Overclock.net › Forums › Video Games › PC Gaming › [Official] Diablo III Information and Discussion Thread
New Posts  All Forums:Forum Nav:

[Official] Diablo III Information and Discussion Thread - Page 594

post #5931 of 29770
Quote:
Originally Posted by AllGamer View Post

until further notice, and things calms down
i'm not joining any unknown group, nor will i open my games to the public
only playing with people i know
and it's definitely a good idea to enable the Autheticator, for every game login

I think it's pretty safe to only have it trigger on new IP's. Unless you're worried about your roommate stealing your items tongue.gif.
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
post #5932 of 29770
Quote:
Originally Posted by AllGamer View Post

until further notice, and things calms down
i'm not joining any unknown group, nor will i open my games to the public
only playing with people i know
and it's definitely a good idea to enable the Autheticator, for every game login

I actually agree with them.

Breaking into THAT system and being "unknown" or "anonymous" is absolutely impossible...Stealing the session ID, is equally impossible because that entire process happens server-side, not client-side.

Their base, gives them a 24/7 outlook of every IP/User/Entity on their network...So, I have to absolutely side with them that this is a client based issue.

It's an impossibility that it could happen VIA session ID because they only attain your root serial within the system.

Your character's root serial, while being tied to your master, is a separate entity...Thus the hacker would have to have both...That's just not possible.

I DO think that there may be a new method of phishing or key-logger out there, that's absolutely possible but, as to it being the fault of Blizzard's security that this is happening; I feel that it's not possible.
post #5933 of 29770
Quote:
Originally Posted by Masked View Post

I actually agree with them.
Breaking into THAT system and being "unknown" or "anonymous" is absolutely impossible...Stealing the session ID, is equally impossible because that entire process happens server-side, not client-side.
Their base, gives them a 24/7 outlook of every IP/User/Entity on their network...So, I have to absolutely side with them that this is a client based issue.
It's an impossibility that it could happen VIA session ID because they only attain your root serial within the system.
Your character's root serial, while being tied to your master, is a separate entity...Thus the hacker would have to have both...That's just not possible.
I DO think that there may be a new method of phishing or key-logger out there, that's absolutely possible but, as to it being the fault of Blizzard's security that this is happening; I feel that it's not possible.

I'm willing to conclude it is probably not the session ID, and that Blizz is being truthful saying the logins are happening with username/pw. I'm not sure I would go as far as saying there's no way it has anything to do with Blizzard though... they don't know where or how these guys are getting the passwords either. It's still very possible they have a security breach.

Whatever the keylogger or phishing thing is if that's the root cause... it seems to be a lot more subtle then ones in the past. I don't think UberN00b would fall for the classic "authenticate your account" email.
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
post #5934 of 29770
My girlfriend removed her authenticator to buy a new phone on Saturday. Plugged the new phone in to charge overnight Saturday night, went to log in Sunday morning and her account had been hacked.

I believe that some of these hacks are forced and not related to key loggers. Simply because I have had an account hacked after it was inactive for 3 months, and when it went inactive I had reformatted and never logged into it.

I went to go use it after the 3 months and it had been hacked, the hacker paid for 1 month to steal all of the stuff on the account.
 
The Lil Llano
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel I7-3930k C-2 ASrock Extreme9 X79 EVGA GTX570 HD Muskin Redline 993997 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 Dell Constilation 7200rpm 6gbps LITE-ON 20X DVD±R DVD Burner Black SATA Model i... Corsair H100 
CoolingCoolingCoolingOS
Coolermaster Excalibur (x4) Coolermaster Turbine (x4) Bitfenix 200mm Spectre Pro  Windows 7 Ultimate 
MonitorMonitorKeyboardPower
24" Sammy 23" Asus Logitech G15 Coolermaster Silent Pro 1300w 
CaseMouseMouse PadAudio
Corsair 600t Logitech MX518 Razer Vespula Dual Sided  Creative 3d Game Blaster 
CPUMotherboardGraphicsRAM
AMD A4-3300 Llano ASRock A55M-HVS FM1 AMD A55 AMD Radeon HD 6410D G.SKILL Ripjaws X Series 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue WD5000AAKS SAMSUNG 22X DVD Burner SATA Model SH-222BB/BEBE Stock Windows XP 
KeyboardPowerCaseMouse
Logitech K400 275w APEX DM-318 Black Steel Micro ATX Logitech K400 
  hide details  
Reply
 
The Lil Llano
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel I7-3930k C-2 ASrock Extreme9 X79 EVGA GTX570 HD Muskin Redline 993997 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 Dell Constilation 7200rpm 6gbps LITE-ON 20X DVD±R DVD Burner Black SATA Model i... Corsair H100 
CoolingCoolingCoolingOS
Coolermaster Excalibur (x4) Coolermaster Turbine (x4) Bitfenix 200mm Spectre Pro  Windows 7 Ultimate 
MonitorMonitorKeyboardPower
24" Sammy 23" Asus Logitech G15 Coolermaster Silent Pro 1300w 
CaseMouseMouse PadAudio
Corsair 600t Logitech MX518 Razer Vespula Dual Sided  Creative 3d Game Blaster 
CPUMotherboardGraphicsRAM
AMD A4-3300 Llano ASRock A55M-HVS FM1 AMD A55 AMD Radeon HD 6410D G.SKILL Ripjaws X Series 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue WD5000AAKS SAMSUNG 22X DVD Burner SATA Model SH-222BB/BEBE Stock Windows XP 
KeyboardPowerCaseMouse
Logitech K400 275w APEX DM-318 Black Steel Micro ATX Logitech K400 
  hide details  
Reply
post #5935 of 29770
Quote:
Originally Posted by Crazy9000 View Post

I'm willing to conclude it is probably not the session ID, and that Blizz is being truthful saying the logins are happening with username/pw. I'm not sure I would go as far as saying there's no way it has anything to do with Blizzard though... they don't know where or how these guys are getting the passwords either. It's still very possible they have a security breach.
Whatever the keylogger or phishing thing is if that's the root cause... it seems to be a lot more subtle then ones in the past. I don't think UberN00b would fall for the classic "authenticate your account" email.

There is also the possibility that someone within the company is simply leaking passwords from a database, though typically people with any sort of relevant access to such info would typically not do that. My best is on key loggers.
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
post #5936 of 29770
where do you get this phone app from if someone hacks me ill hunt em down and.................
Gaming Machine
(19 items)
 
CPUMotherboardGraphicsGraphics
Intel i7 3770k Asus z77 P8Z77-LK V Sapphire 290x Sapphire 290x 
RAMHard DriveHard DriveHard Drive
Gskill 4x4gb @ 1600mhz Samsung Evo 120gb Samsung Evo 120gb 2TB Seagate Game storage drive  
CoolingCoolingCoolingOS
XSPC Raystorm CPU BLOCK EK Nickle/Acetal 290x Block  2x XSPC 240MM Radiator Windows 8.1  
MonitorKeyboardPowerCase
Qnix Evolution II  Cooler Master Quickfire Rapid  Cooler Master V1000 Fractal Arc Midi R2 
MouseMouse PadAudio
Logitech G400 steel series qck Logitech G430 
  hide details  
Reply
Gaming Machine
(19 items)
 
CPUMotherboardGraphicsGraphics
Intel i7 3770k Asus z77 P8Z77-LK V Sapphire 290x Sapphire 290x 
RAMHard DriveHard DriveHard Drive
Gskill 4x4gb @ 1600mhz Samsung Evo 120gb Samsung Evo 120gb 2TB Seagate Game storage drive  
CoolingCoolingCoolingOS
XSPC Raystorm CPU BLOCK EK Nickle/Acetal 290x Block  2x XSPC 240MM Radiator Windows 8.1  
MonitorKeyboardPowerCase
Qnix Evolution II  Cooler Master Quickfire Rapid  Cooler Master V1000 Fractal Arc Midi R2 
MouseMouse PadAudio
Logitech G400 steel series qck Logitech G430 
  hide details  
Reply
post #5937 of 29770
Quote:
Originally Posted by HardwareDecoder View Post

where do you get this phone app from if someone hacks me ill hunt em down and.................

If you have an iPhone, go to App Store and search for Blizzard. There is only one Authenticator app made by Blizzard. For Android, I imagine you can go to Google Market and do the same thing?
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
Biggie Smalls
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel i5-2500K Asus P8Z77-M EVGA Titan X Corsair Vengeance DDR3 16GB 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 Pro Samsung 850 Pro Western Digital Black Caviar 64MB Cache Western Digital Black Caviar 64MB Cache 
Optical DriveCoolingOSMonitor
LG Bluray Combo Drive Corsair H50 Windows 7 Professional x64 Dell UltraSharp U3415W 
KeyboardPowerCaseMouse
Ducky Shine 4 Blue/Red Corsair AX860 Corsair Obsidian 350D Razer Deathadder Chroma 
Mouse PadAudioAudioAudio
fUnc Mouse Mat Grace m9xx DAC/AMP ELAC B6 Schiit Lyr 2 
AudioAudio
Fostex TH-X00 (ebony cups with detachable cable... Sennheiser HD650 
  hide details  
Reply
post #5938 of 29770
Quote:
Originally Posted by Crazy9000 View Post

I'm willing to conclude it is probably not the session ID, and that Blizz is being truthful saying the logins are happening with username/pw. I'm not sure I would go as far as saying there's no way it has anything to do with Blizzard though... they don't know where or how these guys are getting the passwords either. It's still very possible they have a security breach.
Whatever the keylogger or phishing thing is if that's the root cause... it seems to be a lot more subtle then ones in the past. I don't think UberN00b would fall for the classic "authenticate your account" email.

To log in to their system, you need a card...I'm not going to get into extreme detail but, you have to be physically present to get into that network...

I can't exactly sit here and explain it but, it's a rolling Nginx base on a DNS that "session randomizes" within the system.

There's no way you'd have a random person gaining access or even leaching without the transfer of data being recognized.

After being there and seeing their security...It's cutting edge by a mile...There's just no way you could acquire both session ID's and User ID's without the first being flagged.

If the session is ever flagged, it boots you and resets your serial ID...It also hot-swaps your ID location.

Let me put it this way...To actually hack this database, you'd have to go Mission Impossible, sit at MULTIPLE physical locations and actually pull from each one as that user ID cycles to get a full copy of that individual's account information.

OR

Do it client side and just have a Key Logger...

Which of the 2 above options actually seems viable?
Quote:
Originally Posted by OC'ing Noob View Post

There is also the possibility that someone within the company is simply leaking passwords from a database, though typically people with any sort of relevant access to such info would typically not do that. My best is on key loggers.

It has to be a key logger...Blizzard has BILLIONS of dollars locked in that network including their recent improvements.

Is it possible it's someone on the inside? I find that unlikely but, not as unlikely as a hacker...Hacking that database is next to impossible...An employee selling data...That's actually possible.
post #5939 of 29770
Quote:
Originally Posted by Masked View Post

To actually hack this database, you'd have to go Mission Impossible, sit at MULTIPLE physical locations and actually pull from each one as that user ID cycles to get a full copy of that individual's account information.
.

I don't think anyone would be hacking their database. There would have to be some data containing the login info that lingers in a publicly accessible place. Or some exploit that tricks the server into accepting the wrong credentials. That sort of thing can stem from simple oversites in programming, and wouldn't need any crazy database hacks.

I know the Diablo II servers aren't as secure, but remember someone was able to upload hacked items there. People can get pretty creative.

It is much more likely that someone has gotten more clever with their keylogger or phishing though.
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
SUPERPWN
(12 items)
 
  
CPUMotherboardGraphicsRAM
Core i5 4670K Asus z87-Pro MSI GTX 1080 Aero 32GB DDR3 Gskill Ripjaws 
Hard DriveOSMonitorMonitor
4TB Seagate Windows 8 x64 Overlord x270 OC HP ZR27 
MonitorKeyboardPowerAudio
Asus PG279Q G-Tune Topre Realforce 800w Yulong D100 DAC with Denon D7000 headphones 
  hide details  
Reply
post #5940 of 29770
Quote:
Originally Posted by OC'ing Noob View Post

If you have an iPhone, go to App Store and search for Blizzard. There is only one Authenticator app made by Blizzard. For Android, I imagine you can go to Google Market and do the same thing?

Correct, although the android market is now "Google Play".

I'm surprised that there is no limit to the amount of times you can put in the incorrect email/pass.
 
The Lil Llano
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel I7-3930k C-2 ASrock Extreme9 X79 EVGA GTX570 HD Muskin Redline 993997 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 Dell Constilation 7200rpm 6gbps LITE-ON 20X DVD±R DVD Burner Black SATA Model i... Corsair H100 
CoolingCoolingCoolingOS
Coolermaster Excalibur (x4) Coolermaster Turbine (x4) Bitfenix 200mm Spectre Pro  Windows 7 Ultimate 
MonitorMonitorKeyboardPower
24" Sammy 23" Asus Logitech G15 Coolermaster Silent Pro 1300w 
CaseMouseMouse PadAudio
Corsair 600t Logitech MX518 Razer Vespula Dual Sided  Creative 3d Game Blaster 
CPUMotherboardGraphicsRAM
AMD A4-3300 Llano ASRock A55M-HVS FM1 AMD A55 AMD Radeon HD 6410D G.SKILL Ripjaws X Series 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue WD5000AAKS SAMSUNG 22X DVD Burner SATA Model SH-222BB/BEBE Stock Windows XP 
KeyboardPowerCaseMouse
Logitech K400 275w APEX DM-318 Black Steel Micro ATX Logitech K400 
  hide details  
Reply
 
The Lil Llano
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel I7-3930k C-2 ASrock Extreme9 X79 EVGA GTX570 HD Muskin Redline 993997 
Hard DriveHard DriveOptical DriveCooling
OCZ Agility 3 Dell Constilation 7200rpm 6gbps LITE-ON 20X DVD±R DVD Burner Black SATA Model i... Corsair H100 
CoolingCoolingCoolingOS
Coolermaster Excalibur (x4) Coolermaster Turbine (x4) Bitfenix 200mm Spectre Pro  Windows 7 Ultimate 
MonitorMonitorKeyboardPower
24" Sammy 23" Asus Logitech G15 Coolermaster Silent Pro 1300w 
CaseMouseMouse PadAudio
Corsair 600t Logitech MX518 Razer Vespula Dual Sided  Creative 3d Game Blaster 
CPUMotherboardGraphicsRAM
AMD A4-3300 Llano ASRock A55M-HVS FM1 AMD A55 AMD Radeon HD 6410D G.SKILL Ripjaws X Series 
Hard DriveOptical DriveCoolingOS
Western Digital Caviar Blue WD5000AAKS SAMSUNG 22X DVD Burner SATA Model SH-222BB/BEBE Stock Windows XP 
KeyboardPowerCaseMouse
Logitech K400 275w APEX DM-318 Black Steel Micro ATX Logitech K400 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: PC Gaming
Overclock.net › Forums › Video Games › PC Gaming › [Official] Diablo III Information and Discussion Thread