Diablo® III

Session Spoofing

06/05/2012 12:05 PMPosted by Myshel
am sorry, but how pathetic does your computer knowledge have to be that you get hacked in the first place?


I have a master's degree in computer science, but you think that keeps me safe? Hell no. I use the mobile authenticator.
90 Human Mage
19090
Unless you, personally can session-spoof, how do you know it can be done? If it can be done, then do it. Until any of you actually does it, I believe one of the richest companies in the world is capable of hiring programmers knowledgeable enough to know what can and cannot be done.
06/05/2012 12:13 PMPosted by MutantMonkey
I find it hard to believe that Blizzard actually thinks all the cases of hacking are due to the ignorance of its customers. Sure, some people may get phished or keylogged. But for those who are mindful of it, and know how to prevent it, it is next to impossible for that to happen.


Consider their customer base size and the relatively few instances of account compromises.


Consider the game has only been out a few weeks, and the hacking is only getting worse.

Besides, that has nothing to do with the fact that like it or not, there are people out there who are smart enough to keep their information secure. The authenticator is a band aid for a problem Blizzard does not know how to fix.
90 Night Elf Hunter
0
06/05/2012 12:17 PMPosted by claniraq
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.


This sounds strangely like a plea for help


No it doesn't.

Stop with the tinfoil hat stuff already.
06/04/2012 06:27 AMPosted by Blazur
I don't see how that proves anything, they are just trying to get through as many accounts as they can as quickly as they can, wasting time jumping around to your other characters doesn't do that, it slows them down and seeing as your stash and gold are shared, they just jump in vendor it all and take the gold. then move on to the next target.


It may not prove anything but does make this suspicious. I've read reports of people's low-level characters getting hacked while their level 50-60 char was left untouched. Also only the first page of their stash was drained. Maybe it's somebody rushing to clear it before they're caught, or maybe it's an automated process. Either way, if your account was manually broken into or the password compromised, it would seem the hackers would take the time to drain it completely.


This is because it is a script running the hackings. If you put and empty hardcore character as your main before leaving every time,you wont be wiped.

Anyway i play public games without an authenticator all the time and have yet to be hacked. I even challenged a person who claimed to have acces to this hack to strip me,but he has thus far failed to produce.
90 Human Paladin
13850
06/05/2012 12:20 PMPosted by PapaGhanda
However, I now know 2 people in real life that have been hacked and did absolutely NOTHING that would cause such a thing.


How do you know?
06/05/2012 12:17 PMPosted by claniraq
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.


This sounds strangely like a plea for help

Yes obviously it is them asking for help. They have yet to be able to reproduce what people are 'reporting' so they are asking for help to see if someone else can reproduce it in order for them to fix this supposed hole. This is the basis for any anti-virus company, and the best way to fix a security hole is to know how it has been exploited.

I fail to see your point.
90 Night Elf Hunter
0
i thought that these hacking incidents were from people i couldnt believe, or people that did something and deserved it (tried to pay for gold or power-leveling).

However, I now know 2 people in real life that have been hacked and did absolutely NOTHING that would cause such a thing.

This isn't BS, people are getting HACKED, a lot of people.


No one's saying that they're not. What Blizz is saying is that the compromise is not on their end.

Edit: Also, this is very informative:

http://www.youtube.com/watch?v=PWvHcoqru7I#t=29m35s
Edited by Bird#1227 on 6/5/2012 12:23 PM PDT

Yeah it's a good thing you don't work in the world of network security, you know where the law requires you to report intrusion attempts and requires you to disclose any data security breaches.


Yeah, and it's a good thing you're not a hacker. If blizzard knows I'm hacking them, I'm not much of a hacker then am I?

That made even less sense then your first post. No matter how good you think you are, you always leave traces. Besides, most of what people consider today is nothing but scriptkiddie toolkits, running against known exploits.

I've had a 'nix honeypot running our network for nearly a year, with a IIS header. Guess what it get's hammered with? IIS exploits from automated tools. Yeah...hacking...
i thought that these hacking incidents were from people i couldnt believe, or people that did something and deserved it (tried to pay for gold or power-leveling).

However, I now know 2 people in real life that have been hacked and did absolutely NOTHING that would cause such a thing.

This isn't BS, people are getting HACKED, a lot of people.


Authenticators are fun. Just FYI. They're good times.


Consider their customer base size and the relatively few instances of account compromises.


Consider the game has only been out a few weeks, and the hacking is only getting worse.

Besides, that has nothing to do with the fact that like it or not, there are people out there who are smart enough to keep their information secure. The authenticator is a band aid for a problem Blizzard does not know how to fix.


Unfortunately we do not accurately know the statistics. Based on the number of copies sold to the number of legitimate complaints, the numbers could be completely stable.

You are basing you information on people posting here on the forums, a lot of which seem to be retaliating against Blizzard because they feel the game is a disservice to their expectations.

You do not know the hard numbers so you can not make the claims that you are. All we can do is look at the communication Blizzard is feeding us, look at what they would have to lose for trying to hide something like this and compare that against the randoms who are posting and the fact they have nothing to lose by making false claims.



You are wrong. The reason you are wrong is because that information directly links to payment info.

On top of that, these types of cover-ups do not sit well with publicly traded companies. The customer backlash would be bad enough, but it would pale in comparison to the stock holder backlash.

Two very good recent examples are Sony and Valve. Sony delayed their response and was met with massive customer and stockholder backlash, in part due to their delayed announcement that accounts were compromised. It would be significantly worse for Blizzard(Activision) as Blizzard has made public statements flatout saying it hasn't happened.

While Valve is not a public company, you really need to look no further than the minuscule customer backlash they experienced simply because they made people aware what was going on as soon as it happened.

There is precedence that exists that shows us what to expect; precedence that Blizzard and Activision are well aware of.

Do not allow your ignorance based fears to cause you to make silly statements. Research the world around you and make logical conclusions.


Are you sure that spoofing a game leads to personal information? Hacking the servers, yes, spoofing? not so sure.


The spoofing theory has been disproven by Blizzard already. This is about account compromises, which can get you to such information.
Edited by MutantMonkey#1724 on 6/5/2012 12:25 PM PDT
90 Night Elf Druid
10395
When users post rumors or misunderstandings, trying to pass this off as a profound thought; when actually perpetuating this kind of misinformation, is just reckless. It minimizes and diminishes any legit point they want to make.

Let's put this whole implied thought into perspective just a bit. The size and scope of the conspiracy that *a lot* of people are implying here is staggering, for something that is so insignificant, a video game.

Blizzard/Activision is not a too-big-to-fail institution, they can not hide the information that they are being accused of. How is it an entertainment/publishing company would hold it's reputation in such low regard as to engage in blatant criminal behavior, who do you think Blizzard/Activision, (let alone have all the other firms that are necessary for a publicly traded firm to operate,) is, Enron? I think most companies learned from Arthur Anderson (the firm that actively participated in the conspiracy to loot Enron.)
Edited by Theace#1871 on 6/5/2012 12:28 PM PDT
I think by 'mindful' you mean cocky. The people who think everyone who gets hacked is an idiot. But really, it's not just sex leg and baggle.net. It's infected ads on legit sites and popular fan sites. It was months or years ago, when you last changed your password. I know plenty of people who got hacked in WoW after months of making fun of people who got keylogged, thinking they were above it.

Just takes one slip up and it's not as obvious as we like to joke about. You don't know you did something wrong, otherwise you would clean up your computer and change your password.

And really? You think your computer security is better than a huge company who pays people to make sure their security is baller? Probably not.


I have never been hacked. Including in this game. Like it or not, some people are able to manage their own security. Having a huge company does not make your systems more secure, in fact, it opens them up to more potential for compromise.
Not only was I hacked during a session spoof and using my authenticator, my account was not even active at the time!

Also I dropped I mean my Staff of Herding disappeared along with hundreds of gold. Thanks for the reimbursement promptly.


You got session spoofed without being logged on? Kindly explain to me how that works again, since YOU DONT HAVE A SESSION TO SPOOF IF YOU ARE NOT LOGGED ON.


On this point I am a little cofunsed, because I don't know much (nothing) about sessions and how they can be spoofed.
BUT, when I am in a party with other players and I log off, a message pops up on my screen saying that I will not (paraphrasing to the best of my recollection) be logged out of the game or cease to part of the party or something. Sorry I have a horrid memory for things that I only see a couple of times.
Anybody remember what that message says and if it may mean that your session continues without you?
If I log off and my party finishes an encounter, am I counted as finishing that encounter unless I choose a new quest?
Not sure if I am making sense here.
I still don't believe that session spoofing is happening. But I am still curious as to how that situation works.

Just out of curiosity, why have these "hacks" only occurred in Diablo 3? If ones battle.net account has been compromised via keyloggers or phishing scams, wouldn't any associated WoW or SC2 accounts been vulnerable as well? I have yet to see anyone say that another battle.net game has been compromised as a result of this D3 hack.


There's nothing on an SC2 account to steal. But yes, I have seen people who said their WoW account was cleaned out too. Some people have a WoW account, but it's not active.

The hackers don't just hack people for the sake of it. They have to have an order for the gold they are stealing, they don't have accounts that they store gold on waiting for an order. In WoW, that means per server and faction. It might happen that you have characters on the server and faction they need to fill an order from when they hack your account, but probably not at that moment. It depends on how quickly you discover the hack.
Woot I have been compromised....
Half my wizard gear and all my gold gone... just gone...

However they havent touched anything in my warehouse or inventory... or anything of my barbarian which is also in inferno lvl 60.

Im the only one using this account... the password is also exclusively for d3.
No I don't have a authenticator.
No I have never been hacked before.
Yes I do have an antivirus.

Im pretty sure they didnt manage to log in using my password....
Blizzard can easily check this by going through the databases and see of which location has been used to log in from. Since I always play on my home computer.

So although im not sure wether its session spoofing... it probably is something that happens in the game. So gj blizzard..... it was fun.. but not anymore.


Consider the game has only been out a few weeks, and the hacking is only getting worse.

Besides, that has nothing to do with the fact that like it or not, there are people out there who are smart enough to keep their information secure. The authenticator is a band aid for a problem Blizzard does not know how to fix.


Unfortunately we do not accurately know the statistics. Based on the number of copies sold to the number of legitimate complaints, the numbers could be completely stable.

You are basing you information on people posting here on the forums, a lot of which seem to be retaliating against Blizzard because they feel the game is a disservice to their expectations.

You do not know the hard numbers so you can not make the claims that you are. All we can do is look at the communication Blizzard is feeding us, look at what they would have to lose for trying to hide something like this and compare that against the randoms who are posting and the fact they have nothing to lose by making false claims.



Are you sure that spoofing a game leads to personal information? Hacking the servers, yes, spoofing? not so sure.


The spoofing theory has been disproven by Blizzard already. This is about account compromises, which can get you to such information.


I believe you are the one that said "Consider their customer base size and the relatively few instances of account compromises." Sounds like you know some hard numbers yourself, doesnt it? Or is that just a fabrication to make your argument sound stronger.

Dont talk to other people about providing false statistics, which I didnt, when you are attempting to do the same thing.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)
Submit Cancel

Reported!

[Close]