Diablo® III

Session Spoofing

85 Tauren Druid
7620
Posts: 26,352

SHA-256 is a hash function, not an encryption algorithm.


It's often used for authentication, and being able to generate hash collisions has some significant security implications (which is usually what hash breaks amount to).
85 Tauren Druid
7620
Posts: 26,352
06/04/2012 09:10 AMPosted by Vadoff
SHA-256 is a hash function, not an encryption algorithm.
...it's a cryptographic hash function... which is a type of encryption algorithm... which is what the bank uses to verify your username/password against it's server's hashes.


Hashes are not encryption. Encryption is reversable, hashing is not. Breaking hashing algorithms is finding collisions more frequently than the number of bits in the hash would indicate is possible (via birthday paradox).
I really wish people would stop masquerading articles written by f***ing bloggers as GROUND-BREAKING NEWS OMG BLIZZARD IS EVIL.

WAKE UP, SHEEPLE!!!
I seem to remember another major company downplaying the hacks that hit their online networks, then later admitted that they were much worse than they originally admitted to. PSN? Anyone?
Last year Rift had 2 major security breaches;

The first one did involve spoofing session ID, and only allowed hackers to access player's in-game accounts, and not to any of their personal information. This session ID spoofing weakness was discovered and brought to their attention by a "White Hat;" within days of the game going live, so not too much damage was done, before Trion Worlds fixed it with their coin lock system. In addition Trion Worlds sent an email to all of it players informing them of the situation as required by law.

Now do you really think that Blizzard's Developers were so unaware and out of touch that they didn't know what happened with Rift; and that they went a head and build the same weakness into D3?

The 2ond security breach at Rift was of their actual data base of their players personal information. Again they sent an email informing their players about it as required by law.

How do I know about these breaches? Because I was one of the players who got the emails. Now do you really think that Blizzard's legal team is so stupid, that they would really allow a cover up?
Edited by Ewing#1365 on 6/4/2012 9:41 AM PDT
100 Human Paladin
15155
Posts: 776


They have taken their time, in fact they struck at the perfect time for them to do so. They didn't do it immediately at launch and many of these users that were hacked theyve had their info for a very very long time and have been waiting. They waited for 2 weeks after launch, once everyone was finally far enough for them to have some actual gold on their accounts and for people to start working on inferno, that's when they hit, and before the RMAH so the only source of gold for a lot of people is to go to their websites and buy their gold, and then they just steal it back.

They hit at the perfect time, it's not about the items, it's about the gold. they aren't even taking items they are vendoring them.

I could go on but you don't think through many of your assumptions do you?

I don't think you think things through, actually.

And you haven't answered my other question, why would the hackers steal their D3 gold when it's worth hundreds of times less than the money in their paypal and bank accounts?


Why? Because the odds of Blizzard pressing charges is very slim! Paypal and banks will press charges to try to recover their money. Now just keep posting and show you have not researched anything! Stealing virtual gold isn't half as serious as fraud. Check it out. Try to use Google if you have some kind of clue how. What is it about the D3 forums that brings out the idiots?
Posts: 1,124
View profile
Last year Rift had 2 major security breaches;

The first one did involve spoofing session ID, and only allowed hackers to access player's in-game accounts, and not to any of their personal information. This session ID spoofing weakness was discovered and brought to their attention by a "White Hat;" within days of the game going live, so not too much damage was done, before Trion Worlds fixed it with their coin lock system. In addition Trion Worlds sent an email to all of it players informing them of the situation as required by law.

Now do you really think that Blizzard's Developers were so unaware and out of touch that they didn't know what happened with Rift; and that they went a head and build the same weakness into D3?

The 2ond security breach at Rift was of their actual data base of their players personal information. Again they sent an email informing their players about it as required by law.

How do I know about these breaches? Because I was one of the players who got the emails. Now do you really think that Blizzard's legal team is so stupid, that they would really allow a cover up?

If Blizzard hasn't figured out what's happening, they are technically not covering anything up. They are legally obliged to report compromise of servers with personal information but that's not what's going on. Trion denied the possibility of session ID spoofing until the exact mechanism of the session ID spoof was posted in their forums by the white hat.

I've been encouraging people to get authenticators because many of the hacks are simple email/password compromise. There really is a lot of Blizzard-targeted phishing and malware and plenty of ways to lose your password. The people who get kicked out of the game and only the active character/stash stripped really make me wonder, though. That's not how the typical World of Warcraft hacks go. Usually everything of value gets taken from all characters and Blizzard sees the login from a very different IP address.
When will people realize..

These are hackers, their goal is to get your best items, get out before you change password.

So, they use bots which can move quicker than a human.

These bots are programmed using small scripts to avoid detection.

These scripts only focus on your last logged in character.

Think about it, when you logged out and got hacked, was it your last logged in character that was hacked?

Also, I've been doing public games from Day 1, I've yet to be hacked (Also gots an authenticator, but that is un-related if its "Spoofing")

Also, its impossible for such a thing to happen because of the way that D3 was created. I'm not a ITT techy guy, but I've been told a rough version of how it works.

Also, if they did do session spoofing, it would be on your end because the spoofer would be going through your Computer's IP adress or w/e which would require a hacker to be on your PC.

In the end, it would still be your fault.


While the bots are likely, the real reason they only worry about your last character is because they just want your gold.

The time required to jump into other characters and strip them bare for at most, maybe another 2k in vendor gold simply isn't worth it.


Funny thing is, I know a guy that got hacked and they stripped each of his characters only of items that were worth AHing. We were all kind of chuckling about the fact that they left his terrible weapons, and that the hackers more or less insulted his character =P.

The first one did involve spoofing session ID, and only allowed hackers to access player's in-game accounts, and not to any of their personal information. This session ID spoofing weakness was discovered and brought to their attention by a "White Hat;" within days of the game going live, so not too much damage was done, before Trion Worlds fixed it with their coin lock system. In addition Trion Worlds sent an email to all of it players informing them of the situation as required by law.


Really? All they did to fix it was to put in a coin lock system? Wow, that's really... bad. I guess that explains why they had a really bad session ID system that was so hackable in the first place.
06/03/2012 09:56 PMPosted by moojerk
The blog post (its just some blogger) is 100% conjecture and has no proof. it is debunked here.


Didn't even need to see it debunked to know it's trash. Took less than a minute checking their "About Us" *cough* credentials *cough* and the "qualifications" required for Cinema Blend writing jobs (hint: none.)

Yeah, real solid "news" going on there...

/facepalm
Last year Rift had 2 major security breaches;

The first one did involve spoofing session ID, and only allowed hackers to access player's in-game accounts, and not to any of their personal information. This session ID spoofing weakness was discovered and brought to their attention by a "White Hat;" within days of the game going live, so not too much damage was done, before Trion Worlds fixed it with their coin lock system. In addition Trion Worlds sent an email to all of it players informing them of the situation as required by law.

Now do you really think that Blizzard's Developers were so unaware and out of touch that they didn't know what happened with Rift; and that they went a head and build the same weakness into D3?

The 2ond security breach at Rift was of their actual data base of their players personal information. Again they sent an email informing their players about it as required by law.

How do I know about these breaches? Because I was one of the players who got the emails. Now do you really think that Blizzard's legal team is so stupid, that they would really allow a cover up?


If Blizzard hasn't figured out what's happening, they are technically not covering anything up. They are legally obliged to report compromise of servers with personal information but that's not what's going on. Trion denied the possibility of session ID spoofing until the exact mechanism of the session ID spoof was posted in their forums by the white hat.

I've been encouraging people to get authenticators because many of the hacks are simple email/password compromise. There really is a lot of Blizzard-targeted phishing and malware and plenty of ways to lose your password. The people who get kicked out of the game and only the active character/stash stripped really make me wonder, though. That's not how the typical World of Warcraft hacks go. Usually everything of value gets taken from all characters and Blizzard sees the login from a very different IP address.


The point is: What happened with Rift, was a whole year before, the release of D3. The Developers at Blizzard are not stupid, there was no way in light of that, that they would have allowed the the same weakness of session ID spoofing. They solved the problem by not using session ID at all.

Also Blizzard has it own group of "white hats" working for them, testing each and every one of the wild theories that have been put out there, So far non of then can be done.

In addition to the "White Hats" on their payroll; A lot of The MVP real life jobs are as "white Hats" for several major Security firms. They have have posted that they have tried the wild theories as well. Again non of them worked. If I remember correctly one of the was the "White Hat' that posted the mechanism of the session ID spoof in the Rift forums.


The first one did involve spoofing session ID, and only allowed hackers to access player's in-game accounts, and not to any of their personal information. This session ID spoofing weakness was discovered and brought to their attention by a "White Hat;" within days of the game going live, so not too much damage was done, before Trion Worlds fixed it with their coin lock system. In addition Trion Worlds sent an email to all of it players informing them of the situation as required by law.


Really? All they did to fix it was to put in a coin lock system? Wow, that's really... bad. I guess that explains why they had a really bad session ID system that was so hackable in the first place.


Well it was at lease a temporary fix at that. Other wise they would of had to shut down for several weeks. Hopefully they done a better fix since then.



While the bots are likely, the real reason they only worry about your last character is because they just want your gold.

The time required to jump into other characters and strip them bare for at most, maybe another 2k in vendor gold simply isn't worth it.


Funny thing is, I know a guy that got hacked and they stripped each of his characters only of items that were worth AHing. We were all kind of chuckling about the fact that they left his terrible weapons, and that the hackers more or less insulted his character =P.


You do know that there is more then one group doing this. Some of them do it the old fashion way, with a real person behind the keyboard, totally stripping accounts, one alt at a time.
Edited by Ewing#1365 on 6/4/2012 5:43 PM PDT
Community Manager
Posts: 3,390
This may be a bit TL;DR, but I want to try to address as much here as possible...

We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.

Additionally, as we mentioned before:

Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.


For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."

Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.

06/04/2012 05:55 AMPosted by Vadoff
There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.


We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated thus far, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.

06/04/2012 12:37 AMPosted by ibchris
just happened to me..bunch of bs..


I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our restoration policy for Diablo III and contact customer support as soon as possible.

That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.

Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.

Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.

Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.

Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.

While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.

You can learn more about how to identify these kinds of scams here.

Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.

To best protect your account against this kind of malware, you'll want to:
  • Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our support site for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threats
  • Keep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.
  • Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like Adobe Flash Player and Adobe Reader) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.
  • Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.


For more information on account security in Diablo III, be sure to check out the following resources:

Diablo III Launch Update
Battle.net and Account Security
Account Security Homepage
Edited by Lylirra on 6/5/2012 11:43 AM PDT
Posts: 1,305
View profile
Thanks Lylirra, but the idiots will continue to spread this BS. They are not interested in facts, only in acting petulant and retaliating against Blizzard because of some sort of injustice.
Edited by MutantMonkey#1724 on 6/5/2012 11:20 AM PDT
This may be a bit TL;DR, but I want to try to address as much here as possible...

We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.

[url="http://us.battle.net/d3/en/forum/topic/5149181449"]Additionally[/url], as we mentioned before:

Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.


For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."

Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.

06/04/2012 05:55 AMPosted by Vadoff
There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.


We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.

06/04/2012 12:37 AMPosted by ibchris
just happened to me..bunch of bs..


I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our [url="http://us.battle.net/support/en/article/compromised-diablo-iii-account"]restoration policy for Diablo III[/url] and contact customer support as soon as possible.

That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.

Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.

Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.

Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.

Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.

While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.

You can learn more about how to identify these kinds of scams [url="http://us.battle.net/en/security/theft"]here[/url].

Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.

To best protect your account against this kind of malware, you'll want to:
  • Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our [url="http://us.battle.net/support/en/article/account-and-computer-security"]support site[/url] for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threats
  • Keep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.
  • Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like [url="http://www.adobe.com/products/flashplayer/"]Adobe Flash Player[/url] and [url="http://www.adobe.com/products/reader/"]Adobe Reader[/url]) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.
  • Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.


For more information on account security in Diablo III, be sure to check out the following resources:

[url="http://us.battle.net/d3/en/forum/topic/5149181449"]Diablo III Launch Update[/url]
[url="http://us.battle.net/d3/en/blog/6020037/Battlenet_and_Diablo_III_Account_Security-5_25_2012#blog"]Battle.net and Account Security[/url]
[url="http://us.battle.net/en/security/"]Account Security Homepage[/url]


The tin foil hats won't listen. To them, you're just lying and Blizz is an evil corporation conspiring to take over the world.
This may be a bit TL;DR, but I want to try to address as much here as possible...

We've investigated several reported claims of "session spoofing," as discussed both in these forums and elsewhere on the Web. We treat these kinds of reports very seriously -- however, to date, we have yet to identify a single case of compromise that was the result of a player joining or participating in a public game.

[url="http://us.battle.net/d3/en/forum/topic/5149181449"]Additionally[/url], as we mentioned before:

Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technically impossible.


For clarity, when we say "technically impossible" it means we determined (after many, many days of research) that session spoofing, as described in the claims we've seen, cannot occur within Diablo III. To avoid confusion, read "technically impossible" as "technologically impossible."

Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.

06/04/2012 05:55 AMPosted by Vadoff
There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.


We've stated this several times, but in all of the individual Diablo III-related compromise cases we've investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player's account.

While no security method is 100% fool-proof (even Authenticators), please note that it is possible that players reporting to have been compromised while an Authenticator was attached to their Battle.net account may have been using the Dial-in Authenticator. The Dial-in Authenticator does not provide the same level of protection as the Battle.net Authenticator or Battle.net Mobile Authenticator app, and -- more importantly -- is not currently supported for Diablo III.

It's important to remember there is no "silver bullet" guaranteeing complete protection against account compromise. The Authenticator offers players a highly valuable layer of added protection, but is not intended to replace the need for end-user computer and network security.

06/04/2012 12:37 AMPosted by ibchris
just happened to me..bunch of bs..


I'm very sorry to hear that your account may have been compromised. If you haven't already, please take a look at our [url="http://us.battle.net/support/en/article/compromised-diablo-iii-account"]restoration policy for Diablo III[/url] and contact customer support as soon as possible.

That said, there are a number of ways in which an account's information can be stolen, some of which you might not immediately be considering.

Sharing login information:
Sharing your account information with a family member, friend, or another player is an easy way to lose control of who has access to your account and increase the risk of compromise -- no matter how well you might know the person you're sharing your login information with. Keep in mind that even if you practice optimum Internet security at home, you can't control how another person will make use of your account information…or how secure their own computer system might be.

Email and password security:
Ensuring that your registered email address is secure is a very important part of keeping your Battle.net account secure. Your registered email address not only serves as a primary point of contact with Blizzard Entertainment, but it also functions as your Battle.net account name.

Because of this, you may want to consider creating a unique email address for your Battle.net account, and we *strongly* recommend using a password that you don’t use for any other online service.

Phishing scams:
Phishing scams are designed to trick you into giving out your account information, and they'll usually come in the form of "fake" websites or emails or that appear to be sent by Blizzard employees. Sometimes these emails encourage you to visit a malicious website (which might contain a web form for you to fill out or even embedded software that can steal your login information). In other cases, you may be asked to reply with your account name and password.

While most of these types of scams are easy to identify -- they'll frequently use poor grammar and spelling, or make outrageous threats about banning your account -- some can be difficult to distinguish from legitimate Blizzard correspondence, so it's important to be cautious of what you click on and when.

You can learn more about how to identify these kinds of scams [url="http://us.battle.net/en/security/theft"]here[/url].

Keyloggers:
You'll also want to make sure your computer is protected against malicious programs, including "keyloggers." Keyloggers are pretty serious, as they're capable of snagging information directly from your computer, either by monitoring your keystrokes or by gaining access to important applications like your clipboard.

To best protect your account against this kind of malware, you'll want to:
  • Install antivirus and anti-spyware software. If you're unsure of what software might be best for you, check out our [url="http://us.battle.net/support/en/article/account-and-computer-security"]support site[/url] for a list of recommendations. Please make sure that you regularly update any antivirus or anti-spyware programs you're using, so that they're able to identify the latest malware threats
  • Keep your browser up to date. In addition to providing more tools and functionality, browser updates can also include new security definitions and a more comprehensive phishing filter.
  • Keep your browser plug-ins up to date. Using the most recent versions of your browser plug-ins and applications (like [url="http://www.adobe.com/products/flashplayer/"]Adobe Flash Player[/url] and [url="http://www.adobe.com/products/reader/"]Adobe Reader[/url]) and regularly checking for security updates is also important, because they can sometimes become targets for certain types of malware. While most plug-ins will prompt you automatically when updates are available, it's a good idea to check the distributor wesite periodically to make sure you're running the latest versions.
  • Turn on your browser's phishing filter. Phishing filters work by comparing the websites you visit against a massive database of legitimate (secure) websites and websites that have been identified as potential security risks. If you happen to visit a website that's flagged by your browser's filter, you'll be alerted and given the opportunity to continue onto the page or -- in most cases -- navigate to another site completely. Most popular browsers have built-in phishing filters that are turned on by default, but you can always double-check filter settings/availability in the browser's Tools menu.


For more information on account security in Diablo III, be sure to check out the following resources:

[url="http://us.battle.net/d3/en/forum/topic/5149181449"]Diablo III Launch Update[/url]
[url="http://us.battle.net/d3/en/blog/6020037/Battlenet_and_Diablo_III_Account_Security-5_25_2012#blog"]Battle.net and Account Security[/url]
[url="http://us.battle.net/en/security/"]Account Security Homepage[/url]
Awesome.
Posts: 69
Since you're 100% sure, you should sue those news sites for libel then.
This topic has reached its post limit. You may no longer post or reply to posts for this topic.

Please report any Code of Conduct violations, including:

Threats of violence. We take these seriously and will alert the proper authorities.

Posts containing personal information about other players. This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.

Harassing or discriminatory language. This will not be tolerated.

Forums Code of Conduct

Report Post # written by

Reason
Explain (256 characters max)

Reported!

[Close]