No Authenticator, No Diablo III Cash Auction House

[TK421]

I'm sick of fanboys defending Blizzard at every turn. They have made some mistakes, they aren't perfect. Grow up and stop telling people who have legitimate concerns about a game they bought to "stop bitching, because Blizzard is perfect."

OT: It's a good measure to force added security, but the RMAH was a huge mistake in the first place. It's just a giant bullseye to hackers, pirates, and the like.

 

[Eri]

More like what you didn't do. There's any number of ways you could get "hacked", but the point is it didn't come from Blizzard's end, and that means there's only one end left, which is the users.

Why couldn't it have been from Blizzard's end? Companies are not infallible.

Right, but Blizzard hasn't been compromised. First, it's illegal for them to not say if they are. Second, Their security is 100x better than single people's.

hackers don't use passwords to hack. they get you session info.
there was a bug that made it possible for people in your party to obtain your session info.
if you supply that info to server it automatically logs you in. even if you have an authenticator.

blizzard is to proud to accept they made a mistake. instead they blame users for their stupidity.

Wrong. Session spoofing is IMPOSSIBLE IN DIABLO. They said that 100 times.

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Blizzard's password system:

a) Is not case-sensitive.

b) Implements no login restrictions, meaning you can login an infinite number of times with an infinite number of incorrect passwords without any delay.

Your password doesn't need to be "stolen." The system is vulnerable to the simplest of all possible attacks.

Not true. They have a cap of around 10ish tries. Go see for yourself.

 

[kabooz18]

http://code.google.com/p/winauth/

I'm fairly baffled that no one posted this yet ...

it's a mobile authenticator for windows PCs

so that your account can only be accessed from an pc with your authenticator

FTR: it's accepted by blizzard but they do not recommend it for their own protection
so use at your own risk (I use one already)

 

[Torrasque]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

 

[Eri]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

Yup. It's quite amazing the lengths people will go to to deny that they had anything to do with their account being taken for all its worth. Blatant lies (but i had an authenticator!11!), you name it, they've done it.

 

[Atlas13]

More like what you didn't do. There's any number of ways you could get "hacked", but the point is it didn't come from Blizzard's end, and that means there's only one end left, which is the users.

Why couldn't it have been from Blizzard's end? Companies are not infallible.

Right, but Blizzard hasn't been compromised. First, it's illegal for them to not say if they are. Second, Their security is 100x better than single people's.

hackers don't use passwords to hack. they get you session info.
there was a bug that made it possible for people in your party to obtain your session info.
if you supply that info to server it automatically logs you in. even if you have an authenticator.

blizzard is to proud to accept they made a mistake. instead they blame users for their stupidity.

Wrong. Session spoofing is IMPOSSIBLE IN DIABLO. They said that 100 times.

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Blizzard's password system:

a) Is not case-sensitive.

b) Implements no login restrictions, meaning you can login an infinite number of times with an infinite number of incorrect passwords without any delay.

Your password doesn't need to be "stolen." The system is vulnerable to the simplest of all possible attacks.

Not true. They have a cap of around 10ish tries. Go see for yourself.

So tell us then, almighty Eri, how did Crono get his account compromised, how did I get compromised, how did my friend get compromised. Hell, my friend and I only ever played on "singleplayer." So where would anyone get our info? How could someone get into our accounts if we only made them to play Diablo 3. Never posted our info anywhere, never went onto any forums, never did anything to even let them know we had accounts.

 

[Eri]

More like what you didn't do. There's any number of ways you could get "hacked", but the point is it didn't come from Blizzard's end, and that means there's only one end left, which is the users.

Why couldn't it have been from Blizzard's end? Companies are not infallible.

Right, but Blizzard hasn't been compromised. First, it's illegal for them to not say if they are. Second, Their security is 100x better than single people's.

hackers don't use passwords to hack. they get you session info.
there was a bug that made it possible for people in your party to obtain your session info.
if you supply that info to server it automatically logs you in. even if you have an authenticator.

blizzard is to proud to accept they made a mistake. instead they blame users for their stupidity.

Wrong. Session spoofing is IMPOSSIBLE IN DIABLO. They said that 100 times.

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Blizzard's password system:

a) Is not case-sensitive.

b) Implements no login restrictions, meaning you can login an infinite number of times with an infinite number of incorrect passwords without any delay.

Your password doesn't need to be "stolen." The system is vulnerable to the simplest of all possible attacks.

Not true. They have a cap of around 10ish tries. Go see for yourself.

So tell us then, almighty Eri, how did Crono get his account compromised, how did I get compromised, how did my friend get compromised. Hell, my friend and I only ever played on "singleplayer." So where would anyone get our info? How could someone get into our accounts if we only made them to play Diablo 3. Never posted our info anywhere, never went onto any forums, never did anything to even let them know we had accounts.

As I noted, Since Blizzard hasn't been "hacked" the only other conclusion is the end user. It is illegal (in the US at least) to not tell customers if their data has been breached. So, end user.

Many "hackers" stored up millions of password/user combos from other websites, from forums, to fansites, and they just tried them all to see if they worked. That's probably how they got yours, by "hacking" less secure sites. But even if it's not, it still wasn't Blizzard.

 

[Torrasque]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

Yup. It's quite amazing the lengths people will go to to deny that they had anything to do with their account being taken for all its worth. Blatant lies (but i had an authenticator!11!), you name it, they've done it.

I remember a long while ago (almost 2 years now) we were starting a raid and one of our main mages wasn't there. He finally hopped on Vent and said "I can't log in, it says my account has been locked. After a few minutes of research, he found out that his account had been locked because it was under investigation of gold selling. So he didn't make the raid (which was hilarious), and he didn't get his account back until the next day.

During the after raid 'hang out' (some of us would just stay in vent and do bgs or random shit, just chatting it up), the room mate of the mage said "yeah, he bought some gold yesterday. So thats why his account is locked, what a dumbass".

The same can be said of every single person that I have known, that has been "hacked" or had their account locked. I've never known anyone who has genuinely done nothing, and had their account compromised in some way.

 

[Daemonate]

Anyone, and I do mean anyone, who defends this action is an idiot or a corporate lackey, or both.

It's fine if you want be apathetic and say "I don't care that my rights aren't worth a damn". But people actually defending this? It goes beyond words.

Never mind that a promised core feature to a one-off paid service (ie Diablo 3) that can't be refunded, is now behind a separate pay wall that requires separate technology (ie a smart phone with data rate access) to the general purpose computing device the service operates on in the first place.

And never mind that now you have the hassle of obtaining and typing in activation codes every time you want to load your game, in ADDITION to having to log in every time you want to play your game. Which has to be online at all times. For what most people play as a single player game.

Just how much shit are people willing to put up with? I have a feeling Activision is testing us. Just how far will their suckers / customers go to line up and have their time and money wasted? It's an important metric to determine for the contemporary entertainment era.

 

[Daemonate]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

Yup. It's quite amazing the lengths people will go to to deny that they had anything to do with their account being taken for all its worth. Blatant lies (but i had an authenticator!11!), you name it, they've done it.

All of you are missing the fucking point, and the fucking clue train by several days.

We are talking about a computer game. One that has not got a persistent online world. It's actually the same type of game that has existed in many forms for many years, for example Titan Quest or Dungeon Siege.

And yet we are talking about accounts. Why is there an account there TO BE HACKED IN THE FIRST PLACE? Why do I need an account, as in an online service, for a game where I just want to kill monsters, perhaps with my friends? Online multiplayer monster killing coop has existed since Doom.
I didn't need a fucking account to play Doom as far as I can recall. Noone ever hacked my Doom account and stole my frags. I never got my ass account comprimised playing Doom.

This is the problem. People sign up for a game, and suddenly they're supposed to manage online service account securities. That is Blizzard's responsibility, and their fault. The authenticator is a final insult after having your corpse spat upon after a horrifically fatal injury.

 

[Clive Howlitzer]

Ah my decision not to buy Diablo 3 just keeps looking sweeter and sweeter.

 

[Simonoly]

Yeah there's only a certain amount of nonsense I can take before I lose interest Blizzard. So much hassle just to play a relatively simplistic dungeon crawler. Thanks for making all your problems my problems Blizzard.

One funny thing I'm noticing from all this is that competitor dungeon-crawlers are now putting down things like "does not require internet connection to play' or "co-op via LAN" as top features. That's just hilarious!

 

[risenbone]

I can remember back in the day when I used to play WOW that I needed a username and a password to log in to WOW. The username wasn't my e-mail address it was one I thought up along with a password. During this time not that many people got "hacked" and it was believable that those who did most had gone to a website that sold gold or bot programs and it was their own silly fault they lost everything.

Blizzard then changed the login the username was now your e-mail address. Boom instant downgrade of security. The username for a major number of accounts was now one that millions of people had access to. Unsurisingly the number of accounts now getting "hacked" shot up because now sharing your e-mail address was basicly telling someone your username. Then they wanted you to get an Authenticator. They had a system that was reasonably secure about as secure as most systems broke it and then wanted money to fix what they themselves broke. Yet somehow they still manage to deflect all the fallout back onto the user in alot of peoples eyes.

EA wishes it had this level of cultish customers.

 

[chadachada123]

Did you ever try mods off curse gaming?

Their site was hijacked for a while and software was implemented into mods.

You know, and I know this will sound absolutely crazy, but it is POSSIBLE that Blizzard's servers have a small hole that allows people to play as you.

This would explain why some people, even ones with authenticators, could have their stuff jacked while still keeping their passwords and ALSO only having the items from their last used character stolen as opposed to all of their items.

It's POSSIBLE (crazy, I know) that Blizzard is the cause of some number of these issues, considering that the majority of the concerned 'hacks' had the SAME players in the 'recently played' list despite never playing with these people.

You've no reason to say that every person here is just lazy with their accounts but don't even allow for the possibility that Blizzard's new game with a new multiplayer system could possibly have holes in it.

 

[Eri]

Did you ever try mods off curse gaming?

Their site was hijacked for a while and software was implemented into mods.

You know, and I know this will sound absolutely crazy, but it is POSSIBLE that Blizzard's servers have a small hole that allows people to play as you.

This would explain why some people, even ones with authenticators, could have their stuff jacked while still keeping their passwords and ALSO only having the items from their last used character stolen as opposed to all of their items.

It's POSSIBLE (crazy, I know) that Blizzard is the cause of some number of these issues, considering that the majority of the concerned 'hacks' had the SAME players in the 'recently played' list despite never playing with these people.

You've no reason to say that every person here is just lazy with their accounts but don't even allow for the possibility that Blizzard's new game with a new multiplayer system could possibly have holes in it.

Nope. That is impossible.

To that end, we've also seen discussions regarding the possibility of account compromises occurring in ways that didn?t involve these "traditional" methods -- for example, by "session spoofing" a player?s identity after he or she joins a public game. Regarding this specific example, we've looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we've determined the methods being suggested to do so are technologically impossible.

 

[Zaik]

hack un-auchenticated account -> get authenticator for it -> hack other accounts, clean them out, dump all valuable loot on authenticated account -> sell stolen loot on RMAH anyway

Seems more like they're attempting to cash in even more on this RMAH thing, than it does some sort of security precaution.

 

[Something Amyss]

Isn't this now "falls advertising"?
They said that if you buy D3, you can use the RMAH.
But now they say you can't use it unless you give them more money.

Ohhh well, it's Blizzard. People will still give them money even if they kill their whole family.

I'm still amazed that they sell you a product, then sell you another one to keep it secure. I mean, it seems like a racket to me.

I'm betting they have some fine print about terms of use for the RMAH, however, meaning that it's not "false advertising," but rather "read the fine print."

As for the rest, yeah. People will be outraged, then turn around and do it anyway.

 

[Lyri]

And yet, until they fix the Man-In-The-Middle attacks that people were already using to hack D3 this won't do any good.

It'll help SOME but if they're that desperate then yeah, they'll just use Session Hijacks or MITM for which the authenticators help none.

None of those ever happened for Diablo.

This actually did happen, it was reported on here that people were using session identifiers whilst afk in peoples games in order to get access to account details and items.
I've tried to look for the news report on here but bringing up Diablo related references brings a tonne of results.