Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Battle.net Security Breach

Battle.net announces an "important security update," revealing Blizzard has discovered "unauthorized and illegal access into our internal network." As a result, they recommend that North American users change their passwords, though they say they believe that the information retrieved "alone is NOT enough for anyone to gain access to Battle.net accounts." They also have written up an Important Security Update FAQ with all the details on this, including the surprising news that "information was taken that could potentially compromise the integrity of North American Mobile Authenticators," which will lead to a software updates.

Post Comment
Enter the details of the comment you'd like to post in the boxes below and click the button at the bottom of the form.

9. Re: Battle.net Security Breach Aug 9, 2012, 19:44 Mashiki Amiketo
 
Dades wrote on Aug 9, 2012, 19:28:
Good job to the chumps who kept blaming users and insisted authenticators were bullet proof before. No way Blizzard could be the ones compromised, its just users downloading porn and torrents who don't know how to secure their computar!
Authenticators were never bulletproof, but two factor authentication is much better than single factor. You know that right? As it stands, using SRP is nearly impossible to break. Unless they also have access to the salted-hash tables for each users password. If you don't understand how SRP works you can read about it here: https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

Besides, I already saw someone mention RSA. Too bad someone had to steal both the source code and the key creation layer in order to break their tokens. Blizz uses vasco, and the key creation is open source on that.

The only thing that was taken that could have compromised mobile authenticators, would be a hashing table. But that still doesn't affect physical ones.

Besides, I'd hazard a guess that blizz is smarter on this front than Sony. And this is the last two weeks to 30 days. If it wasn't, they'll be upstream paddling over it otherwise. And they'll also have to answer to their investors over it.

Julio wrote on Aug 9, 2012, 19:36:
I'm sure it helped the bottom line at Blizzard selling a bunch of authenticators for the past few months.
Yeah too bad blizz doesn't make money off selling authenticators, unlike other companies. Guess that sucks for them.

This comment was edited on Aug 9, 2012, 19:49.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
Subject
Comment
     
 
      ;)   ;)   :(   :(   :o   :o   %)   %)   :)   :)   :|   :|   ;P   ;P   X|   X|   :D   :D   More
 
Login Email   Password Remember Me
If you have a signature set up, it will be automatically appended to your comment.
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 
          Email me when this topic is updated.
 

Special Codes

  • b[bold text]b
  • i[italic text]i
  • u[underline text]u
  • -[strikethrough text]-
  • c[code text]c
  • +[bullet point]+
  • q[quote text (indented)]q
  • [quote="Author"]quote text (indented)[/quote]
  • [url=Link]text[/url]
  • r{red text}r
  • g{green text}g
  • b{blue text}b
  • m{maroon text}m
  • s{secret text (shows in the background colour)}s

Forum Rules

  1. Disagree all you want but attacks of a personal nature will not be tolerated.
  2. Ethnic slurs and homophobic language will not be tolerated.
  3. Do not post spam, links to warez sites, or instructions on how to obtain pirated software.
  4. Abusing the forums in any manner that could be construed as 'griefing' will not be tolerated.


footer

.. .. ..

Blue's News logo