Have a read of the new legislation: http://www.legislation.govt.nz/bill/government/2010/0119/latest/whole.html?search=ts_bill_Copyright+%28Infringing+File+Sharing%29+Amendment+Bill_resel&p=1#tmpn1011a

Namely, I suggest you read sections: 122A, 122B, 122C, 122E and 122F although the whole thing is important.

A small breakdown of how this will come in effect:

1. Charlie downloads the latest Pirates of the Caribbean movie from a leading public bittorrent website such as ThePirateBay (almost all bittorrent downloads are from a public tracker) [copyright infringement made]
2. MPAA (Motion Picture Association of America) contacts Charlies’ ISP – in this example, it is Orcon Internet Limited
3. Orcon Internet Limited verifies the IP (Internet Protocol) Address to an account that is owned by Charlie
4. Orcon Internet Limited issues a warning letter [cease and desist] to Charlie
5. Charlie has 7 days to acknowledge the request and make necessary modifications to his Internet habits to not make this mistake again. (Strike 1/3 recorded)
6. If Charlie is smart, he will stop downloading content from public trackers. Since Charlie does not understand all of this, he repeats the offence. A maximum of three strikes is recorded against Charlie.
7. Charlies’ information is handed to the MPAA who will contact the local disputes tribunal or district court (depending on how angry they are at Charlie).
8. Charlie loses access to his Internet account with Orcon Internet Limited and can be fined upto $15,000 in damages.

Knowing the MPAA, they will also find other ways to steal all of your money.

Interestingly, if you are a school, library or university, you are exempted from the rule as you cannot fully comply with it, however your network systems must be able to produce the information if an infringement notice is served.

So moral of the story: Because of this, hardcore internet users who downloads gigs and gigs of movies, games, music and other things are more likely to get booted off the Internet for six months. If they repeat the offence they may get prosecuted and fined $15k or more. This is a good and bad thing. Good: Everyone will notice in increase in their Internet speed – as in browsing pages and permissible downloading of content will not take ages as not that many people will be clogging the (Internet) infrastructure with downloads. The bad: well you don’t get movies, games, music, anime etc before release in NZ… anymore.

Be safe. Download carefully.

Anyway, I decided, I would create a diagram representing the interaction between the Blizzard Authenticator and the login procedure. I’ve not yet (at the time of writing this 13/05/2010) decided to packet-sniff login information or not. For now I guess I will not sniff, though, if I’m bored I’ll check this out.

So going from what we know about WoW and its login requirements:

• Username (email address)
• Password (password)
• Blizzard Authenticator Number (string)

Now that we’ve got the details, lets think about the data encryption used.

Blizzard have come up with their own protocol called “wow” which communicates data once there is a connection established. This information can easily be captured by using applications such as wireshark.

From becoming intimate with Google (<3), it seems that World of Warcraft uses two algorithms for the encryption of data; while the username is sent in plaintext. An interesting discussion leads me to come up with the following information:

• SRP6 – newest addition to a new class of strong authentication protocols that resist all the well-known passive and active attacks over the network. SRP borrows some elements from other key-exchange and identification protcols and adds some subtle modifications and refinements. The result is a protocol that preserves the strength and efficiency of the EKE family protocols while fixing some of their shortcomings. More info.
• RC4 – is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks). More Info.

So basically, wow sends 4 packets, two from the client to the server and two from the server to the client. Each message to the server is accompanied by an ACK message which would confirm the message and thus proceed to the next process or phase.

WoW in all its awesome fun, is quite a complex piece of software which incorporates a token, 2 factor even “strong” authentication to ensure player account security. For more information on this, please click here.