• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

**OFFICIAL** Diablo 3 Thread

Page 145 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

Kalmah

Diamond Member
Oct 2, 2003
3,692
1
76
It doesn't seem like it is about the complexity of the password, it seems more about hidden backdoor keyloggers and whatnot sneaking into people's computers. That article that was posted earlier was a very good read on just how much crap get onto people's computer without them being detected, even if the user is extremely tech savvy.

I agree, but if I have to eliminate all possibilities on my end I'll do it under the accusers' terms just to satisify them. We can now mark 'easy password' off the list.

Who's next? Shall I zip a copy of my C: drive and share?
 

DrunkenSano

Diamond Member
Aug 8, 2008
3,892
490
126
I agree, but if I have to eliminate all possibilities on my end I'll do it under the accusers' terms just to satisify them. We can now mark 'easy password' off the list.

Who's next? Shall I zip a copy of my C: drive and share?

Or just get an authenticator and then be done with the issue?
 

Fallengod

Diamond Member
Jul 2, 2001
5,908
19
81
I think you people who believe Blizzards explanation and that all these people getting hacked are from apparently "undetectable" keyloggers or phising are insane. There are at least hundreds of people losing their accounts every day, you really think they are all from the exact same keyloggers and phising methods? Give me a break... None of them have virus/online detection programs running?

Blizzard would be complete idiots if they admitted to an exploit or backdoor. Obviously they are not going to say that publicly. Ive seen plenty of people who have authenticators lose their accounts. Plenty of people who have no friends on their lists, or have played with any other players in the game have lost their accounts.

I also highly doubt all these people with super long complex passwords are getting "brute forced" so quickly as well as some others have suggested.

Something is fishy...
 

Anubis

No Lifer
Aug 31, 2001
78,712
427
126
tbqhwy.com
Is the secret level worth doing ? Once you create this staff or whatever, can you enter the level multiple times, or is it a one time deal ?

you can farm it i beleive, you might be locked to the lvl of the staff however, as you upgrade it for each difficulty, if you have the hell staff you might not be able to do normal,

i have not made it so im just guessing
 

Kalmah

Diamond Member
Oct 2, 2003
3,692
1
76
Or just get an authenticator and then be done with the issue?

Yeah, I'm waiting for it to come in the mail. No smartphone here and no mention of 'needing' one in the game requirements on the box. Not being familiar with recent Blizzard games(since d2, war2 etc..) I was completely unaware of their existence.
 

Anubis

No Lifer
Aug 31, 2001
78,712
427
126
tbqhwy.com
also those of you that get an authenticator or already have one, you can turn ON the "ask at every login" in your bnet acnt options.
if you dont it only asks you like once a week or so
 

Dominato3r

Diamond Member
Aug 15, 2008
5,109
1
0
Or just get an authenticator and then be done with the issue?

I think most people will get an authenticator buy the point is that good internet habits should be enough for security from a user standpoint.

Btw, how many digits was the authenticator renew/reset/remove code?
I've got a number written down but I don't know if that's it
 

Harabec

Golden Member
Oct 15, 2005
1,369
1
81
After reading about Torchlight 2, I get the feeling it is basically D2:LOD, remade for 2012. Interesting, may turn out to be a good game?
 

Fallengod

Diamond Member
Jul 2, 2001
5,908
19
81
After reading about Torchlight 2, I get the feeling it is basically D2:LOD, remade for 2012. Interesting, may turn out to be a good game?

I plan on buying it probably. Its only $15 with a 4-pack purchase. :p

Get 3 friends, thats pretty cheap...

I havnt read much about it nor played it, but if they made it like D2:LOD id be all over it. I am assuming T2 is actually multiplayer now? Not the terrible single player only that TL1 was? :p
 
Last edited:

gothamhunter

Diamond Member
Apr 20, 2010
4,464
6
81
I think you people who believe Blizzards explanation and that all these people getting hacked are from apparently "undetectable" keyloggers or phising are insane. There are at least hundreds of people losing their accounts every day, you really think they are all from the exact same keyloggers and phising methods? Give me a break... None of them have virus/online detection programs running?

Blizzard would be complete idiots if they admitted to an exploit or backdoor. Obviously they are not going to say that publicly. Ive seen plenty of people who have authenticators lose their accounts. Plenty of people who have no friends on their lists, or have played with any other players in the game have lost their accounts.

I also highly doubt all these people with super long complex passwords are getting "brute forced" so quickly as well as some others have suggested.

Something is fishy...

In person, or on the forums where they're right no matter what so Blizzard can pay? If they're using the dial-in, it's not supported in d3 and doesn't count. Any posts that I've seen regarding it Blizzard has spoken up and said "nope, you don't have an authenticator, you should probably get one" and you never see the poster again.
 

Aikouka

Lifer
Nov 27, 2001
30,383
912
126
Can't you also run the Android authenticator app from within an Android emulator? That might be a good TEMPORARY solution for those that are waiting on a non-phone variant.

I think you people who believe Blizzards explanation and that all these people getting hacked are from apparently "undetectable" keyloggers or phising are insane. There are at least hundreds of people losing their accounts every day, you really think they are all from the exact same keyloggers and phising methods? Give me a break... None of them have virus/online detection programs running?

I don't dabble in the security aspect of what I do, but as a software engineer, I don't doubt it. Heuristics isn't a perfect science, and that's what would be required to detect these threats.

Yeah, I'm waiting for it to come in the mail. No smartphone here and no mention of 'needing' one in the game requirements on the box. Not being familiar with recent Blizzard games(since d2, war2 etc..) I was completely unaware of their existence.

I think it would be a good idea for Blizzard to include a piece of paper detailing the authenticator with boxed units, and an e-mail containing the same information for all digital units. I'm not surprised though. Look how many questions we've had over things like Elective Mode, which would have been much easier had Blizzard actually told people about it. :p

EDIT:

I havnt read much about it nor played it, but if they made it like D2:LOD id be all over it. I am assuming T2 is actually multiplayer now? Not the terrible single player only that TL1 was? :p

Yes, Torchlight II has LAN and game browser-style online play. It's very reminiscent of older games with how you create a game with a name and password, and people just select it.
 
Last edited:

DrunkenSano

Diamond Member
Aug 8, 2008
3,892
490
126
I think you people who believe Blizzards explanation and that all these people getting hacked are from apparently "undetectable" keyloggers or phising are insane. There are at least hundreds of people losing their accounts every day, you really think they are all from the exact same keyloggers and phising methods? Give me a break... None of them have virus/online detection programs running?

Blizzard would be complete idiots if they admitted to an exploit or backdoor. Obviously they are not going to say that publicly. Ive seen plenty of people who have authenticators lose their accounts. Plenty of people who have no friends on their lists, or have played with any other players in the game have lost their accounts.

I also highly doubt all these people with super long complex passwords are getting "brute forced" so quickly as well as some others have suggested.

Something is fishy...

Why are you assuming that virus/online detection is going to catch everything? I played WoW for a few years back since it launched and have seen multiple people get their accounts hacked, some guild members, some friends, or just people on our server. They all didn't have the authenticator.

And it doesn't sound like brute force is being used. Just keyloggers or whatever the hackers are using now coming through security loop holes that aren't related to Diablo 3 but used to gain info on Diablo 3 account. The hackers are probably doing it very aggressively for two reasons, one it's a very new and very popular game, two because Blizzard plan to implement the sell stuff for real $$$ option in the near future.
 

Fallengod

Diamond Member
Jul 2, 2001
5,908
19
81
Why are you assuming that virus/online detection is going to catch everything? I played WoW for a few years back since it launched and have seen multiple people get their accounts hacked, some guild members, some friends, or just people on our server. They all didn't have the authenticator.

And it doesn't sound like brute force is being used. Just keyloggers or whatever the hackers are using now coming through security loop holes that aren't related to Diablo 3 but used to gain info on Diablo 3 account. The hackers are probably doing it very aggressively for two reasons, one it's a very new and very popular game, two because Blizzard plan to implement the sell stuff for real $$$ option in the near future.

I understand that, but look at the logic of it. This would mean all these hundreds of people losing their accounts on a daily basis(there are literally new lost account threads made every 5 mins on bnet forums) are all going to the same sites all getting infected by the same things all being undetectable. How do you account for all the people who said they dont visit any strange sites or do any strange activity, like the 5-10 people from this forum? Many people from this forum are pretty tech savvy or at least aware. Plenty of people from this thread who lost their accounts. :p Just sayin.
 

slayer202

Lifer
Nov 27, 2005
13,679
119
106
Why are you assuming that virus/online detection is going to catch everything? I played WoW for a few years back since it launched and have seen multiple people get their accounts hacked, some guild members, some friends, or just people on our server. They all didn't have the authenticator.

And it doesn't sound like brute force is being used. Just keyloggers or whatever the hackers are using now coming through security loop holes that aren't related to Diablo 3 but used to gain info on Diablo 3 account. The hackers are probably doing it very aggressively for two reasons, one it's a very new and very popular game, two because Blizzard plan to implement the sell stuff for real $$$ option in the near future.

How exactly do people think brute force is being used? I can't imagine blizzard would allow thousands of password attempts on a single account, or from a single source. I can't imagine there is any way to extract or download a key to crack later offline.

It's an odd situation, either way. Usually there's a simple explanation. If Blizzard is denying any sort of backdoor on their end I find it hard to believe they would lie about it. How many people would be working on that fix, you don't think someone would leak the issue?
 

SMOGZINN

Lifer
Jun 17, 2005
14,359
4,640
136
First and foremost, Legendary items are not designed to necessarily be the best items in the game.

I don't understand this design decision. Why are they Legendary if they are not better?

They’re just one additional type of item as you level up, and they are not meant to be the primary items you’re chasing at the end-game.

So, my character is not suppose to use Legendary items? Then what is their purpose?

They can -- and should -- be exciting to find, but they’re not supposed to serve as the single driving force of the item hunt. Rare items, for example, have the possibility to roll up “perfect” stats that can, if you’re lucky, outpace the predetermined stats of a Legendary. That’s by design.

Why would I get excited about finding a item that is intentionally not better then the Magic and (not so) rare items that drop like rain?

I think they did not really think this through.
 

SMOGZINN

Lifer
Jun 17, 2005
14,359
4,640
136
How exactly do people think brute force is being used? I can't imagine blizzard would allow thousands of password attempts on a single account, or from a single source. I can't imagine there is any way to extract or download a key to crack later offline.

It's an odd situation, either way. Usually there's a simple explanation. If Blizzard is denying any sort of backdoor on their end I find it hard to believe they would lie about it. How many people would be working on that fix, you don't think someone would leak the issue?

I completely agree. Brute force attacks are not realistic in this situation. Even breaking a simple password with brute force takes time, and a lot of attempts, which would be trivial for Blizzard to detect and ban. Not only that, but the time it takes to brute force a password more complex then password123 is prohibitive when trying to hack a large number of accounts.
 

digiram

Diamond Member
Apr 17, 2004
3,991
172
106
also TONS of stuff sells between 5-15k

Screenshot002.jpg



basically i list stuff at 10k if its a wep and has good stats. 15k for better weps, other things i randomly list from 3k+ depending on what i feel like and what level the item is.

also if you are buying weps for yourself you can basically just resell them at the same price for a loss of 0 when you upgrade

Exactly what I do. I'm not afraid to buy a good wep for 20-50k, when I know I can resell at the same value or more when I'm done with it. That's pretty awesome. Loving the AH right now.
 

Kabob

Lifer
Sep 5, 2004
15,248
0
76
Exactly what I do. I'm not afraid to buy a good wep for 20-50k, when I know I can resell at the same value or more when I'm done with it. That's pretty awesome. Loving the AH right now.

What's your handle digiram? I'll add you to my friend's list.
 

DrunkenSano

Diamond Member
Aug 8, 2008
3,892
490
126
Only reason I had brute force mentioned in my earlier post was because other people were talking about how they believe brute force was a solid method. The article that someone provided gave much more logical explanations. I'll repost the link.

http://diablo.incgamers.com/blog/comments/scary-facts-on-d3-account-hacking

And this isn't a sudden incident, it seems like a sudden incident because this game is new. But it's been on-going for many years, through phishing emails, banner ad trojans, security loopholes in whatever stuff people use on a daily basis, etc. It's just been stepped up lately because D3 is a new game with more $$$ potential.
 

Kalmah

Diamond Member
Oct 2, 2003
3,692
1
76

the cause is people desiring a shortcut in their games by buying gold.
This is the shit that I'm tired of seeing. I did not buy anything or do anything outside of just playing the fucking game. This is why I keep stating that Blizzard is blaming the customer. They are assuming this is what I've done.

Anyways, fuck it. I don't care anymore. I've been hitting refresh on my support ticket page for 2 days now waiting for a response.
 
Last edited:

darkewaffle

Diamond Member
Oct 7, 2005
8,152
1
81
This is the shit that I'm tired of seeing. I did not buy anything or do anything outside of just playing the fucking game. This is why I keep stating that Blizzard is blaming the customer. They are assuming this is what I've done.

Anyways, fuck it. I don't care anymore. I've been hitting refresh on my support ticket page for 2 days now waiting for a response.

You might want to reconsider implying that people with compromised accounts are buying gold with real money.

That’s definitely not what I’m saying, and I apologize if it came across that way. I meant that gold selling companies exist and compromise accounts because some players buy gold. If there was no market, there would be no companies dedicated to the market. Most people who are compromised have never bought gold.

From the same article.
 

darkewaffle

Diamond Member
Oct 7, 2005
8,152
1
81
I don't understand this design decision. Why are they Legendary if they are not better?

So, my character is not suppose to use Legendary items? Then what is their purpose?

Why would I get excited about finding a item that is intentionally not better then the Magic and (not so) rare items that drop like rain?

They're not meant to be the primary in the sense that "Legendary in every slot" isn't intended to be what everyone chases as the "best" and that even premier legendaries will have more of a 'give and take' relationship with exceptionally itemized rares.