Author Topic: Do you like Diablo 3?  (Read 127205 times)

Offline zespri

  • Hero Member Mark III
  • *****
  • Posts: 1,109
Re: Do you like Diablo 3?
« Reply #60 on: May 21, 2012, 10:42:04 pm »
And the worst case in this case is that it's caused by connecting to other people! So you got to play singleplayer (which still needs internet) to not get infected at all.
Where did you read this?

Offline chemical_art

  • Core Member Mark IV
  • *****
  • Posts: 3,952
  • Fabulous
Re: Do you like Diablo 3?
« Reply #61 on: May 21, 2012, 10:45:54 pm »
And the worst case in this case is that it's caused by connecting to other people! So you got to play singleplayer (which still needs internet) to not get infected at all.
Where did you read this?

http://www.forbes.com/sites/erikkain/2012/05/21/breaking-blizzard-diablo-iii-player-accounts-hacked-items-and-gold-stolen/

"One theory suggested by players on the Battle.net forum revolves around hijacking session identifiers, which would allow hackers to take over accounts without alerting Blizzard’s authentication server. Again, this remains unconfirmed.”

This is partly based off numerous reports of players with the paid authenticator getting hacked. The authenticator makes it very difficult to be hacked on the player side. However, by someone intercepting and/or foiling the handshake between player and server, sudden a hack becomes more reasonable for a new system.

This would explain why a whole region went down in prime time (sunday night local Europe time)
 
On the one hand, its not official, but on the other hand, it will never be official because the only way it could be official would be if the owners say so and they NEVER will say so because if they do they will damage their long term money making model of taking a tithe (or tax, or fee, or whatever you want to call) off the money auction house they are planning.
« Last Edit: May 21, 2012, 10:47:52 pm by chemical_art »
Life is short. Have fun.

Offline KingIsaacLinksr

  • Master Member
  • *****
  • Posts: 1,332
  • A Paladin Without A Crusade...
Re: Do you like Diablo 3?
« Reply #62 on: May 21, 2012, 11:18:03 pm »
And the worst case in this case is that it's caused by connecting to other people! So you got to play singleplayer (which still needs internet) to not get infected at all.
Where did you read this?

Even single player people are reporting getting their accounts hacked.

King
Casual reviewer with a sense of justice.
Visit the Arcen Mantis to help: https://www.arcengames.com/mantisbt/
A Paladin's Blog. Long form videogame reviews focusing on mechanics and narrative analyzing. Plus other stuff. www.kingisaaclinksr.com

Offline zespri

  • Hero Member Mark III
  • *****
  • Posts: 1,109
Re: Do you like Diablo 3?
« Reply #63 on: May 21, 2012, 11:58:17 pm »
Even single player people are reporting getting their accounts hacked.

Well, they may be just getting on the bandwagon of the complaining crowd - you don't know if they did not have a trojan, send their password to "support person", etc. It's really difficult to figure out what truth is if you don't have reliable sources of information.

It seems that the wave of hack was caused by a particular technique, the details of which will remain unknown. Of course it's a certainty that there will be other people compromised differently.

Offline zespri

  • Hero Member Mark III
  • *****
  • Posts: 1,109
Re: Do you like Diablo 3?
« Reply #64 on: May 22, 2012, 12:05:59 am »
http://www.forbes.com/sites/erikkain/2012/05/21/breaking-blizzard-diablo-iii-player-accounts-hacked-items-and-gold-stolen/

"It has been suggested that the EU servers were taken offline following a SQL injection attack, but this remains unconfirmed"
Really? Do they even know what SQL injection attack is?

Offline KingIsaacLinksr

  • Master Member
  • *****
  • Posts: 1,332
  • A Paladin Without A Crusade...
Re: Do you like Diablo 3?
« Reply #65 on: May 22, 2012, 12:07:18 am »
http://www.forbes.com/sites/erikkain/2012/05/21/breaking-blizzard-diablo-iii-player-accounts-hacked-items-and-gold-stolen/

"It has been suggested that the EU servers were taken offline following a SQL injection attack, but this remains unconfirmed"
Really? Do they even know what SQL injection attack is?

Forbes doesn't know a lot of things....I quit reading their stuff for a while now.

King
« Last Edit: May 22, 2012, 12:14:33 am by KingIsaacLinksr »
Casual reviewer with a sense of justice.
Visit the Arcen Mantis to help: https://www.arcengames.com/mantisbt/
A Paladin's Blog. Long form videogame reviews focusing on mechanics and narrative analyzing. Plus other stuff. www.kingisaaclinksr.com

Offline chemical_art

  • Core Member Mark IV
  • *****
  • Posts: 3,952
  • Fabulous
Re: Do you like Diablo 3?
« Reply #66 on: May 22, 2012, 12:14:34 am »
*shrug*

I never mentioned SQL injection. I linked that article to post where I got my theory of the handshake snatching from. I only mentioned forbes it was sourced by this:

http://freethoughtblogs.com/zingularity/2012/05/21/stolen-handshakes-session-id-hijacking/

and I never heard of them but saw forbes and thought (welp, at least I heard of them)


As I said. With anything of this nature, the biggest names in business won't touch this because they cannot prove it. So those who either take chances, and risk "not knowing what they are talking about", or are so tiny that they just want spotlight take it up.

The only ones who can prove it have their interests to cover it up, distort, and ignore it for there is money directly involved in the future.

As a result of this both lack of information and lack of interest in news agencies to devote significant resources (because at the core this is a very niche story) there is not the normal level of scrunity that business may normally get.


The end result is this:

Players who use authenticators are probably getting hacked. Players who use single player are probably hacked. Whole servers are going down in prime time with no explanation. The games are required to be online, the security of the servers have never been truly tested, and there is massive financial gain in hacking this game.

Ultimately, its up to you to connect the dots and decide for yourself what has happened. But none can disagree that its leading to a lot of frustration that is a result of being forced to connect a server to play.
« Last Edit: May 22, 2012, 12:25:14 am by chemical_art »
Life is short. Have fun.

Offline zespri

  • Hero Member Mark III
  • *****
  • Posts: 1,109
Re: Do you like Diablo 3?
« Reply #67 on: May 22, 2012, 07:39:48 am »
Yeah, according to Blizzard, nothing happened. http://us.battle.net/d3/en/forum/topic/5149619846

Offline zebramatt

  • Master Member Mark II
  • *****
  • Posts: 1,574
Re: Do you like Diablo 3?
« Reply #68 on: May 22, 2012, 08:27:23 am »
I have it but am without a permanent internet connection at home and thus unable to play.

I have, however, been thoroughly enjoying Diablo 2 again.

Offline chemical_art

  • Core Member Mark IV
  • *****
  • Posts: 3,952
  • Fabulous
Re: Do you like Diablo 3?
« Reply #69 on: May 22, 2012, 09:31:24 am »
Yeah, according to Blizzard, nothing happened. http://us.battle.net/d3/en/forum/topic/5149619846

It's aggravating, but we can't be sure what happened.

Blizzard's response is actually interesting. Not in what they said, but in what they did not say. See below.

One the other hand you have galore of players saying they have been hacked for various reasons. Hundreds if not thousands of responses.

Blizzard you would hope would want to give an honest response. However, in my experience, it is very difficult if not impossible to have a company admit something on their side allowed hacking. That is assuming they would make no further money after a game sale. So when you combine that with the fact Blizzard will be making a ton of money in the future for a feature that depends on the customers trust you get them in the situation of deny, deny, deny.

And for the players, you can't filter out the real ones from the fake ones. Some certainly are making it up. Some others have been hacked from the traditional sense on the player end. But when you have so many, some saying despite authenticators, some showing logs of their character giving away items to a lvl 1, and other signs of hacking it makes me think.

Something is amiss here.

I've read through the Blizzard response, and here's another thing. They have not stated one way or another actually whether Battle.net. Is compromised. They never talk about it. The whole post is filled with generalizations that while technically true don't address this situation. It's a cookie cutter response.

...

"  From the blizzard response"

   
 We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised.
So they are going to talk about Battle.net and Diablo III directly?
Historically, the release of a new game -- such as a World of Warcraft® expansion -- will result in an increase in reports of individual account compromises, and that's exactly what we're seeing now with Diablo III.
True. I wonder why that is? The players who migrate over from WoW or other games don't get any stupider.
We know how frustrating it can be to become the victim of account theft, and as always, we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe -- and we appreciate everyone who's doing their part to help protect their accounts as well.
True. But my friends who have been hacked would disagree. Especially how they get hundreds of false emails about fakes claiming their accounts were hacked but when it happens for real they hear nothing.
You can read about ways to help keep your account secure, along with some of the internal and external measures we have in place to help us achieve our security goals, at our account security website here: www.battle.net/security.
Nothing wrong with that. Good, good
We also wanted to reassure you that the Battle.net Authenticator and Battle.net Mobile Authenticator (a free app for iPhone and Android devices) continue to be some of the most effective measures we offer to help players protect themselves against account compromises, and we encourage everyone to take advantage of them. In addition, we also recently introduced a new service called Battle.net SMS Protect, which allows you to use your text-enabled cell phone to unlock a locked Battle.net account, recover your account name, approve a password reset, or remove a lost Authenticator. Optionally, you can set up the Battle.net SMS Protect system to send you a text message whenever unusual activity is detected on your account, keeping you aware of important (and possibly unwanted) changes."
These are good things. But this is all so far generic stuff. Not addressing Battle.net itself. All these so far are security measures the player can use. But players are all using these things and still getting hacked. My friend is my personal connection, but I've heard it hundreds of other times as well. But they still rely on being safe during the handshake. All the security and defenses are on the player side. But what about Battle.net itself being comromised? When are we going to talk about the orginal sentence?

[Rest of post is blizzard saying if they notice something unusual they ask for more info]

Oh, I see. You are going to talk about it directly. But you spend the whole post telling players how they must beef up security. Nothing at Blizzard could possibly be wrong.


After telling my Dad this situation he said it reminds him of the Ford Pinto situation. It is cheaper to roll back accounts then it would be to admit any error on their part.


P.S. Yes I mad. My friend over the night got hacked. He has all the security functions blizzard mention but still got hacked. He said it happened after a night of public games then going to sleep.
Life is short. Have fun.

Offline keith.lamothe

  • Arcen Games Staff
  • Arcen Staff
  • Zenith Council Member Mark III
  • *****
  • Posts: 19,505
Re: Do you like Diablo 3?
« Reply #70 on: May 22, 2012, 09:35:39 am »
Blizzard is in a tricky situation security-wise because D3 is a big enough target to attract the attention of organized crime.  And, with very few exceptions, "network security" is something that really only exists until someone with enough resources decides it wants to get through it.

And then there's the PR situation they're in (partly as a result of the security situation), which might be worse ;)
Have ideas or bug reports for one of our games? Mantis for Suggestions and Bug Reports. Thanks for helping to make our games better!

Offline zespri

  • Hero Member Mark III
  • *****
  • Posts: 1,109
Re: Do you like Diablo 3?
« Reply #71 on: May 22, 2012, 06:32:27 pm »
Auction house is next to unusable now, and when I try to submit a ticket I'm getting "An unknown error has occurred." on the site. Blizzard, I thought better of you! No, really.

Offline eRe4s3r

  • Core Member Mark II
  • *****
  • Posts: 2,825
Re: Do you like Diablo 3?
« Reply #72 on: May 23, 2012, 03:56:11 am »
What really aggravates me is that Blizzard does not announce down-time properly. And the rest of their communication is a joke. The game has a launcher, yet no b.net related status news appear in IT. Basically, the one thing that really matters, namely whether you can play or not, only appears after you start the game. You can not even know whether b.net for D3 is down without actually starting Diablo 3. And even then you still have to try to log-in or not to know whether it's really down.

They said its gonna be down 3am to 9am for Europe (AGAIN!) (already a 6 hour down-time again) in GMT+1
Then at 9 am, they open up, and set a dead-men counter that shuts it all down again 15 minutes later.

No explanation why or what.

Stuff like this just makes you not like Blizzard. Also how after SC2, WoW and Wc3 they still have Battle.net issues.. that is really telling.
Proud member of the Initiative for Bigger Weapons EV. - Bringer of Additive Blended Doom - Vote for Lore, get free cookie

Offline Mánagarmr

  • Core Member Mark V
  • *****
  • Posts: 4,272
  • if (isInRange(target)) { kill(target); }
Re: Do you like Diablo 3?
« Reply #73 on: May 23, 2012, 08:40:58 am »
You lot act as if you're surprised. How could you not see this coming the second the "always online" was announced?
Click here to get started with Mantis for Suggestions and Bug Reports.

Thank you for contributing to making the game better!

Offline keith.lamothe

  • Arcen Games Staff
  • Arcen Staff
  • Zenith Council Member Mark III
  • *****
  • Posts: 19,505
Re: Do you like Diablo 3?
« Reply #74 on: May 23, 2012, 11:28:52 am »
You lot act as if you're surprised. How could you not see this coming the second the "always online" was announced?
A triumph of hope over experience.
Have ideas or bug reports for one of our games? Mantis for Suggestions and Bug Reports. Thanks for helping to make our games better!