51 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >
 |
| 31. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 01:38 |
Sepharo |
|
|
| Yay everyone is looking at my Facebook, I'm popular! I've made it! |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 30. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 01:23 |
Alamar |
|
|
Sepharo wrote on May 23, 2012, 00:48:
Mashiki Amiketo wrote on May 23, 2012, 00:22:
Considering you can glean the answers to most security questions in about 30 seconds because people are idiots and post everything online, I'm sure you can see the problem already. Facebook makes circumventing that trivial, especially since most people use a school, town, pet, or current s/o as their questions.
I'm on all the social networks and I post a lot of info publicly. I challenge you to go find my mother's maiden name and my pet's name in 30 seconds (or I suppose just one of them in 30 seconds)... GO!
No cheating either, you only get 30 seconds, and I'm pretty sure the info is out there somewhere.
I thought this might be fun... But 30s isn't very long heh... Couldn't find the stuff you mentioned...
However, Initials of T.B. (or A.B. if we're talking legal names... Same initials as your sister or perhaps cousin)... And I think it's cool where you Interned in 07... : )
-Alamar |
|
|
|
|
|
|
|
| |
|
| 29. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 01:21 |
Kitkoan |
|
|
| Sepharo, I think I found your real name in 30 seconds. Looks about right, not sure if you want it posted here. I can sent it to you on Steam (I sent you a friend request, same name as here). Its a start |
|
|
|
|
|
|
|
|
| *automatically refuses to place horse heads in anyone's bed* |
|
|
|
|
| |
|
| 28. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 01:18 |
Kitkoan |
|
|
Teddy wrote on May 23, 2012, 00:40:
Kitkoan wrote on May 22, 2012, 21:29:
In short, its your fault if our security is broken, thanks for the money.
Not to mention, they totally dodged the issue. So, what happened with this? A lot of accounts got hacked, why? Your security at fault or the users security at fault? What steps are being taken to prevent further problems? Are their steps being taken? Is it being looked into? Or are you just going to point at the Authenticator and hope the problem goes away?
Here's someone that's never had to deal with account security before.
General tip for you, it's almost ALWAYS the user's fault when it comes to security breaches, whether it's games or network security within companies. Users choose poorly constructed passwords, re-use passwords over and over, release their information constantly to phishing scams and other unseemly sources, get viruses on their home machines that consistently need to be weeded out as they transfer files in.
You can protect against direct breaches of your own system. You can't protect against stupid users that don't maintain their own security. That goes for Blizzard just the same as it goes for any other company out there.
Short of Blizzard taking control of your computer and filtering or blocking out any questionable websites for you, what exactly would you like them to do?
Its not almost ALWAYS the users fault. Many times its an inside job, more so when money is involved. And while many users don't always use the best security skills, its seems like there might be more to this to see a sudden jump in these hijacked accounts.
As for what can Blizzard do? Well I mentioned that in another post. Their systems can make note of IP locations when the user logs in. If someone who last logged in 2 hours ago in the state of New York is now suddenly logging in from Washington, flags should go up. The Warden program should also send warnings off that it is sending information to Blizzards systems from the same system but with different account information in a short span of time.
Are the IP connections coming from in the country or out?
Is a character giving 90%+ of its equipment and/or gold to another account and receiving little to nothing back in the trade? Does this person have a history with the character they are giving these items/gold to? People don't randomly give all their worn equipment/gold to a random stranger in these games, this is unusual behaviour and should at least be noted by the system and have the items/gold noted with a GM-only-seeable tag to keep dibs on it to see if something is up).
Is the character that is getting the items/receiving all this gear from strangers doing it to more then 10 accounts in a short time span? This should make a notice go to a GM to start looking at the account. Blizzard keeps a record log of all communications in game and if one account, not character but account, is getting 90%+ of random players equipment and/or gold without any chatting between them and have no past records of being in touch through the account (WoW, SC2, D3 in the past), this should be looked into.
A system can have many flags in place to look for unusual behaviour that should at least try to get a GM's attention to watch for this kinda of stuff. |
|
|
|
|
|
|
|
|
| *automatically refuses to place horse heads in anyone's bed* |
|
|
|
|
| |
|
| 27. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 01:02 |
Sepharo |
|
|
Mashiki Amiketo wrote on May 23, 2012, 00:58:
Besides, the point I made about 30 seconds stands true.
I'm not seeing them... Where did you end up finding them? |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 26. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:58 |
Mashiki Amiketo |
|
|
Sepharo wrote on May 23, 2012, 00:48:
I'm on all the social networks and I post a lot of info publicly. I challenge you to go find my mother's maiden name and my pet's name in 30 seconds (or I suppose just one of them in 30 seconds)... GO!
No cheating either, you only get 30 seconds, and I'm pretty sure the info is out there somewhere. I'm sure it is. But if someone is compiling a list to farm accounts they'll already be working off a list and have me beat. Besides, the point I made about 30 seconds stands true. |
|
|
|
|
|
|
|
|
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken |
|
|
|
|
| |
|
| 25. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:53 |
Pigeon |
|
|
| I'm willing to bet a large portion of these are from phishing. There were/are sites that mimic blizzard's sites and making it easy for them to phish the account name and password when people try to log into their accounts. Not to mention emails that get sent out pretending to be from blizzard. |
|
|
|
|
|
|
|
| |
|
| 24. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:48 |
Sepharo |
|
|
Mashiki Amiketo wrote on May 23, 2012, 00:22:
Considering you can glean the answers to most security questions in about 30 seconds because people are idiots and post everything online, I'm sure you can see the problem already. Facebook makes circumventing that trivial, especially since most people use a school, town, pet, or current s/o as their questions.
I'm on all the social networks and I post a lot of info publicly. I challenge you to go find my mother's maiden name and my pet's name in 30 seconds (or I suppose just one of them in 30 seconds)... GO!
No cheating either, you only get 30 seconds, and I'm pretty sure the info is out there somewhere. |
|
|
|
|
|
|
|
|
| [I'm not trolling I'm just] tossing stuff like that in there only to get your panties all bunched up. -TrollinThundr |
|
|
|
|
| |
|
| 23. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:40 |
Teddy |
|
|
Kitkoan wrote on May 22, 2012, 21:29:
In short, its your fault if our security is broken, thanks for the money.
Not to mention, they totally dodged the issue. So, what happened with this? A lot of accounts got hacked, why? Your security at fault or the users security at fault? What steps are being taken to prevent further problems? Are their steps being taken? Is it being looked into? Or are you just going to point at the Authenticator and hope the problem goes away?
Here's someone that's never had to deal with account security before.
General tip for you, it's almost ALWAYS the user's fault when it comes to security breaches, whether it's games or network security within companies. Users choose poorly constructed passwords, re-use passwords over and over, release their information constantly to phishing scams and other unseemly sources, get viruses on their home machines that consistently need to be weeded out as they transfer files in.
You can protect against direct breaches of your own system. You can't protect against stupid users that don't maintain their own security. That goes for Blizzard just the same as it goes for any other company out there.
Short of Blizzard taking control of your computer and filtering or blocking out any questionable websites for you, what exactly would you like them to do? |
|
|
|
|
|
|
|
| |
|
| 22. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:30 |
Creston |
|
|
Mashiki Amiketo wrote on May 23, 2012, 00:22:
Kitkoan wrote on May 23, 2012, 00:00:
What kind of questions are those and thousands of them are being guessed too? Those are rarely touched after first done so a key logger doubtfully would get so many. If they are popping up for hacked accounts, how are they cracking account name, password and rarely touched but uniquely answered private questions? All without getting noticed to a IP/unique warden based ban? Considering you can glean the answers to most security questions in about 30 seconds because people are idiots and post everything online, I'm sure you can see the problem already. Facebook makes circumventing that trivial, especially since most people use a school, town, pet, or current s/o as their questions.
To be fair, most outfits just make you choose from a pre-selected 6 or 8 options, and they'll all retardedly easy questions to figure out about somebody.
There's very few places that allow you to specify both the answer as well as the question.
Creston |
|
|
|
|
|
|
|
| |
|
| 21. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:22 |
Mashiki Amiketo |
|
|
Kitkoan wrote on May 23, 2012, 00:00:
What kind of questions are those and thousands of them are being guessed too? Those are rarely touched after first done so a key logger doubtfully would get so many. If they are popping up for hacked accounts, how are they cracking account name, password and rarely touched but uniquely answered private questions? All without getting noticed to a IP/unique warden based ban? Considering you can glean the answers to most security questions in about 30 seconds because people are idiots and post everything online, I'm sure you can see the problem already. Facebook makes circumventing that trivial, especially since most people use a school, town, pet, or current s/o as their questions. |
|
|
|
|
|
|
|
|
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken |
|
|
|
|
| |
|
| 20. |
Re: Blizzard on Diablo III Security |
May 23, 2012, 00:00 |
Kitkoan |
|
|
Frijoles wrote on May 22, 2012, 23:45:
Kitkoan wrote on May 22, 2012, 23:30:
And with so many accounts they most likely are coming from the same IP area which should set off warning bells when a few hundred accounts suddenly all stop logging in from their last known IP and suddenly are logging in from the same IP area, which the same computer specs that doesn't match their last known configuration (something the warden program is supposed to look at)
They do check, from above:
We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions)
I get the authenticator popup if I try to use a different computer than normal to login (I get it on my main computer about once a month).
What kind of questions are those and thousands of them are being guessed too? Those are rarely touched after first done so a key logger doubtfully would get so many. If they are popping up for hacked accounts, how are they cracking account name, password and rarely touched but uniquely answered private questions? All without getting noticed to a IP/unique warden based ban? |
|
|
|
|
|
|
|
|
| *automatically refuses to place horse heads in anyone's bed* |
|
|
|
|
| |
|
| 19. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:56 |
Talisorn |
|
|
Creston wrote on May 22, 2012, 22:40:
That forum seriously makes Bioware's forum look reserved and sensible.
It's the Blizzard forum. I would have thought that was a given. |
|
|
|
|
|
|
|
| |
|
| 18. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:45 |
Frijoles |
|
|
Kitkoan wrote on May 22, 2012, 23:30:
And with so many accounts they most likely are coming from the same IP area which should set off warning bells when a few hundred accounts suddenly all stop logging in from their last known IP and suddenly are logging in from the same IP area, which the same computer specs that doesn't match their last known configuration (something the warden program is supposed to look at)
They do check, from above:
We also have other measures built into Battle.net to help protect players. Occasionally, when Battle.net detects unusual login activity that differs from your normal behavior -- such as logging in from an unfamiliar location -- we may prompt you for additional information (such as the answer to one of your security questions)
I get the authenticator popup if I try to use a different computer than normal to login (I get it on my main computer about once a month).
|
|
|
|
|
|
|
|
| |
|
| 17. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:44 |
PropheT |
|
|
Blackhawk wrote on May 22, 2012, 23:02:
What people are seeing now is, likely as not, months worth of hacked accounts being accessed for the first time all at once.
That's part of it. I still get 2-3 emails daily telling me there are account problems, or investigations, or that I was banned, or whatever from World of Warcraft. On both of my main email accounts, one of which was never associated with anything to do with the game. There's a concerted and ongoing phishing scam for WoW/Bnet accounts unlike anything most people have really had to deal with on their other accounts before.
The other part is the people who said they had authenticators didn't. The mobile SMS tool is what most of them seem to be talking about, which isn't the same thing as the mobile authenticator (or the key fob, obviously) and doesn't have the same protections on it.
It sucks, a lot, and I wish terrible things upon the people doing the hacks. It's going to get worse before it gets better with the lure of the RMAH out there to make the payoff for nailing a well-geared account even bigger. |
|
|
|
|
|
|
|
| |
|
| 16. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:30 |
Kitkoan |
|
|
Blackhawk wrote on May 22, 2012, 23:02:
Creston wrote on May 22, 2012, 22:40:
Yeah, hackers have just managed to brute force thousands of people's of passwords all in one week. There's nothing else going on, just pure sheer luck.
Who says that they did it in a week? These are battle.net accounts, not Diablo III accounts. Blizzard announced you can turn bits into cash a long time ago, while WoW gold has been becoming less and less valuable. Smart hackers have been building up a stock of compromised accounts for a while now, just waiting for Diablo III to go live.
What people are seeing now is, likely as not, months worth of hacked accounts being accessed for the first time all at once.
/edit - and seriously, people using "ABC123" as their password and downloading porn aps isn't a Blizzard security issue.
Still, with these people playing D3, they are most likely playing daily since its so new and there are suddenly many accounts being hacked by players in many different places, their system should notice that someone shouldn't being logging in from another state within an hour our two. And with so many accounts they most likely are coming from the same IP area which should set off warning bells when a few hundred accounts suddenly all stop logging in from their last known IP and suddenly are logging in from the same IP area, which the same computer specs that doesn't match their last known configuration (something the warden program is supposed to look at) |
|
|
|
|
|
|
|
|
| *automatically refuses to place horse heads in anyone's bed* |
|
|
|
|
| |
|
| 15. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:19 |
Creston |
|
|
Blackhawk wrote on May 22, 2012, 23:02:
Creston wrote on May 22, 2012, 22:40:
Yeah, hackers have just managed to brute force thousands of people's of passwords all in one week. There's nothing else going on, just pure sheer luck.
Who says that they did it in a week? These are battle.net accounts, not Diablo III accounts. Blizzard announced you can turn bits into cash a long time ago, while WoW gold has been becoming less and less valuable. Smart hackers have been building up a stock of compromised accounts for a while now, just waiting for Diablo III to go live.
What people are seeing now is, likely as not, months worth of hacked accounts being accessed for the first time all at once.
That's actually a very good point, and very possible.
Creston |
|
|
|
|
|
|
|
| |
|
| 14. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:14 |
Dirwulf |
|
|
Cutter wrote on May 22, 2012, 23:01:
So now you have to buy an authenticator - with no guarentees either? Wow, the arrogance of this company is just breathtaking.
People keep repeating this shit when its FREE if you use the mobile version. |
|
|
|
|
|
|
|
| |
|
| 13. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:06 |
briktal |
|
|
Creston wrote on May 22, 2012, 22:40:
Yeah, hackers have just managed to brute force thousands of people's of passwords all in one week. There's nothing else going on, just pure sheer luck.
According to the blizzard fanboys, these people all have keyloggers on their system, and every one of them with an authenticator is lying.
That forum seriously makes Bioware's forum look reserved and sensible.
Creston
They were probably hacked weeks/months ago during beta, but had nothing to steal until D3 came out.
Many people who say they were hacked with authenticators were said to be lying by Blizzard. |
|
|
|
|
|
|
|
| |
|
| 12. |
Re: Blizzard on Diablo III Security |
May 22, 2012, 23:02 |
Blackhawk |
|
|
Creston wrote on May 22, 2012, 22:40:
Yeah, hackers have just managed to brute force thousands of people's of passwords all in one week. There's nothing else going on, just pure sheer luck.
Who says that they did it in a week? These are battle.net accounts, not Diablo III accounts. Blizzard announced you can turn bits into cash a long time ago, while WoW gold has been becoming less and less valuable. Smart hackers have been building up a stock of compromised accounts for a while now, just waiting for Diablo III to go live.
What people are seeing now is, likely as not, months worth of hacked accounts being accessed for the first time all at once.
/edit - and seriously, people using "ABC123" as their password and downloading porn aps isn't a Blizzard security issue. |
|
|
|
|
|
|
|
| |
51 Replies. 3 pages. Viewing page 2.
< Newer [ 1 2 3 ] Older >
|
|
Twitter 
