This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Live
PTR
10.2.7
PTR
10.2.6
Beta
Blizzard need to put a stop to account hacking.
Post Reply
Return to board index
Post by
nicalapegus
Do not pass go, unless you'd like to drive off the fail cliff.
I haven't laughed this hard in a long time!
Post by
xaratherus
Do not pass go, unless you'd like to drive off the fail cliff.
I haven't laughed this hard in a long time!
Glad I could offer you a laugh. :)
Can I ignore you and get aroused?
Post by
44284
This post was from a user who has deleted their account.
Post by
Pwntiff
And there we have elbrian's stamp of "Why does this thread exist?".
But seriously, Blizzard can't scan your computer for keyloggers. Blizzard can't prevent you from falling victim to phishing. And Blizzard can't
prevent
you from buying gold which opens yourself to risk and encourages them to steal more accounts.
Only you can prevent
forest fires
compromised accounts.
Post by
278980
This post was from a user who has deleted their account.
Post by
jschelert
I have seen too many people get hacked in the last 6 weeks while playing that couldn't get control of their account back because an authenticator was put on the account.
While, I agree that account security is the users responsibility. It isn't difficult for Blizzard to send a confirmation email (requiring a click through) any time an account change has been made (password changes, addition of authenticator, etc).
If the user is lazy and has the email password as battle.net ID it is their own damn problem.
Post by
xaratherus
I have seen too many people get hacked in the last 6 weeks while playing that couldn't get control of their account back because an authenticator was put on the account.
Then they simply didn't take the appropriate steps to get the account back. All that's required is to fax Blizzard identification showing you as the account owner.
In many cases, they don't even require that; if they're able to verify that the account has been logged-onto from an IP address outside the account holder's region, they'll remove the authenticator and restore the account.
Post by
jschelert
I have seen too many people get hacked in the last 6 weeks while playing that couldn't get control of their account back because an authenticator was put on the account.
Then they simply didn't take the appropriate steps to get the account back. All that's required is to fax Blizzard identification showing you as the account owner.
In many cases, they don't even require that; if they're able to verify that the account has been logged-onto from an IP address outside the account holder's region, they'll remove the authenticator and restore the account.
Let me clarify - They are playing - someone else logs into the account (which boots them off) and then the actual owner is locked out because the password has been changed or/in most cases an authenticator has been added to the account.
They can and do get their account back which has been taking roughly about 3 weeks including item restoration time.
By have email confirmation a requirement for adding an authenticator or password modification this could have been avoided to some degree.
Post by
44284
This post was from a user who has deleted their account.
Post by
xaratherus
Let me clarify - They are playing - someone else logs into the account (which boots them off) and then the actual owner is locked out because the password has been changed or/in most cases an authenticator has been added to the account.
They can and do get their account back which has been taking roughly about 3 weeks including item restoration time.
By have email confirmation a requirement for adding an authenticator or password modification this could have been avoided to some degree.
Sorry for the misunderstanding, I follow now.
Of course, if they'd had an authenticator to begin with, it's very unlikely that they would have gotten into that position. The current schemes to pirate accounts that include authenticators are very touchy and time-sensitive; you only have about a minute before an authenticator code expires, so the account pirate has to be getting updates from the key logger almost in real-time to compromise an authenticator account.
However, I don't suppose it would be too much of a hassle to include a confirmation e-mail for major account changes.
Post by
524425
This post was from a user who has deleted their account.
Post by
Rilgon
It is
not
always the fault of the account holder.
I would like to see one case of account compromise where the entry vector was not through the end user's negligence or ignorance.
Post by
xaratherus
It is
not
always the fault of the account holder.
I would like to see one case of account compromise where the entry vector was not through the end user's negligence or ignorance.
Yeah, I have to agree. The user need not respond to a phishing attempt, but key loggers don't just manifest on someone's computer.
The least culpability an end user could have is indirect infection, such as sharing a network connection with an unsafe user, who becomes infected, and the key logger propagates across the connection.
Even in that case, though, it is a result of the account holder's ignorance (at the unsafe browsing habits of someone sharing their network).
Post by
138584
This post was from a user who has deleted their account.
Post by
335609
This post was from a user who has deleted their account.
Post by
524425
This post was from a user who has deleted their account.
Post by
TheReal
...Therealarkayn (a security guru)...
Wow. I'm known for something. Something
good
even. = )
Well, it's always the fault of the hacker first and the account holder second, but sometimes the account holder has done absolutely nothing wrong and gotten hacked anyway. The imaginary perfection of security is
imaginary
, security is never perfect online.
Mixed feelings about this one. You're right in saying that the "hacker" (I hate that too, Clearly) is the most at fault, but it's always the account holder's fault waaaaaay before it's Blizzard's fault. If a security hole is found in Flash and exploited to install a keylogger as a zero-day infection, the end user is the most at fault ("hacker" excluded) because the end user is the one who visited the site hosting the malicious Flash program.
If someone was to do everything right and still get "hacked," the only possible explanation would be that someone pulled account information out of thin air. You're right in saying that security is never perfect (it CAN'T be), but if I do everything right and my account gets compromised, then it's the only explanation and I have become a victim of a 1 in hundreds of billions chance that someone would guess my information and authenticator code. If I get hacked AND I'm not that astronomically unlucky, then I haven't done everything right.
TL;DR: If you lose your account to anything except extremely dumb luck, then you're not doing everything right.
Post by
606575
This post was from a user who has deleted their account.
Post by
444854
This post was from a user who has deleted their account.
Post by
TheReal
Your friend was keylogged forever ago, theplebian. The one thing he didn't do correctly was change his password before he quit playing.
See? His fault (and the "hacker's" technically as well, yes).
Best captcha ever: wipes alliance
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.