Diablo® III

Battle.net® Account Security & Diablo® III

(Locked)

2 Human Warlock
0
05/21/2012 08:37 PMPosted by tacD
we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe


Starting with b-net passwords not being case sensitive? Well you did an awesome job there Blizzard!


case sensitivity in the password does not make it secure. Keylogger's have no problem seeing through that. A better way to defeat brute force hackers is to use a variety of alphanumeric characters and special characters, when able.
after this fiasco I'll never use RMAM
85 Blood Elf Paladin
5730
Still waiting for my rollback 24+ hours later
05/21/2012 08:40 PMPosted by Oficerfriend
A keylogger that not a single AV software detected? Impressive and I doubt it would be used to steal just Blizzard passwords... oh and what about the people with authenticators?
It is actually very simple and relativly cheap to purchase a crypter and make your keylogger completely undetectable making you AV useless besides this fact their are tons of way to check if you have been keyloged/ratted and ive checked everything.
What a joke.

So now you guys are going to hide/deny the session ID high-jacking?

Good to now. I'll be miles away from the RMAH
I found out by trying, that the login password isn't properly case sensitive. All caps or all lower-case works either way. Why did Blizzard recommend(and I followed) a password with upper/lower-case/numeric/special char, if the password field doesn't care about upper/lower case?
So a keylogger attack will still get by this anyway? I haven't been hacked yet, but concerned. BTW, I purchased and downloaded thru the Blizzard store directly.
90 Gnome Warrior
1420
05/21/2012 08:37 PMPosted by tacD
we're dedicated to doing everything we can to help our players keep their Battle.net accounts safe


Starting with b-net passwords not being case sensitive? Well you did an awesome job there Blizzard!


If they already know the words, the case barely makes a difference.. Keyloggers can detect shift anyways.

I am so tired of reading about people complaining about issues that they are responsible for.
85 Blood Elf Warlock
3165
Accidents happen and I understand that, but for Blizzard to dodge the blame like this is absurd.
This doesn't mean I like the game any less, nor will I stop playing it, however unless Blizzard comes out with another statement soon taking responsibility, I'll lose some respect for them, and I'm sure many other players will as well.
Cmon Blizz...don't let us down!
2 Human Warlock
0
finally, someone killed the hacker rumor.

It was just people who got hit by a trojan keyloggers, nothing more


A keylogger that not a single AV software detected? Impressive and I doubt it would be used to steal just Blizzard passwords... oh and what about the people with authenticators?


Depends on the keylogger, it could have hidden it self inside of a legit program or is masking itself as one till it is run.

And you underestimate what people will do with things they create.
case sensitivity in the password does not make it secure. Keylogger's have no problem seeing through that. A better way to defeat brute force hackers is to use a variety of alphanumeric characters and special characters, when able.


So please tell me which pw is more secure:

youar3dum8 or yOuaR3DuM8?
Meh. I have my refund.

Ive run every scan known to man on my machine. No key logger. Never been phished, as the only place ive put my account information in was battle.net.

Nail in the coffin right here. Blizzard will flat out lie to their customers.

They have been compromised. Good luck with it, Ill spend my money elsewhere.


A virus/malware scan only really looks for known code. It is mostly reactive by design.

If I know of an exploit, and don't tell anyone, it is easy to sneak past any kind of scan. These types of vulnerabilities are known as "zero days". If that person writes the code from scratch is it highly unlikely that even the most sophisticated scan will detect anything.

You might not THINK you've downloaded anything, but the reality is if you have ever visited a website with an out of date version of Flash or Java it is possible that someone exploited a particular vulnerability at that time. Flash, Shockwave and older/out-of-date version of the Java JRE are particularly easy attack vectors for things like keyloggers and application specific malware.

Because things like Flash and Java already have access to the browser, it is most likely that your password was retrieved from logging into these forums, rather than logging into the game, although both are possible.

Most large scale Flash vulnerabilities are actually exploited through rich media banners. Foreign companies buy rich media on !@#$ sites for cheap and lace them with bad Flash code that infects your system. Since Flash has a different cache than your browser, clearing browser cache sessions doesn't always help.
Edited by ralphthemagi#1188 on 5/21/2012 8:46 PM PDT
i was hacked, but i got a rollback. Still, i think their database got compromised.
05/21/2012 08:44 PMPosted by tacD
case sensitivity in the password does not make it secure. Keylogger's have no problem seeing through that. A better way to defeat brute force hackers is to use a variety of alphanumeric characters and special characters, when able.


So please tell me which pw is more secure:

youar3dum8 or yOuaR3DuM8?


They're both horrible because they are both based in real words.
05/21/2012 08:30 PMPosted by Fulltilt
Not sure what you're saying here. There are reports of authenticator accts being hacked. Mine was too. Is it safe to continue playing? Have you identified the cause?


You don't have an authenticator. Don't lie. I can see your pets.
05/21/2012 08:42 PMPosted by unit56
A keylogger that not a single AV software detected? Impressive and I doubt it would be used to steal just Blizzard passwords... oh and what about the people with authenticators?
It is actually very simple and relativly cheap to purchase a crypter and make your keylogger completely undetectable making you AV useless besides this fact their are tons of way to check if you have been keyloged/ratted and ive checked everything.


There was a lot of sarcasim in my post mostly still asking why are people with authenticators complaining? Even if a keylogger saw the code it should still take longer for the hacker to realize what it is, try to log on, and enter the code before the code is no longer valid.
2 Human Warlock
0
Accidents happen and I understand that, but for Blizzard to dodge the blame like this is absurd.
This doesn't mean I like the game any less, nor will I stop playing it, however unless Blizzard comes out with another statement soon taking responsibility, I'll lose some respect for them, and I'm sure many other players will as well.
Cmon Blizz...don't let us down!


Unless nothing actually happened on their end, and until they say otherwise none of us have proof to say other wise.

Authenticators are great, but they are not foolproof. One does not make you immune to keyloggers and other such attacks. Just because someone on the internet claims their computer is clean and that their surfing habits are secure, does not make it so.
How about one of the people who got hacked run a packet sniffer on another PC on their LAN to see if they notice any irregular data getting sent out when they run Diablo 3?

Even if this theoretical keylogger could hide from the OS on which its installed, it can't hide its network traffic.
90 Gnome Warrior
1420
05/21/2012 08:44 PMPosted by tacD
case sensitivity in the password does not make it secure. Keylogger's have no problem seeing through that. A better way to defeat brute force hackers is to use a variety of alphanumeric characters and special characters, when able.


So please tell me which pw is more secure:

youar3dum8 or yOuaR3DuM8?


Keylogger would read

y shift o u a shift r..

It doesn't matter.
This topic is locked.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]