No Authenticator, No Diablo III Cash Auction House

[Eri]

5Well you've already decided it's all a big conspiracy that Blizzard's involved in.

You clearly have no idea what a conspiracy is. The word you're looking for is corruption, not conspiracy.
And, uhm, if you know anything about business, you'd know it's far more common than most people are comfortable to admit.

You yourself are a part of the problem. You are lying to defend a company, without having any idea whatsoever if your white knighting has any merit - you don't even know the CONCEPT of what you are talking about and are apparently completely ignorant about corruption existing. And you are spreading your ignorance.

This is why companies get away with lax security in the first place. So good work. Your behavior makes it so there is no need for a conspiracy - just generic corruption. A blizzard employer selling a few user names is completely risk free. They will never be caught. How could they? At the end the user will be blamed, because it is impossible to prove that an user didn't have lax security in some way.

Edit: Obviously, user security is still at fault for most account compromises. It's never hacking, because you cannot brute-force a game (unless the game has no delay between attempts, in which case the company would be 100% at fault). It's likely something like 30% keyloggers, 65-69% phishing, and 1-5% Blizzard's fault.

If I'm spreading ignoranace, you're spreading tons more of it than I am. Everything I've said has been 100% correct, and Blizzard, as of YET, has yet to be compromised. Trying to say I and they are lying despite all evidence to the contrary is ludicrous. Also Blizzard obviously doesn't have lax security or authenticators wouldn't work.

AND even if, by some miracle, some employee was corrupt enough to sell accounts for a piddly amount of money, having an authenticator would thwart that as well, so just another reason to get one.

 

[walrusaurus]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

Seriously, how is this acceptable? My account has been hijacked once already. I only played in a pub with a stranger ONE time. Because my -friend- invited them. Boom, lose all my loot and gold. Had to use one of my two rollbacks. That was how I discovered the phone authenticator doesn't work.

Why is it permissible I have to buy an extra product so the first product functions? FIX. IT.

There has never once been a compromise of blizzards account databases. If your account was compromised its because you aren't protecting yourself, be it keeping your system free from malware, practicing good password security, or not being retarded with throwing your account info around.

You, blaming blizzard for getting hacked and not paying for an authenticator, is the equvalent of me crashing my truck into a pole and then blaming Chevrolet for not magically stopping me in my tracks, and then bitching that i was too cheap to buy insurance so now i have to pay for the damage myself.

Grow up, and take some responsibility for yourself. Or, at the very least suck it up and deal with the consequences if your to foolish to do so.

 

[VladG]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Bull and Shit, broseph, unique case sensitive password over 8 units with numbers, battlenet information not given out. I don't fuck with phishing scams, cycle my passwords, don't respond to e-mails from people I don't know personally (if I even read them), run commercial spyware and anti-virus software. I'm about as well protected as an -AVERAGE CONSUMER- can be and if you blame me for only being an average consumer and not tech savvy? Screw you, I shouldn't have to be. When you provide a SERVICE instead of a PRODUCT the onus is on you to provide for the lowest common denominator, let alone the average. Authenticators should be available for all games (not just WoW) for FREE for all consumers. I don't have a smartphone, so that sort of leaves me SOL.

Got to love the security industry, one of the few crimes where we blame the victim for asking for it. Guess I shouldn't have worn that trampy T-Shirt?

Should they provide you with a computer to play on? Maybe they should pay your power bills? Maybe they should be offering housing so the homeless can enjoy their product? Do you expect them to provide your internet so you can access their service? They are offering the authenticator for free, it's your problem you don't have the hardware to support it.

Your computer's security is on you. You can't keep yourself safe, it's none of their fault. The game is secure. The only way to access your account is with YOUR password. It's your own damn fault for not being able to keep it safe.

 

[VladG]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Because we all know that never happens from server side hacks. Ever.

Hasn't happened to Blizzard yet. I'll let you know when it happens so that your comment isn't a waste of space.

 

[Nikolaz72]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

Seriously, how is this acceptable? My account has been hijacked once already. I only played in a pub with a stranger ONE time. Because my -friend- invited them. Boom, lose all my loot and gold. Had to use one of my two rollbacks. That was how I discovered the phone authenticator doesn't work.

Why is it permissible I have to buy an extra product so the first product functions? FIX. IT.

There has never once been a compromise of blizzards account databases. If your account was compromised its because you aren't protecting yourself, be it keeping your system free from malware, practicing good password security, or not being retarded with throwing your account info around.

You, blaming blizzard for getting hacked and not paying for an authenticator, is the equvalent of me crashing my truck into a pole and then blaming Chevrolet for not magically stopping me in my tracks, and then bitching that i was too cheap to buy insurance so now i have to pay for the damage myself.

Grow up, and take some responsibility for yourself. Or, at the very least suck it up and deal with the consequences if your to foolish to do so.

I think his mostly blaming Blizzard for having to buy an Iphone because they cant wont allow the off-site security authenticator's that are 'just' as secure. Because he suspects they are merely trying to sell more of their products. Even to people who have already bought it and some even pay monthly subscription for it. And 'that' to some people. Just seems like a ripoff, paying for the same product twice (Aka the Authenticator)

 

[katsabas]

The more I hear about this, the more I think I am gonna have to wait another year until Blizz solves all the security issues. I am not a security whiz, but then again, why does one have to be to enjoy a game ? I like how people still complain about this though, just means that they give a damn about the game. What I don't like is that Blizz's policy is working with their ears covered.

It also kind of bugs me that all this is because of a thing that next to nobody asked for. And now, if you want to use that thing, you have to have another thing or app in order to use it. And that thing you have to have, is only available through eBay in europe. Way to deal with the ones that actually payed to play the game. I don't get why publishers can't get it through their skull that DRM makes it easy for pirates and hard for consumers.

From what I have red so far though, it is still pretty early for Blizz to know all the holes through which a hack can be achieved, not to mention that each player tends to forget that with an account on battle.net, comes a certain amount of responsability on your own end. If you can't protect it, don't play online.

 

[pffh]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

Seriously, how is this acceptable? My account has been hijacked once already. I only played in a pub with a stranger ONE time. Because my -friend- invited them. Boom, lose all my loot and gold. Had to use one of my two rollbacks. That was how I discovered the phone authenticator doesn't work.

Why is it permissible I have to buy an extra product so the first product functions? FIX. IT.

There has never once been a compromise of blizzards account databases. If your account was compromised its because you aren't protecting yourself, be it keeping your system free from malware, practicing good password security, or not being retarded with throwing your account info around.

You, blaming blizzard for getting hacked and not paying for an authenticator, is the equvalent of me crashing my truck into a pole and then blaming Chevrolet for not magically stopping me in my tracks, and then bitching that i was too cheap to buy insurance so now i have to pay for the damage myself.

Grow up, and take some responsibility for yourself. Or, at the very least suck it up and deal with the consequences if your to foolish to do so.

I think his mostly blaming Blizzard for having to buy an Iphone because they cant wont allow the off-site security authenticator's that are 'just' as secure. Because he suspects they are merely trying to sell more of their products. Even to people who have already bought it and some even pay monthly subscription for it. And 'that' to some people. Just seems like a ripoff, paying for the same product twice (Aka the Authenticator)

But that's just ridiculous since Blizzard is selling the authenticators at a loss since they want you to be better protected since it means less hassle for them.

 

[Ympulse]

Eri, I just have to ask. How does the kool-aid taste?

On-topic: Blizz has had multiple security breaches in the past, they are just smart enough to not announce them when they happen. I can remember two issues off the top of my head. There was an issue with the Korean/SEA version of wow in early release wherein the registration system was open to man-in-the-middle data interception without any software on the customer's machine. There was also an issue with the website (after the Battle.net integration) that stored all customer information in a non-encoded flash database, which, again, was accessible by anyone with the know-how to get to it.

There were others, but those are the only ones I can think of off the top of my head.

 

[Zenn3k]

5Well you've already decided it's all a big conspiracy that Blizzard's involved in.

You clearly have no idea what a conspiracy is. The word you're looking for is corruption, not conspiracy.
And, uhm, if you know anything about business, you'd know it's far more common than most people are comfortable to admit.

You yourself are a part of the problem. You are lying to defend a company, without having any idea whatsoever if your white knighting has any merit - you don't even know the CONCEPT of what you are talking about and are apparently completely ignorant about corruption existing. And you are spreading your ignorance.

This is why companies get away with lax security in the first place. So good work. Your behavior makes it so there is no need for a conspiracy - just generic corruption. A blizzard employer selling a few user names is completely risk free. They will never be caught. How could they? At the end the user will be blamed, because it is impossible to prove that an user didn't have lax security in some way.

Edit: Obviously, user security is still at fault for most account compromises. It's never hacking, because you cannot brute-force a game (unless the game has no delay between attempts, in which case the company would be 100% at fault). It's likely something like 30% keyloggers, 65-69% phishing, and 1-5% Blizzard's fault.

Fun info, before the 1.02b patch removed the ability to hit cancel during the login process, there was NO DELAY between attempts. A good script could tell the password was incorrect from the packets sent back to the computer before the user was ever prompted that the password was wrong.

And interestingly enough, as soon as Blizzard removed the ability to hit "cancel" during login attempts, reports of hacks on the blizzard forums basically disappeared.

 

[Clearing the Eye]

Right, because authenticators prevented hacking entirely.....oh wait...

OH SNAP

OT: every time Diablo III is in the news, any tiny speck of want to purchase the game that I may have had in the bottom of my being dies a little more. It's like everything about it is designed to make me not want to buy it.

Captcha: stinky feet

Hot.

 

[RvLeshrac]

More like what you didn't do. There's any number of ways you could get "hacked", but the point is it didn't come from Blizzard's end, and that means there's only one end left, which is the users.

Why couldn't it have been from Blizzard's end? Companies are not infallible.

Right, but Blizzard hasn't been compromised. First, it's illegal for them to not say if they are. Second, Their security is 100x better than single people's.

hackers don't use passwords to hack. they get you session info.
there was a bug that made it possible for people in your party to obtain your session info.
if you supply that info to server it automatically logs you in. even if you have an authenticator.

blizzard is to proud to accept they made a mistake. instead they blame users for their stupidity.

Wrong. Session spoofing is IMPOSSIBLE IN DIABLO. They said that 100 times.

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

No, they are selling an extra security measure because you can't make your PC secure.

The only way to access an account is with the password. Everyone who got hacked had their password stolen

Blizzard's password system:

a) Is not case-sensitive.

b) Implements no login restrictions, meaning you can login an infinite number of times with an infinite number of incorrect passwords without any delay.

Your password doesn't need to be "stolen." The system is vulnerable to the simplest of all possible attacks.

Not true. They have a cap of around 10ish tries. Go see for yourself.

Through the front-end, yes. That's a front-end restriction, not an API restriction. You can programmatically log in an infinite number of times.

If that's too hard a concept: There's a cap of around five minutes on the time in which you can rob a bank, but that's a front-end restriction. You can embezzle money from the bank for a theoretically infinite amount of time.

 

[Eri]

Eri, I just have to ask. How does the kool-aid taste?

On-topic: Blizz has had multiple security breaches in the past, they are just smart enough to not announce them when they happen. I can remember two issues off the top of my head. There was an issue with the Korean/SEA version of wow in early release wherein the registration system was open to man-in-the-middle data interception without any software on the customer's machine. There was also an issue with the website (after the Battle.net integration) that stored all customer information in a non-encoded flash database, which, again, was accessible by anyone with the know-how to get to it.

There were others, but those are the only ones I can think of off the top of my head.

Man in the middle has nothing to do with Blizzard, and everything to do with the end user being unsecure. Also, Blizzard doesn't run foreign servers in KR or China, They give someone else the rights, Blizzard is no doubt more secure than them.

From Blizzard:

I've personally examined the MSInfo files of nearly all of the handful of WoW players who have actually been compromised through an authenticator, and the sheer number of backdoor programs and other malware on their systems has been mind boggling. Probably not coincidentally, these same people were also running a disturbing number of file-sharing and download programs, including ones which are commonly known to not be safe.

 

[Kungfu_Teddybear]

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

Yup. It's quite amazing the lengths people will go to to deny that they had anything to do with their account being taken for all its worth. Blatant lies (but i had an authenticator!11!), you name it, they've done it.

The thing is it isn't always the players fault, most of the time it probably is, but not always. I quit WoW Last year and a few months before I quit my account was hacked. Now I have never bought gold, never bought power-levelling and I never really read mails from Blizz, even official ones, and phising ones are always blatantly obvious. Even if I do read them I don't click the links anyway so I know I've never fallen for a phising mail, yet my account was hacked.

To this day I still have no idea how my account could have been hacked/compromised because I've never done anything that I can think of could have compromised it.

 

[Danceofmasks]

I've always taken issue with assigning real world value to a virtual item.

The thing is, it's worth something because people put a value on it.

That $10 note in your wallet, it's just a piece of paper and some ink. Insofar as the materials are concerned, it's worth nothing.

I sold a hideous dingy old vase for $2k. Why is it worth that much?
I bet you paid money for some of the computer games you own. They're just lines of code, why are they worth anything?
People pay good money for all sorts of stupid crap, from coffee formerly coated in rodent crap to soup made from bird spit to blowjobs from truckstop trannies.

What is any of that stuff worth? As always, something is worth whatever people are willing to exchange for it.

 

[Ranorak]

To this day I still have no idea how my account could have been hacked/compromised because I've never done anything that I can think of could have compromised it.

Ever went to a WoW related site.
Such as:
Wowwiki
Wowhead
Thotbott
Curse gaming?

And you might even have the same log-in e-mail to those sites as your battle.net account.
Those alone are already security risks.

 

[Kungfu_Teddybear]

To this day I still have no idea how my account could have been hacked/compromised because I've never done anything that I can think of could have compromised it.

Ever went to a WoW related site.
Such as:
Wowwiki
Wowhead
Thotbott
Curse gaming?

And you might even have the same log-in e-mail to those sites as your battle.net account.
Those alone are already security risks.

I was very annoyed to discover the dial-in authenticator doesn't work for D3. I don't want the auction house, I just want -security-. I do not have a smart phone, and no, I am NOT paying extra to buy an extra product because YOU CAN'T MAKE YOUR GAME SECURE.

The game is secure.
It's people's computers that aren't.
Dumbasses give away their account name and passwords through phishing sites and keyloggers.
Neither of which are even remotely Blizzard's realm of responsibility.

"Hello, you have reached Blizzard customer service, my name is Greg, how can I help you?"
'Hi Greg. My account got hacked'
"Uhh... ok. How can I help you... ?"
'I want my stuff back'
"Ok sir. What is the name of your account?"
'Its [email protected]'
"OK sir, just let me bring up your account... Now what seems to be the problem?"
'All my stuff is gone. I want it back'
"And you said your account had been compromised?"
'Not compromised, hacked'
"Well you see-... Nevermind. How is it that you know it got hacked?"
'I logged out last night with all my stuff there, and now it is not'
"Ok sir. Does anyone else have access to your account?"
'Well my fri-... I mean, no. No one else'
"Ok sir. Have you received an email from any Blizzard representative in the last few days?"
'I got one last week telling me to authenticate my Blizzard account or my WoW characters would be deleted, so I did, but I haven't played WoW in over a year'
"Uh sir, that is called phishing. Your account was not hacked, you gave it to them"
'WHAT?! IT ISN'T MY FAULT, IT IS YOUR FAULT! YOU SHOULD HAVE MORE SECURITY ON YOUR GAME!'
"Sir, we cannot create failsafes for stupid people. Have a good day"

Yup. It's quite amazing the lengths people will go to to deny that they had anything to do with their account being taken for all its worth. Blatant lies (but i had an authenticator!11!), you name it, they've done it.

The thing is it isn't always the players fault, most of the time it probably is, but not always. I quit WoW Last year and a few months before I quit my account was hacked. Now I have never bought gold, never bought power-levelling and I never really read mails from Blizz, even official ones, and phising ones are always blatantly obvious. Even if I do read them I don't click the links anyway so I know I've never fallen for a phising mail, yet my account was hacked.

To this day I still have no idea how my account could have been hacked/compromised because I've never done anything that I can think of could have compromised it.

Did you ever use a mod?

Did you ever log on with a friends account on your computer?

Did you ever log on a friends computer with your account?

Or my personal favourite. Have you used your account/PW combination anywhere else?
Let me tell you why this is my personal favourite possibility. Within in the first month of Rift launching more than a 3rd of the accounts were compromised. How did that happen you wonder? Well as it turned out about a month up to Rift's release Blizzard noted a massive drop off in reports of hacks. So they messaged Trion going "just want you to know, it looks like someone is hoarding account details out there" . Trion didn't do anything about and as it turns out, people will use the same log in for multiple mmos. You can fill out the blanks. Now it isn't real evidence until you can repeat the experiment and predict the results. As it turned out the same scenario happened with the SWTOR launch with the exception that Bioware listened to the warnings and 2 weeks before implemented extra security questions as well as making the client ask for the security questions when logging on for the first time. That worked.

But yeah I dont know for certain what happened to your account. My own account was compromised, but that was only after I stopped playing. When it happened is hard to tell.

I went on Curse for addons and stuff but I never use the same email/password combo for anything, I also have 3 different emails that I use for different things.

 

[ZephrC]

Blegh. I'm just annoyed that they made be online so I could always be just a couple clicks away from their stupid auction house, and now their not going to let me use it. Can I have my offline mode if I swear to never use their authenticator dealie? They won't be getting any of that sweet auction house money from me anyway, apparently.

I have even less interest in paying real money for protection on digital club than I do in paying real money for a digital sword to replace it. Sorry Blizzard, but your game just isn't that important to me.

I would kinda like to try out hardcore mode though, so if you could get working on either an offline mode or at least fixing those horrible lag spikes I'd certainly be more likely play your silly game. And don't give me any of that crap about the lag being on my end. When the general chat suddenly fills with dozens of people asking if anyone else is getting lag at the same time as I'm getting it myself, that's not on my end. Sorry.

 

[Ranorak]

I went on Curse for addons and stuff but I never use the same email/password combo for anything, I also have 3 different emails that I use for different things.[/quote]

Banners on the Curse website have been known to contain malware.
keylogger could have easily gotten on your computer from there.

That's how easy it is to "hack" someone.
I've had 2 friends who got hacked, they never bought gold, but have piss poor security against malware and the like.

I got the authenticator at the first chance I got, never had a single problem with hacks.
I know I'm not a 100% save, nothing ever is when it's connected to the internet.