PSA: Diablo III Open Beta WeekendFollow

I said GOOD GAME!

Get an Authenticator.

Been using an Authenticator since whenever they came out and I wasn't hacked until the day I removed it from my account. Literally the same day. Makes me wonder how long they've been spying on me.

The only commonality is my primary email happens to be my bnet email (and this is because credit card info could be involved), and I can basically pull up half a year of emails without a single phishing attempt present. I've otherwise been fairly good about using alternate identities when jumping into new spheres, utilizing dummy yahoo accounts and the like for things I know I really won't care much about.

I'd only recently gotten a smart phone, so I have the authenticator set up on it now. I'm not entirely sure that will do any good if they're compromising people the way I believe they are, though. And really, for every 10 "Get an authenticator!" posts I see, there's probably at least 1 who claims they still got hit. Either way, they shouldn't be an excuse for Blizz to employ lazy security practices.

And really, I've been around the net long enough to know the "what not to do" things and am at the very least protected more than your average person who may've gotten caught up in phishing scams. I probably caught the compromise within 45 minutes of it happening, and I would've noticed sooner if I'd actually alt-tabbed back to the game between some conversations. Just because, I went through and updated my software (if it even needed it) and did thorough scans with at least 4 programs, all if which showed nary a hint of anything out of the ordinary. So, if by some fluke I have a trojan on my system at the moment, it's playing very hard to get. I'd be even more curious to know where it would've came from since in the 3 weeks or so since D3's launch, my net browsing has actually been pretty minimal outside of browsing here, Facebook, and other big-name sites that should ideally be secured. I do the whole Firefox song and dance with multiple security add-ons and things like iframes disabled by default, too.

I'd really love to know how if it was me, but with how common this seems to be happening, I don't think it's entirely user error. Authenticator aside, I can think of some added layers of security Blizz could employ right this instant to help protect folks, like employing whitelist locations where, if say you live in CA and allow IPs from within that state, anyone trying to log into your account from outside CA shouldn't be able to. On my end, I'd need OH and WV free since I travel between the two a lot, maybe even PA. So even if by some fluke an antsy chinaman got my log in info, they'd have to go the extra mile of knowing where I live and managing to spoof a connection from it. I have no doubt some may go that far, but if they're running through giant lists of possible accounts and passwords, basically multiplying that by 50 would scare some off or make them more sloppy in the process, thus more easily caught.

Should have used celestial ravens as your ISP.

FFFFFFFFFFFFFUUUUUUU-

Why Hardcore and Diablo III should never have gone together.

You have my sympathies.

Edited, Jun 7th 2012 9:55pm by IDrownFish

Yeah, I get it. I just have more fun on HC to be honest, and that'll continue through Hell, most likely. The rush of being close to death when you know you lose the character is really fun; it just sucks that there's no offline mode.

Yeah, they defaulted it to off so that people didn't get overwhelmed by choices, but once you get your feet under ya it's the first thing to turn on.

Well, we might be looking at a rollback. Or not. For those of you just tuning in, there was a rather large discussion erupting across the various sites about a gold dupe that had ruined the economy. Screens of multi-billion gold accounts were going up. And it was because the client allegedly used the user's system clock for things such as posting and closing auctions. Anywho, I odn't know how true it was/is, but Bashiok has posted that this is likely not true, similar to the Real ID debacle. His full post is below.

I don't know what is true and what isn't, but this full post was pretty much my play by play after seeing the first posts pop up on Reddit.

SpoilerThere was an exploit with the Auction House. Apparently, the client based all things requiring a time, including the time left on an auction, on the user's system time, and not on a central server time. I'm not clear on the specifics, but the exploit involved "players changing their clock to alter the timer on their items being sold. If you bid (not buyout) on an item there is a chance that the seller will be able to steal your money by making the timer go to 0, then reversing the clock by 2 days and cancelling the trade (getting the gold and the item)." (via Reddit) That's not the method to reproduce the exploit, just a guess, and the exploit has already been hotfixed.

But still, the effects have been felt.

Additionally, there may have been a second exploit running around allowing for flat out duping of gold. Details are sketchy at the moment. Either the first exploit I mentioned allowed the seller to keep the item and receive the bid gold AND the buyer get his gold refunded, or the seller gets the item and the gold, the bidder loses the gold, and there is a second exploit for gold duping running around. I'm not sure.

Edit 2: Here is the second exploit. Also hotfixed, and also based on the client using the user's clock to ***** with the system. From the o-boards:

Quote:

Player A puts item up on AH
Player B buys item
Player A takes out the gold from that transaction
Player B turns back the clock on his desktop by 2 days
Player B will get back the money he spent on the item, and player A will also have the money that was originally paid, thus duping the gold.

So yeah. The economy is pretty damaged right now (I'm seeing a lot of items priced at 2 billion at the moment), and we might be looking at a rollback. Blizzard really dropped the ball on the Auction House this time around.

Edit: Wow. The forums are going apesh*t, understandably.

Edit 2: Added details about second exploit above.

Edit 3: Rumors are going around that the Asian servers experienced a 3 day rollback. I haven't been able to find a blue or news post to confirm.

Edit 4: Bashiok just posted this:



So a rollback might not be actually happening. High prices could have been people assuming hyper inflation and basing prices on that, and the image I linked above would not be hard to photoshop. Even if it were not shopped, with items selling in the millions/tens of millions regularly, it's not unbelievable for the very rich to have billions. tl;dr: Blizzard claims there is no dupe.

Spoilered a lot of the allegedly irrelevant information above.

Edited, Jun 12th 2012 4:10am by IDrownFish

Edited, Jun 12th 2012 4:31am by IDrownFish

I haven't really touched the higher levels, mostly because I want to play all of the classes through Normal before picking one to level through Inferno. However, with that in mind, the AH has been fantastic since people will generally put up good rare-quality weapons and gear for levels 1-30 for under 1k BO. For each character I've leveled so far, I go to the AH every 5 or so levels and buy new weapons, which helps the whole leveling process immensely.

Also, being a Blizzard employee and therefore required to actually read through the hundreds and thousands of complaints on the forums (usually silly and/or invalid ones) must be torture.

I would just like to say, I wanted to check it out see if anyone is selling anything and i get an error "There is a 3 day wait to use the Auction house for digital purchasers."

Yeah its a digital copy of the game IVE HAD FOR 4 WEEKS. Now we have to wait 3 more days?

I'm not that dense to not realize why they did it but even the FAQ says any Digital copies of the game bought and registered BEFORE the RMAH opened shouldnt have to wait the 3 days, any after should. Great so why am I getting the error when I bought it pre launch.