Originally posted by saurus123

Originally posted by Xzen

Buy an authenticator or if you have a smart phone (I know you have one) just get the authenticator app. You're other choice is to get smarter when it comes to protecting yourself from keyloggers etc..

getting authenticator doesnt help

 

problem is when you join or create public games these "hackers" can read your real id and exploit/copy it somehow

 

next time you log into the game seeing your char is naked and have strange names in thier friendlist

 

thats how few of my friends was "hacked" by joining public games

 

They can't log into your account or game if you have an authenticator.

Originally posted by saurus123

Originally posted by Xzen

Buy an authenticator or if you have a smart phone (I know you have one) just get the authenticator app. You're other choice is to get smarter when it comes to protecting yourself from keyloggers etc..

getting authenticator doesnt help

 

problem is when you join or create public games these "hackers" can read your real id and exploit/copy it somehow

 

next time you log into the game seeing your char is naked and have strange names in thier friendlist

 

thats how few of my friends was "hacked" by joining public games

 

Dude... this whole session ID hijacking was a hoax!  It has already been debunked as technically not possible.

alot of these ppl had authenticator and it didnt help them

Originally posted by centkin

Actually I do think they have some amount of responsibility for one major reason and a few minor ones.

The major reason is that they allow repeated logons without locking down the account (from that IP range).  In essence this opens the door to brute forcing passwords.

The minor reasons are that the passwords are not even case sensitive.  This makes the hacking of passwords easier.

The other minor reason is that they use the email address as the login name.  If you are allowed to use a handle (not shown anywhere) as your login then hackers need to guess two things not one.

----

In essence this means that you REALLY have to be careful with your passwords to the battlenet. 

If you use a word or even 2 words as your password -- IE if your password is "redclematis" you are extremely easy to hack under the current system.  That password would be sufficient in a system where you were limited to 5 attempts -- but where infinite attempts are allowed there are only a finite number of words.

Is someone who uses a password like "redclematis" at least partially responsible for being hacked because they didnt take enough care?  Sure.  But not everyone knows to make passwords like "5jd0sxa2pfs"  nor can everyone easily remember such a password -- especially when they have many passwords that they need to remember.

Yeah I can agree here, while a person's handling of their PC is their own fault it is Blzz's responsibility to ensure their systems are using the best security methods available. I"m still wondering if they do what is normal today and track device/ip origins when an account is accessed. OR if they just simply fall back on the authenticator argument like everyone here.

I've been 'hacked' before once out of 15+ years of online gaming, that was with world of warcraft and the culprit was my girlfriend who ignorant at the time clicked on an email from 'blizzard'.

Blizzard who didn't have to restore our accounts did and took care of it for us. After that we bought some authenticators and haven't had an issue since. That was 2+ years ago.

I know several people who have been 'hacked' and the one thing they all had in common? They were gold/item buyers in the games they played. I've personally not known anyone to legitimately get hacked, the group of people I play with from game to game never have had issues.

Either way Blizzard can't cure the self imposed ignorant or lazy nor should they have to.

Originally posted by NightCloak

Originally posted by Uhwop

Originally posted by someforumguy

Originally posted by gaugemew

*snip*

*snip*

 Not to mention that most of the time you're not getting your Bnet account hacked by a keylogger.  It's people getting emails and passwords from other sites.  To many people still don't understand that the easiest way to prevent your accounts from getting hacked is to not use the same email/ password combo for every website you register on.

 

If it's your fault it's your fault.  It's ironic that the OP would blame Blizz of placing the blame elsewhere when all I see is a bunch of people who don't grasp the simple concept of responcibility.   It's your PC, learn to protect it and quit placing the blame elsewhere.

 

When I quit WoW I tested it. I changed my password to the one I used for this site.

My WoW account is now banned. (its been restored)

Keylogger? No. Virus? No. Bad practice? Yes.

If you dont want your account "hacked", dont be dumb.

 When half the websites you go to are selling your email address.  Hell, the DMV in my state sells my peronal information, and has for many, many years.  They even have a tiny little notice on a peice of 8x11 paper taped to a single post telling you that your address and phone numbers are public records according to the DMV and that they may give them away or sell them at their discretion. 

Do people really think that their emails aren't being sold left and right on the net?  Sure, using the same password for everything attacked to that email, including the email itself is easy and convenient.  So is writting down all the diffirent passwords you use a piece of paper and storing it nearby. 

What's more likely?  Someone hacking a website you just registered on, or someone breaking into your house and stealing a little piece of paper you keep all your random passwords jotted down on?

Originally posted by Distopia

Originally posted by centkin

Actually I do think they have some amount of responsibility for one major reason and a few minor ones.

The major reason is that they allow repeated logons without locking down the account (from that IP range).  In essence this opens the door to brute forcing passwords.

The minor reasons are that the passwords are not even case sensitive.  This makes the hacking of passwords easier.

The other minor reason is that they use the email address as the login name.  If you are allowed to use a handle (not shown anywhere) as your login then hackers need to guess two things not one.

----

In essence this means that you REALLY have to be careful with your passwords to the battlenet. 

If you use a word or even 2 words as your password -- IE if your password is "redclematis" you are extremely easy to hack under the current system.  That password would be sufficient in a system where you were limited to 5 attempts -- but where infinite attempts are allowed there are only a finite number of words.

Is someone who uses a password like "redclematis" at least partially responsible for being hacked because they didnt take enough care?  Sure.  But not everyone knows to make passwords like "5jd0sxa2pfs"  nor can everyone easily remember such a password -- especially when they have many passwords that they need to remember.

Yeah I can agree here, while a person's handling of their PC is their own fault it is Blzz's responsibility to ensure their systems are using the best security methods available. I"m still wondering if they do what is normal today and track device/ip origins when an account is accessed.

Best argument so far. They should lock down the account after 3 or so failed log in attempts.  I''d bet what's happening is they are getting peoples id and then running a program that simply tries passwords until it works.

Originally posted by Xzen

Originally posted by Distopia

Originally posted by centkin

Actually I do think they have some amount of responsibility for one major reason and a few minor ones.

The major reason is that they allow repeated logons without locking down the account (from that IP range).  In essence this opens the door to brute forcing passwords.

The minor reasons are that the passwords are not even case sensitive.  This makes the hacking of passwords easier.

The other minor reason is that they use the email address as the login name.  If you are allowed to use a handle (not shown anywhere) as your login then hackers need to guess two things not one.

----

In essence this means that you REALLY have to be careful with your passwords to the battlenet. 

If you use a word or even 2 words as your password -- IE if your password is "redclematis" you are extremely easy to hack under the current system.  That password would be sufficient in a system where you were limited to 5 attempts -- but where infinite attempts are allowed there are only a finite number of words.

Is someone who uses a password like "redclematis" at least partially responsible for being hacked because they didnt take enough care?  Sure.  But not everyone knows to make passwords like "5jd0sxa2pfs"  nor can everyone easily remember such a password -- especially when they have many passwords that they need to remember.

Yeah I can agree here, while a person's handling of their PC is their own fault it is Blzz's responsibility to ensure their systems are using the best security methods available. I"m still wondering if they do what is normal today and track device/ip origins when an account is accessed.

Best argument so far. They should lock down the account after 3 or so failed log in attempts.  I''d bet what's happening is they are getting peoples id and then running a program that simply tries passwords until it works.

This is most likely a common occurence and that is a great suggestion for fixing it. A lot of forums have a 5-try system and it works very well. Depending on what Blizzard is working on in terms of Diablo currently, more security options should be a pretty high priority.

I do have some facts here:

I logged off last night with my level 51 character on Nightmare mode in the last part of Sanctuary getting ready to beat it to go on to Hell mode.

I log on this morning and all my gold, items in storage and items on my character were gone. My character was back on Normal mode in Tristan with the beginning quest again. I submitted a trouble ticket and won't hear back for a couple of days or if at all.

There is no rootkit or other viruses, keyloggers or any kind of malware on my computer. I know about the fake Blizzard emails going around that are phishing scams.

I never have played co-op yet in Diablo 3 so those specualtions on how others can hack those on multiuplayer which I've read about cancels me out even if it is remotely true.

One of two things happened or both, who knows, 1. Blizzard has a major bug on their system causing these issues to a vast majority of people or 2. Professional hackers were able to compromise the Blizzard's servers.

Take your pick because it is one of these two or both. Blizzard is denying everything, go figure.

Originally posted by Xzen

Best argument so far. They should lock down the account after 3 or so failed log in attempts.  I''d bet what's happening is they are getting peoples id and then running a program that simply tries passwords until it works.

I'd think it's keylogging, which has always been a problem Blizz customers face, there's always a lot of fishing going on when it comes to their games it's the easiest way, one that requires little time or work on the hackers end.

Authenticators are good in this regard but so are systems that detect strange IP or device access on an account basis. That's one thing I can say good about my SWTOR experience, they went the whole nine yards in terms of account security. CHange something in your PC? Expect a long login process of answering questions and proving who you are.

I did not have sexual relations with that woman.  Sound similar?

I don't buy the PR spin that it is all people going to the wrong type of sites.  I think their public game feature has an issue.

Originally posted by RealPvPisFPS

I do have some facts here:

I logged off last night with my level 51 character on Nightmare mode in the last part of Sanctuary getting ready to beat it to go on to Hell mode.

I log on this morning and all my gold, items in storage and items on my character were gone. My character was back on Normal mode in Tristan with the beginning quest again. I submitted a trouble ticket and won't hear back for a couple of days or if at all.

There is no rootkit or other viruses, keyloggers or any kind of malware on my computer. I know about the fake Blizzard emails going around that are phishing scams.

I never have played co-op yet in Diablo 3 so those specualtions on how others can hack those on multiuplayer which I've read about cancels me out even if it is remotely true.

One of two things happened or both, who knows, 1. Bliazzard has a major bug on their system causing these issues to a vast majority of people or 2. Professional hackers were able to compromise the Blizzard's servers.

Take your pick because it is one of these two or both. Blizzard is denying everything, go figure.

First, they don't even need a keylogger on your system. You most likely (like most people) use same email/password combination on a lot of other sites, including fansites/forums. (don't deny it.... this is just common knowledge).

So it's highly likely that one of those fansites / public forums have been comprimised (like was reported last week regarding a very popular fansite that was flagged by Google, with hacks immediately happening right after).

humm.

no one has proven that it is on Blizzards end.

I have not purchased the game yet because I decided to let the dust settle and work on something else for awhile. Tell ya what. GO to the game hit the public chat channels and chat awhile. While you are there right clicky on some people and tell me what you get back.

I still think the hole is in chat not in public games.

I doubt it's all Blizzard's fault, but to claim that none of it is their fault is a bit much. They can't stop it completely, but there are plenty of things to make themselves and their customers less of a target without having to reach the automatically include an authenticator level, both on the prevention side and on the punishment side, especially on the punishment side. Right now, everyone knows that even if they get caught, the worst that will happen is that their current account is banned, and they simply have to open a new one. There doesn't seem to be any real deterrrent to make the scammers and hackers think twice, and this is going to be a huge problem they need to contain before introducing the RMAH. Even if it only effects a small percentage of accounts, all it takes is one or two accounts involving significant amounts of real money, and they are going to have a PR nightmare on their hands.

I believe it was Final Fantasy 11 that had a very simple solution to getting around the keyloggers. When you went to type in the password, it pulled up a keyboard on the screen, and you could click on the keys to enter your password. No using the keyboard, so no benefit to keyloggers. This seems like a reasonable solution that would go a long ways toward reducing the problem without causing anyone that much of a headache.

Originally posted by Mephster

Yeah ok Blizzard. I like your games but your business practices are just poor as hell. It is so much easier to blame the next guy when Diablo 3 has a ton of issues right now.

 

Link: http://www.incgamers.com/News/31394/diablo-3-hacks-are-not-a-blizzard-problem-state-blizzard 

 

blizzard never cares for player unless u play subs and eventho not very helpfull,they just care about taking money from the comunitie and make money .

and for theyr free games(f2p) they dont care about hacks its not like thay really going to spend money trying to fix things they just wanna gain not to lose

Originally posted by dadante666

Originally posted by Mephster

Yeah ok Blizzard. I like your games but your business practices are just poor as hell. It is so much easier to blame the next guy when Diablo 3 has a ton of issues right now.

 

Link: http://www.incgamers.com/News/31394/diablo-3-hacks-are-not-a-blizzard-problem-state-blizzard 

 

blizzard never cares for player unless u play subs and eventho not very helpfull,they just care about taking money from the comunitie and make money .

and for theyr free games(f2p) they dont care about hacks its not like thay really going to spend money trying to fix things they just wanna gain not to lose

Except in starcraft 2 hacks are usually stomped into the ground quite soundly.. btw free to play. Diablo 2 for quite awhile was highly monitored for hacks, dupes and cheats but it was such an open game that it was near impossible to stop.

Blizzard at the very least will assist the player in fixing their account. The blizzard gaming communitys ignorance as a whole keeps alot of people employed.

The best thing you can probably do is use a different username and password than anything else you use on the net.  Or for anything.  Period. 

Your games should have their own unique username and password.  Dont use it for anything else other than that.  Ever.  Most people buy digital copies these days, but I still like boxes.  I always took a peice of paper, wrote my username and password on it, and shoved it in the box in case I forgot, but regardless, game companies will usually e-mail your info if you only ask . 

But using just one, or a couple of usernames and passwords for everything on the net and your online games too?  Not the best of ideas.  You could probably get away with that too but its better to just not.  

If you just suddenly created a username and password for D3 that you have NEVER used before with anything else, ever?  You're probably in good shape or at least from my experience you could be. 

Also get a good free virus protection software like Avast.  Use it to do a boot time scan about once a week or so.  Stay away from strange sites you dont trust.  I watched a GW2 live feed of their beta weekend on some streaming site I didnt know.  It was linked here on mmorpg.com in a forum.  Malware comes in through Java and infects Adobe.  Then it infected everything else before I even knew what it was.  Crashed my whole system and I had to eventualy format and reinstall the whole OS. 

Be careful out there.  

On a side note, an authenticator?  If thats really needed, and I dont think it is, then it should be included in the box.  I shouldnt have to go buy something just so my account is semi secure.  That just doesnt seem viable to me.  If it really were that bad of a problem, then I shouldnt have to pay extra to solve it. 

Originally posted by JeroKane

Originally posted by GrayGhost79

Honestly with the RMAH Blizzard was obligated to include an authenticator with purchase. Not doing so is going to make them liable down the road should someone lose items/in game currency that is worth a hefty amount of rl currency.

Other game companies have taken big hits over issues like this. Blizzards only way of covering their arses was to include 1 authenticator with purchase this way they get to say they took every concievable pre-caution in protecting other peoples property since it has real life monetary value.

 

They did not though and are likely relying on a flimsy terms of service that has yet to be effective in keeping other companies from getting hit hard by lawsuits about the above.

 

Blizzards big mistakes were ..

1) Not including an authenticator to cover their arses.

2) Allowing people to pull cash out of the RMAH system.

Those things combined can lead to a very bad day down the road lol.

A hell lot of people who bought Diablo 3, also played previous games and most likely already have an authenticator!  Like me and everyone else I know who play games.

So why would I need another authenticator?  Every time you log into Battle.net you get face smacked regarding secuirty and the authenticator!

Every local gamestore also sells them for just 5 bucks!  Gamestop stores have them hanging in the shelves right next to Blizzard's games.

You must be really blind to miss all this.

1) I didn't say include one just for JeroKane.... sorry if I some how made it seem like I did.

2) I didn't ask if anyone sold the authenticators, I simply stated that it can likely bite then on the rear later down the road by not making it standard to send an authenticator with the game due to the nature of the game.

Originally posted by GrayGhost79

Originally posted by JeroKane

Originally posted by GrayGhost79

Honestly with the RMAH Blizzard was obligated to include an authenticator with purchase. Not doing so is going to make them liable down the road should someone lose items/in game currency that is worth a hefty amount of rl currency.

Other game companies have taken big hits over issues like this. Blizzards only way of covering their arses was to include 1 authenticator with purchase this way they get to say they took every concievable pre-caution in protecting other peoples property since it has real life monetary value.

 

They did not though and are likely relying on a flimsy terms of service that has yet to be effective in keeping other companies from getting hit hard by lawsuits about the above.

 

Blizzards big mistakes were ..

1) Not including an authenticator to cover their arses.

2) Allowing people to pull cash out of the RMAH system.

Those things combined can lead to a very bad day down the road lol.

A hell lot of people who bought Diablo 3, also played previous games and most likely already have an authenticator!  Like me and everyone else I know who play games.

So why would I need another authenticator?  Every time you log into Battle.net you get face smacked regarding secuirty and the authenticator!

Every local gamestore also sells them for just 5 bucks!  Gamestop stores have them hanging in the shelves right next to Blizzard's games.

You must be really blind to miss all this.

1) I didn't say include one just for JeroKane.... sorry if I some how made it seem like I did.

2) I didn't ask if anyone sold the authenticators, I simply stated that it can likely bite then on the rear later down the road by not making it standard to send an authenticator with the game due to the nature of the game.

 

 

You can download a free authenticator for your phone.