|
|
| Page 336 of 512 |
|
|
 Posted: Tue, 5th Jun 2012 22:24 Post subject: |
|
 |
i believe blizzard that is not something as simple as a spoofing crap, which seems to be the general ideea of the internet people.
like i said i dont know what the issues may be, at the best afaik someone can get only you user (bnet email) which is sent unecrypted to server, thats all. and that is not a simple task anyway.
|
|
| Back to top |
|
|
JBeckman
VIP Member
Posts: 34978
Location: Sweden
|
| Posted: Tue, 5th Jun 2012 22:26 Post subject: |
|
|
I was reading Guru3D earlier and there was something about going for the software wrapper the auction house used but I've not looked that up in more detail to see what was actually mentioned about it though apparently it is a popular theory.
(That and some SQL exploit or some such against the servers as Blizzard supposedly use a MySQL or similar game database but again I wouldn't quite know the validity of such a claim.)
http://forums.guru3d.com/showthread.php?t=363245&page=33
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:35 Post subject: |
|
|
It apparently involves grabbing your session ID (and it's authenticated already, cos you're logged in), spoofing that session ID and poisoning it. Bam, you're logged in as them.
This is from my SysAdmin, who's 'friends' are doing this.
|
|
| Back to top |
|
|
sausje
Banned
Posts: 17716
Location: Limboland, Netherlands
|
| Posted: Tue, 5th Jun 2012 22:41 Post subject: |
|
|
| BlackDwarf wrote: | | This is from my SysAdmin, who's 'friends' are doing this. |
Tell them they are fucking pathetic.
Proud member of Frustrated Association of International Losers Failing Against the Gifted and Superior (F.A.I.L.F.A.G.S)
 |
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:41 Post subject: |
|
|
I cannot tell for sure, but there is something fishy going on around here, guaranteed. I feel Blizzard is hiding something.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:47 Post subject: |
|
|
| BlackDwarf wrote: | It apparently involves grabbing your session ID (and it's authenticated already, cos you're logged in), spoofing that session ID and poisoning it. Bam, you're logged in as them.
This is from my SysAdmin, who's 'friends' are doing this. |
ask them to explain why this session id spoofing does not work for account with an autentificator, and how come they manage to terminate the client conection to the server (they log on your account, kicking you out), without invalidating that id.
session id spoofing is so damn easy to detect anyway, and if that was the problem it would have been fixed in no time.
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:51 Post subject: |
|
|
Last edited by Yondaime on Mon, 2nd Dec 2024 15:42; edited 1 time in total
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:53 Post subject: |
|
|
Ah... I never bought that many in a stack or in one go, so I guess I didn't see it being glitchy that way :\
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 22:55 Post subject: |
|
|
Session spoofing, really ? Where are we, in 90s with dial ups ? Dont know if its just plain stupid OR Blizzards really bad work, chances are 50-50...
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 23:14 Post subject: |
|
|
@sausje - At the time I asked 'Why the fuck?'
@frogster - As I understand, there are still people with Authenticators (Though it seems there is confusion over their 'SMS Authenticator', which is essentially bollocks) getting hacked?
I don't know, I'm just saying what I've been told. He could be chatting out of his ass, but this guy is a proper blackhat, so it wouldn't surprise me.
I'm desperately trying to keep my hopes up that Blizz haven't totally dropped a nut here, but the fact that the RMAH now seemingly doesn't have an ETA, it makes you wonder whether something much deeper is going on.
|
|
| Back to top |
|
|
Sin317
Banned
Posts: 24322
Location: Geneva
|
| Posted: Tue, 5th Jun 2012 23:14 Post subject: |
|
|
| Yondaime wrote: | | sabin1981 wrote: | You've got a point there JB.. it could have something to do with the AH, it might explain why commodity trading has been offline for a week or so now. It was perfectly fine at the start, no issues whatsoever, no patch broke it .. so something caused it to be taken offline.
| Sin317 wrote: |
What i meant is, i don't believe any gossip or speculations or denials from any one, no matter who. |
I wasn't specifically referring to you bud (though I quoted you so... umm.. yeah.. oops.. my bad) I was speaking more in general terms. |
Yeah, might be it.
I bought a LOT of crafting materials every day, we're talking thousands of materials every day over and over again, in batches of 8000 or so. And sometimes when I did that, I would get disconnected after trying to retrieve them from the AH. I think the AH had big untold issues with crafting mats. After logging back in from such a disconnect, it would be in my stash, retrieved and ready for use. So I obviously got my stuff every time but it certainly wasn't behaving properly.
I'm thinking they took it down either because it has something to do with hacking (but if that had been the case people would not be getting hacked anymore) or because it was simply very glitchy/buggy.
I haven't been hacked yet though. |
lol, care to share your gold making scheme with us ? ^^
|
|
| Back to top |
|
|
sausje
Banned
Posts: 17716
Location: Limboland, Netherlands
|
| Posted: Tue, 5th Jun 2012 23:18 Post subject: |
|
|
Not with us Sin, lurkers here 
Proud member of Frustrated Association of International Losers Failing Against the Gifted and Superior (F.A.I.L.F.A.G.S)
|
|
| Back to top |
|
|
|
|
| Posted: Tue, 5th Jun 2012 23:30 Post subject: |
|
|
lol, care to share your gold making scheme with us ? ^^
some set items i presume ? 
well, the most doom theories were tested on a private forum, and the best guess was something with session id's we were unable to replicate (blizzard say that they dont use classic session id, but they use something similar). we dint manage to find any data shared in any circumstance (ah, public games, direct trade) between 2 different computers/accounts. of course we are not highly mighty hackers but we know at least few basic things.
our testing were terminated, when one of the team (from another forum) was hacked playing sp only (no public games, no ah, general chat disabled, no friends in list, was simply pure sp), os fresh installed, all things firewalled and so. the only thing he did wrong, was that he used his common password he use for swtor (by no means, is not a simple one) and gw1. no authentificator to. and not a single issue in those 2 games.
BlackDwarf, give them my bnet id Marinica#2593, tell them to add me with 2593 reason, i dont have any autenthificator added, they are welcome to hack my account, will not ask any question if they manage to do it. they can get some average act 1 inferno gear, and 600k g  . i will ask only for a rollback, will not reportet them for anything.
maybe i can get some usefull data from this ).
p.s.
i remember good old days in d2 with region changing taking acount exploit.
that was one of the black pages in blizzard history. they dint ever say anything about that exploit, right ? not even in patch notes.
ah, and in case you are doing stupid stuff, they activated warden, so stop it for now.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 6th Jun 2012 01:03 Post subject: |
|
|
Could it be that neither the customers or Blizzard are hacked and that this is just a bug(s) in their database (or and) other software. I haven't seen any one reporting that if it was a keylogger stuff happening to their other games bank accounts etc.
Their servers infrastructure definitely wasn't up to scratch on launch, its a possibility that their software was in a similar bad shape.
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 6th Jun 2012 01:23 Post subject: blizzass security |
|
|
Stop if you've heard this before, but blizzass have made a few changes to the login checks with the last patch.
I use vpns for all sorts of reasons and turn them on and off manually if I use em on my main system , occasionally forget to shut down tunnel when I launch d3 single player. In the past that has been no problem but when I did that on Monday blizzass told me that I was logging onto battle.net in a significantly different way than usual so my account was locked 'no play' until I jumped thru their prescribed hoops. Which I did n it was restored. setting aside the rant about what fuckin bizness of blizass what country I wanna play my SP game in, it is obvious that changes to logon security have been made.
Why do that if they believe all hacks are the result of phishing, keyloggin etc since it would be trivial for a hacker to vpn in from the correct ip range if he has already hacked a player's system.
|
|
| Back to top |
|
|
mtj
Posts: 2315
Location: Austria / Finland
|
|
| Back to top |
|
|
Przepraszam
VIP Member
Posts: 14491
Location: Poland. New York.
|
| Posted: Wed, 6th Jun 2012 01:56 Post subject: |
|
|
| mtj wrote: | Got level requirement reduced Decapitator.
Level 44 (due to -16 level req) 1133.3 dps, 116 str  |
man..when do you get all those kick ass weapons? |
|
| Back to top |
|
|
Badrien
Posts: 2118
Location: Netherlands
|
| Posted: Wed, 6th Jun 2012 02:01 Post subject: |
|
|
Out of stock in alot of places and generally around full price everywhere.. Anyone know a place that has the game on sale for a decent price?
RTX ON
|
|
| Back to top |
|
|
crossmr
Posts: 2966
Location: United Kingdom
|
| Posted: Wed, 6th Jun 2012 02:07 Post subject: Re: blizzass security |
|
|
| UreKismet wrote: | Stop if you've heard this before, but blizzass have made a few changes to the login checks with the last patch.
I use vpns for all sorts of reasons and turn them on and off manually if I use em on my main system , occasionally forget to shut down tunnel when I launch d3 single player. In the past that has been no problem but when I did that on Monday blizzass told me that I was logging onto battle.net in a significantly different way than usual so my account was locked 'no play' until I jumped thru their prescribed hoops. Which I did n it was restored. setting aside the rant about what fuckin bizness of blizass what country I wanna play my SP game in, it is obvious that changes to logon security have been made.
Why do that if they believe all hacks are the result of phishing, keyloggin etc since it would be trivial for a hacker to vpn in from the correct ip range if he has already hacked a player's system. |
It's their business if you've constantly been playing from England for days and weeks and then an hour after your last login, you're suddenly playing from America, and there is no evidence you own a transporter.
That's called good security. Many systems do that. It's why I don't log in to my bank site when I go back home for vacation. I set up my security questions years ago, and don't remotely remember the answers. The moment I try to log in from Canada if I go home for a vacation it's going not allow me to until I answer some old questions. Which means I have to call them up and explain I'm an idiot for not remembering some piece of trivia I set 4 years ago. It's annoying as shit, but it really does help prevent hacking, unless the hacker is in the same geographical area as you.
intel ultra 7 265k, 64gb ram, 3070
|
|
| Back to top |
|
|
mtj
Posts: 2315
Location: Austria / Finland
|
| Posted: Wed, 6th Jun 2012 02:19 Post subject: |
|
|
|
|
|
| Back to top |
|
|
Przepraszam
VIP Member
Posts: 14491
Location: Poland. New York.
|
| Posted: Wed, 6th Jun 2012 02:21 Post subject: |
|
|
| mtj wrote: | | besthijacker wrote: | | mtj wrote: | Got level requirement reduced Decapitator.
Level 44 (due to -16 level req) 1133.3 dps, 116 str |
man..when do you get all those kick ass weapons? |
Act 3 inferno |
im not cool enough to do act3 inferno right now. still stuck on belial QQ |
|
| Back to top |
|
|
|
|
| Posted: Wed, 6th Jun 2012 02:48 Post subject: Re: blizzass security |
|
|
| UreKismet wrote: | Stop if you've heard this before, but blizzass have made a few changes to the login checks with the last patch.
I use vpns for all sorts of reasons and turn them on and off manually if I use em on my main system , occasionally forget to shut down tunnel when I launch d3 single player. In the past that has been no problem but when I did that on Monday blizzass told me that I was logging onto battle.net in a significantly different way than usual so my account was locked 'no play' until I jumped thru their prescribed hoops. Which I did n it was restored. setting aside the rant about what fuckin bizness of blizass what country I wanna play my SP game in, it is obvious that changes to logon security have been made.
Why do that if they believe all hacks are the result of phishing, keyloggin etc since it would be trivial for a hacker to vpn in from the correct ip range if he has already hacked a player's system. |
They've had that system for WoW before, it's not something new they made against the hacking wave for D3.
(Back then people also felt it was too intrusive, personally I'd rather have it, but to each their own.)
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 6th Jun 2012 04:58 Post subject: |
|
|
Had to ask for a refund, game was a complete failure and well 60 dollars can buy a pretty fun evening with friends.
Here is the best way to reach any act on inferno.
1. Search a public game for the ACT you want to go to, pick any difficulty.
2.Join the act and leave as soon as it starts.
3.Click on Public games and you will see that you are now in Inferno difficulty.
4. Leave and resume.
5.?????
10. Profit.
There you have it, you can go to any ACT in the game in Inferno. If you want to completely unlock it, just finish the quest you picked. I found this out when I reached inferno and wanted to play ACT IV on Hell. This was on the 16, so I had a shit load of time and farm. close to 30mil in cash and Tal rasha set.
|
|
| Back to top |
|
|
|
|
| Posted: Wed, 6th Jun 2012 05:18 Post subject: |
|
|
|
|
|
| Back to top |
|
|
russ80
Posts: 4679
Location: Romania
|
| Posted: Wed, 6th Jun 2012 08:11 Post subject: |
|
|
Yeah unlock act3 inferno and then enjoy getting 1 shot by everything.
Like i said, game's no fun and requires some balancing. I'm not gonna buy from AH just to be able to survive act3/4 and they need to change this shit so when you farm the acts you're in you actually get upgrades instead of having upgrades only from further acts making it totally pointless to farm.
Good for you the people that exploited and got gear the easy way, guess you won the game.
Main PC : I7 12700, MSI Ventus RTX 4090 24gb, Alienware AW3423DW QD-OLED
Laptop : I5 4200H @ 3400mhz boost, GTX 850m 2gb Vram DDR3, 4gb RAM DDR3
Derpsole : Playstation 5 disc edition, Ninty Switcherino
TV+audio: LG CX 65" / Sonos ARC + SL ones + Sonos sub 3
VR Headset: Meta quest 2 airlinked
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
| Page 336 of 512 |
All times are GMT + 1 Hour |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group
|
|
 |
|
heheh
