Originally Posted by Vagabond
While I agree that the 2 pass or tier or whatever login *is* more secure, the extra security is moot for me. I don't live in Rang'Rang land and have no fear of roving bands of ruffians stealing my physical possessions just to get at my game characters. I don't frequent Cybercafe's. The Dohickey would be strictly an inadvertently installed keylogger prevention device for me. (though the idea that a certain portion of the population will quit practicing (or simply never start) good/safe/clean methods and now just ignore possible keyloggers while they do their online banking and whatever....)
|
Hopefully you don't use Internet Explorer at all. This is new and it is apparently possible since IE 6 up to and including 8 to record any and all keystrokes after you visited a malicous site and you are no longer there. It persists by circumventing basic security mechanism that should prevent code running after you left the site and stays around invisible.
US-CERT Vulnerability Notes
sirdarckcat: Browser's Ghost Busters
sirdarckcat: Ghosts for IE8 and IE7.5730
You better stop using Internet Explorer for now
What can be done by this is embed evil code for example in an add displayed on a non-malicous webpage that installs this ghost on your IE and when you later at some time log in to the Blizzard forum or your account management page, it can record your keypresses and send them somewhere.
Note that this vulnerability in theory is not limited to Internet Explorer alone, though there hasn't been a working proof of concept for other browsers yet (to my knowledge)