I seem to recall straddling the fence on the RMAH issue long before launch, not sure whether I thought it would be a beneficial and enjoyable addition to the game or a deplorable debauchery that would corrupt the continuation of a legacy already marked with more corruption than any game I have ever known. However, during those discussions the one major downside I completely supported in opposition of the implementation of a RMAH was the insecurity of an online game hosted by Blizzard.
I was forced to weather the storm of so many Blizzard fanboys with such stale arguements as "I run an anti-virus and don't go to porn sites and I've never been hacked" or "an authenticator makes it virtually impossible to get hacked", but the worst and most obviously erroneous of these arguments would have to be "the new Battle.net is gonna be so secure that the only people who get hacked don't have authenticators and are stupid."
If you go to the Diablo III forums right now you can read the ranting of numerous Diablo III players (many of whom own authenticators) that have had their accounts hacked/stolen and their items stripped from them. Blizzard has responded with a generic "buy our authenticators response" TO THE PEOPLE WHO HAVE ALREADY BOUGHT THEIR AUTHENTICATORS.
I swear if I had the time and the energy I would try to track all of you fanboys down now for you "I told you so" come-up-ins. Alas, I'm a lazy old bastard trolling during Diablo maintenance who hopes as soon as it's over he can log in and find that he is lucky enough not to have had all of his gear removed by a scoundrel so devious and so ingenius to have wasted his time robbing me of the pixels on a video game for a mere pittance of what he/she could have actually made working a job.
P.S. how many of you think this occurence will make you hesitant to participate in using the RMAH? (not that your credit card info isn't already tied to your battle.net account from any previous online purchases such as Diablo III download or WoW game time.)
I don't know man, I have no authenticator, I play public games (doubt there is a relation), I do all sorts of dangerous stuff around the internet.. yet, I've never been hacked. Now you can call me lucky, but this thing has nothing to do with luck.
Bnet is fine. The hacks are the same old thing. People with bad security habits and no authenticator getting hacked. The reason so many? The hackers can read a calendar, too, and hit everyone all at once with all the info they had gathered, probably some of it gathered before the game released.
Pretty much says they haven't *actually* been given a hack with an authenticator attached *beforehand*, meaning a lot of those "I had an authenticator" posts were "Well, I added one after, hoping it would help".
we have yet to investigate a compromise report in which an authenticator was attached beforehand.
When you have a game with as many players as the blizzard games do.. you're going to have idiots that fall for scams and get their accounts stolen.. Its as simple as clicking a link in your email.
I seem to recall straddling the fence on the RMAH issue long before launch, not sure whether I thought it would be a beneficial and enjoyable addition to the game or a deplorable debauchery that would corrupt the continuation of a legacy already marked with more corruption than any game I have ever known. However, during those discussions the one major downside I completely supported in opposition of the implementation of a RMAH was the insecurity of an online game hosted by Blizzard.
I was forced to weather the storm of so many Blizzard fanboys with such stale arguements as "I run an anti-virus and don't go to porn sites and I've never been hacked" or "an authenticator makes it virtually impossible to get hacked", but the worst and most obviously erroneous of these arguments would have to be "the new Battle.net is gonna be so secure that the only people who get hacked don't have authenticators and are stupid."
If you go to the Diablo III forums right now you can read the ranting of numerous Diablo III players (many of whom own authenticators) that have had their accounts hacked/stolen and their items stripped from them. Blizzard has responded with a generic "buy our authenticators response" TO THE PEOPLE WHO HAVE ALREADY BOUGHT THEIR AUTHENTICATORS.
I swear if I had the time and the energy I would try to track all of you fanboys down now for you "I told you so" come-up-ins. Alas, I'm a lazy old bastard trolling during Diablo maintenance who hopes as soon as it's over he can log in and find that he is lucky enough not to have had all of his gear removed by a scoundrel so devious and so ingenius to have wasted his time robbing me of the pixels on a video game for a mere pittance of what he/she could have actually made working a job.
P.S. how many of you think this occurence will make you hesitant to participate in using the RMAH? (not that your credit card info isn't already tied to your battle.net account from any previous online purchases such as Diablo III download or WoW game time.)
No, they didn't. They specifically said that no accounts with authenticators have been jacked. They also have not found a single account that was compromised by any other way than a stolen password.
I also read a lot of the Diablo hacking community boards, more for curiosity than anything else. All of them have said that this session ID thing is false and what people are saying is happening isn't.
WoW players went through this a couple years ago, then they got smarter about protecting their accounts. D3 players will need to get there too.
WoW players went through this a couple years ago, then they got smarter about protecting their accounts. D3 players will need to get there too.
Yeah, I played WoW for 7 years, and was already familiar with this, and *expected* this to happen to D3. Of course I got flamed for it yesterday by people who just can't stand to post w/o bashing Blizzard.
The security of a given connection is only as good as the weakest part, so it doesn't matter if Blizzard is ironclad or whatever, when people have compromised info.
Blizzard can't save people from themselves, but the authenticator helps. It's like locking your car. Not foolproof, but the guys out looking for bags in unlocked vehicles will pass you by, and that's the hackers most of the time, too. They're not going to bother you because they have all those other easy targets.
The security of a given connection is only as good as the weakest part, so it doesn't matter if Blizzard is ironclad or whatever, when people have compromised info.
If you go to the Diablo III forums right now you can read the ranting of numerous Diablo III players (many of whom own authenticators) that have had their accounts hacked/stolen and their items stripped from them. Blizzard has responded with a generic "buy our authenticators response" TO THE PEOPLE WHO HAVE ALREADY BOUGHT THEIR AUTHENTICATORS.
P.S. how many of you think this occurence will make you hesitant to participate in using the RMAH? (not that your credit card info isn't already tied to your battle.net account from any previous online purchases such as Diablo III download or WoW game time.)
Ok, first off... your post makes me think of lemmings (you know, those small animals that die during migration because they have to follow the pack even if it's into a deadly situation). Just because a group is saying something some people seem to fall in line and follow blindly without any further information. "What's that? You're saying something that I'd like to believe is true? Well I'll just follow right along then and start to spread the misinformation as fact!"
Blue post on the front page: "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."
Because I don't agree with the misinformation being spread you'll probably lash out and call me a fanboy. That's cool. I'm ok with that. The RMAH is not linked directly with a credit card. It's linked with a Blizzard account that in turn "can" have a link with a Paypal account. At best someone would be able to transfer funds out of your Blizzard account and into your Paypal account. Now if your Paypal account gets compromised... I feel confident in saying that is *not* Blizzards responsibility.
Really wish the whole "session hijacker" theory-drivers would drop it.
Authentication + player data is hashed, and clearly undergoes md5 checks when reaching the serverside. Good luck pulling an alleged "GUID" from that data. Another player's GUID isn't even available on the clientside ObjectManager, which is why there are NO posts about this on Owned Core or any of the major Blizzard hacking sites. D3 isn't Average Joe's website, where you can SQL inject into the DB, grab the admin's session ID + salt, and fill in the blanks; session hijacking usually only applies in a web security theatre. We have yet to see any legitimate technical information as to how to session hijack, other than some baseless comments that you steal the other player's GUID, which if you actually loaded up Ethereal with D3 open (and joining a party), you'd know is impossible.
Some noob was phished or they snagged his/her information through some other means of social engineering, started reading up on Google because it couldn't possibly be his/her fault, and applied a web concept to a video game to start a rumor that is NOT possible.
Get an authenticator, or get dominated by farmers if you're so easy to socially engineer, end of story.
Ok, your editor can't manage his own computer security and gets owned. Why would you post misinformation about people being hacked with authenticator on or fake sql-injections? VG24/7 reposts this as well, lol.
Just got hacked with an authenticator. Blizz told me they haven't detected any suspicious activity. All my items and gold are gone. Diablo = 0/10.
Hi Turtle. According to your account records an authenticator was not attached to the account until after the compromise. If you'd like to discuss further, or have any questions, please contact our customer service department:https://us.battle.net/support/en/ticket/submit
Vocal minority effect. Of course people are going to get hacked, it's the nature of the beast. However, the amount of people hacked compared to the total number of players is miniscule: you're just seeing them all post on the forums at once because, hey, the game came out less than a week ago.
For the vast majority, battle net is fine and secure. A few will get unlucky. It sucks. But Blizzard seem to be taking every step to minimise the damage on their end (just look at how many hoops you need to jump through to use the RMAH), so they can't really be blamed for any hacks.
Epic stuff is epic,
Trolls that think they are smart, are MEGA epic.
What's sad is that people actually believe the trolls and stick up for them. Every single person who said they were hacked while owning an authenticator are blatantly lying. I'm taking great joy in all the people talking crap yesterday are hiding today because they are wrong.
I was late to the party on the discovery that it truly was just poor security on the part of users. I guess I should have suspected as much, but when someone posted a link to I believe eurogamer in another thread I thought that it lent credibility and was misled by it. I hope that people didn't spread misinformation for any particular reason than a misunderstanding also. I can't see why a gaming site would see an advantage to spreading misinformation about a game. Even when it's a game produced by a company as hated as Blizzard. Anywho, guess I'll eat some crow for my original post instead of dishing it out. Battle.net appears to remain secure serverside and Blizzard makes entirely too many options for user security available. I mean really, if you spent 60 bucks on a game and think 6 bucks is too much for security....... you may not deserve to get hacked but you deserve little to no sympathy.
Just got hacked with an authenticator. Blizz told me they haven't detected any suspicious activity. All my items and gold are gone. Diablo = 0/10.
Hi Turtle. According to your account records an authenticator was not attached to the account until after the compromise. If you'd like to discuss further, or have any questions, please contact our customer service department:https://us.battle.net/support/en/ticket/submit
owned
Haha, yeah saw this yesterday. What a loser! One thing is that people browsing the forums or whatnot, don't bother reading more after the first 1 or 2 post. Like above, many people, when they saw that thread, was like: "Dude, people are getting hacked even with an authenticator!!! WTF!!!". As far as I know, all the people that got hacked are people that don't have authenticators...if anyone can give a link to someone who has been hacked with an authenticator I take it back, but I haven't read/heard about this.
Also, with every second 10 year old around that have a smartphone, the probability that you as a battlenet user will also have one. Just download the Mobile Authenticator, it's fucking free!! And if you don't have a smartphone, it wise to just get the physical one. Are people really gonna have the attitude of "this won't happen to me EVAR!!" and ignore a extra easy and simple layer of security which almost makes it impossible to hack your account? Just get the damn authenticator. It's a small price to p(l)ay for future gaming and gaming with a clear mind.
If Bnet were truly compromised then Blizzard would bring it down and fix it, just like Sony did with their network a year ago. If they didn't the backlash would be immensive and the hit their public opinion would take would be catastrophic.
Bnet is fine. Some people are stupid.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
I was forced to weather the storm of so many Blizzard fanboys with such stale arguements as "I run an anti-virus and don't go to porn sites and I've never been hacked" or "an authenticator makes it virtually impossible to get hacked", but the worst and most obviously erroneous of these arguments would have to be "the new Battle.net is gonna be so secure that the only people who get hacked don't have authenticators and are stupid."
If you go to the Diablo III forums right now you can read the ranting of numerous Diablo III players (many of whom own authenticators) that have had their accounts hacked/stolen and their items stripped from them. Blizzard has responded with a generic "buy our authenticators response" TO THE PEOPLE WHO HAVE ALREADY BOUGHT THEIR AUTHENTICATORS.
I swear if I had the time and the energy I would try to track all of you fanboys down now for you "I told you so" come-up-ins. Alas, I'm a lazy old bastard trolling during Diablo maintenance who hopes as soon as it's over he can log in and find that he is lucky enough not to have had all of his gear removed by a scoundrel so devious and so ingenius to have wasted his time robbing me of the pixels on a video game for a mere pittance of what he/she could have actually made working a job.
P.S. how many of you think this occurence will make you hesitant to participate in using the RMAH? (not that your credit card info isn't already tied to your battle.net account from any previous online purchases such as Diablo III download or WoW game time.)
Bashlok posted this: http://www.diablofan...lo-iii/#post571
And this: http://www.diablofan...lo-iii/#post633
Pretty much says they haven't *actually* been given a hack with an authenticator attached *beforehand*, meaning a lot of those "I had an authenticator" posts were "Well, I added one after, hoping it would help".
No, they didn't. They specifically said that no accounts with authenticators have been jacked. They also have not found a single account that was compromised by any other way than a stolen password.
I also read a lot of the Diablo hacking community boards, more for curiosity than anything else. All of them have said that this session ID thing is false and what people are saying is happening isn't.
WoW players went through this a couple years ago, then they got smarter about protecting their accounts. D3 players will need to get there too.
Yeah, I played WoW for 7 years, and was already familiar with this, and *expected* this to happen to D3. Of course I got flamed for it yesterday by people who just can't stand to post w/o bashing Blizzard.
The security of a given connection is only as good as the weakest part, so it doesn't matter if Blizzard is ironclad or whatever, when people have compromised info.
Blizzard can't save people from themselves, but the authenticator helps. It's like locking your car. Not foolproof, but the guys out looking for bags in unlocked vehicles will pass you by, and that's the hackers most of the time, too. They're not going to bother you because they have all those other easy targets.
This.
Ok, first off... your post makes me think of lemmings (you know, those small animals that die during migration because they have to follow the pack even if it's into a deadly situation). Just because a group is saying something some people seem to fall in line and follow blindly without any further information. "What's that? You're saying something that I'd like to believe is true? Well I'll just follow right along then and start to spread the misinformation as fact!"
Blue post on the front page: "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand."
Because I don't agree with the misinformation being spread you'll probably lash out and call me a fanboy. That's cool. I'm ok with that. The RMAH is not linked directly with a credit card. It's linked with a Blizzard account that in turn "can" have a link with a Paypal account. At best someone would be able to transfer funds out of your Blizzard account and into your Paypal account. Now if your Paypal account gets compromised... I feel confident in saying that is *not* Blizzards responsibility.
Authentication + player data is hashed, and clearly undergoes md5 checks when reaching the serverside. Good luck pulling an alleged "GUID" from that data. Another player's GUID isn't even available on the clientside ObjectManager, which is why there are NO posts about this on Owned Core or any of the major Blizzard hacking sites. D3 isn't Average Joe's website, where you can SQL inject into the DB, grab the admin's session ID + salt, and fill in the blanks; session hijacking usually only applies in a web security theatre. We have yet to see any legitimate technical information as to how to session hijack, other than some baseless comments that you steal the other player's GUID, which if you actually loaded up Ethereal with D3 open (and joining a party), you'd know is impossible.
Some noob was phished or they snagged his/her information through some other means of social engineering, started reading up on Google because it couldn't possibly be his/her fault, and applied a web concept to a video game to start a rumor that is NOT possible.
Get an authenticator, or get dominated by farmers if you're so easy to socially engineer, end of story.
The article and comments make me sad.
Ok, your editor can't manage his own computer security and gets owned. Why would you post misinformation about people being hacked with authenticator on or fake sql-injections? VG24/7 reposts this as well, lol.
owned
For the vast majority, battle net is fine and secure. A few will get unlucky. It sucks. But Blizzard seem to be taking every step to minimise the damage on their end (just look at how many hoops you need to jump through to use the RMAH), so they can't really be blamed for any hacks.
What's sad is that people actually believe the trolls and stick up for them. Every single person who said they were hacked while owning an authenticator are blatantly lying. I'm taking great joy in all the people talking crap yesterday are hiding today because they are wrong.
Battle.net Profile / Diablo Progress Profile
Haha, yeah saw this yesterday. What a loser! One thing is that people browsing the forums or whatnot, don't bother reading more after the first 1 or 2 post. Like above, many people, when they saw that thread, was like: "Dude, people are getting hacked even with an authenticator!!! WTF!!!". As far as I know, all the people that got hacked are people that don't have authenticators...if anyone can give a link to someone who has been hacked with an authenticator I take it back, but I haven't read/heard about this.
Also, with every second 10 year old around that have a smartphone, the probability that you as a battlenet user will also have one. Just download the Mobile Authenticator, it's fucking free!! And if you don't have a smartphone, it wise to just get the physical one. Are people really gonna have the attitude of "this won't happen to me EVAR!!" and ignore a extra easy and simple layer of security which almost makes it impossible to hack your account? Just get the damn authenticator. It's a small price to p(l)ay for future gaming and gaming with a clear mind.
They confuse a hack (bots/maphack) with an account BEING hacked.
Of course no one pointed that out, because for some reason the entire community thinks D3 is the anti-christ.
Bnet is fine. Some people are stupid.