An interesting read came across my Twitter feed this morning, called “Looking Inside Your Screenshots.” The theory is simple: Blizzard is applying watermarks to your screenshots storing “personal” information. In this case, the author states that your account ID, a timestamp, and your server IP are captured.
Part of me was intrigued, and I did some reading on the discussion (get your tinfoil hats ready), and part of me shook my head. This blog post is around the thoughts that sprung to mind as I watched the commentary fly by about the whole topic, and my thoughts as I read the post.
Who Are You Really?
One of the fascinating things about the internet is that you can be anyone you want to be. I say that with a casual attitude, and only some succeed at it, but let’s walk through this.
Most people, WoW players, guild mates, even Twitter pals, exist as you know them. They are male, they are female, they are tall, they are short. You may know this because you’ve heard their voices in chat, you may know what they look like because of a picture thread on your guild forums, or maybe you’ve even met them in person! You may know if they are married, or if they have kids. What their pets look like, what their favorite pair of shoes is. You can learn a lot about a person, or even people, if you just step back and listen.
But there are other people; individuals who go to great lengths to hide their identities. They may only provide their voice in chat, but you know nothing about them. Some people choose to not even speak. They could be a stranger you see at the bus stop each morning on your way to work. They could be the classmate sitting beside you in lecture.
But you really don’t know, because they don’t want you to know.
I’ve been told I share a lot with the world. In the grand scheme, I probably do. That said, there is much that I don’t share. I shape a personality, an image, that I want you to perceive when you think about me. But who I really am, most people will never know. I can smoke screen through a lot of things–the only people who can truly see through it are the people who play the same mental games I do.
Social Engineering 101
Social Engineering, as defined by Wikipedia:
Social Engineering, in the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information.
And it’s so easy to do.
Wiki’s definition is a bit too tight for me. I’d paint it a touch broader that social engineering is the art of manipulating people to gain information or perform actions which they might not be inclined to do otherwise.
I was going to use Twitter as a prime example, but I think that it would hit too close to home for many, so I’m choosing to shy away from it. It’s a rabbit hole that if I went down would probably make people a touch uncomfortable around me, but it’s how my mind works…
The long and short of it is that I don’t need much information to build a picture about my Twitter followers. You’ve given me a lot of information, and with just a few nuggets, I can do some digging and build a complete picture that you probably don’t even realize.
Social engineering is, to put it bluntly, “creative use of real life mechanics.” It’s taking bits of information and seeding the rest to gather what you need. It’s asking very basic questions about a topic of interest, about your personal life, and then taking that information back into (in some cases) readily accessible tools to learn about someone.
Let’s take a step back in time in Miri’s life. I shared this in a very early blog post, but I’m going to flesh it out to give perspective on how easy it is to manipulate people. In this case, I manipulated my peers for my own success…
Social Engineering in Action
One of the courses I was required to take for my degree was in Information Warfare (my degree is in NetSec). The course description:
This course will examine and assess the role of information technology as a tool of warfare. Topics will be discussed from both a defensive and offensive perspective and will include: physical attacks, cyber-terrorism, espionage, psyops, biometrics, Network Centric Warfare, and applications of encryption technology.
Our final project was an information war, where we picked sides and were told about our alignments with other groups (enemies and allies).
My team took the challenge a touch further. We were, after all, the hackers. Loyal to no one, but hell bent on our own desire to win. But how were we going to defeat the other 10-11 teams? We sat together one day in the atrium at school, our laptops balanced in our laps, our cans of soda on the tables beside us, as we argued and debated our points to win. And then one of our teammates spoke. “What if we turned each team against each other? What if we played the ultimate war game?” Intrigued, we all leaned in. At that moment, we had decided to take one hell of a giant step, sidestepping the line of ethics, a scheme beginning to flesh itself out.
My teammate proposed an idea, and we began to weave the fabric that would completely change the game. We would pretend to be our professor, the current Assistant Dean of our school. We would communicate with our fellow classmates, planting seeds of misinformation to spin the game in our favor.
We had months of email communication from our professor. We knew her writing style, her greeting and her closing methods, her sentence structure. So we began drafting our communications, our misinformation. We knew who was on each team–their email addresses were published in an a course tool that everyone had access to. We sat on the school network, and spoofed our professor’s email address. We sent out email after email, each a touch different than the first, updating other players in the “war.”
Time passed, and we continued to develop our battle plan. We composed the final documents to present to our classmates, and showed up to class, completely calm, and more than a little curious to see if we actually succeeded in our game.
We chose to be the last team to present, and we watched as each team went to the front of the room, and pulled up their PowerPoint decks. We listened as they presented their list of allies, and their list of enemies. And we watched as they wove in our “information”–stating how they changed their allies and enemies list based on additional information that was provided to them during the course of the battle.
We watched our professor’s face contort into a frown, but she never spoke. The presentations continued, each one building on the last.
And then it was our turn.
I took center stage in the front of the room, and displayed the following image on the screen:
I watched the class’s facial expressions change. First they were confused, and I’ll admit, I smirked. My team’s ultimate goal had succeeded.
And then I spoke. I stated that we had no allies, and that everyone was an enemy. And I thanked them for their participation in our little scheme.
And the looks of confusion turned to anger.
I took a casual posture, leaning up against a table at the front of the room, my arms crossed in front of my chest, my face only illuminated by the projector showing the image behind me.
I asked my classmates who sent them the emails with the “additional information.” I asked that they point to the sender.
And I waited.
My classmates shifted in their seats and pointed to our professor, who looked even more confused. My fellow students studied our instructor as their looks turned to horror as they faced me once again.
I changed slides and sat back on the table, my legs crossed at the ankle, my hands casually resting on the table as I leaned forward to impart my final words of wisdom.
“You just spent a semester learning how wars can be fought online. You learned the ways that social engineering can be used to manipulate outcomes. And yet, you fell for everything you were taught to watch out for. Let this be a lesson–that things aren’t always what they seem.”
And with those final words, I blanked the screen and walked back to my seat.
Once my professor was able to get over her shock–her realization that we had completely manipulated a project she had assigned us, she polled the class on who won the war.
What You’ve Given Blizzard…
I got to watch people go “OMG my privacies!” about this whole watermarking scenario. I’ve watched people wave the BS flag, and I’ve watched people step back and wait for more findings.
My stance on the whole thing was “I don’t really care.”
If you are so worried about what’s in your screenshot, then take the time to step back and think about what you’ve given Blizzard.
Here’s a quickly compiled list:
- Name (Real or not, hope you never have to recover your account)
- Email Address
- Mailing Address
- Credit Card w/ expiration and secure code
- Buying history
- IP Address
- Computer specifications
When you’re logged into Blizzard’s servers, they have records of everything. A quick list, once again:
- Your IP
- Your character’s location in their world
- What’s in your bags/bank/mail
- Your addons
- Your conversations
If Blizzard wants information, they don’t need to store it in a screenshot; you’ve already given it to them when you sign on to their realms.
They didn’t need to socially engineer you for that information–you gave it readily.
So how do you protect yourself in light of this “finding”?
According to the author of the screenshots post, they think that “someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach.”
Some things I’d like to note:
- The account ID that is shown is not your Battle.net account ID, nor is it your BattleTag. It’s apparently the name that your account started with (think before we merged into Battle.net). The only person who knows that is the person who signs into the account (if you have multiple accounts and have to select which account to sign in).
- A time stamp. Well, in my screenshots, my clock is showing. You can see the HH:MM in my lower right hand corner if you care. And if you want to look at a screenshot where I hid my UI? Please let me know what time I took it in case I can’t find it again.
- My realm IP. As was noted to me earlier, it could be a dozen different IPs on any given night. Your realm IP, your dungeon server IP (remember, dungeons are on a different server), your raid server IP. And let’s not even open the can of worms that is CRZ–you’re bouncing to (or from) various realms all night now if you’re in low level zones. Have at it Blizzard. If anything, it would be intriguing for me to learn what the dungeon/raid server IPs are.
If you can go to the Armory, you can figure out what realm I’m on. Hell, it’s in my blog header. It’s on my Twitter account. I publish that information so people can find me.
If someone wants to exert the effort to extract that information from a picture, have at it.
There’s a lot of information already available thanks to search engines, standard “friendly” commentary, and ourselves.
Protect yourself by limiting what you say and share. You can help control the amount of information that the world can use against you.
But you have to make intelligent decisions to protect yourself. Don’t expect anyone else to do it for you.
Your safety and security starts with you.
I’ve been incredibly busy since I came back from travel in April. Work has been a massive time sink–I’ve been training new team members and trying to get better control of my crazy work life–because, well, at some point, I don’t want to be working 12+ hour days.
That being said, I relocated in May, and now spend 14 hours a week commuting (2 days a week). If you ever doubted my sanity, this should erase any question of doubt!
I’m still raiding with Enveloping Shadows 2 nights a week. We are currently wiping on Heroic Spine, and most nights end with me not even able to fathom where our weak point is (I have some ideas, but I’m still unsure). A lot of raid frustration is around the fact that our second staff (AKA, Staff 2.0), vanished from the game within a couple weeks of the team completing the second legendary (Staff 1.0 did the same thing). We currently cross our fingers at night that all 10 will sign on to raid because we don’t have any members on stand by. It’s a touch rough!
I haven’t given Beta much time, which annoys me to no end! I love playing it, and finally feel somewhat in tune with the new Paladin stuff, but I just haven’t had the time.
Most of my free time (what little there is) has been going to Diablo 3, where my Wizard is playing around in Nightmare level. I die a lot, but it’s fun She’s the only character I’ve played in D3, and I think I’ll be taking her up to Inferno before I consider rolling an “alt.”
I’m still on Twitter, though not as much as I was in the past. Usually because I’m so damn busy right now (which I’m hoping will change at the end of the month).
I’ve been studying for my Project Management Professional (PMP) certification and I’m testing at the end of the month. It’s a 4-hour test after 4 days of boot camp, so I’m hoping I can pull this off and cross it off my list before fiscal year ends!
I just returned from a jaunt to NC to do some teaming with my coworkers and meet the engineers who I abuse mercilessly on a daily basis. It was a great time to kick back, play some Kick Ball (yes, there are pictures), Bowl, drink, and eat a ton of sushi! My team is reorg’ing our business focus and alignment, as we are part of a service that no other company can offer to my customer base, so I’ve been doing a lot of design support at the ground level. I took on the massive redevelopment of our internal support space, so I will have my arms full with that for a bit–it’s a godsend that my Director supports my random goals and helps me out when I need it. We’ll see if this paves the way for some new role alignments in the future. I’ve been pondering a relo to NC in the next couple years but if I can put a support structure in place and maintain an escalation point for my greater team from the comfort of my home office (with little to no travel unless management requests), then I will be happy. We’ll see–this is the time where I have more flexibility to push for things that benefit me.
Anyway–it’s safe to say that very few of you give a shit about my private life, but I did want to let you know that I am still playing WoW (though not at the levels I used to, see above for reasoning) and that there are more blog posts in the pipeline!
So today the changes to the Scroll of Resurrection were announced. If you didn’t know what the SoR was, basically it was a way to lure your friends back into WoW after they had quit for a period of time. You could issue them a scroll and they’d get some free play time. I’ll be honest, I’ve never used a SoR to bring a friend back to WoW. They’ve come back of their own volition, usually to see new content or try out the changes to their class. Maybe they like what they see and they choose to stay, maybe they don’t, or another game catches their eye, and they wander away from WoW again.
Friends who have quit did so because they were hardcore raiders and burned out, some needed to get finances in line. Some of them came back, some didn’t.
The New Scroll of Resurrection
Let’s take a look at what the new Scroll of Resurrection gives you:
Not bad huh? A free upgrade to Cata, a boost of your character to level 80, a free realm transfer or faction swap to play with your friend who brought you back.
Not gonna lie, it’s tempting as heck! But tossing all these freebies at players who quit the game? Free Faction changes? That’s a $30 savings right there. A free server transfer? That’s another $25.
Not a bad deal in the least.
Miri’s “Get off my Lawn” Rant…
So here’s why this rubs me the wrong way. Every time we turn around, there’s a “bonus” associated with bringing someone to WoW. Whether it be a player who quit the game eons ago or a new player who wanted to experience the game.
Now players can play WoW free to lvl 20, the $20 purchase of Vanilla WoW nets you the Burning Crusade, and now you can come back and get boosted to lvl 80.
Not gonna lie, it’s better to be a new player (or a returning player) to WoW than it is to be a long-time subscriber.
And this bugs me!
The account that I play on each and every night hit it’s 7th anniversary last month. Over 7 years this game has been paid for. That’s Vanilla. That’s BC. That’s Wrath. That’s Cata. Every single expansion picked up. Let’s not mention that the account has every CE ever produced for those expansions tied to it as well.
I’d screenshot all the Feats of Strength I have on a character I no longer play, but it would take too long to piece together my WoW history in Photoshop. But if you want to take a gander, Mirina, my hunter, was the character I focused on in BC. My original Vanilla hunter and rogue were deleted eons ago, and only my baby druid still remains.
Admittedly, I play WoW because I enjoy it. I’ve RaF’d myself twice simply to speed level alts and get the Zhevra mount (on characters, once again, that I don’t play anymore). I play because I like to raid, because I like to do things with friends, because I like to explore, work on achievements, and in general, immerse myself in the World of Warcraft.
And many will say “well, then you should be content with what you have. You have raids, and heroics, and all the content that’s designed for players at max level.” And that’s great. I, as a player, have that. But so does every other max level player who plays WoW.
You know what else I had? I had a time were I had to buy ammo before raids, and your rep and the raids you were working on determined if you had the best ammo in game. I had to carry my mounts around in my bags, and pets too! I had to do my dailies so I could afford to raid, because guilds didn’t have the ability to skim money off of my kills and deposit it; regifting it back to me as payment for repairs while we were learning fights. I had to pay each time I wanted to change my spec because we could have only one. I had to go tame pets for my higher level pet skills. I had to attune myself to the raids I was preparing to progress in. I could go on and on.Yes, things have gotten better. Yes, the game is much more friendly and open to new and returning players.
But what do I have to show for 7 years in the World of Warcraft? I have Feats of Strength that no one looks at. I have moments like I did in the previous paragraph, where I extol how WoW has changed. But within WoW, what do I have to show for it? Well, I have a couple pets that were there for years 4 and 5. And those are cool. But they don’t go with my character for various reasons. Maybe it clashes with my Transmog, maybe it’s just not something I want to pair with Raz because of his personality in game.
The Missing Link
Blizzard rewards players for coming back to WoW via the Scroll of Resurrection. Blizzard entices you with two-seater mounts to bring a friend to the game via Recruit a Friend. But there is nothing for the WoW Veterans.
This is a topic that has been batted around for years, with people coming up with various ideas. In fact, just last month a discussion was started by Mathew McCurley on WoW Insider asking what a WoW Veteran program would look like.
My favorite option is a token awarded for each year you’ve been an active subscriber. Everyone can earn tokens to spend on a pool of items–it will just take more time for the person who’s been subscribed for a year to achieve all the items that a 7 year subscriber to get. It’s an equal opportunity for all to walk away with something highlighting their time spent in Azeroth.
Or, you know, I would love a backpack upgrade.
Like this blog post! I just posted recently about all the stuff that I owe readers and that I’ve been really busy with real life. And real life has been kicking my ass, I’m not going to lie. Last week was just a package of awful wrapped in awful and I was basically at wits end. I went shopping on Saturday to continue the ongoing process of furnishing my condo (because nothing is more fun than furnishing a place that is hours away from you when you still have a non-stop job AND have another property to keep up with) and basically hit my limit with people interaction at IKEA. How I used to work some of the biggest sales on holidays when I did retail is beyond me. Now, dealing with a crowd of people for more than a couple hours reduces me to a near panic where I just want to flee and hide. (There’s a point to this, maybe, so bear with me) Saturday basically just added to my burnout of real life and I came home to sulk. I was in a foul mood, and tried my damnedest to contain myself on an alt away from my raid team. But my alt is guilded on another realm with other friends who decided to run Sunwell that night. The best thing I could have done was stayed away, but against my better judgement I went, and my frustration got vented against an unprepared group of people (didn’t help that the Light Sunwell chest piece, that I still haven’t managed to get on Raz, dropped that run). I slunk off after we downed KJ, simply stating I needed to go to sleep.
I went to bed, my mind racing. I had offended one raid team while trying to hide from my own for our own night of fun runs. I was a mess and I knew it. I popped onto remote guild chat to send a massive apology to my healer who had assembled the Saturday night fun run in guild and told her I just couldn’t handle people and was trying to do the right thing by staying away. She gave me e-hugs and I eventually fell asleep, completely pitiful and wallowing in my own hatred. I even left poor Mal to tank the fun run because I was being my douche-tastic self.
I slept for like, 12 hours, and was still in a pretty frustrated mood when I woke up. And then there was a message asking if I had checked my in-game mail. And I was quizzical, but I hit up the mailbox. There were a couple wrapped packages, and a little hatchling waiting for me. Apparently while I was hosting my own pity party in bed, my dearest Deedle was locating 3 pets for me to hit the 100 pets achievement on Raz…
*sniffle* Did I mention how much I adore my Deedle? *GIGANTIC E-HUG TO MY FAVORITEST MAGE EVER*
And then, while I was still processing that I had 100 pets (and squealing over the Elementium Geode, because damn I like that pet!), Dee sat there and was calculating the easiest way to get me to 9K achievement points since I had declared Sunday to be “Achievement Point Sunday.” And I was going to farm ALL THE THINGS.
At some point, I went full derp and decided that one of the things I needed to farm was the rares in Northrend.
So, funny story here. I farmed up all the Outland rares while I was working on Northrend Loremaster. I mean, it probably would have made a lot more sense to…you know…work on Northrend rares…when I was in Northrend. But, this is me. And as many will attest, I don’t always do things logically. So, I completed Northrend Loremaster and my Outland rares around the same time. I think subconsciously, I was willing to do the Northrend rares because I was trying to avoid Outland. I had 12 characters at max level at the end of Wrath. I did a lot of Outland. I’m good with never going back. But I have to, because Raz never did Outland. And there’s that pesky Loremaster achievement…
Anyway, back on the rambly topic…
So I started farming Northrend rares, and I did pretty decently my first day. Eventually I got bored and wandered away from my PC for a bit, laying down to read some on my iPad. About 2 hours after I laid down, I decided I should be an adult and go grab a shower, but something called to me and I decided to do a quick rare hunt before hopping under the warm water.
I was in Storm Peaks, finishing up my loop for Vyragosa, when suddenly, NPCScan went off.
It was the Time Lost Proto Drake…
It was one of those moments of sheer panic. The moment of “OH GOD I WANT IT WHERE IS IT” to “OH GOD WHAT IF IT’S A CORPSE BECAUSE SOMEONE ALREADY GOT IT.”
My heart was racing, my hands were sweating, my eyes were wide. I started doing circles, trying to find it. And then suddenly, there was an Alliance Shadow Priest right beside me! I took off in the direction I hadn’t been yet, and was spam clicking the alert that NPCScan pops up on your screen. I was close enough to have the mob targeted, and it hadn’t taken any damage. OH GOD WHERE WAS IT!?!? And then suddenly, there it was! The Time Lost was soaring slightly above the ground and I took off after it. A quick Judgement and a fast Crusader Strike and the drake was dead. And I stood over it’s corpse, my body shaking, as I clicked to loot it. And there were the reins. And they were mine.
OMG. I just started NR rares today…I have the Time Lost Proto-Drake on Raz O.O
— Miri (@WoWMiri) March 4, 2012
And then the Shadow Priest appeared beside me…
I quickly looted the corpse and took to the skies, flying quickly back to Dalaran. It was at about this time that Mal woke up from his nap. My heart was still racing, but I managed to form words and show him the drake (which he thinks is hideously ugly, but that’s beside the point).
And the Shadow Priest hovered above, frustrated with my luck.
I wasn’t out looking for it, but I found it. And it made my weekend that much better. But the best part of my weekend? The fact that one of my friends was willing to set aside her plans for the day to help improve my mood.
❤ you Deedle! We’ll get you one too!
P.S. Yes, I know I am DAMN lucky with stuff like this…
Another one of those short and pointless blog posts that I seem to have an overwhelming tendency to make now.
I’m still alive, and still killing stuff in WoW (when it’s not killing me as the header pic shows)! I’ve added Heroic Domo and Heroic Alys to my collection of kills, basically relearned how to heal as Holy (it’s a completely different play style in 25s) and have discovered that I basically can’t heal 10s or 5s in my current gearing style. You’ll get some great shields, but with basically no haste? You’re screwed >.> So I guess I’ll continue tanking 5s when I get bored and need to cap VP.
Real life has sorta crit me hard–work has been absolutely hellacious and I’ve been prone to frustrated outbursts and panic attacks (as Twitter has been witness to) depending on what’s tossed at me. I’m in desperate need of this Thanksgiving break so I can unwind, get some WoW time in, and just do no work.
Things to come (this should look familiar):
- Discussion about Paladins and Mastery healing in 25s
- Heroic Alysrazor strat
- Heroic Domo strat
- Heroic Shannox strat
- Gear review for 4.3 (Prot and Holy)
And I’m sure I’ll think of more stuff. But anyways, I do still exist and I’m still really active on Twitter, so if you need something, or have a topic idea, hit me up there!
As some of you know, I’ve been an East Coast resident keeping up with the a West Coast raiding team. I’ve been raiding 10p-1a my time for the past 4 months, which was working out at the very beginning…and then one of my coworkers retired and I was “gifted” his accounts. While not the most awful thing, my engagement level with my clients stepped up, and I was going from a raid night to a very restless (and short, usually about 4 hours) sleep to a caffeine fueled work day. It was a running amusement on Twitter watching me struggle to make it through Thursdays; 2 cups of coffee as I left the house, a venti from Starbucks to get into my office, and then 1-2 Red Bulls and then a Coke on my way home. I was meeting clients looking (and feeling) like a zombie, and I just couldn’t keep it up any longer. I already work long days, but taxing my much needed sleep was becoming too much–days filled with headaches, me getting snappy in vent as exhaustion kicked in and I still had 2 hours left of tanking to go.
I spent a good chunk of BlizzCon catching up on sleep. 12-14 hours of sleep and I began to feel rested, with the dawning realization that I’m unable to handle random sleep patterns while remaining employed and never knowing what each day will bring me. It was a difficult decision, because I liked the people I was guilded with, but Mal and I were the early players because of the time difference. Things got started late, and finished even later for us. We agreed that even though our work schedules are going to remain long and demanding, we still wanted to continue raiding, but on a better schedule for us.
And so here we are. A new realm, a new guild, a new raid team, a new raid size. A new role.
My focus on tanking will be shifting in the VERY near future, as I am picking up my off-spec for full time play. My focus on tanking, and a primary generator of traffic to this blog will be diminished, but I’ll still be doing it in 5-mans and as needed for raids. I will instead be resuming a role I performed in Wrath, stepping back from the action and into the healing mindset. This may change what I post, as healing posts aren’t incredibly exciting–so I will probably stick with more generalized strat discussion for Firelands Heroics and Dragon Soul as we progress through the content.
So thanks for sticking with me through the changes, and I hope you continue to find lots of amusement (and possibly education) here in the future!
Hello from sunny California!
I started my BlizzCon trip today, departing the NoVA area early this morning and arriving in beautiful Anaheim this …morning. Time changes kick my butt!
- Gingerbread iced chai ROCKS
- Airline food is amazingly good – especially if you’re in the first row of the plane <.<
- Starting your morning with Bombay Sapphire will enable to you sleep for a good part of your flight
- Time changes kick my butt – I really want to go to sleep right now, and it’s not even 6p – I’m also starving right now
- I either have great priorities, or I have issues – BevMo has an INCREDIBLE selection of booze – definitely a good first stop!
That being said, I’m here, and I hope you enjoy the picture to go with this post–at this moment I’m too lazy to go outside and take a picture of the convention center, so instead you get my “mission control center”: leftover lunch, a gin and tonic, and my laptop, all set up in my hotel room.
Lots of fun stuff went down while I was thousands of feet up in the air–apparently there were some amusing Twitter discussions, Rades shared his newest blog post regarding Fabulor and his “achievement evening.” And apparently I got featured today on WoW Insider. Let me tell you, I wasn’t expecting that!
So, if you’re a new reader, welcome to my..uhh… *rubs back of neck and smiles uncomfortably* home on the web. This blog is sorta my amusement–you’ll find some serious stuff, like my boss strat guides, my humor regarding guildies and my main character, Raziel, and just anything else that pops into my head.
So…uhhh….welcome to the mayhem? =)