Comments on: Of World of Tanks Payment Security http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/ Fri, 30 Aug 2019 10:08:59 +0000 hourly 1 http://wordpress.org/?v=3.9.2 By: OOPMan http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167710 Wed, 02 Jul 2014 19:22:04 +0000 http://ftr.wot-news.com/?p=13798#comment-167710 Incorrect. A token is far more general than that, what you’re thinking of is referred to as a “hardware token”. However, tokens do not require hardware and it is quite possible to secure a system using software tokens only.

http://en.wikipedia.org/wiki/Security_token

http://en.wikipedia.org/wiki/Software_token

In the context of WG and their payment system, a software token system is where they need to go. I’ve just finished implementing one for something I work on and it’s pretty slick.

]]> By: OOPMan http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167709 Wed, 02 Jul 2014 19:21:11 +0000 http://ftr.wot-news.com/?p=13798#comment-167709 Not really. This kind of thing is very common among many web developers.

]]> By: Spikey http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167520 Wed, 02 Jul 2014 11:17:17 +0000 http://ftr.wot-news.com/?p=13798#comment-167520 token is a physical device for computer authentication, basically a small plastic object with part of the login code

]]> By: Gappa http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167516 Wed, 02 Jul 2014 11:06:02 +0000 http://ftr.wot-news.com/?p=13798#comment-167516 I really hope you are right :)

]]> By: PhiliPTran http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167513 Wed, 02 Jul 2014 11:02:15 +0000 http://ftr.wot-news.com/?p=13798#comment-167513 Lol, sloppiness of programmers. Classic WG

]]> By: Vamiris http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167463 Wed, 02 Jul 2014 09:49:49 +0000 http://ftr.wot-news.com/?p=13798#comment-167463 An auto-increment of an ID is not the risk itself.

You can make a payment and you have your ID, so you can be sure, the next payment from anyone has your ID+1 to identify his payment.

However, now you only have a ID you can work with. Saying you can read any data with that is not proofen. Normally you can query the server with that ID, the Server checks your authentication and gives you the reply.

The auth has to be known, to get some data.

The ID just gives you the first parameter. Normally you hide this ID or use a token (randomly generated number while the payment checkout) together with the ID.
In that case, you can check the ID and the token, before you have to check the auth-informations.

Saying I can query the server just with an ID and get informations is quite senseless… or WG did a real fail on their security…

]]> By: Silentstalker http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167418 Wed, 02 Jul 2014 08:30:33 +0000 http://ftr.wot-news.com/?p=13798#comment-167418 Nope, I am Czech

]]> By: Gappa http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167414 Wed, 02 Jul 2014 08:14:19 +0000 http://ftr.wot-news.com/?p=13798#comment-167414 http://stream1.gifsoup.com/view1/1142353/hide-yo-kids-o.gif
:))

]]> By: Gappa http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167413 Wed, 02 Jul 2014 08:12:41 +0000 http://ftr.wot-news.com/?p=13798#comment-167413 Well, the first time they had the “Change password for gold” event it was afaik WG’s fault.

The one you mention was the second (I think) event and imho you are right, it was because of Heartbleed.

]]> By: Woras http://ftr.wot-news.com/2014/07/02/of-world-of-tanks-payment-security/#comment-167412 Wed, 02 Jul 2014 08:11:11 +0000 http://ftr.wot-news.com/?p=13798#comment-167412 Net, on iz Čekii.

]]>