Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

Just an Idea for Security. Do IP-Restrictions. IPs of foreign countries have to be confirmed via E-Mail. IPs of foreign InternetServiceProviders even too.

At least allow to disable acces from certain countries in BNet Account Settings permanent, like China :)

And at last, if someone logged in in the last 24 hours from another country, and then log in from another, make a security lock. (All restrctions should be optionally, but standard active)
There is a RATE-LIMIT on ALL blizzard games anyways for LOGIN ATTEMPTS. That means that BRUTE-FORCE cracking is *POINTLESS*.
Dose anyone know when they will patch the security issues? Because i remember Diablo 2 that took a decent amount of time to correct security flaws and issues that plague the game and i don't want to login and find that my account has been clean out of items and charters.

---So what say you blizzard? Can you fix this quickly.
90 Pandaren Rogue
11755
05/22/2012 01:59 AMPosted by ClamSoup
You guys can believe what you want, but for a short time in Diablo II I could take an item off of YOUR charachter IN GAME, WITHOUT accessing your account. You think there are no security flaws in Diablo 3? It's BRAND NEW. For the BIGGER outside-circle hacking majority you remember the "trade hack" in Diablo II right? That's pretty close to what this was except it was a forced transfer of the item via trade to another person's character. ANYONE who remembers the CLOSED Battle.net heyday of hacking KNOWS that it is POSSIBLE for your STUFF TO GET JACKED WITHOUT SOMEONE "ACCESSING" YOUR ACCOUNT. Can ANY Diablo II Vets out there VOUCH FOR WHAT IM SAYING!?

This is REALLY akin to a crazy guy on the side of the road, ranting and raving with a "THE END IS NEAR" sandwich board strapped on.
Edited by Dissentience#1609 on 5/22/2012 2:03 AM PDT
85 Goblin Death Knight
4560
05/22/2012 01:59 AMPosted by ClamSoup
You guys can believe what you want, but for a short time in Diablo II I could take an item off of YOUR charachter IN GAME, WITHOUT accessing your account. You think there are no security flaws in Diablo 3? It's BRAND NEW. For the BIGGER outside-circle hacking majority you remember the "trade hack" in Diablo II right? That's pretty close to what this was except it was a forced transfer of the item via trade to another person's character. ANYONE who remembers the CLOSED Battle.net heyday of hacking KNOWS that it is POSSIBLE for your STUFF TO GET JACKED WITHOUT SOMEONE "ACCESSING" YOUR ACCOUNT. Can ANY Diablo II Vets out there VOUCH FOR WHAT IM SAYING!?


Diablo 2 and Diablo 3 were put out by the same name, but by different groups of developers, and are certainly not the same servers. Potatos and Giraffes, I say!


72^8 < 46^9

(I know this doesn't count as paper but unless you give me your mailing address this'll have to do!)


Ur math be wroooooong. Lol. aa AA Aa aA would be 4 permutations vs the singular permutation they would be if it were case-insensitive. :P


Case increases complexity, but length increases it more. Simple concept.
Did you miss the part where Bashiok said we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.People need to pay attention


Funny thing is you can't find something if your system isn't designed to look for or record it.


72^8 < 46^9

(I know this doesn't count as paper but unless you give me your mailing address this'll have to do!)


Ur math be wroooooong. Lol. aa AA Aa aA would be 4 permutations vs the singular permutation they would be if it were case-insensitive. :P


Ahh you missed the part where I said to add 1 more character to your password if the `software` did not support case.

aa AA Aa aA = (26*2)^2
a len-3 password (only using lowercase) would be 2^3

Basically [options]^[length] is password strength. The best way to add more strength is not to add more options, but to add more length. Unless there is only a few options, then that would be a good place to add more to.

Of course, the more options, the shorter the password can be, the better it is for lazy people like me.
2 Dwarf Priest
0
05/22/2012 02:02 AMPosted by Djent
You guys can believe what you want, but for a short time in Diablo II I could take an item off of YOUR charachter IN GAME, WITHOUT accessing your account. You think there are no security flaws in Diablo 3? It's BRAND NEW. For the BIGGER outside-circle hacking majority you remember the "trade hack" in Diablo II right? That's pretty close to what this was except it was a forced transfer of the item via trade to another person's character. ANYONE who remembers the CLOSED Battle.net heyday of hacking KNOWS that it is POSSIBLE for your STUFF TO GET JACKED WITHOUT SOMEONE "ACCESSING" YOUR ACCOUNT. Can ANY Diablo II Vets out there VOUCH FOR WHAT IM SAYING!?

This is REALLY akin to a crazy guy on the size of the road, ranting and raving with a "THE END IS NEAR" sandwich board strapped on.


He just REALLY wants someone to give him cred for being in the d2 hacking scene back in the day.. He used to KNOW people, ok?!
90 Pandaren Rogue
11755
05/22/2012 02:03 AMPosted by Wim
Did you miss the part where Bashiok said we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password. While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.People need to pay attention


Funny thing is you can't find something if your system isn't designed to look for or record it.

Oh, do you know how Blizzard's system works now? The ins and outs of their network and server security?
Edited by Dissentience#1609 on 5/22/2012 2:04 AM PDT
LISTEN: TO ANYONE SAYING THAT THIS IS A FAILURE BY PLAYERS TO SECURE THEIR ACCOUNTS APPROPRIATELY - YOU HAVE *NOT* BEEN LISTENING TO THE PEOPLE WHO HAVE BEEN HACKED.

Symptoms of people who have been hacked:

"The same guy randomly joined my game"
"Later my items and gold were gone".

They're obviously exploiting some mechanism outside of CRACKING people's accounts. Stop being a BABY because the servers are down and you're mad and saying these people are DUMB. You have no IDEA how any legitimate hacking works so STOP TALKING ABOUT IT.


Ur math be wroooooong. Lol. aa AA Aa aA would be 4 permutations vs the singular permutation they would be if it were case-insensitive. :P


Case increases complexity, but length increases it more. Simple concept.


get a room you two...
Lylirra:
We'd like to take a moment to address the recent reports that suggested that Battle.net® and Diablo® III may have been compromised. *cut*


That’s not addressing, that’s trying to ignore the issue with netcode security.

For more info, see http://us.battle.net/d3/en/forum/topic/5149539239

…and definitely the post by KhelThuzad here:
http://www.gamespot.com/diablo-iii/forum/warning-diablo-3-players-do-not-get-to-level-50-62865117/?page=20
(Quote: “The exploit itself was confirmed over at BlizzHackers.”)

The first post of that thread (that KhelThuzad posted in) is also interesting, proving that authenticators are not preventing these hacks, probably because no login/pass is required in the first place. Also, if Bnet accounts passwords were being compromised in order to strip the chars of their gear and gold, then we should also be seeing a massive wave of WoW players complain on the WoW forums about the same thing happening to their WoW chars, and that is not happening at present.

There are 2 things happening here at the same time. One is the exploit, the other is the usual reports of people getting hacked because of their PCs having been compromised, or having used their password elsewhere, etc. Please Blizzard, do not make the mistake of ignoring a possible security hole.

In a blue post here on the D3 forums, Blizz have stated that they have yet to discover a case in which someone was hacked without their account having been logged into by someone else. This is not true. This directly contradicts a report from a player on the same forums. He stated that the response he received from Blizz support regarding his char being stripped of gear and gold, included the statement: “Your account has not been compromised”, judging from the fact that no one with a different IP than that player himself had been logged into his account.

PS I have not been hacked, so I don’t have any such motivation for writing this. Where there is smoke, there’s fire….
Edited by Roenie#2321 on 5/22/2012 2:09 AM PDT


I know for a FACT this is NOT true. I have witnessed firsthand the compromisation of blizzard through a SUN OS FTP exploit by a hacker named Albert Zheng. Tell me where the WHITE items came from in Diablo 2. I can tell you where the "ClamSoup" peasant crown and Quarks Items came from. Do you even know what you're talking about? Are you 16 and were 4 when Blizzard's servers came online and are now speaking with authority of whether or not they have been HACKED? LOL. Go to bed.


i like this guy.


Some people never quite put 2 and 2 together... If you think Blizzard was not constantly having problems with d2, why on earth do you think there were so many rollbacks? All that lag you encountered and then dropped from the game and found out that all that hard work you did and that uber item you found were missing when you logged back in; half the people probably never even questioned why that was occurring and why so frequently.
85 Goblin Death Knight
4560
05/22/2012 02:02 AMPosted by Elerena
Case increases complexity, but length increases it more. Simple concept.


Yes, if we all had (and could remember) passwords of (well) over 100 characters in length, password length would certainly outshine case sensitivity.
05/22/2012 02:01 AMPosted by Warpuras


I'd love to see that kind of math on paper.


He's mistaken.

Let's make it easy. The password character limit is 12.

If you have an 11 character limit and only use lower case letters, you can create up to 3.67034449 × 10^15 passwords. If it's 12, it is now 9.54289567 × 10^16.
If you have an 12 character limit and use lower case and upper case letters, 7.51686551 × 10^18. Numbers and symbols aren't really affected by case, even though you technically use shift to produce them on the computer, but we can disregard them.

Nonetheless, while his math is incorrect, he's correct overall because you would have to brute force all of it, and I'm pretty sure Blizzard has safety measures in place to prevent that and there's no way to brute force all of the accounts in this short amount of time.


guess and check? XD
90 Pandaren Rogue
11755
05/22/2012 02:03 AMPosted by Chillax

This is REALLY akin to a crazy guy on the size of the road, ranting and raving with a "THE END IS NEAR" sandwich board strapped on.


He just REALLY wants someone to give him cred for being in the d2 hacking scene back in the day.. He used to KNOW people, ok?!

Man, back in the day I used to BE somebody... I used to JACK people's ITEMS in an ONLINE GAME and I thought I'd take this OPPORTUNITY to BRAG ABOUT IT so people would think I'm AWESOME since I breath through my MOUTH and nobody LIKES ME
the app for the android/iphone is free. don't be an idiot
so whens the server going back up??
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]