Thread: Diablo III
View Single Post
Old 2012-05-28, 11:50   Link #2108
felix
sleepyhead
*Author
 
 
Join Date: Dec 2005
Location: event horizon
Personally what I don't understand is what is there to gain from hacking one's account. Of course the victim has plenty to lose, however how does one profit from it? You would essentially have to log in with another account and trade the items and I'm sure that's being logged so if any item transaction like that happens you have a nice breadcrum trail to the culprit.

It's all very pointless from my perspective. Sure you can have the account but what's the point of going though the person's stuff. I'd expect it, like most viruses etc, to sit in the background and do shady things when you're not looking for as long as it can. From what I've read nothing of tangible value was stolen.

If this mass hacking is true, then either (a) someone was extremely bored and pissed off at blizzard, (b) someone really really wants to keep the RMAH away, or (c) another company is doing it so blizzard loses face, and customers. Something like a corporate version of stuxnet... sabotage is certainly cheaper then advertising (if that's true though, everyone bitching is certainly what the hackers wanted). Of course I might be overthinking it; it usually is something very simple and stupid... like say a popular site lost one of it's backups and those backups had plaintext passwords in them.

Quote:
Originally Posted by Mow Yun View Post
EDIT: Duo - Apparently passwords are valid whether you use capitals or not. Perhaps battle.net has a cipher which converts all characters to either upper or lower case.
I've never heard of such a stupid algorithm. They are converting your password to lowercase; probably too many idiots people contacting support to reset their passwords, when they were trying to type it in with capslock. There's no real other reason to do this otherwise.

Personally I find the account passwords extremely shamefully implemented. There is NO, and mean ZERO, reason your passwords needs to be 16 or whatever characters maximum. The only reason passwords were ever limited in length was for compatibility with decaying infrastructure... Basically when your passwords are limited it usually means they are storing your password on the database; same of when you get your password via email from a site or when they have recovery systems that send you the actual password instead of a random one.

I hope blizzard didn't hire a complete bunch of security retards, because something like that (storing actual passwords) is unacceptable these days.
__________________

Last edited by felix; 2012-05-28 at 12:04.
felix is offline   Reply With Quote