From what I've gathered, you can only get hacked that way if you join public games so people can get the session ID. Thankfully I haven't bothered playing with randoms.
<!--quoteo--><div class='quotetop'>QUOTE </div><div class='quotemain'><!--quotec-->In short, Blizzard is blaming the problem on passwords that aren't backed up by an official Battle.net authenticator.<!--QuoteEnd--></div><!--QuoteEEnd--> So in other words: No caps sensitivity, no limit on the number of password entry retries allowed, and it's OUR fault because WE have shoddy security? In the future, password protection for your account will be paid-for DLC...
Or, you know, get the free mobile version of the Authenticator? Besides, all the security in world on Blizzard's end won't matter if you've got trojans etc on your computer and they've sniffed out your password in the good old fashioned way, which is precisely what has happened according to Blizzard (Your milage may vary on their excuse depending on how gullible/trusting you are).
Or they actually have a huge leak in their system and don't know about it or are lying to us. But if there's one thing the past years have told us, it's that this <i>never</i> happens, right?
Also, mobile authenticator requires you to have a smartphone. <strike>And is only free if you have an iphone, apparently.</strike>
douchebagatronCustom member titleJoin Date: 2003-12-20Member: 24581Members, Constellation, Reinforced - Shadow
<!--quoteo(post=1939501:date=May 28 2012, 10:00 AM:name=Aldaris)--><div class='quotetop'>QUOTE (Aldaris @ May 28 2012, 10:00 AM) <a href="index.php?act=findpost&pid=1939501"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Or, you know, get the free mobile version of the Authenticator? Besides, all the security in world on Blizzard's end won't matter if you've got trojans etc on your computer and they've sniffed out your password in the good old fashioned way, which is precisely what has happened according to Blizzard (Your milage may vary on their excuse depending on how gullible/trusting you are).<!--QuoteEnd--></div><!--QuoteEEnd-->
I didn't realize there was a free mobile version of it until i did some digging last night after it happened, I only knew about the one you have to buy. definitely signed up for that. But given the number of instances that are occurring, it's more likely that Blizzard screwed up somehow (reports of unlimited attempts and passwords aren't case sensitive) than that many people got bitten by a diablo 3 directed trojan. I keep my computer well-maintained and clean, I seriously doubt something like that got slipped on there.
<!--quoteo(post=1939519:date=May 28 2012, 09:18 AM:name=LV426-Colonist)--><div class='quotetop'>QUOTE (LV426-Colonist @ May 28 2012, 09:18 AM) <a href="index.php?act=findpost&pid=1939519"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->1) Stay away from public games 2) Get the free authenticator 3) ???? 4) Profit 5) Get hacked<!--QuoteEnd--></div><!--QuoteEEnd-->
ThansalThe New ScumJoin Date: 2002-08-22Member: 1215Members, Constellation
<!--quoteo(post=1939519:date=May 28 2012, 12:18 PM:name=LV426-Colonist)--><div class='quotetop'>QUOTE (LV426-Colonist @ May 28 2012, 12:18 PM) <a href="index.php?act=findpost&pid=1939519"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->1) Stay away from public games 2) Get the free <b>dial in</b> authenticator, which doesn't actually protect your BNet account in any serious way, especially as it isn't set up for Diablo 3 atm. 3) Get hacked<!--QuoteEnd--></div><!--QuoteEEnd-->
Actually fixed.
Get an actual authenticator (Either smart phone app or keyfob).
Sure, it's possible that blizz is lying, but I seriously don't think they are. They have explicitly stated that no one who had an authenticator (NOT the Dial In) has been hacked, and all of the hacked accounts have had some one actually log in (not the 'session ID' hacking that everyone is talking about b/c it happened in RIFT). On top of that, Blizz would more than likely admit that they were compromised, they have much more to lose if it comes out latter that they actually were compromised and lied about it.
Also, you do NOT need to have your computer compromised to have your account compromised. You could have fallen victim of a phishing scam, or used the same credentials at a 3rd party site that was compromised, or any of a number of other options.
"Originally, Blizzard mentioned that accounts they investigated that had been hacked/infiltrated/compromised did not have authenticators attached beforehand. This led many in the forums to post rebuttals that most of the hacking occurring was due to player negligence and that they were not properly protecting themselves.
Well, today it turns out that some of the Battle.net accounts that have been infiltrated did have authenticators attached and that there was a bit more to it than just an extra layer of password protection required to protect the user."
douchebagatronCustom member titleJoin Date: 2003-12-20Member: 24581Members, Constellation, Reinforced - Shadow
When you attach an authenticator you're given the option of requiring authentication on every log in, or just once a week. If you choose once a week, someone could still brute force your password that same week. At least unless they're doing something smart like asking for authentication after failed login attempts, but since they don't even do timeouts for that I doubt it.
That's not the problem. The game is more gear reliant and the drops are modified to give you more drops for other classes because they want you to put your stuff up on the auction house to sell, and inferno is ridiculously cheap 1 shot kills that Hell does NOT prepare you for. D1 and D2 required different gameplay strategies on the harder difficulties which made them different experiences while in D3 the only thing that helps you is better gear and more grinding.
On top of that, the linear "unlock" skill system with the runes that supposedly provides "unlimited" customization is pointless because on inferno, like Diablo 2, there are still fixed builds you need to use in order to not get your ass handed to you which negates any advantages the new one had over the old one because the end result is the same, with the difference that everyone has the option to do the same build for their class whenever they want.
Inferno might even be so ridiculous because they haven't opened the real money auction house and it will probably have better items than what you can get on the in-game gold AH. Otherwise I don't think many people would use the real money AH since you could easily get game gold for that same shiny new item you want instead of shelling out cash.
<!--quoteo(post=1939660:date=May 29 2012, 05:23 AM:name=Bloodshot12)--><div class='quotetop'>QUOTE (Bloodshot12 @ May 29 2012, 05:23 AM) <a href="index.php?act=findpost&pid=1939660"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->On top of that, the linear "unlock" skill system with the runes that supposedly provides "unlimited" customization is pointless because on inferno, like Diablo 2, there are still fixed builds you need to use in order to not get your ass handed to you which negates any advantages the new one had over the old one because the end result is the same, with the difference that everyone has the option to do the same build for their class whenever they want.<!--QuoteEnd--></div><!--QuoteEEnd--> It's hardly pointless. It's still the superior system because you can actually use new skills as you level up, instead of having to hoard skill points and then spend them when the right skill finally becomes available. Sure the system may have its deficiencies at Inferno difficulty, but for those who will never even reach that difficulty (and I think that includes most people) that won't even matter.
ThansalThe New ScumJoin Date: 2002-08-22Member: 1215Members, Constellation
<!--quoteo(post=1939637:date=May 28 2012, 09:33 PM:name=LV426-Colonist)--><div class='quotetop'>QUOTE (LV426-Colonist @ May 28 2012, 09:33 PM) <a href="index.php?act=findpost&pid=1939637"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->"Originally, Blizzard mentioned that accounts they investigated that had been hacked/infiltrated/compromised did not have authenticators attached beforehand. This led many in the forums to post rebuttals that most of the hacking occurring was due to player negligence and that they were not properly protecting themselves.
Well, today it turns out that some of the Battle.net accounts that have been infiltrated did have authenticators attached and that there was a bit more to it than just an extra layer of password protection required to protect the user."<!--QuoteEnd--></div><!--QuoteEEnd-->
[Citation Needed]
Plenty of people said that they had authenticators prior to blizz officially saying that no accounts with authenticators had been compromised, so either people are misinformed(dial-in doesn't work with D3)/lying or Blizz is lying. Even today Blizz is still holding the stance that no accounts have been compromised out side of directly logging in.
ThansalThe New ScumJoin Date: 2002-08-22Member: 1215Members, Constellation
edited May 2012
<!--quoteo(post=1939757:date=May 29 2012, 11:55 AM:name=lolfighter)--><div class='quotetop'>QUOTE (lolfighter @ May 29 2012, 11:55 AM) <a href="index.php?act=findpost&pid=1939757"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->I still say that's extortion. "That's a nice account you have there. Would be a shame if something happened to it."<!--QuoteEnd--></div><!--QuoteEEnd-->
A free smart phone app and $6 authenticators is not extortion. Authenticators also ONLY protect against people obtaining your log in credentials. So, unless blizz had their servers hacked a la Sony et all, and some one managed to crack the passwords, and blizz is refusing to own up to it, it isn't something blizz can do anything about (aside from providing cheap/free 2 factor authentication).
That said, I really do think that blizz should have included keyfobs in all retail copies of DIII.
PS: SoE's keyfob costs $10, and they are exactly the same devices (Vasco keyfobs).
Basically, it's in Blizz's best interest for everyone to have an authenticator. The bottom line is that compromises cost blizz money:
1) Loss of good will. Their name is mud with a lot of people now.
2) Loss of future transactions. Every closed WoW account or person that doesn't play with the RMAH is lost $$ in their pocket.
3) Cost of CSR time. The amount of time that is dedicated to dealing with/helping people that have been compromised has to be huge.
So I got my first legendary item and it was on late Hell so it's actually useful in the long run! Too bad "goldskin" chestarmor seems like the most dropped legendary as the AH has like 40 pages with it, still neat.
I also just got into Inferno and dear gods, the difficulty just seems superficial. Making everything about extreme kiting and potshotting is just boring. The addition of another ability on elites also means there are more and more groups you simply cannot kill without spending hours on that single task while crapping over your nephalem gold/magic find at the same time. The only redeeming factor is piles of gold worth 1000 each after 4-5 nephalem buffs.
If they can't figure out how to provide proper security without an optional thingabob, that thingabob is not optional and should be part of the package.
ThansalThe New ScumJoin Date: 2002-08-22Member: 1215Members, Constellation
<!--quoteo(post=1939798:date=May 29 2012, 01:30 PM:name=Svenpa)--><div class='quotetop'>QUOTE (Svenpa @ May 29 2012, 01:30 PM) <a href="index.php?act=findpost&pid=1939798"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->So I got my first legendary item and it was on late Hell so it's actually useful in the long run! Too bad "goldskin" chestarmor seems like the most dropped legendary as the AH has like 40 pages with it, still neat.<!--QuoteEnd--></div><!--QuoteEEnd-->
Fairly awesome looking. The only legendary I have so far was in normal, some one handed hammer that I passed off to a barbarian friend, then gave to my Templar for a while :P
I just started in on Hell (Killed the Skeleton King). It's hard, however also interesting.
As a wizard: In reg I just maxed my damage.
In Nightmare I maxed my damage for the first 2 acts, then suddenly needed to switch out for survivability. By the end of nightmare I could switch back to favoring Damage.
In Hell I seriously need some more survivability again (Died a bunch getting to the SK).
<!--quoteo(post=1939812:date=May 29 2012, 08:26 PM:name=Aldaris)--><div class='quotetop'>QUOTE (Aldaris @ May 29 2012, 08:26 PM) <a href="index.php?act=findpost&pid=1939812"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->You seem to be blaming this entire security breach on Blizzards part lolfighter.<!--QuoteEnd--></div><!--QuoteEEnd--> It seems to be a bit of an epidemic, so yeah.
<!--quoteo(post=1939812:date=May 29 2012, 01:26 PM:name=Aldaris)--><div class='quotetop'>QUOTE (Aldaris @ May 29 2012, 01:26 PM) <a href="index.php?act=findpost&pid=1939812"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->You seem to be blaming this entire security breach on Blizzards part lolfighter.<!--QuoteEnd--></div><!--QuoteEEnd-->
<!--quoteo(post=1939890:date=May 30 2012, 12:35 AM:name=Tykjen)--><div class='quotetop'>QUOTE (Tykjen @ May 30 2012, 12:35 AM) <a href="index.php?act=findpost&pid=1939890"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Some interesting info to pick up for Inferno.
Interesting indeed but I still don't get how armor works with physical resist. If I have 50% damage reduction from armor, it's for all sources according to video but what if I have 50% physical resist as well? Will I get 100% damage reduction for physical attacks then or what? I can't imagine that being the case but still. I also didn't know dodge actually worked on puddles and whatnot, I can't recall a single time it has said dodge when I've run over fire behind an elite.
ThansalThe New ScumJoin Date: 2002-08-22Member: 1215Members, Constellation
edited May 2012
<!--quoteo(post=1939823:date=May 29 2012, 03:27 PM:name=lolfighter)--><div class='quotetop'>QUOTE (lolfighter @ May 29 2012, 03:27 PM) <a href="index.php?act=findpost&pid=1939823"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->It seems to be a bit of an epidemic, so yeah.<!--QuoteEnd--></div><!--QuoteEEnd--> <!--quoteo(post=1939887:date=May 29 2012, 07:27 PM:name=LV426-Colonist)--><div class='quotetop'>QUOTE (LV426-Colonist @ May 29 2012, 07:27 PM) <a href="index.php?act=findpost&pid=1939887"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->It's kind of hard not to.<!--QuoteEnd--></div><!--QuoteEEnd-->
The problem being, if the accounts are simply getting compromised in ordinary ways (malware, compromised sites, phishing, etc), there is very little Blizz can do. They could force everyone to have an authenticator, however that will piss off people (primarily people sharing accounts). They probably should have included an auth in the box for DIII, however that still leaves all the digital customers out in the cold. I think they have done their due diligence in helping people protect their accounts from standard vectors (cheap key fobs and free smart phone apps).
If you don't have a smart phone, and refuse to pay the $$ you can still get an auth by using the Android SDK to run a virtual android device on your computer (though that is getting silly tbh). Why isn't there simply an auth for the computer? I dono, maybe there should be, thought it seems rather insecure to run your 2nd factor of identification from the same computer...
If blizz has actually been compromised and isn't telling us, that would be a huge deal, and completely on their heads. However I just don't believe it to be true, for the most expedient reasoning that if it is it will come out and will damage them much more than the way things are at the moment.
Meh, crap happens, buy an authenticator.
On the actual game:
I suspect that either armor or resist are applied first, and then the other. so if you have 50% + 50% it probably turns out to be 75%. As for dodging puddles, my wizard is surprisingly nimble, and dodges fairly regularly, most recently I know I dodged some of the ticks from the puddles that Azmodan drops.
Accusing blizz of having unsecure servers is nothing new. Happened about a hundred times a day, when I still used to work there. It was always peoples PCs that were hacked in some way or other.
I remember back in the beta, someone said they played Wizard and felt like a god... <center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/aWRO5BNYBek"></param><embed src="http://www.youtube.com/v/aWRO5BNYBek" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center>
Comments
So in other words: No caps sensitivity, no limit on the number of password entry retries allowed, and it's OUR fault because WE have shoddy security? In the future, password protection for your account will be paid-for DLC...
GET A GODAMN AUTHENTICATOR.
Also, mobile authenticator requires you to have a smartphone. <strike>And is only free if you have an iphone, apparently.</strike>
I didn't realize there was a free mobile version of it until i did some digging last night after it happened, I only knew about the one you have to buy. definitely signed up for that. But given the number of instances that are occurring, it's more likely that Blizzard screwed up somehow (reports of unlimited attempts and passwords aren't case sensitive) than that many people got bitten by a diablo 3 directed trojan. I keep my computer well-maintained and clean, I seriously doubt something like that got slipped on there.
2) Get the free authenticator
3) Get hacked
2) Get the free authenticator
3) ????
4) Profit
5) Get hacked<!--QuoteEnd--></div><!--QuoteEEnd-->
Fixed.
2) Get the free <b>dial in</b> authenticator, which doesn't actually protect your BNet account in any serious way, especially as it isn't set up for Diablo 3 atm.
3) Get hacked<!--QuoteEnd--></div><!--QuoteEEnd-->
Actually fixed.
Get an actual authenticator (Either smart phone app or keyfob).
Sure, it's possible that blizz is lying, but I seriously don't think they are. They have explicitly stated that no one who had an authenticator (NOT the Dial In) has been hacked, and all of the hacked accounts have had some one actually log in (not the 'session ID' hacking that everyone is talking about b/c it happened in RIFT). On top of that, Blizz would more than likely admit that they were compromised, they have much more to lose if it comes out latter that they actually were compromised and lied about it.
Also, you do NOT need to have your computer compromised to have your account compromised. You could have fallen victim of a phishing scam, or used the same credentials at a 3rd party site that was compromised, or any of a number of other options.
Well, today it turns out that some of the Battle.net accounts that have been infiltrated did have authenticators attached and that there was a bit more to it than just an extra layer of password protection required to protect the user."
On top of that, the linear "unlock" skill system with the runes that supposedly provides "unlimited" customization is pointless because on inferno, like Diablo 2, there are still fixed builds you need to use in order to not get your ass handed to you which negates any advantages the new one had over the old one because the end result is the same, with the difference that everyone has the option to do the same build for their class whenever they want.
Inferno might even be so ridiculous because they haven't opened the real money auction house and it will probably have better items than what you can get on the in-game gold AH. Otherwise I don't think many people would use the real money AH since you could easily get game gold for that same shiny new item you want instead of shelling out cash.
It's hardly pointless. It's still the superior system because you can actually use new skills as you level up, instead of having to hoard skill points and then spend them when the right skill finally becomes available. Sure the system may have its deficiencies at Inferno difficulty, but for those who will never even reach that difficulty (and I think that includes most people) that won't even matter.
Well, today it turns out that some of the Battle.net accounts that have been infiltrated did have authenticators attached and that there was a bit more to it than just an extra layer of password protection required to protect the user."<!--QuoteEnd--></div><!--QuoteEEnd-->
[Citation Needed]
Plenty of people said that they had authenticators prior to blizz officially saying that no accounts with authenticators had been compromised, so either people are misinformed(dial-in doesn't work with D3)/lying or Blizz is lying. Even today Blizz is still holding the stance that no accounts have been compromised out side of directly logging in.
Seriously, just get an authenticator.
A free smart phone app and $6 authenticators is not extortion. Authenticators also ONLY protect against people obtaining your log in credentials. So, unless blizz had their servers hacked a la Sony et all, and some one managed to crack the passwords, and blizz is refusing to own up to it, it isn't something blizz can do anything about (aside from providing cheap/free 2 factor authentication).
That said, I really do think that blizz should have included keyfobs in all retail copies of DIII.
PS: SoE's keyfob costs $10, and they are exactly the same devices (Vasco keyfobs).
Basically, it's in Blizz's best interest for everyone to have an authenticator. The bottom line is that compromises cost blizz money:
1) Loss of good will. Their name is mud with a lot of people now.
2) Loss of future transactions. Every closed WoW account or person that doesn't play with the RMAH is lost $$ in their pocket.
3) Cost of CSR time. The amount of time that is dedicated to dealing with/helping people that have been compromised has to be huge.
I also just got into Inferno and dear gods, the difficulty just seems superficial. Making everything about extreme kiting and potshotting is just boring. The addition of another ability on elites also means there are more and more groups you simply cannot kill without spending hours on that single task while crapping over your nephalem gold/magic find at the same time. The only redeeming factor is piles of gold worth 1000 each after 4-5 nephalem buffs.
pics:
<img src="http://dl.dropbox.com/u/98384/screengrab_20120529193654.jpg" border="0" class="linked-image" />
<img src="http://dl.dropbox.com/u/98384/screengrab_20120529193735.jpg" border="0" class="linked-image" />
Fairly awesome looking. The only legendary I have so far was in normal, some one handed hammer that I passed off to a barbarian friend, then gave to my Templar for a while :P
I just started in on Hell (Killed the Skeleton King). It's hard, however also interesting.
As a wizard:
In reg I just maxed my damage.
In Nightmare I maxed my damage for the first 2 acts, then suddenly needed to switch out for survivability. By the end of nightmare I could switch back to favoring Damage.
In Hell I seriously need some more survivability again (Died a bunch getting to the SK).
It seems to be a bit of an epidemic, so yeah.
It's kind of hard not to.
<center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/K9uVdmdzfb0"></param><embed src="http://www.youtube.com/v/K9uVdmdzfb0" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center>
<center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/gjhFivTNooQ"></param><embed src="http://www.youtube.com/v/gjhFivTNooQ" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center>
<center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/K9uVdmdzfb0"></param><embed src="http://www.youtube.com/v/K9uVdmdzfb0" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center>
<center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/gjhFivTNooQ"></param><embed src="http://www.youtube.com/v/gjhFivTNooQ" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center><!--QuoteEnd--></div><!--QuoteEEnd-->
Interesting indeed but I still don't get how armor works with physical resist. If I have 50% damage reduction from armor, it's for all sources according to video but what if I have 50% physical resist as well? Will I get 100% damage reduction for physical attacks then or what? I can't imagine that being the case but still. I also didn't know dodge actually worked on puddles and whatnot, I can't recall a single time it has said dodge when I've run over fire behind an elite.
<!--quoteo(post=1939887:date=May 29 2012, 07:27 PM:name=LV426-Colonist)--><div class='quotetop'>QUOTE (LV426-Colonist @ May 29 2012, 07:27 PM) <a href="index.php?act=findpost&pid=1939887"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->It's kind of hard not to.<!--QuoteEnd--></div><!--QuoteEEnd-->
The problem being, if the accounts are simply getting compromised in ordinary ways (malware, compromised sites, phishing, etc), there is very little Blizz can do. They could force everyone to have an authenticator, however that will piss off people (primarily people sharing accounts). They probably should have included an auth in the box for DIII, however that still leaves all the digital customers out in the cold. I think they have done their due diligence in helping people protect their accounts from standard vectors (cheap key fobs and free smart phone apps).
If you don't have a smart phone, and refuse to pay the $$ you can still get an auth by using the Android SDK to run a virtual android device on your computer (though that is getting silly tbh). Why isn't there simply an auth for the computer? I dono, maybe there should be, thought it seems rather insecure to run your 2nd factor of identification from the same computer...
If blizz has actually been compromised and isn't telling us, that would be a huge deal, and completely on their heads. However I just don't believe it to be true, for the most expedient reasoning that if it is it will come out and will damage them much more than the way things are at the moment.
Meh, crap happens, buy an authenticator.
On the actual game:
I suspect that either armor or resist are applied first, and then the other. so if you have 50% + 50% it probably turns out to be 75%. As for dodging puddles, my wizard is surprisingly nimble, and dodges fairly regularly, most recently I know I dodged some of the ticks from the puddles that Azmodan drops.
<center><object width="450" height="356"><param name="movie" value="http://www.youtube.com/v/aWRO5BNYBek"></param><embed src="http://www.youtube.com/v/aWRO5BNYBek" type="application/x-shockwave-flash" width="450" height="356"></embed></object></center>