Blizzard Facing Lawsuit Over Forceful Authenticator Purchases

[mstngs351]

[citation][nom]kathiki[/nom]You mean they are doing the right thing by SELLING authenticators for a game you have bought, a server you are paying per month, when it is their job to provide measures free of charge against account hack? Looks like you are just one of the people that have been totally "incorporated" into all this multimillion abuse.When I played rift planes of telara and my account was hacked (though i never subscribed to forums or guild forums etc etc) it took them 2 weeks to have my account restored BUT that was not the only thing they did FREE OF CHARGE for their consumers. Their new authenticator also incorporated a nice system that did not allow any ip range other than the one that created the account to have access to your account. I had several account hack attempts after that and they were all unsuccessful as the hacker was automatically blocked, my account was blocked and the company would send a new authentication code right into my email so i could use to to unblock my account ingame. That was free of charge. My subscription account was hacked, my ingame account was hacked but they could not hack my email account. Now that is what i call ingame security. And it cost the consumers NOTHING. Plus the fact that the company apologised for the hacks and gave their consumers a free month.Blizzard has to deal with millions of people and that means nothing more than MONEY and income to them. THat company has absolutely NO respect for their customers. But I guess those that want to play the game and pay for any suffering that they encounter deserve it.[/citation]

Cute. Now apply some critical thought and try again.

 

[valkain]

[citation][nom]kathiki[/nom]That was free of charge. My subscription account was hacked, my ingame account was hacked but they could not hack my email account. Now that is what i call ingame security. And it cost the consumers NOTHING. Plus the fact that the company apologised for the hacks and gave their consumers a free month.Blizzard has to deal with millions of people and that means nothing more than MONEY and income to them. THat company has absolutely NO respect for their customers. But I guess those that want to play the game and pay for any suffering that they encounter deserve it.[/citation]
*facepalm*
Fallacies in logic

Say you got key logged, they have your windows password, email password, game password, bank password etc

Then they access your accounts, authorize account changes and intercept any notification you would be sent. They authorize themselves and they are golden.

Or how about man in the middle attacks. Your computer is infected by LSP your traffic is being routed to somewhere in China. They sit, they wait. You login with your data taking a side trip through china. You get locked and think, well why am I locked when im logging in. You check your code, you key in said code, they intercept that code and send a bad code to the server. You are still locked out, they just authorized themselves. Authorized to change your information and completely stone wall you. Your account is now empty via automated scripts within 15 minutes and before you can contact support.

It's not a perfect method like you might think, there are holes. Authenticators are not impossible to bypass. IP validation is not impossible to circumvent. Whatever security method someone can think of, with incentive, a hacker WILL figure something out sooner, or later.
http://en.wikipedia.org/wiki/Pwn2Own
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
http://news.cnet.com/8301-1009_3-57530644-83/hacker-wins-$60000-prize-for-breaking-into-google-chrome/

Grasp the concepts that a hacker can do some rather mind boggling things. Grasp that concept and accept the fact additional security methods are needed for everything and is not a guaranteed protection.

Blizzard chose authenticators as a security of choice, and they have IP and system validations to lessen its impact if it can recognize your system. To truly be hackproof would require an extreme amount of security layers and probably take 30 minutes to login and ruin your game experience. That's another fine line people probably don't think about it. They complain enough about being forced to be online to play an offline game. Lets add online requirements, an authenticator, email validation, phone validation, biometric scanning and more just to login.

I'm sure a hacker will still be able to get through sooner or later.

 

[neiroatopelcc]

[citation][nom]skit75[/nom]FYI on my above post..... the "hack" that occured on my account was before the RMAH had even went Live. My character was there but it's inventory was completely looted. My user/pass has never been shared and my game was a legitimate copy as I have never cracked or keygen'd any of my games. It was a breach on their side and what irked me the most was the immediate deflection of the problem back on to me in an automated response, which also included marketing for the authenticator. It makes me mad all over again just posting my tale here...[/citation]
it wouldn't be terribly difficult to pull off a theft of login credentials. We could potentially capture all trafic exiting our network wherein battle.net is mentioned and get a hold on the nessecary details. So there are hundreds of people relying on our professionalism to secure their experience. I'm not sure people in all companies are as professional in this regard, and we're not the only company with this ability.

Edit: What I mean is, that regardless of how well you protect yourself, there'll always be a risk that someone with access chooses to abuse it.

 

[GNCD]

[citation][nom]beayn[/nom]When I was setting this up, there was no windows app. I also do not have any infections on my system. I'm not a careless type in that regard. My ONLY reason for setting it up was to use the RMAH to sell shit.Eventually I found an Android emulator that seemed legit... it's tough to google something like that and not find a bunch of infectious scams... Unfortunately to use the Paypal method instead of Blizzard's bank (which can't be withdrawn from), Blizz requires an SMS phone that is *not* a pre-paid phone (another of Blizzard's stupid rules), which is why I didn't toss money on my expired prepaid cell that I never use.So, again, while it seems all peachy and easy for those with smartphones, those without or those with pre-paid phones are either locked out or limited.[/citation]

i'm using a pre-paid phone and is able to use the SMS authenticator. a couple of my friends are using it as well. i was also able to sell stuff in the RMAH with the proceeds going to my PayPal account. hell, we messed around with the authenticator to see if it really works real time and it did. we tried logging in to each other accounts and we got SMS notifications with the codes. you will also get an SMS when changing your password. that "stupid rule" you are talking is a lie. just like the cake.

 

[GNCD]

[citation][nom]kathiki[/nom]You mean they are doing the right thing by SELLING authenticators for a game you have bought, a server you are paying per month, when it is their job to provide measures free of charge against account hack? Looks like you are just one of the people that have been totally "incorporated" into all this multimillion abuse.When I played rift planes of telara and my account was hacked (though i never subscribed to forums or guild forums etc etc) it took them 2 weeks to have my account restored BUT that was not the only thing they did FREE OF CHARGE for their consumers. Their new authenticator also incorporated a nice system that did not allow any ip range other than the one that created the account to have access to your account. I had several account hack attempts after that and they were all unsuccessful as the hacker was automatically blocked, my account was blocked and the company would send a new authentication code right into my email so i could use to to unblock my account ingame. That was free of charge. My subscription account was hacked, my ingame account was hacked but they could not hack my email account. Now that is what i call ingame security. And it cost the consumers NOTHING. Plus the fact that the company apologised for the hacks and gave their consumers a free month.Blizzard has to deal with millions of people and that means nothing more than MONEY and income to them. THat company has absolutely NO respect for their customers. But I guess those that want to play the game and pay for any suffering that they encounter deserve it.[/citation]

sounds like you never used blizz's authenticators. fyi, they have the same type of location based authenticator.

 

[Guest]

This isn't safeguarding due to Blizzard's security issues. It's due to stupid a55 users that have passwords like PASSWORD. They can use PASSWORD if they have an authenticator. If they don't then they get hacked and Blizzard has to spend tons of time and man power getting their account back from the *hackers* that got through on their PC with no security and crappy easy to guess passwords.

 

[beayn]

[citation][nom]gncd[/nom]i'm using a pre-paid phone and is able to use the SMS authenticator. a couple of my friends are using it as well. i was also able to sell stuff in the RMAH with the proceeds going to my PayPal account. hell, we messed around with the authenticator to see if it really works real time and it did. we tried logging in to each other accounts and we got SMS notifications with the codes. you will also get an SMS when changing your password. that "stupid rule" you are talking is a lie. just like the cake.[/citation]A lie? Go here:

https://us.battle.net/support/en/article/battlenet-sms-protect

What devices are eligible for Battle.net SMS Protect?
Any standard cell phone in a supported country with a data plan may be used as a Battle.net SMS Protect device. Cell phones with prepaid plans may not work with the SMS Protect service. SMS Protect cannot be used with Voice over IP (VoIP), and VoIP numbers that are transferred to a local provider will not be eligible for Battle.net SMS Protect.

Blizzard does NOT allow prepaid phones. It just so happens some of them don't show up as a prepaid due to the carrier listing them differently. That's the only reason the FAQ says "prepaid phones may not work" PayPal on the other hand, allows prepaid phones for their own SMS protect feature. It's only blizzard who has this rule and you can find many threads on Blizzard forums with people saying their prepaid is configured on PayPal's SMS protect, but when linking Battle.net's SMS protect, the phone is not allowed.

I couldn't even get a legit cell phone on a contract to work with it. It simply said it wasn't recognized as a mobile phone number. I called blizzard, they told me to call my service provider, who promptly stated they had no idea what I was talking about. I didn't bother going back to blizzard after the run-around, but I have heard of people getting it resolved after getting bounced around until you find someone that knows how to fix it.

Consider yourself one of the lucky ones who has a prepaid phone that shows up as a regular mobile phone.

 

[neiroatopelcc]

[citation][nom]valkain[/nom]Have you tried developing an app? How long does it take to make one? How much longer does it take to make it secure and function the way it should without having any security flaws? I imagine it's coming down the road. I can't imagine them whipping it out in a snap without time, R&D and internal Q&A to ensure quality and security.Because it isn't Blizzards fault people get scammed. People are stupid enough scammed. That is an undeniable fact. Who says you have to buy a phone? Blizzard is not forcing you to shove an optional software up your rectum. You don't want an authentication, don't buy it. You don't want the software on a phone, don't use it. If you live in a high crime neighborhood, and choose not to have home security that's your own problem. If you choose not to own a gun to defend your home and property from an intruder, that is your choice. Security is optional whether its a game, your car, your home or your life. Bllizzard gives you a choice. Take it, or leave it. Blizzard is not the mafia. They are not holding a gun to your head and "suggest" you should pay for protection.[/citation]

Yes as a matter of fact I have. And if you aim to remove all flaws at the initial release you're already set for failure.
True testing takes time. In my world around 5% of the time spent is on actually making something. The rest is testing. However it must be stressed that companies like activision blizzard have slightly more than one employeee and therefore can effectively bundle the workers together to get a product ready faster. It's just that since the death of the old blizzard they're consequently 4-6 years behind the rest of the world.