Trending Games | ArcheAge | Elder Scrolls Online | Black Gold | Trove

  Network:  FPSguru RTSguru
Login:  Password:   Remember?  
Show Quick Gamelist Jump to Random Game
Members:2,774,099 Users Online:0
Games:720  Posts:6,187,980
Recent forum postsRSS
Active threads
Cloud view
List all forums
General Forums
Developers Corner General Discussion
Popular Game Forums
Click a status to find game forum
Game Forums
Click a letter to find game forum
A-C
2029 Online 2112: Revolution 2Moons 4Story 8BitMMO 9 Dragons A Mystical Land A Tale in the Desert III A3 ACE Online ARGO Online Aberoth Absolute Force Online Absolute Terror Achaea Adellion Aerrevan Aetolia, the Midnight Age Age of Armor Age of Conan Age of Empires Online Age of Mourning Age of Wulin Age of Wushu Aida Arenas Aika Aion Albion Online Alganon All Points Bulletin (APB) Allods Online Altis Gates Amazing World Anarchy Online Ancients of Fasaria Andromeda 5 Angels Online Anime Trumps Anmynor Anno Online Applo Arcane Hearts Arcane Legends ArchLord ArcheAge Archeblade Archlord X Asda 2 Asda Story Ashen Empires Asheron's Call Asheron's Call 2 Astera Online Astonia III Astro Empires Astro Lords: Oort CLoud Asura Force Atlantica Online Atriarch Aura Kingdom Aurora Blade Auto Assault Avatar Star Battle Dawn Battle Dawn Galaxies Battle for Graxia Battle of 3 Kingdoms Battle of the Immortals Battlecruiser Online Battlestar Galactica Online Battlestar Reloaded Beyond Protocol Black Aftermath Black Desert Black Gold Black Prophecy Black Prophecy Tactics: Nexus Conflict Blacklight Retribution Blade & Soul Blade Hunter Blade Wars Blazing Throne Bless Blitz 1941 Blood and Jade Bloodlines Champions Bounty Bay Online Brain Storm Brawl Busters. Brick-Force Bright Shadow Bullet Run Business Tycoon Online CTRacer Cabal Online Caesary Call of Camelot Call of Gods Call of Thrones Camelot Unchained Canaan Online Cardmon Hero Cartoon Universe CasinoRPG Castle Empire Castlot Celtic Heroes Champions Online Champions of Regnum Chaos Online Chrono Tales Citadel of Sorcery CitiesXL Citizen Zero City of Decay City of Heroes City of Steam City of Transformers City of Villains Civilization Online Clan Lord Clash of Clans Cloud Nine Club Penguin Colony of War Command & Conquer: Tiberium Alliances Company of Heroes Online Conquer Online Conquer Online 3 Continent of the Ninth (C9) Core Blaze Core Exiles Corum Online Craft of Gods Crimecraft Crimelife 2 Cronous Crota II Crusaders of Solaris Cultures Online Cyber Monster 2 Céiron Wars
D-F
D&D Online DC Universe DK Online DOTA DOTA 2 DUST 514 DV8: Exile Dalethaan Dance Groove Online Dark Age of Camelot Dark Ages Dark Legends Dark Orbit Dark Relic: Prelude Dark Solstice Dark and Light DarkEden Online DarkSpace Darkblood Online Darkest Dungeon Darkfall Darkfall: Unholy Wars Darkwind: War on Wheels Das Tal Dawn of Fantasy Dawntide DayZ Dead Earth Dead Frontier Deco Online Deepworld Defiance Deicide Online Dekaron Demons at the Horizon Desert Operations Destiny Diablo 3 Diamonin Digimon Battle Dino Storm Disciple Divergence Divina Divine Souls Dofus Dominus Online Dragon Ball Online Dragon Born Online Dragon Crusade Dragon Empires Dragon Eternity Dragon Nest Dragon Oath Dragon Pals Dragon Raja Dragon's Call Dragon's Call II Dragon's Prophet DragonSky DragonSoul Dragona Dragonica Dragons and Titans Dream of Mirror Online Dreamland Online Dreamlords: The Reawakening Drift City Duels Dungeon Blitz Dungeon Fighter Online Dungeon Overlord Dungeon Party Dungeon Rampage Dungeon Runners Dynastica Dynasty Warriors Online Dynasty of the Magi EIN (Epicus Incognitus) EVE Online Earth Eternal Earth and Beyond Earthrise Eclipse War Ecol Tactics Online Eden Eternal Edge of Space Einherjar - The Viking's Blood Elder Scrolls Online Eldevin Elf Online Elite: Dangerous Embers of Caerus Emil Chronicle Online Empire Empire & State Empire Craft Empire Universe 3 EmpireQuest Empires of Galldon End of Nations Endless Ages Endless Blue Moon Online Endless Online Entropia Universe EpicDuel Erebus: Travia Reborn Eredan Eternal Blade Eternal Lands Eternal Saga Ether Fields Ether Saga Online Eudemons Online EuroGangster EverEmber Online EverQuest Next EverQuest Online Adventures Evernight Everquest Everquest II Evony Exarch Exorace F.E.A.R. Online Face of Mankind Fairyland Online Fall of Rome Fallen Earth Fallen Sword Fallout Online Family Guy Online Fantage Fantasy Earth Zero Fantasy Realm Online Fantasy Tales Online Fantasy Worlds: Rhynn Faunasphere Faxion Online Ferentus Ferion Fiesta Online Final Fantasy XI Final Fantasy XIV: A Realm Reborn Firefall Fists of Fu Florensia Flyff Football Manager Live Football Superstars Force of Arms Forge Forsaken World Fortnite Fortuna Forum for Discussion of Everlight Freaky Creatures Free Realms Freesky Online Freeworld Fung Wan Online Furcadia Fury Fusion Fall
G-L
GalaXseeds Galactic Command Online Game of Thrones: Seven Kingdoms Gameglobe Gate To Heavens Gates of Andaron Gatheryn Gauntlet Gekkeiju Online Ghost Online Ghost Recon Online Gladiatus Glitch Global Agenda Global Soccer Gloria Victis Glory of Gods GoGoRacer Goal Line Blitz Gods and Heroes GodsWar Online Golemizer Golf Star GoonZu Online Graal Kingdoms Granado Espada Online Grand Chase Grand Fantasia Grepolis Grimlands Guild Wars Guild Wars 2 Guild Wars Factions Guild Wars Nightfall H1Z1 Habbo Hotel Hailan Rising HaloSphere2 Haven & Hearth Hawken Hearthstone: Heroes of Warcraft Helbreath Hellgate Hellgate: London Hello Kitty Online Hero Online Hero Zero Hero's Journey Hero: 108 Online HeroSmash Heroes & Generals Heroes in the Sky Heroes of Bestia Heroes of Gaia Heroes of Might and Magic Online Heroes of Thessalonica Heroes of Three Kingdoms Heroes of the Storm Hex Holic Online Hostile Space Hunter Blade Huxley Illutia Illyriad Immortals USA Imperator Imperian Inferno Legend Infestation: Survivor Stories Infinite Crisis Infinity Infinity Iris Online Iron Grip: Marauders Irth Worlds Island Forge Islands of War Istaria: Chronicles of the Gifted Jade Dynasty Jagged Alliance Online Juggernaut Jumpgate Jumpgate Evolution KAL Online Kakele Online Kaos War Karos Online Kartuga Kicks Online King of Kings 3 Kingdom Heroes Kingdom Under Fire II Kingdom of Drakkar Kingory Kings and Legends Kings of the Realm KingsRoad Kitsu Saga Kiwarriors Knight Age Knight Online Knights of Dream City Kothuria Kung Foo! Kunlun Online L.A.W. LEGO Universe La Tale Land of Chaos Online Landmark Lands of Hope: Phoenix Edition LastChaos League of Angels League of Legends - Clash of Fates Legend of Edda: Vengeance Legend of Golden Plume Legend of Katha Legend of Mir 2 Legend of Mir 3 Legendary Champions Lego Minifigures Online Life is Feudal Light of Nova Lime Odyssey Line of Defense Lineage Lineage Eternal: Twilight Resistance Lineage II Linkrealms Loong Online Lord of the Rings Online Lords Online Lost Saga Lucent Heart Lunia Lusternia: Age of Ascension Luvinia World
M-Q
MU Online Mabinogi Maestia: Rise of Keledus MagiKnights Magic Barrage Magic World Online Manga Fighter MapleStory Martial Heroes Marvel Heroes Marvel Super Hero Squad Online Marvel: Avengers Alliance MechWarrior Online Megaten Meridian 59 : Evolution Merlin MetalMercs Metaplace Metin 2 MicroVolts Midkemia Online Might & Magic Heroes: Kingdoms MilMo Minecraft Mini Fighter Minions of Mirth Ministry of War Monato Esprit Monkey King Online Monkey Quest Monster & Me Monster Madness Online MonsterMMORPG Moonlight Online: Tales of Eternal Blood Mordavia Mortal Online Mourning My Lands Myst Online: URU Live Myth Angels Online Myth War Myth War 2 Mytheon Mythic Saga Mythos N.E.O Online NIDA Online Nadirim Naviage: The Power of Capital Navy Field Need for Speed World Nemexia Neo's Land NeoSteam Neocron Nether Neverwinter Nexus: The Kingdom Of The Winds NinjaTrick NosTale Novus Aeterno Oberin Odin Quest Odyssey RPG Ogre Island Omerta 3 Online Boxing Manager Onverse Order & Chaos Online Order of Magic Original Blood Origins Return Origins of Malu Orion's Belt Otherland Forums OverSoul Overkings Oz Online Oz World Pandora Saga Pantheon: Rise of the Fallen Panzar Parabellum Parallel Kingdom Parfait Station Path of Exile Pathfinder Online Perfect World Perpetuum Online Phantasy Star Online 2 Phantasy Star Universe Phoenix Dynasty Online Phylon Pi Story Picaroon Pirate Galaxy Pirate Storm Pirate101 PirateKing Online Pirates of the Burning Sea Pirates of the Caribbean Online Pixie Hollow Planeshift Planet Arkadia Planet Calypso PlanetSide 2 Planetside Planets³ Playboy Manager Pocket Legends Pockie Ninja Pockie Pirates Pockie Saints PoxNora Prime World Prime: Battle for Dominus Priston Tale Priston Tale II Prius Online Project Blackout Project Powder Project Titan Forums Project Wiki Puzzle Pirates Quickhit Football
R-S
R2 Online RAN Online RF Online ROSE Online Rage of 3 Kingdoms Ragnarok Online Ragnarok Online II RaiderZ Rakion Rappelz RappelzSEA Ravenmarch Realm Fighter Realm of the Mad God Realm of the Titans Realms Online Reclamation Red Stone Red War: Edem's Curse Regnum Online Remnant Knights Renaissance Repulse Requiem: Memento Mori Rift RiotZone Rise Rise of Dragonian Era Rise of Empire Rise of the Tycoon Rising of King Risk Your Life Rivality Rockfree Rohan: Blood Feud Role Play Worlds Roll n Rock Roma Victor Romadoria Rosh Online Roto X Rubies of Eventide Ruin Online Rumble Fighter Runes of Magic Runescape Rust Rusty Hearts Ryzom S4 League SAGA SD Gundam Capsule Fighter Online SMITE SUN Sagramore Salem SaySayGirls Scarlet Blade Scions of Fate Seal Online: Evolution Second Life Secret of the Solstice Seed Serenia Fantasy Seven Seas Saga Seven Souls Online Sevencore Shadow of Legend Shadowbane Shadowrun Online Shaiya Shards Online Shattered Galaxy Sho Online Shot Online Shroud of the Avatar SideQuest Siege on Stars Sigonyth: Desert Eternity Silkroad Online Skyblade Skyforge SmashMuck Champions Smoo Online Soldier Front Soul Master Soul Order Online Soul of Guardian Space Heroes Universe Sparta: War of Empires Spellcasters Sphere Spiral Knights Spirit Tales Splash Fighters Squad Wars Star Citizen Star Sonata 2 Star Stable Star Supremacy Star Trek Online Star Trek: Infinite Space Star Wars Galaxies Star Wars: Clone Wars Adventures Star Wars: The Old Republic StarQuest Online Stargate Worlds Starlight Story Starpires State of Decay SteelWar Online Stone Age 2 Stormfall: Age of War Storybricks Stronghold Kingdoms Sudden Attack Supremacy 1914 Supreme Destiny Sword Girls Sword of Destiny: Rise of Aions SwordX Swords of Heavens Swordsman
T-Z
TERA TS Online Tabula Rasa Tactica Online Tales Runner Tales of Fantasy Tales of Pirates Tales of Pirates II Tales of Solaris Talisman Online Tamer Saga Tank Ace Tantra Online Tatsumaki: Land at War Terra Militaris TerraWorld Online Thang Online The 4th Coming The Agency The Aurora World The Black Watchmen The Chronicle The Chronicles of Spellborn The Crew The Division The Hammers End The Legend of Ares The Lost Titans The Matrix Online The Mighty Quest for Epic Loot The Missing Ink The Mummy Online The Myth of Soma The Pride of Taern The Realm Online The Repopulation The Secret World The Sims Online The Strategems The West Theralon There Therian Saga Thrones of Chaos Tibia Tibia Micro Edition Tiger Knight Titan Siege Titans of Time Toontown Online Top Speed Topia Online Torchlight Total Domination Transformers Universe Traveller AR Travia Online Travian Trials of Ascension Tribal Hero Tribal Wars Tribes Universe Trickster Online Trove Troy Online True Fantasy Live Online Turf Battles Twelve Sky Twelve Sky 2 Twilight War Tynon U.B. Funkeys UFO Online URDEAD Online Ultima Forever: Quest for the Avatar Ultima Online Ultima X: Odyssey Ultimate Naruto Ultimate Soccer Boss Uncharted Waters Online Undercover 2: Merc Wars Underlight Unification Wars Universe Online Utopia Valkyrie Sky Vampire Lord Online Vanguard: Saga of Heroes Vanquish Space Vector City Racers Vendetta Online Victory - Age of Racing Vindictus Virtonomics Vis Gladius Visions of Zosimos VoidExpanse Voyage Century Online W.E.L.L. Online WAR (Warhammer Online) WAR2 Glory WYD Global Wakfu War Thunder War of 2012 War of Angels War of Legends War of Mercenaries War of Thrones War of the Immortals WarFlow Waren Story Wargame1942 Warhammer 40,000: Eternal Crusade Warhammer 40K: Dark Millennium Online Warhammer Online: Wrath of Heroes Warkeepers Warrior Epic Wartune WebLords Wild West Online WildStar Wind of Luck WindSlayer 2 Wings of Destiny Wish Wizard101 Wizardry Online Wizards and Champions Wonder King Wonderland Online World Golf Tour World of Battles World of Darkness World of Heroes World of Kung Fu World of Pirates World of Speed World of Tanks World of Tanks Generals World of Warcraft World of Warplanes World of Warships World of the Living Dead WorldAlpha Wurm Online Xenocell Xiah Xsyon Xulu YS Online Yitien ZU Online Zentia Zero Online Zero Online: The Andromeda Crisis Zodiac Online Zombies Ate My Pizza eRepublik

MMORPG.com Discussion Forums

Diablo 3

Diablo 3 

General Discussion  » Diablo 3 accounts hacked, gold and items stolen

15 Pages First « 9 10 11 12 13 14 15 » Search
282 posts found
  dubyahite

Novice Member

Joined: 1/17/11
Posts: 2506

5/24/12 6:20:16 PM#261
Originally posted by Tortanic

 

[snip]

 


MSE misses alot on detection, it is clean and straight forward though.

If you've a bit of patience Comodo (https://www.comodo.com/) has a bunch of nice products.
(I use the free Firewall+AV+Sandbox thing and it's pretty lovely as far as that sort of software goes.)

Nothing is really secure or fool proof - think "resistant."

No AV is perfect, they all miss stuff. But as far as performance goes MSE actually does quite well. It has tested better than Norton, AVG, Sophos, McAfee, and other popular software in independant studies. Some programs like Panda, Avast, Kaspersky, Bitdefender and others have done better than MSE.  Not sure about how well Comodo tests. 

 

I personally think that of all the free stuff out there, Avast performs the best as far as detection percentage goes. It consistently places in the top few and is significantly better than paid solutions. 

Shadow's Hand Guild
Open recruitment for

The Secret World - Dragons

Planetside 2 - Terran Republic

Tera - Dragonfall Server

http://www.shadowshand.com

  Slampig

Apprentice Member

Joined: 12/29/03
Posts: 2378

Whatever you do, do NOT speak ill of Asheron's Call 2...

5/24/12 6:24:57 PM#262
Originally posted by thekid1

Eurogamer writer gets his Diablo 3 account stolen.

This Diablo 3 soap is even better then Age of Conan and WAR right after release.

 

http://www.eurogamer.net/articles/2012-05-21-diablo-3-accounts-hacked-gold-and-items-stolen

So he didn't have an Authenticator, kind of left that out didn't you? Not saying it is a panacea (look it up) but it TOTALLY helps...

 

Enough of this one sided "reporting", makes yourself look like you have an agenda...

That Guild Wars 2 login screen knocked up my wife. Must be the second coming!

  sunshadow21

Elite Member

Joined: 8/15/04
Posts: 355

5/24/12 6:35:35 PM#263

I think my biggest difficulty with Blizzard's response is that they are saying absolutely nothing about the situation is their fault or within their control. The authenticators are fine enough, but to make that your only response is a bit lame. Virtual keyboards that allow you to enter a password without the use of a physical keyboard is one approach at least one other game has used, wouldn't be that hard to implement. I'm sure a security professional could come up with even more creative, yet relatively unobtrusive, ways to handle the problems they face. Internet security takes a bit of effor and creativity on the part of the defenders, but not nearly as much as some seem to think, and it shouldn't require an authenticator for a game either. If Blizzard were to actually try to seriously design and implement a security system and actually enforce it, none of the individual measures taken would have to be that drastic or that hard to maintain, yet I bet a lot of the problems would go away. They just don't seem to care about it. That is the part that concerns me. If a problem is found, it's quickly fixed and pushed under a rug as if it never happened, so  the root problem never gets dealt with. This is where Blizzard has fallen behind the curve compared to a lot of other companies and games.

  iceman00

Novice Member

Joined: 5/04/05
Posts: 1367

Kevin Tierney

5/24/12 8:57:17 PM#264
Originally posted by dubyahite
@iceman

I'm not here to flaunt my knowledge. I'm here to discuss an issue of particular interest to me.

I don't understand why my knowledge of the subject is an excuse to attack me. There are plenty of people in this thread with little to no understating of security who are posting random nonsense and trying to pass it off as fact.

Should you be quoting them and accusing them of missing the point? Because they most certainly are missing the point in a big way.

Again, I'm not here to "flaunt" my knowledge. I am here because this subject is interesting to me.


I am just here to discuss the topic of security which most people dont have a clue about.


Look I don't care that your average user doesn't know how to protect themselves. Not my problem. What I do care about is when those same people go around spouting off nonsense as if they know what they are talking about.


I mean, there was a guy in this very thread flipping out because Diablo opened port 80. Seriously. Then he tries to tell people that this is some huge security flaw.

That is the person that is missing the point, not me.

Okay, so one person said that.  Thing is, just about everyone else didn't.

So why continue to erect such a straw man?  Apologies if the post I made came across as too harsh, it was more a take on how dismissive you were of everyone you wrote about.

  iceman00

Novice Member

Joined: 5/04/05
Posts: 1367

Kevin Tierney

5/24/12 9:05:51 PM#265
Originally posted by MikkelB
Originally posted by iceman00
Originally posted by kreken
Originally posted by sunshadow21
Originally posted by JeroKane

And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.

Rest my case.

A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.

 

When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.

I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?

Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?

If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.

 

1.)  Mandatory texts/email if you login from a different IP address.

2.)  If you have an authenticator, you gotta authenticate with every login.  Don't wanna do that?  Don't buy the authenticator.

3.)  Increased complexity with passwords. 

Really, number 3 alone goes a long way.

And really, you talk about how people "should" be computer literate.  People should also be able to change their oil or a tire on their car.  Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem.  In a perfect world, IT security wouldn't be neccessary.  When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.

I actually agree with your points here. The thing is, these're games we're talking about. Blizzard is for obvious reasons interested in getting as much players to buy and play the game. Implementing the points you listed as mandatory, no matter how good they're, is not going to help the userfriendliness of the game. When it's harder to get to play the game, more people are stop playing it. Same as with DRM, people are going to opt for pirating anyway, because when you implement DRM like in Assassin's Creed 2 for example, you've less frustration playing it without the DRM then with it. Concerning Diablo 3, just look at all those complaints around the internet about the mandatory 'always online'-resctriction. Couple that with mandatory use of the authenticator and people are just not going to bother with the game, which would be a shame really.

Point 3 is interesting at the moment concerning Blizzard policies. It seems that the passwords aren't forced to be case-sensitive. That's pretty bad of them. Aside from the increased complexity, I rather have that they would allow more characters to be used and that they would stimulate users to use passphrase, instead of passwords. Win - win for both sides.

My second point, at least according to Blizzard's records, won't be needed..... yet.  But really, using the authenticator once every 7 days , really not much of a point.  Which I think brings up an interesting correlation.  Most of those who are going to use an authenticator, chances are their tech knowledge is more than satisfactory.  They probably aren't making the mistakes most people make.  So I guess I begin to wonder if "nobody who uses an authenticator had their account compromised" is one of those "true but irrelevant" statements, considering that authenticating once every 5-7 days is sorta pointless, and wouldn't stop an account from being compromised, since they operate in a span of minutes, not days.

And Blizzard needs to seriously think about tighter security in terms of the RMAH.  ONE HACK is all it will take to cause an absolute nightmare.  It wont' matter how many blizzbots screaming "the person getting hacked is a f**ktard who deserved it" there are.  So perhaps we can go on something with point 3/passphrases.  That really doesn't cost much, and is very easy to do, and there's an understandable reason.

And yeah, agree with you on the DRM.  Just wish Blizzard would see it that way.  Bad timing for me to try out the game (due to busy schedule) but their DRM is so absurd (and the attempt to corral people onto the RMAH so nakedly obvious) I'm still not sure how much I'll play the game once I have time.

  ArChWind

Hard Core Member

Joined: 3/19/11
Posts: 485

5/24/12 9:27:19 PM#266
Here is what bothers me about this authenticator thing.
 
First off and most importantly I was playing open beta weekend I was hacked. I just did not realize it until the other day but the same thing happened to me as others. “you have logged in from another location’ Insta disconnect. Try to log in. ‘account in use’. try to log in again ‘your password is invalid’ Shut down and restart and everything is OK. Nothing missing out of characters. Did not know where to write a bug report but then forgot about it. I though it was a bug.
 
Now here is why I have problems with this authentication shit and if did I have a key logger active just for a hack to get some gold?
 
I log in ‘every day’ to my BANK account from this computer. I do most of my business through this computer with credit cards. I have done all my business through websites spending money and all the accounts in 5 years I have yet to be breached and NOT one of them requires an authenticator. ZERO. Why does a game require a device that government officials require to log in to VPN?
 
If any suspicious activity was to happen I would know about it in under 24 hours. I have a website and it has no activity other than what I do with it. I have a domain and can have a million email addresses if I want them and I have 3 specific emails targeting game sites so I can find out who sells off my information. Not one has to this day sent me a phishing mail because even when it get to me it gets deleted by security scans. I don’t sign up for anything game related directly except news letters. I get most of my mail from this site about topics I read and have interest in. In other words I do not get spammed with garbage just normal 5 to 10 emails a week or in cases of MMORPG.com 10 to 20 mails a day because I selected the subject.
 
This whole thing smells fishy to me.

The iron sphere turns.

  iceman00

Novice Member

Joined: 5/04/05
Posts: 1367

Kevin Tierney

5/24/12 9:28:02 PM#267
Originally posted by dubyahite
Originally posted by MikkelB
Originally posted by iceman00
Originally posted by kreken
Originally posted by sunshadow21
Originally posted by JeroKane

And yet it's exactly these kind of gamers that SCREAM they have the perfect security on their computer and apply the best security practices, so that it only can be Blizzard's fault that they got hacked.

Rest my case.

A fair number of people have also given good reasons to question Blizzard's commitment to seriously dealing with this problem. Especially for those who have never had a problem with anyone else despite ample opportunity to have had it, the evidence is there that at some level, it is Blizzard's responsiblity to deal with it, even if it isn't directly their fault. A lot of people could do more, certainly, in the security aspect, but that does not absolve Blizzard when those users exist across the internet, and yet it always seems like Blizzard's name is at the forefront of these conversations when it comes to suspect gaming companies.

 

When a company has this serious of issues this consistently, it becomes much, much harder to simply blame the end user.

I am curious, what would you like Blizzard to do? They already have the best security practices listed on their website. It is up to the end user to follow them or not. Do you want them to implement something like NPS (Network Policy Server) that will check if updates are up to date, antivirus is installed, signature files are updated and do a quick virus scan before allowing them to login into the game?

Nowadays, there is no real excuse to be computer illiterate since the computers are an intergral part of our daily lives. If you don't spend even a little time to learn a bit about the tool you are using than you shouldn't be using it. It seems people don't realize that computer is a tool and if you don't take care of it, it will "rust" and will underpeform or do other unintended operations. If you leave your hand saw in the rain for two months, how good you think it will cut wood next time you use it?

If I was a hacker for gold selling sites, would I target an unpopular game or a game with a lot of potential market? The hackers are in this to make money and it doesn't make business sense to target small demographics game where profit margin is very small. Looks like Blizzard fell a victim to its own popularity.

 

1.)  Mandatory texts/email if you login from a different IP address.

2.)  If you have an authenticator, you gotta authenticate with every login.  Don't wanna do that?  Don't buy the authenticator.

3.)  Increased complexity with passwords. 

Really, number 3 alone goes a long way.

And really, you talk about how people "should" be computer literate.  People should also be able to change their oil or a tire on their car.  Yet the simple fact is a huge amount don't, and whining about how they should isn't going to fix the problem.  In a perfect world, IT security wouldn't be neccessary.  When dealing with the average end user, you have to operate with the assumption they really don't know a lot of what they are doing.

I actually agree with your points here. The thing is, these're games we're talking about. Blizzard is for obvious reasons interested in getting as much players to buy and play the game. Implementing the points you listed as mandatory, no matter how good they're, is not going to help the userfriendliness of the game. When it's harder to get to play the game, more people are stop playing it. Same as with DRM, people are going to opt for pirating anyway, because when you implement DRM like in Assassin's Creed 2 for example, you've less frustration playing it without the DRM then with it. Concerning Diablo 3, just look at all those complaints around the internet about the mandatory 'always online'-resctriction. Couple that with mandatory use of the authenticator and people are just not going to bother with the game, which would be a shame really.

Point 3 is interesting at the moment concerning Blizzard policies. It seems that the passwords aren't forced to be case-sensitive. That's pretty bad of them. Aside from the increased complexity, I rather have that they would allow more characters to be used and that they would stimulate users to use passphrase, instead of passwords. Win - win for both sides.

This is a very important issue you raise. 

 

Anyone who has worked in the IT industry can tell you that any company (not just game companies) has to weigh several factors when implementing security policies such as those suggested.  This is especially true when you are enforcing these policies on customers as opposed to employees.  

 

It would be great to add a little forced complexity to people's passwords, but it is a tougher decision than it seems at first glance. Personally I would be all for it, but I know for a fact that Blizzard (or any other company) would have to deal with a lot of issues this would cause their customers as well. 

 

Not to many MMO companies actually enforce password complexity on their users. Bioware did a decent job by forcing one uppercase letter and one number in their password, but really that is a lot more innefective than you might think.  

 

Here is an example, with Bioware's rules the password 'Tizftye7' would be an acceptable password. It's not particularly strong but at least it's not '123456'.  There are no words in it, and it appears totally random. It's not going to be in a dictionary attack so a cracker would need to use a guessing attack on it, which implies more time to crack it. 

 

What this level of password security protects against is relatively slow online brute force or guessing attacks. Repeated attempts to guess the password on the services website by attempting to log in would take months to complete all possible password guesses that would be required to guess that password. The exact search space of said password would be 5.46 x 1023  or 546,108,599,233,516,079,517,120 possible passwords with that password length and alphabet size (characters that a cracker must account for). Seems like a big enough number.

However, with current technology, your average cracker can make about one hundred billion guesses per second offline if they have acquired a password database. This would take less than an hour to complete the attack offline. If the attacker is running the database through a botnet or something, it would be a matter of seconds.

So that level of password complexity protects against one thing, online attacks made by repeated login attempts to a website or the actual game service. The thing is, you are already protected against these attacks in most cases. After a few logins the system wants additional verification or it might even lock your account. This level of password complexity adds no security at all. 

 

To really enforce a system where users must make secure passwords would require very long lengths (at least over 12 characters), one symbol, one number, at least one uppercase letter, and lower case letters as well.

They would also need to prevent people from using common passwords and probably dictionary based passwords as well. Anything that can be found in a crackers dictionary immediately eliminates the need for a guessing attack and any and all complexity is then useless. 

 

Like MikkelB said, from a business perspective they simply can't enforce password complexity of this level. It would piss off a large portion of their users as well as create extra costs for the company in having to support these users. A person who can't remember their password is going to generate extra cost for the company in customer service and technical support on a regular basis. For a video game, it's just not realistic. I believe that it seriously would drive people away from the game.

 

Now, the whole passwords not being case sensitive thing from Blizzard is absolutely bonkers. Out of all this stuff that has been talked about that actually pisses me off a great deal. I don't understand why they would actively undermine the security of those who choose to use a complex password.  I think I might email their customer service about that and bitch today. 

 

As far as enforcing password complexity on users, it's a hopeless battle for a company. If you only do a little (like Bioware) you are not really adding any security. To actually add security to passwords through complexity would have a large impact on your busines and the usability of your software, for something that (let's face it) is not that important. It's a video game account. Most companies have the capability to restore your account to a pre-hacked status for no charge.

Ever hear of the phrase "not seeing the forrest for the trees?"

Once we get past all the fancy sounding numbers and techno speak, there are a few conclusions:

1.)  outside of a multi pronged system, if a hacker gets a pw with your name in the database, chances are you are screwed.  With the tech available, it's going to happen.  Now Blizzard can't control for that part, I think we all agree.

2.)  To create a "hack-proof" system would require so many layers that yes it would be extremely unfriendly, and would impact their sales.  I don't think anyone really disputes that.

3.)  Since you can't really stop them once they get the database, the only thing you can do is make sure your db is secure.  Blizzard has done that.

4.)  What can we do to stop the "brute force" incidents?

5.)  Don't need every layer or nothing.  That would be akin to saying that I need every layer of possible security on my computer, or I should just run without a firewall, no av/malware protection, with internet explorer with UAC disabled on my windows 7, and head to where hackers are known to have infected a site broadcasting my IP.

6.)  The argument you make about complexity..... applies to capital letters as well.  Given the way you do 5, we should then never ask for capital letters right?

Blizzard isn't really concerned about tradeoffs here, since, as you rightly point out, even simple things like case-sensitivity isn't there.

As far as "its a video game account, it isn't important", most people aren't going to look at it in the stoic rational manner you just did, gotta control for those kind of things as well.  Okay, maybe I just have a really freakin pessimistic view of human nature.

  iceman00

Novice Member

Joined: 5/04/05
Posts: 1367

Kevin Tierney

5/24/12 9:31:23 PM#268
Originally posted by JeroKane

I used Avast Free Home edition and a seperate Anti-malware program before.

Now I only use Microsoft Security Essentials and it works for me. No virusses nor mallware as of yet.

Mind you! I also clear my browser cache, cookies, history, passwords, etc at least once a week!

Especially if you surf the internet a lot, it's even recommended to do it more than once a week!

cheers

 I also use Security Essentials (still have Malwarebytes on my PC if I need it).

I think after 14 pages, everything that can be said has been said, and we can all end agreeing on something.

Microsoft makes a product that actually works surprisingly well. 

LOLWTF......

  sunshadow21

Elite Member

Joined: 8/15/04
Posts: 355

5/24/12 9:46:57 PM#269
Originally posted by iceman00

Blizzard isn't really concerned about tradeoffs here, since, as you rightly point out, even simple things like case-sensitivity isn't there.

This is the biggest difficulty I'm having. If they can't even be bothered to implement something as basic and usually automatic as case sensitivity, why should I accept their claims that it's all the user's fault when clearly they aren't intrerested in doing the simple things that can be done on their end? Case sensitivity by itself wouldn't a major thing, but combine it with other simple things like a virtual keyboard to get around keyloggers, and other similar simple, easy to implement ideas, and the impact would be significant with fairly little cost to Blizzard.

  dubyahite

Novice Member

Joined: 1/17/11
Posts: 2506

5/24/12 10:15:32 PM#270
Originally posted by iceman00
Originally posted by dubyahite

[snip]

Ever hear of the phrase "not seeing the forrest for the trees?"

Once we get past all the fancy sounding numbers and techno speak, there are a few conclusions:

1.)  outside of a multi pronged system, if a hacker gets a pw with your name in the database, chances are you are screwed.  With the tech available, it's going to happen.  Now Blizzard can't control for that part, I think we all agree.

2.)  To create a "hack-proof" system would require so many layers that yes it would be extremely unfriendly, and would impact their sales.  I don't think anyone really disputes that.

3.)  Since you can't really stop them once they get the database, the only thing you can do is make sure your db is secure.  Blizzard has done that.

4.)  What can we do to stop the "brute force" incidents?

5.)  Don't need every layer or nothing.  That would be akin to saying that I need every layer of possible security on my computer, or I should just run without a firewall, no av/malware protection, with internet explorer with UAC disabled on my windows 7, and head to where hackers are known to have infected a site broadcasting my IP.

6.)  The argument you make about complexity..... applies to capital letters as well.  Given the way you do 5, we should then never ask for capital letters right?

Blizzard isn't really concerned about tradeoffs here, since, as you rightly point out, even simple things like case-sensitivity isn't there.

As far as "its a video game account, it isn't important", most people aren't going to look at it in the stoic rational manner you just did, gotta control for those kind of things as well.  Okay, maybe I just have a really freakin pessimistic view of human nature.

1.) This is not true. While no password is "uncrackable" you can make a pasword complexe enough that it will never be cracked by a cracker. This was the point of my post. They are not going to even attempt a character space that would require 13 trillion centuries to complete. Ever.

2.) Then we agree. But even then there is still risk of hacking, even if they did all this stuff.

3.) This is incorrect. Again, if your password would take 13 trillion centuries to crack, a cracker is not even going to attempt a character space that large. They are going to go for the lowest common denominator and end up with about 20% of the passwords in the database. 

4.) Make complex passwords. I explained this. My passwords will never be cracked by brute force with currently available technology. Not only that, but no cracker will even attempt a crack that would expose my passwords. 

5.) I agree here. The case sensitive crap on blizzard passwords is just inexcusable. 

6.) Yes. Capital letters are required for password complexity. I already said in previous posts that I was pissed about the case sensitive thing from blizzard. 

Shadow's Hand Guild
Open recruitment for

The Secret World - Dragons

Planetside 2 - Terran Republic

Tera - Dragonfall Server

http://www.shadowshand.com

  zymurgeist

Hard Core Member

Joined: 12/24/04
Posts: 5178

5/24/12 10:30:36 PM#271
Originally posted by sunshadow21
Originally posted by iceman00

Blizzard isn't really concerned about tradeoffs here, since, as you rightly point out, even simple things like case-sensitivity isn't there.

This is the biggest difficulty I'm having. If they can't even be bothered to implement something as basic and usually automatic as case sensitivity, why should I accept their claims that it's all the user's fault when clearly they aren't intrerested in doing the simple things that can be done on their end? Case sensitivity by itself wouldn't a major thing, but combine it with other simple things like a virtual keyboard to get around keyloggers, and other similar simple, easy to implement ideas, and the impact would be significant with fairly little cost to Blizzard.

 It's not a case of can't be bothered or cost. They used to have case sensitivity. It's a problem with their customers. They aren't morons what many of them are is children or people with no computer skills whatsoever. This is a calculation they made fully aware of what it means. While I may disagree with their decision I'm not naive enough to think Blizzard is just clueless or not listening to theit customers. It's because they are listening to their customers and doing the math. Also this hacking is fairly rare. You hear a lot about it but their customer base is huge compared to other games.

"Strong and bitter words indicate a weak cause" ~Victor Hugo

  gatheris

Apprentice Member

Joined: 9/09/06
Posts: 971

5/24/12 10:42:22 PM#272
Originally posted by itgrowls

It's interesting to me that this is happening when there are free ways of dealing with it. Heck even the authenticators are cheap and free delivery. So why are people posting about this again? It's the users fault if they get hacked at this point due to the security that Blizz emplemented. It really is. I'm not a Blizz fan when it comes to the direction their company is going but i have to say they did the right thing when it comes to security for their players.

complete bull

beyond not handing out your passwords to one and all it is up to the business to protect your data - period

 

  AIMonster

Hard Core Member

Joined: 12/31/08
Posts: 2014

5/24/12 10:44:20 PM#273

There is a rumor going around that a hacker can spoof your ID (obtained by joining a public game with the hacker) and bypass the need to use the authenicator.  I don't know if it's true, but some people "claim" to have been hacked even with the authenicator active.

It's probably untrue and Blizzard claims that there are no reports of accounts breached that used an authenicator.

Still, Blizzard doesn't exactly have the best security and privary protection.  Registering an e-mail account on Bnet will open you open to multiple phishing attempts even if you never used the e-mail address for anything else (or at least it did at one point).

Raptr link because it's the cool new trend:

  Rednecksith

Apprentice Member

Joined: 6/12/09
Posts: 1272

Bite my fiery metal ass!

5/24/12 10:55:56 PM#274
Originally posted by gatheris
Originally posted by itgrowls

It's interesting to me that this is happening when there are free ways of dealing with it. Heck even the authenticators are cheap and free delivery. So why are people posting about this again? It's the users fault if they get hacked at this point due to the security that Blizz emplemented. It really is. I'm not a Blizz fan when it comes to the direction their company is going but i have to say they did the right thing when it comes to security for their players.

complete bull

beyond not handing out your passwords to one and all it is up to the business to protect your data - period

 

Complete bullshit.

It is up to the USER to keep their PC safe and secure. It's not Blizzard's fault somone clicked a bad link, went to a site with a bad ad, fell for a phishing attempt, etc.

How exactly is Blizzard supposed to make sure you do none of the above? The only thing they can do is warn and attempt to educate you, and that's a hell of a lot more than they are required to do. To say nothing of providing free mobile authenticators, and at-cost physical ones.

Now if Blizzard's servers get hacked (which they have not) then yes, it is their responsibility.

 

  RainBringer

Novice Member

Joined: 4/04/11
Posts: 163

Airstrikes - verb: to campaign against hikes in rocket and/or missile fuel prices.

5/24/12 10:59:54 PM#275
Originally posted by zymurgeist

 

They aren't morons what many of them are is children or people with no computer skills whatsoever. This is a calculation they made fully aware of what it means.

So, understanding the difference between an Uppercase " A " and a lowercase " a " is now a matter of "computer skills". I see the Blizzard defence club is getting desperate enough to throw out ridiculous statements since they are running out of anything substantial to say, might wanna stop before you guys start blaming the player for any leak on Blizzard's end...or wait has some fangirl already thrown that excuse out already? 

 

Virtual keyboard seems like a decent precautionary measure for such cases. Yea I can see it happening sometime in the near future.

"Just pay and download a VK app for $15.99 and you can be free of all your hacking woes!

But Only works if you have bought ALL our Blizzard™ Authenticator versions 1, 2, v5, x15, zz20 and special edition 2 for service pack 3(until we put out more ca-ching junk applica...err Required Software Protection)."

 

Online-always DRM is working as intended, yea?

But it would be funny if Anon strikes against BNet for this D3 debacle. Shit would hit the exhaust fan.

Gullible are the fanboys; How blind is their sight!

  Lagoz

Novice Member

Joined: 5/14/12
Posts: 92

5/25/12 2:49:42 AM#276

If you play blizzard games you should know by now to get an authenticator.

I've never been hacked after getting it.

  MikkelB

Novice Member

Joined: 2/23/06
Posts: 239

5/25/12 2:54:58 AM#277

For the ease of reading I'll just post it here:

Battle.net®/Diablo III Security Concerns

Over the past couple of days, players have expressed concerns over the possibility of Battle.net® account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who've contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account, and we have yet to find any situation where a Diablo III player's account was accessed outside of "traditional" compromise methods (i.e. someone logging using an account's login email and password).

To that end, we've also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these "traditional" methods -- for example, by "session spoofing" a player’s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.

The best defense against account theft still includes smart password management (e.g. using a unique password for every site/service and keeping your password to yourself) and scanning for malware and viruses regularly, as well as following additional preventative steps found here. In the end, while no security method is 100% foolproof, the physical Battle.net Authenticator and Battle.net Mobile Authenticator app are great ways to provide your account with an extra layer of protection.

Source: http://us.battle.net/d3/en/forum/topic/5149181449

One thing that sticks out, is the bit where he says that only a extremely small number of players reported a potential compromise. Makes me wonder if all the ragers actually did contact Customer Service and/or made a ticket, if those ragers were full of hot air as usual or if Blizzard is 'lying' here.

At least Blizzard made this statement (i.e. "We haven't been compromised"), which is more worth to me then the countless of posts going: "I've been hacked! On my clean PC, handcrafted yesterday, only Diablo 3 installed and I've never been hacked before! It's all Blizzard's fault!", without giving proof.

  zymurgeist

Hard Core Member

Joined: 12/24/04
Posts: 5178

5/25/12 6:24:34 AM#278
Originally posted by RainBringer
Originally posted by zymurgeist

 

They aren't morons what many of them are is children or people with no computer skills whatsoever. This is a calculation they made fully aware of what it means.

So, understanding the difference between an Uppercase " A " and a lowercase " a " is now a matter of "computer skills". I see the Blizzard defence club is getting desperate enough to throw out ridiculous statements since they are running out of anything substantial to say, might wanna stop before you guys start blaming the player for any leak on Blizzard's end...or wait has some fangirl already thrown that excuse out already? 

 

Virtual keyboard seems like a decent precautionary measure for such cases. Yea I can see it happening sometime in the near future.

"Just pay and download a VK app for $15.99 and you can be free of all your hacking woes!

But Only works if you have bought ALL our Blizzard™ Authenticator versions 1, 2, v5, x15, zz20 and special edition 2 for service pack 3(until we put out more ca-ching junk applica...err Required Software Protection)."

 

Online-always DRM is working as intended, yea?

But it would be funny if Anon strikes against BNet for this D3 debacle. Shit would hit the exhaust fan.

 Typing the password itself isn't the problem. Most people use passwords far to weak no matter what security options they are offered. The problem is what to do if you get locked out of your account. I'm not defending Blizzard. I don't agree with it. I'm telling you what they did and why. Put aside your hater hat  and think about it.

"Strong and bitter words indicate a weak cause" ~Victor Hugo

  RainBringer

Novice Member

Joined: 4/04/11
Posts: 163

Airstrikes - verb: to campaign against hikes in rocket and/or missile fuel prices.

5/25/12 6:43:24 AM#279

Oh I assure you, I keep my thinking hat on even if I wear a "hater hat" on top of it.

If a person cant remember his own password, its no excuse to NOT implement a secure system for safeguarding passwords. It just means that the person needs to write his password down somewhere (like in a 8th grade textbook). And also there are password reminders for such instances via emails so we arent talking bout ground breaking stuff here.

If a player uses a generic 'Abc123' password, then again it doesnt mean that the company responsible for safeguarding this feeble attempt from the player's end should just sit back and say "whoops easy password, not my problem, buy my safeguarding shite" and turn Abc123 into abc123, ABC123, abC123, etc and give a brute force program more than 1 liable option at breaking down such easy passes.

And you dont address the Virtual keyboard issue either. Even a child would find it fun to press a virtual button, so I dont know how Blizzard cant "cater" to the majority of their playerbase.

 

And sorry to say, but coming up with excuses as to why Blizzard is not at fault is pretty much on the same grounds as defending them, even though you might personally not find it agreeable, call it force of habit or fanboyism or whatever if you may. But just saying it for what it is. And only reason why I even posted here was because of that absurd excuse you came up with in Blizzard's defence, They aren't morons what many of them are is children or people with no computer skills whatsoever. So do tell us from when does knowing the difference between a Capital ' A ' and a small letter ' a ' become a matter of "computer skills"? Excuses such as these show that You arent wearing that thinking hat over those rosy tinted goggles of yours. Hillarious stuff that.

Gullible are the fanboys; How blind is their sight!

  MikkelB

Novice Member

Joined: 2/23/06
Posts: 239

5/25/12 7:03:08 AM#280
Originally posted by RainBringer

Oh I assure you, I keep my thinking hat on even if I wear a "hater hat" on top of it.

If a person cant remember his own password, its no excuse to NOT implement a secure system for safeguarding passwords. It just means that the person needs to write his password down somewhere (like in a 8th grade textbook). And also there are password reminders for such instances via emails so we arent talking bout ground breaking stuff here.

If a player uses a generic 'Abc123' password, then again it doesnt mean that the company responsible for safeguarding this feeble attempt from the player's end should just sit back and say "whoops easy password, not my problem, buy my safeguarding shite" and turn Abc123 into abc123, ABC123, abC123, etc and give a brute force program more than 1 liable option at breaking down such easy passes.

And you dont address the Virtual keyboard issue either. Even a child would find it fun to press a virtual button, so I dont know how Blizzard cant "cater" to the majority of their playerbase.

 

And sorry to say, but coming up with excuses as to why Blizzard is not at fault is pretty much on the same grounds as defending them, even though you might personally not find it agreeable, call it force of habit or fanboyism or whatever if you may. But just saying it for what it is. And only reason why I even posted here was because of that absurd excuse you came up with in Blizzard's defence, They aren't morons what many of them are is children or people with no computer skills whatsoever. So do tell us from when does knowing the difference between a Capital ' A ' and a small letter ' a ' become a matter of "computer skills"? Excuses such as these show that You arent wearing that thinking hat over those rosy tinted goggles of yours. Hillarious stuff that.

I understand your issue's, but the only thing Blizzard can do regarding the strength of passwords, is putting up some restrictions, for example, use at least:

  • one capital letter
  • one number
  • one special character.

What would be better, is also demand that players make a passphrase, including the above named restrictions, with a length of 10 signs minimum. Passphrases are harder to crack and easier to remember. Information Security in general would benefit to some degree if everyone started supporting passphrases (not every loginsystem support long passwords). Aside from checking if the user passes the restrictions, there isn't much else Blizzard can do about it. They can hardly check if the passwords are good enough. They're meant to be secret and all

Your idea of a virtual keyboard is nice and all, but that isn't faultless as well. These keyboards still use the keyboard drivers, which keyloggers can also check/infect so to say. This is a semi-interesting read about virtual keyboards: http://ask-leo.com/will_using_an_on_screen_keyboard_stop_keyboard_loggers_and_hackers.html

It's unlikely that companies like Blizzard are going to pour money into researching the perfect virtual keyboard. Simply because it's easier to abuse then something like the authenticator.

15 Pages First « 9 10 11 12 13 14 15 » Search