Diablo® III

Session Spoofing

90 Night Elf Hunter
0
Thing is, if you did know there was session spoofing or people with an authenticator was hacked, you would be forced to lie anyways and would deflect the truth.

So while what you said may be true, it really holds no water considering your primary goal is to protect the interests of Blizzard and their primary interest with Diablo 3 is the RMAH.

If it has been found that session spoofing was happening, or people hacked with an authenticator it would put a serious damper on the RMAH, possibly destroy it if people cannot trust that their hard earn money used to buy content would not be hacked away even with every precaution.

The RMAH is set to make Blizzard a lot of money, so again, what you say may very well be true, it cannot be taken as fact considering the truth could cost Blizzard lots of money.

It has become standard for Corporations to protect their revenue streams by deflecting the truth, redirecting blame or straight up misrepresenting the truth.

To sum, up, probably not worth spending too much time defending your position. It would be like McDonalds trying to initiate a get healthy program.


All words from someone who does not understand the legal repercussions if Blizzard were found to be lying or hiding the truth.


Forget the legal repercussions. Can you imagine the PR nightmare that would ensue if it discovered that Blizzard covered up compromises to their servers?
Oh, look. It's that same site that reported people with DIAL-IN authenticators were being hacked.

SURE IS A REAL CREDIBLE SOURCE, AIN'T IT?
I didn't read all the posts in this thread, so excuse me if this was brought up an killed already.
The only issue I see with this is

This may be a bit TL;DR, but I want to try to address as much here as possible...

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator.The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.



The underlined part was never a part of the last few answers like this, in which i've seen this post 3 times now i think? This makes me nervous due to the fact this is what Sony did;
First they denied it completely, telling people it was an issue with them.
Than they started to realize that the issue was in fact on their end, and started to release little snips like the bolded.
After a month of so, they had to come out and admit it was THEIR fault, and we know how the rest goes.

If I see another addition to this copy/paste answer again, than I know what has happened, and the communication team has chose the deflect instead of the admit and what will change stance (Dir. of Communications here, I know a little bit about Public Relations)
Edited by Gnomeland#1562 on 6/5/2012 11:55 AM PDT
Not only was I hacked during a session spoof and using my authenticator, my account was not even active at the time!

Also I dropped I mean my Staff of Herding disappeared along with hundreds of gold. Thanks for the reimbursement promptly.


You got session spoofed without being logged on? Kindly explain to me how that works again, since YOU DONT HAVE A SESSION TO SPOOF IF YOU ARE NOT LOGGED ON.
06/03/2012 09:40 PMPosted by GrimReaper
Here is the link, it contains everything you need to know, read before it is taken down.


And once again, I'm confused as to why people think Blizzard is out there actively censoring the "truth".
Edited by LordBryne#1205 on 6/5/2012 11:54 AM PDT
90 Human Paladin
14550
Not only was I hacked during a session spoof and using my authenticator, my account was not even active at the time!

Also I dropped I mean my Staff of Herding disappeared along with hundreds of gold. Thanks for the reimbursement promptly.


You got session spoofed without being logged on? Kindly explain to me how that works again, since YOU DONT HAVE A SESSION TO SPOOF IF YOU ARE NOT LOGGED ON.


He was a non-helpful jokester.
85 Undead Rogue
3345
So how do you know what kind of authenticator you have? What is the dial in one?
06/05/2012 11:19 AMPosted by MutantMonkey
Thanks Lylirra, but the idiots will continue to spread this BS. They are not interested in facts, only in acting petulant and retaliating against Blizzard because of some sort of injustice.


Very true.

It's not that I don't believe that all the reports you have investigated have been compromised the traditional way. I do believe that. However, there were quite a few people who reported that their accounts were stripped and when they requested a rollback they were told their accounts had not been compromised so no rollback would be done.

Unless Blizzard is trying to suggest all these people got really drunk and dropped all their stuff on the ground then I would say stripped characters mean an account was compromised. Seeing as how your company told these people their accounts were not compromised I find it hard to believe that the reports were investigated to find out how their accounts were attacked.


I don't think that Blizzard is trying to suggest they got drunk and dropped everything on the ground. For one, we only have what these people say, it may not be the truth (people sometimes lie, go figure). Secondly, if this is what Blizzard says, then what they are saying is that there was no access that appears suspicious, which may mean those people got cleaned out by a roommate, family member, or someone close enough to use the same IP and computer. In the past, people have discovered that their accounts got cleaned out or wrecked by jealous girlfriends or spouses, parents passive-aggressively trying to get their teen to quit playing the game, sociopathic cousins visiting for the summer, neighbors who wanted their stuff, etc. This would technically being hacked, but since Blizzard can't tell the difference between this and someone just trying to get their stuff duped with a rollback (which yes, I have seen people brag about), they just won't do rollbacks in that situation.
06/05/2012 11:56 AMPosted by Grimstabber
So how do you know what kind of authenticator you have? What is the dial in one?


I dunno, how about we combine common sense with the method you use?

Do you need to dial in to authenticate? No? Then you are not using the dial in authenticator.
I didn't read all the posts in this thread, so excuse me if this was brought up an killed already.
The only issue I see with this is

This may be a bit TL;DR, but I want to try to address as much here as possible...

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator.The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.



The bolded part was never a part of the last few answers like this, in which i've seen this post 3 times now i think? This makes me nervous due to the fact this is what Sony did;
First they denied it completely, telling people it was an issue with them.
Than they started to realize that the issue was in fact on their end, and started to release little snips like the bolded.
After a month of so, they had to come out and admit it was THEIR fault, and we know how the rest goes.

If I see another addition to this copy/paste answer again, than I know what has happened, and the communication team has chose the deflect instead of the admit and what will change stance (Dir. of Communications here, I know a little bit about Public Relations)


Except the thing about the dial-up authenticator has been known at least 1 month before D3 was released, because I read it in the Account section of this site. They made it very clear the Dial-In would not work for D3 and a regular auth method would be needed.

And all along, in every release, they say the dial-in doesn't work. And people on the forums keep telling people the dial-in doesn't work. There's no conspiracy here, there is nothing wrong on Blizzards end. It's a bunch of stupid kids getting hacked and not wanting to take responsibility for their actions.
Sadly, we'll still get tons of /derp I've been hacked with an Authentiator hur dur.
My awesome, leet password of impenetrable defense was brute forced herp derp.
It's all Blizzard's fault qq.


You got session spoofed without being logged on? Kindly explain to me how that works again, since YOU DONT HAVE A SESSION TO SPOOF IF YOU ARE NOT LOGGED ON.


He was a non-helpful jokester.


I realized after, but i left the post because there are several people who actually post exactly the same thing, but are serious about it.
I didn't read all the posts in this thread, so excuse me if this was brought up an killed already.
The only issue I see with this is

This may be a bit TL;DR, but I want to try to address as much here as possible...

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator.The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.



The underlined part was never a part of the last few answers like this, in which i've seen this post 3 times now i think? This makes me nervous due to the fact this is what Sony did;
First they denied it completely, telling people it was an issue with them.
Than they started to realize that the issue was in fact on their end, and started to release little snips like the bolded.
After a month of so, they had to come out and admit it was THEIR fault, and we know how the rest goes.

If I see another addition to this copy/paste answer again, than I know what has happened, and the communication team has chose the deflect instead of the admit and what will change stance (Dir. of Communications here, I know a little bit about Public Relations)


No, this has been in a lot of their security posts. Including the big main page one and it's always been in the Dial in FAQ.

It was in the sticky and it's been in the Tech support threads regarding this. Whenever someone says they have an authenticator everyone goes "Yeah, but was it Dial in?"

So everyone knew about this but you.
90 Human Paladin
8335
I didn't read all the posts in this thread, so excuse me if this was brought up an killed already.
The only issue I see with this is

This may be a bit TL;DR, but I want to try to address as much here as possible...

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator.The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.



The underlined part was never a part of the last few answers like this, in which i've seen this post 3 times now i think? This makes me nervous due to the fact this is what Sony did;
First they denied it completely, telling people it was an issue with them.
Than they started to realize that the issue was in fact on their end, and started to release little snips like the bolded.
After a month of so, they had to come out and admit it was THEIR fault, and we know how the rest goes.

If I see another addition to this copy/paste answer again, than I know what has happened, and the communication team has chose the deflect instead of the admit and what will change stance (Dir. of Communications here, I know a little bit about Public Relations)


They most likely added the piece about the Dial-in Authenticator to clarify the difference between that and the Keyfob or Mobile Authenticator. I've viewed a lot of people claiming being hacked while having an Authenticator, only to later learn it wasn't an actual Authenticator, but the Dial-in Challenge/response Authenticator, which was stated in the large D3 security post, to not work with D3 and not provide the same lv. of security as the Mobile or Keyfob based Authenticators. With all of this being said, it's not a "Sony" type of thing, it's just condensing multiple pieces of information into one set....that or what Lylirra writs/posts is just different from what Bashiok posts.

EDIT: N/M looks like others beat me to it
Edited by Shugotenshi#1179 on 6/5/2012 12:03 PM PDT
06/05/2012 11:56 AMPosted by Grimstabber
So how do you know what kind of authenticator you have? What is the dial in one?


The dial in one sends SMS texts to your phone. The ones that work with D3 are the keyfob one, and the one where you have to download an app to your phone that generates codes. That can seem very similar, but I expect most people can tell the difference on their phone between getting an SMS text and using an app.
It's not that I don't believe that all the reports you have investigated have been compromised the traditional way. I do believe that. However, there were quite a few people who reported that their accounts were stripped and when they requested a rollback they were told their accounts had not been compromised so no rollback would be done.

Unless Blizzard is trying to suggest all these people got really drunk and dropped all their stuff on the ground then I would say stripped characters mean an account was compromised. Seeing as how your company told these people their accounts were not compromised I find it hard to believe that the reports were investigated to find out how their accounts were attacked.


I don't think that Blizzard is trying to suggest they got drunk and dropped everything on the ground. For one, we only have what these people say, it may not be the truth (people sometimes lie, go figure). Secondly, if this is what Blizzard says, then what they are saying is that there was no access that appears suspicious, which may mean those people got cleaned out by a roommate, family member, or someone close enough to use the same IP and computer. In the past, people have discovered that their accounts got cleaned out or wrecked by jealous girlfriends or spouses, parents passive-aggressively trying to get their teen to quit playing the game, sociopathic cousins visiting for the summer, neighbors who wanted their stuff, etc. This would technically being hacked, but since Blizzard can't tell the difference between this and someone just trying to get their stuff duped with a rollback (which yes, I have seen people brag about), they just won't do rollbacks in that situation.


If 1 or 2 people had reported this then sure I could accept the jealous sister cousin girlfriend thing especially if that was all 1 person. I could even accept that it was someone trying to lie and raise a stink, however, it was reported by quite a few individuals.

Even if the accounts were in fact cleaned out in the manner you described it should still have been investigated since there were so many reported. Instead it was ignored. How can you find a problem if you don't look for it?
06/05/2012 11:53 AMPosted by Gnomeland
The underlined part was never a part of the last few answers like this

Actually, that has been their answer ever since the introduction of the dial-in authenticator, but the answer was given through the WoW site, obviously. So, while you may perceive an "evolution" in their answers, it really hasn't changed in over a year.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]