Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)



That wouldn't show up as anything unusual. It would just show up as you…logging in, from your computer.

In order to trace the "digital footprint" they would need access to your machine. That's where the log is.


Blizzard has a log of everything you do with your account.

Excuse me for a second while I refer to my log of last logout and last login. Now I ask Blizzard to do the same. Wait, what? There is NO unusual activity between the last logout before sleep and the last logon after work? So in other words my logon credentials have not been compromised.

That leaves us with two scenarios.

Exploit on Blizzard side. Massive loophole that eventually will be traced and patched.

OR

Corrupt Data. DB lost primary keys/indexes are shot/pathways are incorrect...etc etc etc....meaning some nerd/geek smarter than I will point it out, it will be fixed and things will move forward and the poor geek/nerd will never get credit while some middle management bureaucrat will take all the glory and get a raise.
Do you write down the EXACT time you log out?

If I want to cover my tracks I'm just going to wait for you to log out, then log in, loot your character in 90 seconds then log out.
You don't need to join any games for people to get your session ID.

You can add ANYONE to your friends list without their consent. When one of those people get an achievement it is broadcasted to anyone that has them on their friends list. They can get your session ID from that.

You don't know what you are talking about.


Was there any hard proof, at all, of session spoofing or is it all just frustrated customers looking for a scape goat who fooled themselves into thinking their system was 100% secure.
90 Gnome Warrior
1420


It sure explains why people are complaining that they get hacked when they haven't played in public gamaes.

But that would debunk your entire theory, how convenient of you to neglect it.


Please link me to a single post (by someone that isn't your alt or made after this post), from anyone who claims to have been hacked and never clicked the public game button even once since d3 has been out.

/tap

/yawn

spoiler: White-Knighting Blizzard won't get you MVP status. They done goofed.


http://us.battle.net/d3/en/forum/topic/5149009746?page=1#5

Oh god, you just got told
If Session ID spoofing is a theory, can't someone at Blizzard try doing this themselves and see if that is indeed a way for this hacking to occur? Seems like a simple way to test it. And really, to the poster who said who cares, just fix the lag and disconnects. I would be more concerned with losing all my hard work on leveling up my character first. Yeh, lag is bad, but I would rather this hacking/whatever problem be fixed first. And atrocious of Blizzard to keep insinuating its customers fault for not having enough security on the customer end. Sure, some people probably don't. But not all of these players are that stupid.
My concern is that this post appears to be a non denial denial. Are you saying there isnt a Battle.net exploit and the problems are entirely due to user error?
-
Edited by Anthony#1881 on 5/25/2012 1:33 AM PDT
My concern is that this post appears to be a non denial denial. Are you saying there isnt a Battle.net exploit and the problems are entirely due to user error?


Yes, thats exactly what they're saying. These compromises are user error.
You don't need to join any games for people to get your session ID.

You can add ANYONE to your friends list without their consent. When one of those people get an achievement it is broadcasted to anyone that has them on their friends list. They can get your session ID from that.

You don't know what you are talking about.


Was there any hard proof, at all, of session spoofing or is it all just frustrated customers looking for a scape goat who fooled themselves into thinking their system was 100% secure.


Someone suggested this as a possibility, but simply having a Session ID is not enough to spoof an entire game session. Sessions, any kind of session, are typically signed. It's also just not enough information to do anything with.

When you log into Facebook you have a Session or Cookie ID. If you give me that number I can't just magically log in as you.
Edited by ralphthemagi#1188 on 5/21/2012 9:28 PM PDT
05/21/2012 09:25 PMPosted by D3Gamer1958
If Session ID spoofing is a theory, can't someone at Blizzard try doing this themselves and see if that is indeed a way for this hacking to occur? Seems like a simple way to test it. And really, to the poster who said who cares, just fix the lag and disconnects. I would be more concerned with losing all my hard work on leveling up my character first. Yeh, lag is bad, but I would rather this hacking/whatever problem be fixed first. And atrocious of Blizzard to keep insinuating its customers fault for not having enough security on the customer end. Sure, some people probably don't. But not all of these players are that stupid.


It's not about stupidity (well, sometimes it is). It's about realizing that security means being aware of the potential flaws in your system.

No one ever thinks that their security is flawed until it's broken. And it's not atrocious behavior to explain where the account compromises are coming from: the user's end. That's where they've always come from, so this shouldn't be a shocker.


Blizzard has a log of everything you do with your account.

Excuse me for a second while I refer to my log of last logout and last login. Now I ask Blizzard to do the same. Wait, what? There is NO unusual activity between the last logout before sleep and the last logon after work? So in other words my logon credentials have not been compromised.

That leaves us with two scenarios.

Exploit on Blizzard side. Massive loophole that eventually will be traced and patched.

OR

Corrupt Data. DB lost primary keys/indexes are shot/pathways are incorrect...etc etc etc....meaning some nerd/geek smarter than I will point it out, it will be fixed and things will move forward and the poor geek/nerd will never get credit while some middle management bureaucrat will take all the glory and get a raise.
Do you write down the EXACT time you log out?

If I want to cover my tracks I'm just going to wait for you to log out, then log in, loot your character in 90 seconds then log out.


But we've already seen that they don't wait. They boot you off right then and there. More importantly THEY ARE STILL DOING IT! It is still happening throughout the night. You can even see a video of them doing it on Youtube for crying out loud. BTW, isn't that part of the "always online" portion of this game, that they know when you log on/off?
Do you write down the EXACT time you log out?

If I want to cover my tracks I'm just going to wait for you to log out, then log in, loot your character in 90 seconds then log out.


But we've already seen that they don't wait. They boot you off right then and there. More importantly THEY ARE STILL DOING IT! It is still happening throughout the night. You can even see a video of them doing it on Youtube for crying out loud. BTW, isn't that part of the "always online" portion of this game, that they know when you log on/off?
If they are booting you off and you can't log back in then it isn't a session hijack.
This says nothing. Yet another inept response from CSR about the game. Telling people who have been online for years how to protect their accounts? We aren't morons or little kids.

Good luck making money from the RMAH which was your golden egg because after this and that poor excuse as a response your gonna need it.


The laughable part of this is this long post telling us how to secure our accounts, and just a day or two ago, there was a post about disabling your AV and pulling yourself out from behind your NAT router in order to bypass technical problems related to keeping a connection. All this with no warning of the RIDICULOUS SECURITY IMPLICATIONS in doing that.


Sigh. Sure I have no education. I am just a dumb ole country boy that knows the basis of every CPU is developed upon the founding principles of millions of transistors doing the simple boolean algebra stuff based upon the logic of j-k flip flops. I digress though since you know far more than I do.

Like how Blizzard is saying it is my fault for my logon credentials and yet their log files show NO unusual logins from the time I legitimately logged off to take my geritol and sleep to my legitimate logon after work the next day.

Yet CPUs don't use BJTs lol! And J-K flip-flops have very few applications in CPUs as they are far more complex than generally required. Latches or D-FFs are used far more often.


Really? Really? You son can stop with the charades. Boolean algebra is the founding father of logic.

Please educate me on the stuff that actually dictates how the skin current of conductors are used. Are you on 3, 4 or 5, electrons in the outer shell?
05/21/2012 08:15 PMPosted by Lylirra
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised.


Is it just me or was this actual question here never addressed after the opening statement?

I am one of the ones who believes that the issue is 100% user error, but your overall message is pretty unclear on this. Is Battle.net compromised or not?
Edited by Sammich#1797 on 5/21/2012 9:32 PM PDT
im afraid to lose my 11.2k damage wizard D:


But we've already seen that they don't wait. They boot you off right then and there. More importantly THEY ARE STILL DOING IT! It is still happening throughout the night. You can even see a video of them doing it on Youtube for crying out loud. BTW, isn't that part of the "always online" portion of this game, that they know when you log on/off?
If they are booting you off and you can't log back in then it isn't a session hijack.


How so? Blizzard has already admitted that if they think something is screwy they force you to reset your password. It makes sense that they take your account through a backdoor fashion, and when you try to log in legitimately Blizzard senses that something is off and forces you to reset your password.
BTW, wasn't there an MMO that swore up and down that the massive hacking issues were all on the user in for days on end until a user showed them the security flaw?

Yet CPUs don't use BJTs lol! And J-K flip-flops have very few applications in CPUs as they are far more complex than generally required. Latches or D-FFs are used far more often.


Really? Really? You son can stop with the charades. Boolean algebra is the founding father of logic.

Please educate me on the stuff that actually dictates how the skin current of conductors are used. Are you on 3, 4 or 5, electrons in the outer shell?

LOL! Now you are bringing in the skin effect. Please keep it up. This is very entertaining :)
No offense but when your own logs show that nobody has logged in between me logging out for the night and logging in after work and my account is stripped then don't try and peddle any addon.

When one of your astute coworkers can tell me the difference between a pnp and an npn common emitter and common base collector on a transistor then I will be inclined to listen.


Really dude...?! These people are computer programmers...not computer engineers...there is a difference.


Well I was trying to provoke a conversation with someone other than the misinformed that it was MAI FAULT!!!!ONE!!!ELEVEN!!!!
Edited by Ganelon#1321 on 5/21/2012 9:35 PM PDT
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]