Hell is not frozen yet! (Diablo 3)

[SuAside]

Supposedly, Blizzard is pretty decent at restoring lost accounts etc to a certain date. So with some luck, people getting hacked will not have a huge issue to get back on track after a few days.

Anyhow, my monk is now level 60, with 24k DPS & 31k HP. I'm still getting raped silly by Act II Inferno. Dammit.

Will need to farm some more.

 

[fedaykin]

As far as I know battle.net will limit the number of login attempts you can make in a short time, thus making brute force attacks unfeasible.

The article BN linked to claims otherwise. Who's right?
"b) the game allows unlimited password attempt retries"
More people in the comments of the article also say this.

The shitstorm that's gonna go down when the real money AH launches will be interesting.

 

[UncannyGarlic]

I don't see the point in denying it at this point, all the evidence points to there being problems on Blizzard's end as well as the usual amount of "people being stupid" problems (not denying that's happening as well, it always does).
But just look at this thread, the defenders are still there...

To be fair, it wasn't until recently that I've read reliable sources and had some second hand contact with reliable people who've had their accounts hacked. Skepticism of claims of hacking is fair enough given that this has not been an issue in either WoW or SCII. I was a defender until recently but the post you linked to was the motivator to go from believing it was a problem to breaking down and enabling SMS protect.

It's disturbing that they've left the security hole that they have and that they haven't discovered and patched it yet. Diablo 3 has managed to tarnish Blizzard's reputation for me, not because the game isn't fun but because of the lack of polish and major issues they've had.

 

[Crni Vuk]

So has the goodwill dried up yet, or are people still forgiving of their masters - Blizzard.

Of course people still jump to their defense. Imagine if this was an EA-published game instead. Hah.

I mean, we don't really know either way, but this problem really doesn't look like it's on the user-end, it really looks like there's an exploit of sorts, especially if authenticators can be circumvented (no, I don't care how much spyware such people had on their computers, that has nothing to do with the authenticator mechanism not working). I don't see the point in denying it at this point, all the evidence points to there being problems on Blizzard's end as well as the usual amount of "people being stupid" problems (not denying that's happening as well, it always does).
But just look at this thread, the defenders are still there...

My boss over at GameBanshee was hacked. He's never had an (online gaming) account hacked before, he's a professional who keeps his PC clean, he uses unique passwords for every account. But please, no, keep blaming the end-user. Totally realistic.

What a disaster this game's launch has been. I just hope the problems are big enough to discourage more publishers from pushing for always-online DRM stupidity in single-player games. But instead, Blizzard is just being rewarded with sales and white knighting. Ugh. A fresh reminder one of the biggest problems in this industry are the consumers.

what a good time to start the real-money-auction thing isnt it

*
Edit
So it seems there is a loop-hole somewhere and youre not really save unless you have a smart-phone (I dont and do not come up with that "who does not have a smart-phone today bullshit!" now please), or some kind of authenticator. I am sure not going to buy diablo 3 as long that hole isn't fixed or the authenticator is included in physical copies of Diablo 3.

 

[Brother None]

Yeah, it's even weirder when you realize Blizzard will be making money off hackers who resell goods that otherwise would never hit the real-money auction. Just a weird side-effect of this.

PS: I don't have a smartphone. Also, it doesn't seem the smartphone/authenticator security is watertight either. But it should at least help.

 

[FireFlash]

I was hacked on Friday, and I just couldn't believe it. I've never had a compromised account in anything before, and my computer is completely clean. I did not have an authenticator, but then again I have never needed one in the past. I just added one now and changed my password, but there was really nothing wrong with the old one. I didn't even play any public games.

I'm pretty convinced that there is some sort of exploit that hackers are using, since I never logged into any phishing e-mail links or the like that I would define as typical stupidity with accounts (along with "password123" passwords). There really is no logical reason, and despite all those so quick to defend Blizzard and believe them, I surely do not. I know there's been an increase in hacked accounts sine the last patch, the topics showing up on the forums are a lot more rampant. In fact, people were able to get a rollback started (create a ticket over the phone) until May 29th, but it was subsequently shut down with a message to make one online afterwards. Along with phone time waits increasing since then. Furthermore, many writers on major sites are reporting that they were hacked. How is it in such a small population, so many have been hacked? The numbers are really starting to show, and they don't lie.

I may have gotten all my stuff back now, but I don't feel any safer with the authenticator. The signs are quite telling.

 

[mobucks]

So, who do I root for? Blizzard to clean up this mess or the hackers "stickin it to the man"?
In the end, it is always the same in the DRM wars, the real people being hurt by this are the innocent paying customers. Civilian casualties. I'm torn because on the one hand, as I said, innocent blood is spilled over this. On the other, if the gaming industry continues with this always online DRM model, the future of gaming is certainly bleak. Will Blizzard ever recover? Who knows, hackers are clever. Will Blizzard ever nut up and accept their flawed product needs to abandon the always online requirement? Quite the predicament they are in. Even if they removed the always online singleplayer requirement, there will still be the online battlefield to address. But at least their entire customer base has the option to enjoy their product with certainty. My brain hurts.

 

[Brother None]

Why would you have to pick a side? Root against both, they're both assholes.

 

[mobucks]

Certainly! But the prospect of another protracted guerilla war... We have enough of this in the US

 

[Ilosar]

It's apparently not a password issue (they are too well crypted to be brute-forced by any means, it seems), the hackers are stealing session IDs and then clean up the character as fast as possible. Many people have had just one character along with everything available to it (gold, stash) cleared up, the gear on other chars being mysteriously left alone.

There definitely must be some hole in the security. If this was D2 I would not care overmuch, but since in D3 I must be online to play at all, I could be vulnerable to this bullshit even when I spent the majority of my play time solo. The game is very fun (Act 3 Nightmare so far) but all the BS surrounding the always-online thing is kinda off-putting. The game being ovbiously designed around you using the AH to progress (level 30-35 gear dropping for my nearly 45 char, I mean come on...) rubs me the wrong way too.

Oh, and why the hell make boss rushes unrewarding? The bosses are great, very unforgiving of mistakes (Belial ), pretty hard to take down but manageable... And drop 2-3 blues when killed. What the hell? I get more rewards from chests or random elites-champions. It's borderline silly. I also heard that, in Inferno, elites are far harder then bosses, that some combination of affixes are pretty much impossible to kill. And have a WoW-style enrage time that makes them automatially kill you if you take too long to kill them. So that random Elite wasp in Act 2 is tougher to kill than Diablo, the fabled Prime Evil whose incarnation was centuries into the making. Good thing I never planned to touch Inferno, because this seems like fake difficulty at its finest.

 

[Kyuu]

[...] especially if authenticators can be circumvented (no, I don't care how much spyware such people had on their computers, that has nothing to do with the authenticator mechanism not working).

Er, where are any reliable reports that accounts protected by an authenticator were compromised? If this hacking really involves session ID hijacking or whatever, the presence of an authenticator shouldn't make a difference, and that would pretty conclusively prove that some massive security flaw is present.

I don't see the point in denying it at this point, all the evidence points to there being problems on Blizzard's end as well as the usual amount of "people being stupid" problems (not denying that's happening as well, it always does).

What evidence? I still haven't seen any reliable reports that conclusively prove that something beyond the usual culprits (keylogging, phishing, etc.) has been going on.

But just look at this thread, the defenders are still there...

I have no interest in defending Blizzard. I'm really quite peeved at them for the online-only DRM scheme, and would actually be a bit pleased to see them get taken down a notch. I simply don't see anything that proves something other than the aforementioned usual culprits are at work. Regardless of my feelings towards a company, I never support witch-hunts or finger-pointing without good evidence. Especially on a topic like "hacking" which for most people is akin to magic given their total lack of understanding of the subject.

He's never had an (online gaming) account hacked before, he's a professional who keeps his PC clean, he uses unique passwords for every account. But please, no, keep blaming the end-user. Totally realistic.

Professional or no, doesn't prove that he didn't get his password keylogged or breached in some other conventional manner. Also, Blizzard's rules for B.net passwords are crap (not case-sensitive, no special characters, inability to use spaces and 16 character limit preclude using a pass-phrase) and, without limiting the number of attempts in a given period of time, they could easily be brute-forced.

Of course, that's something Blizzard needs to address and certainly isn't the end-user's fault.

What a disaster this game's launch has been. I just hope the problems are big enough to discourage more publishers from pushing for always-online DRM stupidity in single-player games.

I agree.

 

[fedaykin]

(they are too well crypted to be brute-forced by any means, it seems),

Brute force doesn't mean what you think it means. No amount of encryption can prevent you from simply guessing the password manually or through automated means, which is what brute forcing is. Only limiting the number of log-in attempts can prevent this.

 

[Crni Vuk]

still how comes this only started to be a problem now and not already with Star Craft 2 or World of Warcraft of where I am SURE it sometimes happens there as well? - Just not in that quantity.

I am baffled how some people still defend Blizzard when its rather obvious that something "fishy" is going on here. As BN said. Imagine we would be talking about EA here ... imagine that shit storm going on. But since its Blizzards it suddenly must be the user with key-loggers and all that.

hacking is not always simply "hacking". I would not be surprised if there would be some kind of loop-hole in the server system of Blizzards Diablo 3-Battlenet-thing.

And lets be honest here, the potential for it is very high since they will be soon starting their real-money-auction-house. How they can do that is still something I don't understand ... it would be like a national bank opening accounts for their consumers while their system is still unreliable. But hey! Who cares. It MUST be the users fault. Always. Everywhere.

If people managed to crack Ubisofts servers pretty much on the second or third day they went life do you really think its impossible for the mass of criminals among the hackers to find a way to get in to Blizzards system? No system is hack-proof, thats a pipe dream. And as said, the fact that you have a chance to sell the stuff you get in Diablo 3 with money directly in the game is sure a high motivation for people.

Its really sad that probably Blizzard will earn a ton of money from it seeing as how they will get something with every transaction.

 

[.Pixote.]

Money sucking bastards, that all Blizzard are nowadays. They'll take their little cut of everything that runs through their dirty fingers, why would anyone want to buy any of their games. I will never buy a Blizzard games ever again, regardless of how good it is, just on principle.

This is just the start, every publisher will eventually follow Blizzards lead and make their single player games run through their servers, creaming off a few cents here and there.

And to all those fools out there that need to have the latest and greatest, regardless of the consequences, thanks a lot...

 

[mobucks]

A lot of depressing stuff

Oh fuck that I'm on the hackers side now. Innocents be damned, Gob will recognize his own.

still how comes this only started to be a problem now and not already with Star Craft 2 or World of Warcraft

the fact that you have a chance to sell the stuff you get in Diablo 3 with money directly in the game is sure a high motivation for people.

This is just the start, every publisher will eventually follow Blizzards lead and make their single player games run through their servers, creaming off a few cents here and there.

Not if every DRM scheme gets owned by hackers. Vive la résistance!

 

[Crni Vuk]

Yeah, it's even weirder when you realize Blizzard will be making money off hackers who resell goods that otherwise would never hit the real-money auction. Just a weird side-effect of this.

PS: I don't have a smartphone. Also, it doesn't seem the smartphone/authenticator security is watertight either. But it should at least help.

The fun part is, that with Diablo 2 people complained about the inflation of valubale equipment and gear.

I am sure the same will happen with Diablo 3 at some point where you see a large number of people runing around with top gear in perfect conditions which you can get for low prices once the auction house is runing.

In the past I already had my doubts about this auction house for real money. But I thought, better that Blizzard is earning mone then some illegal hacker group. Now it seems all that changed is that both will earn money. Not to mention there will be just like with Diablo 2 bots around doing countless runs over and over again collecting loot its just a matter of time. And now it will be even easier then before since you dont need more players to get better loot - if i am not wrong.

...

Well to be fair you can buy stuff for WoW as well. But I dont think the hacking was that big of an issue like now. But I might be wrong here. I have not followed every WoW topic in the last 10 years.

 

[Ilosar]

Not to mention there will be just like with Diablo 2 bots around doing countless runs over and over again collecting loot its just a matter of time. And now it will be even easier then before since you dont need more players to get better loot - if i am not wrong.

I very strongly doubt we'll see bots doing Act 3/4 Inferno (the only parts that drop actually useful level 60 gear). Watching streams, only top-geared Demon Hunters and Wizard can possibly solo them, anything else is one-shot by the impossibly tough monsters there, apart from top-geared barbs that can survire a few seconds more while doing a fraction of the damage, in melee. Until Blizz nerfs Inferno, that is.

 

[Crni Vuk]

if there is money to earn, people will find ways.

 

[Korin]

Update: About halfway through Act III inferno. /e-peen

As someone mentioned, yes the elite packs are ridiculously more powerful than the actual bosses themselves (aside from Belial) and Ghom probably took me a 2-3 hours to beat. The hard boss fights were very rewarding to finally beat.

 

[Makagulfazel]

They reward you with Nephalem Valor for killing the harder(agreed) elite packs of enemies once you reach level 60, so people that play <strike>unlike faggots</strike> properly(instead of running the same boss fights over and over again) are rewarded well.
As far as the sessionID hacks go, you are all still just running on assumptions, citing articles that tie in the exhaustively overused "woe to me for buying into always online DRM products". Next, you guys should go bitch on MMO forums about the "always-online DRM" requirement. Have fun asserting your hearsay-derived hacking theories in the meantime, though.