|68 posts found|
5/27/12 1:23:56 PM#61
Originally posted by Newmoon
I say it again.... it is much more likely that a guild / fansite or public forum got comprimised, as they don't have to follow the legislations like Big corporations need to!
I mean, sure SOE got hacked last year, but the passwords in the database were still encrypted.
How many guild or fansites run Open Source software like Wordpress, phpBB, etc, etc ? How many owners of those sites bother keeping that software up to date with patching?
You would be suprised how many guild / fansite / public forum owners are downright lazy and sloppy and don't keep their stuff properly patched and updated! Not to mention take their time to install plugins and/or run the necessary configurations to make their site more secure!!
Especially wordpress and phpBB are continiously plagued by vulnaribilties and security issues and if you didn't kept your sites/forums updated..... well you can't make it any easier for hackers to compromise those sites and steal user info straight out of these databases!
And as so many people use the same email and password on these kind of sites too. It is far more likely the hackers got your password from a fan / guild site or public forum!
5/27/12 1:27:49 PM#62
Well Blizzard has said the number of reports they have received is very small. I'm inclined to believe them.
Remember, this is a game with at least 6.3 million players. Possibly 7 million right now.
The game also has a huuuuge target on it's back.
I'm inclined to believe Blizzard saying a small number have reported being hacked. What that says to me is that possibly some arent reporting it or there are a crapload of trolls on the official forums.
The latter seems more likely to me. I'm sure some people don't report it though. But that begs the question, if they are piston all over the forums and freaking out with nerd rage why are they not putting in a ticket?
The facts support blizzards statement. I've been attempting to find holes in D3 since this all began.
I started with the session spoofing. Now I'm looking for other kinds of vulnerabilities that might exist. I have found nothing to date.
I have been debating posting some sort of details about my research, but it's not really a responsible thing to do.
Just like that guy that found the Rift hole, I am sure there are others like him taking a close look at D3 right now. If something is there they will find it.
I assure you, if I find anything I will eat my words and you guys will know about it, but I'm just not seeing anything right now.
I, like you, am normally very open minded in these situations. Anything is possible. Companies have been compromised and not known about it for a year or more.
In this case, I am backing my skepticism up with data.
5/27/12 1:34:13 PM#63
I have seen posts on the official forums with people claiming that a bunch of people in their guild got hacked to so it's obviously on Blizzards end!
That just screams guild site hacked to me.
5/27/12 1:44:07 PM#64
Originally posted by dubyahite
I can give you a perfect example.
I run a site for myself to profile myself as IT consultant. This site runs under Wordpress.
I have properly configured this site, including the security hashes within the php-config, run some security plugins, but above all make sure all plugins and Wordpress is up to date with latest patches.
One day my site got hacked (like a ton of other wordpress sites that weekend) by a Turkish hackgroup that found a vulnaribility in the php-admin page that enabled them to bypass it completely and gain access to your wordpress site with Full admin privileges!!
This happened ironically right after a Wordpress update! Just so you know.
Luckily I was the only one affected, as I don't have users registered nor run a forum!
So with daily backups, I was quickly back up and running and Wordpress luckily released a new update within a few days.
This stuff happens all the time with OpenSource software... especially because it's so popular and above all FREE!
That is why I don't run my own guilds and guildsite/forums anymore.... I just don't want that kind of responsibility anymore, especially since I just don't have the time for it anymore either.
More importantly tho, it's not even fun anymore, because of all the hacking going on these days, not to mention all the spamming you need to deal with as well.
If you trully want to run a secure guild forum, you are practically forced to buy a vBullitin Forum license. Which is not cheap! 195 bucks for just a standard forum license or 285 bucks for the CRM suite!
5/27/12 2:09:39 PM#65
I might have a hint.
A couple of weeks prior to the game release I received a really looking legitimate email from "blizzard" stating whatever about diablo 3 (i say whatever because I deleted it right away)
This email had to be a key logger, I don't think I had any virus/worm from it since it was contain in a sandbox.
I know that this email was not legitimate since I changed my email adres on battlenet a year ago of so.
So anything I receive on the first email adres i had on battlenet before I changed my email adres is a skim. I know that because I was ever hack on my WoW account after I did opened one of those "official" email from "blizzard*east". Those guyz are really good, i don't know how they manage to have a legit sender, the magical truccande.
My guess is many people that had been hack with WoW at any given time received this email about and got hack soon after the game release with their loggin and credentials if they bought the game.
Real money auction house, with millions gamers, hum sound like a lot of people will make an infernal work out of it. I think everybody deserve to play some game
Diablow 3, it sucks ...
5/27/12 2:53:08 PM#66
My soamfolder on one of my throwaway emails is full of blizzard phishing/malware/whatever attempts. And it's never been associated with any blizzard game's.
Hard Core Member
All it takes for evil to succeed is for the good to stand by and do nothing
5/28/12 3:18:22 PM#67
Originally posted by itgrowls
:) I meant profit wise
5/28/12 3:36:51 PM#68
Originally posted by Karahandras
They sell the Authenticators at cost. This has been revealed many many times by Blizzard.