as many corporations) delay the uptake of patches from Microsoft anyway, because they do not feel that sufficient testing has been given by them.

Microsoft try to delay patches as long as possible, to roll as many as they can up together to limit the quantity and frequency of them. They do this for two reasons: One, because they feel that a large number of patches in a short space of time would be bad for PR, and two, because corporate system administrators have got used to trying to manage MS's large patches with more extensive change sets, which can result in unwanted side-effects against which they've found they have to test.

Given they already take months and it is still not long enough for some people, but much too long for the timely fixing of critical security vulnerabilities, one should wonder if they should respond to single vulnerability reports at a time, and test and release simple fixes between 8 hours-14 days from report, like the majority of open-source software, and release small patches (they could be mere kilobytes with MS's existing binary-diff Automatic Updates technology) with much greater frequency.

If we can do it in a timely manner on a low or zero budget, why can't they do it with billions?

Perhaps if more reported but unpatched holes are fully disclosed, Microsoft will begin to take their security responsibility more seriously again and pay it more than just lip service.

They have made progress in some areas with the introduction of XP Service Pack 2 and some enhanced security features of Vista, so it's clear that some of them take security more seriously than others, but their patch management leaves a lot to be desired.

[1] The reason for the Realtek breakage is that what actually got released wasn't a patch, but a slightly newer version of the GDI tree which fixes this and five other vulnerabilities they've been sitting on for months - one of the functions has been pasted above another in the source, which has changed the function ordinals slightly for something that Realtek's code linked to. (Bad form on Realtek's part for ordinal linking, not MS's fault, and Realtek have patched.)

Re:Warning for players upon startup

[secret_squirrel_99]

It's called "Quality Assurance". You should read about it.

Actually last month's patch Tuesday was cancelled as a result of the Daylight Savings Time patches. It had nothing to do with QA. All Microsoft premier customers were notified well in advance of this situation.

Re:Soulbind Gold?

[kalirion]

Well, if you could un-soulbind it, then that would probably be a good idea. Also, if you wanted to get rid of some sole binded gold, you could just buy an item, and then sell the item to another character.

Great, so now only someone who has access to my account can steal my gold and items! That solves everything!

Re:Soulbind Gold?

[AndrewHowe]

Gold no, but most equipped items are soulbound. So they will only be sellable to NPC vendors. But there's nothing to stop Mr. Hacker from doing that. You can usually buy stuff back from the vendor but not after you've logged out. And Mr. Hacker will have helpfully logged you out. But he'll also have stolen your gold and the NPC's don't accept credit...

Oh darn... I use FreeBSD + WINE to play WoW...

[jimstapleton]

I feel so sorry for those poor hackers not being able to get to my account...

not.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[tgcid]

WINE strives for "bug-for-bug" compatibility with Windows. Are you really safe?

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[jimstapleton]

Sure...

Many games I play in WINE lack the bugs they have in windows.

Ex: Due to DirectX errors, Master of Orion 3 is virtually unplayable in Windows, where as it's flawless in WINE.

Also, WINE isn't involved in my web browsing or email.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[voice_of_all_reason]

WINE causes alot of bugs in the user including garbled command input, general lag/delay and a 5 point hit to decision-making. I'd steer clear of it when playing online games, otherwise you might find out one morning you just donated all your possessions to the "Microwave Pirates" guild in a confused stupor.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[SatanicPuppy]

Master of Orion 3 is unplayable period, and not because of any "unplayable windows bugs" but because the game design is grade A crap.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[jimstapleton]

Hmmm, I think you are thinking of a differint type of WINE.

This is not the WINE you find next to the BEER and VODKA, one aisle over from the SODA POP, but rather a software application you find in the PORTS TREE in BSD, or various SOFTWARE REPOSITORIES in Linux.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

Fag.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

Master of Orion 3 is virtually unplayable in Windows, where as it's flawless in WINE

I'd argue that it's virtually unplayable no matter what.

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[DRAGONWEEZEL]

I died laughing, and was resurected by a Holy paladin after I read your sig...

Re:Oh darn... I use FreeBSD + WINE to play WoW...

-1 Humor Impaired

Parent +1 funny

Re:Oh darn... I use FreeBSD + WINE to play WoW...

[tweek]

I agree. I play using Cedega and have never had any problems that weren't my own causing. The ONLY bug I've had that was even remotely annoying was occasionally losing the ability to type anything. I could still use all my macros and move with the keyboard just couldn't type in guild or whisper. Get to a safe place, log out and log in and it's resolved.

Re:Soulbind Gold?

[Das+Modell]

Almost all equipment in WoW becomes soulbound when equipped. Some items become soulbound when you pick them up. I would imagine that account hackers just sell these items to NPC vendors.

Re:Soulbind Gold?

[Aphax]

Gold can't be 'soulbound', but a lot of valuable items are. Also, the player can't really control wether it should be soulbound, it happens automatically. For example, some items 'bind' on pick up when you loot it from the corpse of something you just killed (BoP), some do so after equipping them (BoE). Therefore the chances of finding an unbound item on a player that would sell for a lot of gold on the Auction House isn't too big (unless he crafts them with the intent of selling).

All items (including bound ones) can be sold to NPC vendors however which will yield a relatively small amount of gold. I imagine that these people hacking WoW accounts will just 'vendor' everything anyway to get as much gold as possible.

Re:Soulbind Gold?

Equipment, yes.
Gold, no.
Trade skill items, no.

Irony?

I dont RTFA but im assuming u have to go to one of those "power lvl" sites for this to happen (or any other site). That means that people that buy gold and items (ilegal according to blizz) with real cash have big chances of getting hacked. If all this is true why should blizzard care? this is theire anti-power lvl system. RandomGM : WORKING AS INTENDED.

Re:Irony?

[coruscus]

That's why you're supposed to RTFA.

From the article:

Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group.

This means that you can visit a site that exploits the vulnerability, in this case it was a Super Bowl website, and your account will be pwnd next time you log on.

Re:Irony?

YOU DIDN'T EVER READ THE SUMMERY YOU LAZY MORON!
SOME RETARD MODDED YOU INSIGHTFUL BECAUSE THEY ARE AS STUPID/LAZY AS YOU WITH MOD POINTS.

The next step in you evolution will be to not ever read the title.

"Microsoft recalls the product X for manufactioning flaws"

To which you'll write "Wow I can't believe what schools are teaching these days"
I only pray you didn't breed.

OMFG! What about my Slashdot Account?

[Culture]

I just hope no one ever figures out a way to do this with Slashdot accounts. If WoW accounts are more valuable than credit cards, then Slashdot accounts must be more valuable than, I guess, say Dilithium Crystals or Ewok slaves. I think I have finally going to have to upgrade to Windows98 from Windows95. It probably is mature enough at this point.

Re:OMFG! What about my Slashdot Account?

[nuzak]

There's been at least one instance of someone buying a low slashdot id.

World of Warcraft Launcher

Blizzard recommends using their news launcher tool to start World of Warcraft, as it's supposed to be able to thwart any kind of attack.

Preferred MS patch procedure

[RealErmine]

What Microsoft should have done, instead of investing significant amounts of its own resources into the security patch, was tether a huge, yellow exclamation point over the Redmond campus. Wayward WoW players would be inexorably drawn to it where they would find a Non-payroll Personnel Coordinator (NPC) who would relate to them the details of the bug and why it needs to be fixed. Harvesting the collective zeal of the WoW community in such a fashion, the solution to the issue would have been presented to Microsoft promptly and at little expense. Patch notes could even be copied and pasted directly from the resulting Wowwiki page.

Incidentally, I plan to use a similar process to reduce the amount of manual labor around the home.

Re:Preferred MS patch procedure

[Hoi+Polloi]

But would they get any kwel l00t?

Re:Soulbind Gold?

[FordPrfct]

Some items can be soulbound, either when they are first obtained ("Bind on Pickup") or when they are first worn / wielded ("Bind on Equip"). However, even soulbound items can be sold to NPC merchants. Also, there is no way to soulbind gold, or any item not already marked as bindable.

WoW

[Greyfox]

Must suck having to worry about Windows exploits when you play WoW. One of my arena team members was complaining the other day that she needed another gigabyte of RAM to play WoW in Vista, too. I don't know if this is an issue in OSX since all my Apple machines came with 2gb.

There's been a recent surge in the number of gold farming and leveling service spammers in the game lately, too. Your only recourse with those is to disable the whisper channel, which you can do from the chat menu. Unfortunately then you can't get whispers. I'm pretty sure all these spams are coming from trial accounts. It'd be nice if Blizzard could include an option to ignore trial accounts. I suppose it'd also be possible to write a plugin to ignore whispers from people not on your friends list, but that's still a pain in the ass.

Re:WoW

[tweek]

Do what I do. Simple verbal harrasment complaint:

Player XXXXXXXX is whisper spamming website xxx.xxx.xxxx for gold and powerleveling services in area (STV|Barrens|wherever)

EVERY GM I've talked to thus far has said they don't mind getting these reports and that this is currently the prefered method.

The only time it's a pain is when I'm in the middle of a mob.

The way that would make it easier is to put functionality into the problem report to select a name from recent whispers. I know who foo and bar and baz are but Murxxtyyyvwee is not someone I've partied with in the past ;) I also report farming as well. I hate trying to do a quest when two indonesian farmers keep killing the mobs I need.

Re:WoW

I don't know if this is an issue in OSX since all my Apple machines came with 2gb.

WoW suffers when you have less than 1 GB of RAM in OS X. Raiding is practically impossible and traveling through a heavily populated area like Shattrah turns the game into a slide show since you're thrashing the whole time you're there. WoW is a memory hog, but I doubt it needs to be. I think it's just lazy programming.

Re:WoW

[Kennego]

It's just unfortunate that although this might ban the offending person, there's nothing stopping them from making another trial account and starting all over again, which is why I don't bother. I have never seen the same username spam about gold twice on my server, and that's because they don't have to use the same one.

The idea the GP had was fantastic, an option to ignore messages from trial accounts, but I imagine Blizzard would never implement this for fear of it damaging the "community."

Re:WoW

[The+boojum]

Another option might be to require a credit-card for trial accounts. They could do the thing where they verify the credit card without actually placing a charge on it. Credit cards associated with accounts banned for farming/advertising would be barred from creating new accounts. This would mean the farmers would need to have a steady supply of credit cards to be able to keep up which should raise the bar a little. And having the credit card on file could make things easier on legitimate trial accounts by offering a one-click upgrade to a paid account at the end of the trial period.

Re:WoW

[Graff]

I agree with you about Windows and exploits.

I don't want to get into a huge pissing contest about what operating system is best, whatever you like to use is great, however I honestly don't understand how anyone can run an operating system that gets exploited constantly. I know that Windows is the big target and Mac OS X is not completely invulnerable to being exploited but the fact is that right now there are no exploits in the wild for Mac OS X.

I use both Windows (I manage a bunch of Windows boxes at work) and Mac OS X and it is such a headache on the Windows side. You need to run several spamware/adware/virus protection programs, you have to completely lock down everything on a system, even updating a Windows machine is a huge hassle to do. Now maybe that will be the future of Mac OS X but so far it's been a cake walk - everything just works, updating is a snap, and I don't run ANY additional software to secure my system. I'm sure that I will have to some day but overall Mac OS X seems to be better thought-out when it comes to security than Windows.

I know that Vista has supposedly changed the Windows security model so that Windows is less exploitable but I've seen some serious nightmares in upgrading to Vista so I think it's generally agreed that you are better off waiting for Vista to mature before people start mass adopting it. If you are in the market for a new computer why not simply adopt Mac OS X instead? It's mature, stable, works easily, and if you get an Intel Mac you can always switch to Vista at a later date if you want to.

Anyways, use whatever operating system you like best. The best thing about having multiple, viable operating systems around is that it encourages competition and innovation which is great for the consumer.

Re:WoW

[Greyfox]

They demanded one from my room mate when she signed up for a trial account. I suspect that the spammers sign up with stolen ones.

Re:WoW

[bigstrat2003]

Actually, I recently discovered an addon called SpamSentry, which blocks whispers from the farmers. It's done a good job for me thus far, no false positives, and even if there are, you can choose to see the messages it blocked. The final nice thing about said addon is that anyone who spams you is put on a list, and you can open a GM ticket reporting all of those characters with a single click.

Re:WoW

[tweek]

That would actually hurt me as well (ignore from trial) because we have a guild we're building made up of people at work and people often use the trial copy to get rolling and decide if they wnat to play or just *listen* to us throw words around like aggro,dps,tank and zerg ;)

Re:WoW

[lostboy2]

Yup, I can confirm -- they do require a credit card (I had to enter mine to use the Guest pass I got from a friend).

Re:WoW

[Greyfox]

Yeah and I've helped out quite a few guys on trial accounts myself. I usually don't notice (They don't mention it) until I try to give 'em something to help them along and find that I can't. You can't trade stuff with trial accounts.

Still, being able to ignore trial accounts would probably be a better option than completely disabling the whisper channel or installing a mod so that only people in your friends list or guild can whisper you.

Re:WoW

[Gropo]

Get in the habit of opening a GM harassment ticket whenever you're spammed (and don't mind a little time investment). At the very least when Blizzard realizes how much of its paid employees' time is being wasted chopping off trial account heads they'll be more reticent to do something proactive about it. I wondered why they didn't just disable the /w ability for trial accounts altogether, your idea is far more sensible.

The obvious question is: why can't they flag an account for issuing a rapid series of identical /w to other accounts and rapidly sick a GM on them? Or immediately block the outgoing channel after an arbitrary number of messages? Seems a trivially easy approach.

Anecdotally, I and a bunch of other people in Shattrath/Nagrand last week simultaneously received a /w broadcast of some fluffy proverb... Almost as if the offenders were trying to muddy the water these offenses are swimming in.

Re:WoW

[Kharny]

While I agree that osX is a nice operating system, the security of the os is mostly guaranteed by the relatively small marketshare apple has. No operating system is without vurnerabilities, it's just that most trojans/viri etc. are written for windows since it has the biggest marketshare.

Anyway, the fact that a Mac would set me back around twice what i would need to pay for a similary powerfull pc, makes it currently a non-option for me atleast.

Re:WoW

[Graff]

Both of these are not exactly true. First of all Mac OS X has a better security model to start with than Windows. Ports are closed by default, Mac OS X uses a ton of open source tools as its foundation (more secure because they are peer reviewed more often), Apple is very on top of fixing vulnerabilities, a very comprehensive system of privilege separation, and there is no ActiveX so a browser exploit is very unlikely to take over the operating system. Even though Mac OS X is not invulnerable it is a much harder nut to crack than Windows.

The small market-share does help a bit but Apple has been a pretty big target over the last few years due to its grabbing headlines and the "smugness" of the users. There are hackers trying to break into Mac OS X because of this, so far they are unsuccessful but it's not for a lack of trying. I'm sure one day there will be a vulnerability but there is currently much less hassle when it comes to adware, spyware, and viruses on the Mac and I'm pretty sure it will be that way for a good while.

As far as the price of a Mac verses a Windows machine it's not so far off as you may think. A similarly-equipped machine from Dell or another manufacturer is going to be about the same price as a Mac. I'm talking about machines that feature-for-feature are very close, not some box that lacks stuff that comes standard on a Mac like Firewire ports and a real video card instead of some on-board integrated video crap.

If you are talking about a machine you build yourself then sure you'll save some cash. You'll also be spending your time pricing parts, waiting on deliveries, putting the machine together, and installing software. Time is money so don't count that as costing nothing. There is also the matter of things that go wrong with how the various parts interact and the lack of a comprehensive warranty for the entire system. Sometimes you waste a lot of money by trying to save money, I've built quite a few of my own machines and there are a lot of hidden costs involved.

I'm not saying that Apple is the second coming or anything like that, just that it deserves a good looking into if you are in the market for a new machine. There are a lot of positives about Mac OS X and there are many reasons some heavy hitters in the tech industry are buying them for their own personal uses.

Re:Soulbind Gold?

[Fozzyuw]

Don't WoW players have the option of "soulbinding" their gold and other items, so that only their own character can use them? This would seem to be the easiest fix for the problem of account hacking.

Soulbinding is for items only, which can still be (rare cases, not withstanding) sold to the vendor for gold. Gold cannot be soulbound. Which is why, on hacked accounts, the person is left naked and pennyless. Everything in liquidated into gold and the gold is transferred to another.

However, that is really a interesting idea. How would a game economy handle the idea of no inter -player trade? I would find that an interesting concept to test out. The game would have to be designed where 'all players are equal' in a sort. Everyone could craft any item (or require that you can only get crafted items from NPC vendors). Killing a monster and looting would give full value of money and items to everyone. (A monster drops 10 gold and all 5 players who killed it get 10 gold each. as well as a copy of the weapon or armour it dropped). Heck, a monster would no longer even NEED to drop items. They can just drop money and (as WoW is turning too) special tokens which can be exchanged for items at the high-end.

It would remove an 'economy', for whatever a virtual economy is worth (as technically, everything is limitless). Though I know a lot of people like the idea of 'trade' (I'm one of them), the real question is, does a 'game' really need it? I guess this is close to how Guild Wars works when you only play with NPCs. All items dropped are given to you and gold is reduced by the number of NPC party members. While some items can be dropped from monsters that you use, often find that armour is crafted for you by NPCs who require crafting materials you salvage from item drops and some gold. In essence, it's kind of like only getting gold from monsters.

Do so, does take something away from the 'feel' of the game, but it also can add to the 'work' of the game and I often find this adds to my own 'burning out'. Tough choice, but I like the idea and would like to see how people reacted to a game once they've played it fully.

Cheers,
Fozzy

Re:Soulbind Gold?

[Impy+the+Impiuos+Imp]

Soulbinding is for the purpose of keeping used items from degrading the economy -- when you loot a valuable item, you can either use it yourself, or sell it to other players, but not both. You can, of course, sell a used one to a merchant, who doesn't actually re-sell it, but you can imagine they do if it makes you feel better.

In any case, being able to un-soulbind something defeats the purpose of soulbinding. When you read "soulbound", read "rendered useless for trade to prevent valuable items from becoming too common".

It amazes me the "infield fly rules" these games create just to prevent them from being like reality. It's bad enough a guy with no fighting training and no armor can stand there waving his hands while a huge guy with a sword beats on him unopposed. But this is "balance", i.e. melee wimps, casters much tougher than they actually are (not damage they do, but that they take. You can't avoid flinching when someone waves a hand in your face, much less a sword, much less hits you with a sword -- yet you can't wear armor because it interferes with these "delicate hand movements". Sheesh.)

Simple Solution

[Atomm]

There is a simple solution to this. Instead of banning accounts and ignoring the fact that no matter what they do, people are going to pay hard cash for in game items, Blizzard should follow Sony's lead.

If they would control the whole secondary market process, it would help them track stolen property and give them a lucrative second source of income. Instead, they would rather take a hard stance and deny this is even happening.

Re:Simple Solution

[pslam]

No, then the game would suck even more than it currently does. Sony put a nail in the coffin of EQ1/2 when they did that and pretty much every authoritative commentator out there said it was yet another in a long string of extremely dumb moves by them.

There simply isn't any benefit to this. The solution, which I would never have suggested a year ago, is for them to stop bothering with the gold sellers and to start banning the gold users. Unfortunately the problem with WoW at the moment is the user base. There has been an explosion of spoiled emo brats with too much money, too little ethics and far too much mouth. They need to be killed off.

Re:Simple Solution

[NewbieProgrammerMan]

I'm not sure I'd call it "simple." It could kill the game by making it impossible to enjoy - the guys that can spend 16 hours a day grinding for gear would now also be able to safely spend real money (that they don't have to spend on rent because they're living in mom's basement) to buy even better gear and make things like battlegrounds even less fun for casual gamers.

Then again, maybe they're already doing that via the gold/item/level farmers. Maybe a legitimate exchange system for real-world money would make it more fun; as I understand it, replacing a black market with a legitimate market usually results in lower prices. Perhaps lower prices would allow me to spend $5 for that epic item instead of suffering through a 40-man raid experience 10 times hoping for a drop.

But that's all just a bunch of maybes, and some people (like me) probably aren't gonna spend even more money on something that's just entertainment, so the hard-core people are always going to do better than I am - they're willing to invest more time/money/whatever to maintain their uber-leet status in a *fictional game world*. So I guess I'm leaning towards, "legitimate gold/item purchases will kill the game for me." I'll just play until it isn't fun any more, and then I'll find something else to do for entertainment.

Re:Simple Solution

[Jerry+Rivers]

Maybe WoW needs another way to advance characters other than with gold or items, much like Everquest does. WoW seems completely gear driven. If a casual player could earn points towards new abilities maybe it would give them a leg up on the rich hard-core loot/gold mongers. Just a thought.

Re:Simple Solution

[NewbieProgrammerMan]

It would be nice if there was some equivalent to the "rested XP" bonus once you've reached max level; some benefit that casual gamers would receive for not being online all the time. I'm sure the hard-core people would whine about it, but I doubt many of them would quit over it (as long as it wasn't some outrageous benefit).

Re:Simple Solution

[Lord+Lemur]

In almost any MMORPG your toon is 95% gear, 4% Luck/Time and 1% skill. Doesn't matter if it's EQ2, WoW or anyother level based game. Once you cap out your level the only things that can differentiate your toon is gear and skill. If the difficulty of a game is too great many people will not make it to the max level. AA Xp ala EQ/EQ2 is just another leveling metric, it just makes the treadmill run a bit longer. My personal favorite peice of Vaporware currently is http://darkfallonline.com/ . It seems to have a design which would punch this type of activity in the gibbly bits (medical term). It's a PvP enviroment with apparently full loot, it's a levelless system (ala Ultima Online), and the combat interface seems to be far more Half Life then anything I've seen aside from Conan Online. I can only imagine it will be far harder for the IGN's of the world to sell coin in an enviroment where their harvesters are soft, fleshy and tasty targets. Maybe they will just come up with a scheme for a stock exchange style gold purchase system, but delivery is gonna be scary when anyone can attack you anywhere at anytime. Just my 14plat

Re:Soulbind Gold?

[pslam]

There are ways around this. A common trick used to exchange gold cross-faction (not involving gold sellers at all) is to stick a "plain letter" (a very cheap item) on the cross-faction auction house for the amount of gold you want. The player on the other faction then buys it.

Same applies to same-faction trading. In order to really stop gold changing hands, you would need to remove the auction houses. It would also render a lot of the profession system useless because you couldn't do enchants/crafting and get a fee.

Have you played WoW?

Re:Soulbind Gold?

[Phrogman]

In City of Heroes/City of Villains there is effectively no economy. There is no cash, but defeating mobs gets you "influence" (as a heroe, and its equivalent as a villain), that can be used to buy Enhancements that can augment your powers. The thing is those enhancements are also available from NPC vendors in shops, and are individually not worth much. As well when you get to higher levels, you are buried in influence and it becomes a non-factor really.

All in all the game is greatly improved by not having an economy and not having any "loot". Its refreshing I find...

Blizzard - loves and hates gold farmers

Gold farmers and their black-hat exploit friends make the game more palatable for the players who don't have time for the constant grinding required to keep up with their unemployed guildmates.

This is why Blizzard has not taken the one action that actually would stop the black hats and the farmers: banning anyone who buys from them.

The game already records all the transactions that occur. This information could be data-mined to identify gold farmers, middlemen, and their clients. The clients are the source of the money. The clients are the people who should be kicked from the game. The transaction logs lead to the clients.

Blizzard has to officially disapprove of gold farmers, but their failure to take action against their clients demonstrates that they are actually in favour of them. All they need to do is appear to be working to stop gold farmers by banning a token subset of them every month.

SOLUTION

The solution is obvious!! Sell your WoW account and start playing archaic games like Ultima Online. NOBODY in their right mind would want to steal your UO account/items/gold. It's kind of like driving a 1982 Dodge Aries...you could leave your keys in the ignition in Detroit!

But I play UO all the time. I never get bored of it. Account hacking is unheard of. Players do gank other players and get their items because the victims were dumb enough not to insure their items and went to a PvP area or joined a guild. I'm a player killer myself. I join guilds and kill tamers or mages and take their stuff :-)

I for one am glad the WoW Care Bears guild

[WillAffleckUW]

tends to use Mac Minis to play WoW on.

My female gnome mage giggles at the Windows ANI exploit!

Re:Soulbind Gold?

[jchenx]

It amazes me the "infield fly rules" these games create just to prevent them from being like reality. It's bad enough a guy with no fighting training and no armor can stand there waving his hands while a huge guy with a sword beats on him unopposed. But this is "balance", i.e. melee wimps, casters much tougher than they actually are (not damage they do, but that they take. You can't avoid flinching when someone waves a hand in your face, much less a sword, much less hits you with a sword -- yet you can't wear armor because it interferes with these "delicate hand movements". Sheesh.)

I know this is off-topic, but I can't resist. Other MMORPGs have tried being more realistic. Guess what ... they're not as fun!

If you're truly looking for something closer to reality, then perhaps you should check out LARPing ...

MMO's being a "grind".

[Mr+EdgEy]

When will people realise this is basically the whole POINT of an MMO? You grind to gain better items. That is the underlying principle of an MMORPG.

Want a game where you can jump into the action on an equal playing field? FPS's are out there, as are RTS, etc.
If everyone started at 70 on WoW the game would become incredibly boring. PvP? Why? No rewards except pride.

Re:MMO's being a "grind".

[endianx]

A large percentage of the quests are fun, regardless of reward.

Locking/unlocking items

[obidobi]

Blizzard should implement the possiblity to unlock/lock items for disenchanting and selling.

Locking an item would be instant. Unlocking would take two or three days. They could also add a notice that one or more items have been marked to be unlocked when you login. This will alert you of anyone trying to get to your gear.

This would not solve the problem but it will make sure you dont lose your gear when your account is hacked.

Re:Soulbind Gold?

[DeadManCoding]

Unfortunately no. "Soulbound" items, aka BoP (Bind on Pick-up), can be sold to NPC vendors, but can't be traded to other players or put up for in-game auctions. As I'm finally starting to get to a decent level, some of those items can hit hundreds of gold. If someone were to hack a lvl 70, between the gold on them and the items, we're talking a good chunk of change. But there's no way to make an item or currency bound to a single player.