-
-
-
-
-
-
-
-
- AusGamers Dragons Dogma Dark Arisen Comp (closed)
- AusGamers Aliens Colonial Marines Competition (closed)
- AusGamers Assassins Creed 3 Giveaway (closed)
- AusGamers Dishonored Competition (closed)
- AusGamers XCOM Giveaway (closed)
- AusGamers Mists of Pandaria Give Away (closed)
- AusGamers Spec Ops The Line Comp (closed)
- AusGamers Diablo 3 Competition (closed)
- WIN Skyrim Goodies (closed)
- StarCraft 2 Razer Gear Competition (closed)
- The Witcher 2 & MSI Competition (closed)
- The Dragon Age 2 Competition (closed)
- The Mass Effect 2 Competition (closed)
- The Dead Space 2 Competition (closed)
- WoW Cataclysmic Competition (closed)
- Skyline Competition (closed)
- The Civilization V Competition (closed)
- The NBA 2K11 Competition (closed)
- Mafia II Competition (closed)
- Lost Planet 2 Co-Op Competition (closed)
- WIN an Xbox 360 Elite Bundle! (closed)
- The StarCraft 2 Competition (closed)
- The Metro 2033 Competition (closed)
- The BioShock 2 Competition (closed)
- Darksiders Chaos Eater Giveaway (closed)
- Bioshock Promo Box (closed)
- Wolfenstein Medal Facebook Comp (closed)
-
We are all we’ve got.
Watch the full trailer for Call of Duty: Ghosts.
Pre-order Now!
Pre-order Now!
We take Naughty Dog's latest graphical masterpiece for a gameplay spin to see if it handles as well as it looks and sounds. Click here for our full hands-on preview!
Ahead of the Xbox One reveal, AusGamers had a chance to see Call of Duty: Ghosts up close and in person. We also spoke with CoD VP of product Daniel Suarez. Click here!
We take NetherRealm's Injustice: Gods Among Us for the review spin and walk away very happy with what the MK creators have built here. Click for the review!
|
Post by Eorl @ 09:10am 10/08/12 | 29 Comments
 The announcement explains that the data accessed includes "the answer to the personal security question" and a list of email address for players on North American servers, as well as "information relating to Mobile and Dial-In Authenticators", but goes further to explain that none of this information by itself would be enough for someone to gain access to an account, and that to their knowledge no credit card details or other financial information was compromised. Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.Blizzard also detail in the announcement that "cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken". You can read the full statement over here, and ensure you change your battle.net password as soon as possible. 
|
|
Posted 09:58am 10/8/12
Posted 10:02am 10/8/12
Posted 10:05am 10/8/12
Posted 10:41am 10/8/12
Posted 10:44am 10/8/12
Didn't realise it was this bad
Posted 11:00am 10/8/12
Posted 11:10am 10/8/12
http://us.battle.net/support/en/article/important-security-update-faq#q-2
It's worth noting their passwords were stored using
Which you have to give them props for, it's highly unlikely nigh impossible for anyone to get their hands on your password. It is however still incredibly damaging that peoples secret questions and answers weren't encrypted, this along with names and emails spells bad news for a lot of peoples accounts with other services. It's also bad that they have keys for mobile authenticators which a significant amount of people are using on their bnet accounts, however,
last edited by eXemplar at 11:10:39 10/Aug/12
Posted 11:39am 10/8/12
Posted 12:36pm 10/8/12
Posted 12:40pm 10/8/12
"In the coming days we will implement an automated process for all users to change their secret questions and answers, as a precautionary measure. We'll also prompt mobile authenticator users to update their authenticator software."
Posted 12:42pm 10/8/12
lots of sites lets you change your security question type, and like rev, I wanted to change mine now rather than wait for their 'automated process'
Posted 12:42pm 10/8/12
Posted 12:51pm 10/8/12
there's nothing precautionary about *not* prompting for a security question/answer change when it's something that's able to be used to gain control of an account and has been leaked in plain text
Posted 01:04pm 10/8/12
Posted 01:14pm 10/8/12
http://www.theatlantic.com/technology/archive/2012/08/security-questions-the-biggest-joke-in-online-identity-verification/260835/
Posted 02:05pm 10/8/12
The shitty thing is though, when you've done that, and then realise the system actually requires their use every now and then -- like one of my financial institutions, who make you authenticate with them every time you access their site from a new computer (or clear your browser cache).
Posted 03:45pm 10/8/12
Posted 04:32pm 10/8/12
what colour is the sky
how many pets do i have
etc
then just make up an answer that you only know
like
tangerine
12345
Posted 04:59pm 10/8/12
Posted 05:21pm 10/8/12
Posted 06:00pm 10/8/12
Posted 06:19pm 10/8/12
Posted 07:14pm 10/8/12
Posted 07:20pm 10/8/12
Posted 07:58pm 10/8/12
Posted 10:52pm 10/8/12
I just brute force with an axe.
Posted 07:11am 11/8/12
http://www.twitch.tv/aclprosc2
if anyone is interested in watching the stream
Posted 12:32pm 16/8/12
Posted 01:57pm 16/8/12
The other week my phone was decomissioned and so before it left my posession I flashed it completely new, removed all traces of my backup on it and let it go.
Then, a few days ago, i went to log into starcraft and it asked for a bnet authenticator, something i had installed on my old phone. Well, i couldn't do anything about that so then i checked the web form, which asked me for a photograph of a government ID. I said "fuck that, considering their other information on me, i'm not giving some callcentre/t1 person enough documentation to take out a loan in my name".
I called blizzard up and they on the phone asked me:
1) My name
2) My address
3) My secret question
After answering all three correctly, they then asked me for my CD key for Diablo 3
"I bought it online, i can't check that physically, I bought it through blizzard"
They then said "Can you tell me your last 4 credit card numbers"
I reply: "I paid through paypal, direct debit".
They then said "Well do you know your starcraft2 key?"
I didn't have my cd's anymore, i installed it at a friends, registered it on battlenet, along side my warcraft 3 key. "No, sorry, but i still have my warcraft 3 cd key" I grabbed it off the shelf but before i could read it out the lady replies
"I'm sorry, we can't use that to authenticate you".
"Well, how many other people could recount a 20 alpha numeric number which is attached to an account"
"It's not in the list"
I had an idea "Oh well, if you don't believe i'm me, you have my mobile phone number on the system, call that number, and when i pick up you'll be guaranteed it's me. It was associated months if not years ago".
"I'm sorry, it's not on the list"
"Well, what can i say that is on the list"
"Diablo 3, World of Warcraft or Starcraft 2, or alternatively, if you submit a ticket with a photo of your government ID on it, like a passport or drivers license, then we can authenticate you".
I replied back "My name is John Clark. My passport has no details on it that would match any other detail on your system. It would just some passport. It doesn't have my address, it doesn't have my secret answer and it doesn't have any relation to blizzard or my methods of payment to you. But you're telling me, if someone, anyone else with the same name as me, JOHN SMITH, called up with his ID then you'd give him my whole account? Is there someone I can talk about this to?"
At which point i couldn't go any further and so I ended the call.
There's more boring stuff to that story, but i did get my account back later, by following their proceedure. I was half tempted to just buy a new game, but i don't have my war3 cd anymore, just my key so i'd also lose that if i lost my account :(