Diablo® III

Session Spoofing

82 Tauren Warrior
610
Posts: 265
06/04/2012 08:13 AMPosted by Vadoff
If you're still running sha-256 in 50 years, you'll probably be beat by a quantum computer.


Bank account are secured by a random calculator running numbers based on sound in various places around the world. They only use SSL on the website itself. It is impossible to crack a bank account through the bank.
100 Human Paladin
15155
Posts: 702
The Blizzard Faithful.

More brainwashed and fervent than even the radical religious zealots.


One of the idiot masses who will click on any link anywhere but wouldn't believe a massive company wouldn't want to lose money by lieing! Nothing to see here. Oh one more thing get fixed so you spawn isn't doing the same as you!
Edited by Illwit295#1724 on 6/4/2012 8:18 AM PDT
06/04/2012 08:16 AMPosted by Óðinn
Bank account are secured by a random calculator running numbers based on sound in various places around the world. They only use SSL on the website itself. It is impossible to crack a bank account through the bank.


not, but login in the account (in place of the legit user) management is a possibility, this is the reason why, most of the bank doesn't allow you to add external accounts via the website, so the only thing that can be done is move money among existing registered account and not an account the hacker would use to retrieve the money.
The Blizzard Faithful.

More brainwashed and fervent than even the radical religious zealots.


One of the idiot masses who will click on any link anywhere but wouldn't believe a massive company wouldn't want to lose money by lieing! Nothing to see here. Oh one more thing get fixed so you spawn isn't doing the same as you!


right, it's not like if blizzard ad already denied being hacked, for finaly, a few weeks later, admitting it.

neither others big companies done the same, like sony ent.

oh wait.....
06/04/2012 08:14 AMPosted by nikon56
it encrypted bank account #. If you can do that I'll give you all of my money. See you in a couple of thousand years.


there is the issue:

on diablo, nothing but the loggin is encrypted

oh and btw, SSL has been broken in sept 2011 fyi.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

u mad?


The main obstacle to spoofing session IDs in Diablo 3 isn't the encryption of the game traffic, or lack thereof. It's the minor problem, that Diablo 3 doesn't use session IDs.

06/04/2012 08:13 AMPosted by Vadoff
If you're still running sha-256 in 50 years, you'll probably be beat by a quantum computer.


SHA-256 is a hash function, not an encryption algorithm.
Here is the link, it contains everything you need to know, read before it is taken down.

http://www.cinemablend.com/games/Diablo-3-Session-Spoofing-Real-Do-Join-Public-Games-43162.html


"10.) Gamers Act Entitled

This is probably one of the most annoying misconceptions out there. Gamers are the ones who fuel the industry, the ones who keep publishers running their milk machines and the ones who praise, criticize, cry, laugh, scream, and play the crap out of the products that have finally permeated mainstream pop-culture. Gamers act entitled? No, this is a misconception spread by more stealth PR spiel. Gamers are the ones who put all those billions of dollars into the banks for the aforementioned publishers at the top of the article.

There are trolls in the gaming industry, of course, just like there are trolls in any other media forum. However, gamers are an impassionate bunch who cling to the world of interactive entertainment like lifeblood. If you treat your fanbase right they'll reward you well with positive word of mouth and loyalty rivaled by nothing else. If you stay true to your creative vision then gamers will stay true to your product. And if you don't sellout the goal of providing a great product at a great value, gamers will continue to reward that with unfettered support.

However, if you attempt to content-gouge with DLC, nickel-and-dime with accessories and pivotal gameplay features, or extort by ransoming disc-locked content, endings, characters or what-have-you for some extra cheese, then expect that whine to follow.

Unlike the music or movie industry gamers don't have a reliable mainstream or collective subculture to speak on behalf of them. What comes off as "gamer entitlement" is basically gamers just trying to speak up for themselves and fight for a fair shake. Unfortunately, gamers don't have enough reliable outlets to fight on their behalf with nary just a few here and there to work as a vocal platform. In result, gamers flood forums, chatrooms, social networks and aggregators to whine, cry and voice their anger. In result, most people just see this as gamers acting entitled. The sad and unfortunate nature of the beast. "

My favourite.


Because since there is an expansion that is coming out soon the market for WoW accounts and gold isn't going to be doing that good.

D3 gold right now is especially valueable because D3 is both new and the RMAH isn't out yet.

Is that just your assumption? The gold economies are doing absolutely fine in WoW. And I would wager that an average WoW account is probably worth several hundreds (due to the many years of effort in acquiring items) while a typical D3 account is probably worth the vicinity of $5-15.

Also, no one has a counter for my arguement yet: D3 and WoW accounts SHARE THE SAME USERNAME/PASSWORD. So why aren't the D3 victims with WoW accounts having their WoW accounts hacked too?


Wow accounts have an additional protection. that D3 accounts, out of necessity, currently do not have. WoW accounts have a "Change in Access Pattern" lockout system. That learns a player's normal access pattern, and will lockout the account if there is a change in that pattern.

When a player get Locked out of their account, they have to change their password which can take 10 to 30 minutes or more, depending on how fast the confirmation emails are running. Or in the case with players with the Dial-Up-Authenticator, having to call in to unlock the game.

However D3 is a totally new online game. The lockout system has not yet been able to learn the access patters yet, of the player base. Because of this the system would keep locking out the majority of players, every time they tried to login. Players without the Dial Up Authenticator would have to go through the hassle of having to change their passwords every time they login. With those players with Dial Up Authenticator having to call in to unlock the game.

So until the Account Lockout System learn the majority of the player base access pattern, the lockout function are temporally disabled. Because this the Dial Up Authenticator will not work until then.
Edited by Ewing#1365 on 6/4/2012 8:44 AM PDT
06/04/2012 08:12 AMPosted by Óðinn
The AFP have a huge cybercrime division, its the AFP with Interpol that busts most of the international cybercrime and !@#$%^-*! rings. I know 300 people, just friends of mine within my city, who play Diablo 3. That's a lot of people, the number of Australian players are huge, and if the number gets high enough, and fraud through the RMAH is being committed, the AFP will step in and take action.


It doesn't matter how big the division is, cybercrime units are going to spend their resources fighting crime that has real world consequences like identity theft that results in real money lost or child !@#$. They aren't going to care about the theft of virtual currency because they only thing you actually lost is time.
I work in banking. Online fraud happens in banking, too. In fact, DDoS attacks are usually used fairly prevelantly in online banking fraud. The bad guys get user id's and passwords, log in using these stolen credentials, transfer funds through online ACH or wire transfers and then initiate DDoS attacks to that bank's servers. This kind of helps slow down corrective measures until the money is overseas.

We know who these bad guys are. In many cases, we know EXACTLY who these individuals are. However, the FBI are unable to reach them or prosecute them due to the simple fact that these bad guys are rich.

They use their illegally obtained funds to pay government officials in their home countries. Those countries benefit from their illegal activities. We can't touch them. It doesn't matter that we know exactly who and exactly where they are. They are protected by their own governments and their own police forces.

If this happens in banking, a highly regulated and protected industry, imagine the gaming world. It probably won't matter if we catch them. Because we probably can't touch them. All we can do is try to stay ahead of them and shut down their means of access.

Again, if this happens in a multi-trillion dollar industry like banking ... a tiny billion dollar industry like gaming is not going to fair any better.

06/04/2012 07:49 AMPosted by Ewing


This beggers the question though, how will authorities treat pixel vs real money, when the pixels were bought with real money? If they hack and steal good bought with real money, it could be considered fraud...


It could considered fraud in a lot of counties, just not in the countries they operate out of. What you don't realize is; Most of the areas they operate out of are fairly impoverish. As I said: "Never underestimate the power of a industry that provide gainful employment to a large number of the local community." Nor of a well placed bribe for that matter.
25 Blood Elf Priest
250
Posts: 8,150
06/03/2012 09:49 PMPosted by islander1
Blizz is going to deny it but when !@#$ is published in Forbes, I mean...that's really, really not good.


OK, one last time. It would be a mistake to confuse bloggers at Forbes.com with actual employees of Forbes.com.

If the post author is a 'contributor', it's not much different than blogging at Huffington Post. If the post author is 'Forbes Staff' then that's someone actually employed and paid by Forbes to contribute to the site.

Everything I've seen at Forbes.com about D3 has been by contributors. Well-mannered but no one is fact-checking them and to the extent that they get anything wrong, Forbes is not standing behind them editorially.
right, it's not like if blizzard ad already denied being hacked, for finaly, a few weeks later, admitting it.

neither others big companies done the same, like sony ent.

oh wait.....
(I told myself I would be good, but)

There are really people like you in the world? I mean, I know common sense lacks greatly these days, schools are just shiny day cares until someone is of legal age to be sent into the world, regardless of their intelligence, but to continue seeing it daily here on the forums is just mind-freaking-blowing.

Yes, sir, you're right. Blizzard is lying to you, to us, to the world. They were hacked, all account information is now in the hands of 'hackers' and they will soon steal all accounts and by then Blizzard will be forced to announce they were wrong once they are investigated by the BBB, because doing so after all that would not cost them millions-billions in lawsuits.

You're exactly right.


Some of them are like my trying to reason with my ex-wife, who is bipolar, during one of her manic phases. Pounding my head against a brick wall is less painful.
Edited by Ewing#1365 on 6/4/2012 9:00 AM PDT
86 Blood Elf Paladin
4935
Posts: 144
Blizz is going to deny it but when !@#$ is published in Fo rbes, I mean...that's really, really not good.

That Forbes article is a joke and a sham. The person who wrote it isn't even a real journalist - he's a contributor.


From the author's profile:

"I'm new to this business, and I think I'm a part of the first generation of journalists to skip print media entirely."
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]