Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.
From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.
The thread indicates it may have appeared during WotLK alpha builds and only contains: - Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included) - IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers). - The time the screenshot was taken
I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Of course privacy zealots will say otherwise, but each to their own.
It's not just about features, it's just that it feels like Google properly thought about every aspect of functionality of their chrome for the browser. For example, it took ages for Firefox to implement that tabs don't resize themselves after closing until after you move the mouse away. And even now, the drag handle for the Firefox window is only on the window title area and you still can't use the unused tab area as a window drag handle, where on Chrome it works fine. It's these tiny little details that I really appreciate about Chrome.
That being said, I still love Firefox's awesome bar, works better than Chrome's default address bar by a long shot, if I recall there is a Chrome extension which works the same, I may look into that, but it's not a deal breaker for me.
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
I always thought of it as a delegation thing which is really convenient for the users of that country. I can pay in my local currency for a local domain name and deal with a local company, rather than having to deal with dollar exchange rates and US based companies which may have vastly different business hours. It also means that things like trademark disputes can be handled locally, rather than one having to deal with US laws. It's also in the interest of said governments to keep money local (for local only businesses) rather than a constant stream of money trickling from their country to some U.S company for no particularly good reason except that the U.S. kind of got the monopoly.
In fact, if anything I think it's the generic top level domains which messed things up. With the U.S. controlling the internet first, no one really bothered with the.us ccTLD and instead used the "default" top level space, while ccTLDs are effectively 2nd class.
I think a lot of the problems with GLOBAL contention of.com namespace would be much less of a deal if it never existed and like pretty much the rest of the world, US entities used something like.co.us /.com.us.
Of course ccTLDs create their own set of challenges for international businesses, who may feel forced to maintain their domain names in all the countries in which they operate, but it also means that a silly local only mom and pop business in the US wouldn't get the the "default".com address which is greatly coveted by a multinational, but European only company.
I'm not saying I feel this way myself, but if anyone ever wondered why Americans are often stereotyped as self-centred and oblivious to the fact they are only a part of an international community, it's stuff like this which doesn't help them. However, I acknowledge that DNS and the Internet was originally just an American thing and wasn't initially conceived to service the entire planet, but still, we are living in the world we live in, regardless of the intent or lack there of.
Cool story Mr Anonymous Coward. Believe whatever conspiracy theories that make you feel better about yourself, but fooling yourself into believing this is on Blizzard's side will not stop you getting hacked in the same way the next time you play any online game in which gold sellers can make a profit off hacking accounts.
If your account was used for farming, then it makes sense they waited until you cancelled your sub, that way you wouldn't interrupt their activities.
There are various different gold selling companies with different MOs, some steal gold, others hijack accounts and farm.
Haven't taken much action to remedy it, because, well, frankly I don't mind as I don't have time to play games anymore.
If you're actually never going to play WoW, then fair enough, if there is a chance you will do so at some point in the future, I advise you report it now while they still have logs and can make a record of any damage. If it's reported too late, the logs are gone and there is no chance of item/gold recovery. Reporting compromised accounts is really streamlined and painless, would take you less than 5 minutes to report it through the website.
I am just someone who happens to be in the know on this subject, trying to inform fellow Slashdotters in general to not fool themselves into thinking they aren't insecure by shifting the blame to where it shouldn't be.
You are welcome to go ahead and convince yourself it *must* be Blizzard at fault here, but that won't magically stop you getting hacked the same way in the future for the next game or service you use unless you fix the real problem.
I was a Blizzard fan for years before working there, a Blizzard fan while working there and still one today, but I am also a hobbyist website developer, before there I worked there I worked as an IT technician, I am a long time Slashdot user and a fellow gamer.
But sure Mr Anonymous Coward, if you and your friends who got hacked sleep better at night being ignorant on their account security practices by believing this, go right ahead, it's not me potentially making myself a future hacking target.
Inherently with any software, there are sometimes bugs which is of course always going to be a frustration for support staff.
While your mileage may vary between the representative you speak to, most of the people I worked with were all passionate about the games and about giving the best support they could. I know this sounds cheesy, but it made my day when I managed to help someone out with a really obscure issue, or that I got a compliment on the service I gave.
I left the company to start a job in software development, which I am totally stoked about. And even though I tended to undervalue the job of a customer service representative before working there, I will tell you now that decent agents have pride in their work and from a personal sanity point of view I had to come home and feel good about myself and the best way to do that was knowing that the service I gave is the kind I would hope to be given.
I don't know enough about your particular issue to comment on the real cause, but as the launcher is working fine on my 64 bit win7 installation, it leads me to believe thisis only affecting a minority of those users meaning it could be a very hard one for the developers to track down. However, support requests costs them money and I would imagine people are being appropriately pestered to get it fixed.
Also, keep in mind that for every forum post about that issue, there are likely 10, 20 or maybe a hundred other users with no problem at all and thus haven't posted there. It is one of those unfortunate thing about support forums, you tend to only see the problems and never all the other users with none.
With your use of swear words and capital letters, it's not unreasonable for one to question the rationality of your statements, however, for the benefit of other readers I will say a little more on this.
Even if one were to ignore the difficulty of an employee dealing with all the internal measures against them doing such a thing, there isn't a good enough financial incentive for them to risk a job doing it. No support is outsourced, and as a first world employee, the amount of money they could get from this doesn't even remotely justify the risk to their job. Gold selling in WoW is very low margins making it only worthwhile to third world citizens.
When I left, there were no notification emails for an account being reactivated, as such, unless a friend questions you through other means about being online, you would not be aware your account was activated. Gold sellers use phishing sites, malware and engage an array of other criminal behaviour to hack accounts, as such they are not fussed to use fraudulent credit card details to add game time or even make use of any other scheme they can to get game time on an inactive account.
An experience of a small group of friends does not make a global pattern, wow has millions of players, there is a staggering amount of coincidence as a result. Also, if you and a friend visit some common website which had their password database hacked, then that could very well explain why both of you got hacked around the same time.
Generally, only big companies which have personal details or credit card data actually notify their users of security breaches, a little fan site which only has your email address and password might not even know they got owned, never mind actually tell their users if they found out.
Compromised accounts are nothing but bad news for Blizzard who loses customers, and thus revenue, as a result of them. It is worth it for them to do everything they can to prevent compromises, they have a serious financial motivation for doing so. It doesn't pay Blizzard to be ignorant on their security, it would cost them way more in terms of lost revenue than spending the money to be doing everything they can to keep their side secure.
With the above in mind, what is more likely, there was a failure with Blizzard, or that your username and password combination was unfortunately leaked into the into the hands of hackers.
No one is infallible, not me, not Blizzard and not *you*. However, once one considers how much compromised accounts cost Blizzard, then the only options become that either there really is a somewhat irrational conspiracy and Blizzard is to blame for your compromise, or the more reasonable explanation is that the compromise was completely external of Blizzard.
You are spreading misinformation and creating uncertainty and doubt.
As someone who until recently worked in Blizzard customer support, I can tell you there is absolutely no chance that your account details were leaked from within the company.
Gold sellers are in the business of selling gold for real money, they have a vested interest in compromising accounts in any way they possibly can. Most commonly, people are the victims of phishing scams, but gold sellers try exploit every weakness they can, including: use of malware, zero day software vulnerabilities, trying email passwords they got from hacked websites and forums, use of common passwords between, account sharing, etc. They are *very* determined since they get a paycheck from it at the end of the day.
At this point you are no doubt already thinking of your response in which you will endeavour to explain that it's impossible *you* were compromised in some way and that it *must* be through a fault of Blizzard. I am sorry, but even though you may be too ashamed or proud to admit it, you need to swallow your pride and accept that your account was *in fact* compromised due to a failure on your part with account security and you should carefully evaluate your account security practices or you will be compromised again in a similar way in the future, if not in WoW, then for some other service.
If you choose to believe it couldn't have been your fault, then you are simply in denial and although it may make you may sleep better at night, you are still as insecure as when your account got compromised in the first place.
Blizzard also expends a significant amount of resources addressing compromised accounts and even worse, it's bad PR for them when people are victims, Blizzard has *every* interest in cutting down the number of compromised accounts. This is also demonstrated by them making the mobile authenticator a free download, or the physical token which is available for a nominal fee (less than $10 *including* shipping).
In regards to your account still having not been unbanned after 4 months, there are few explanations. They may have asked you to do a virus scan first and never heard back from you. Sometimes the account management page doesn't get updated until you try log into the game. Or, possibly, but sadly, the agent you dealt with slipped up, they're only human, but it's still exceedingly poor service if that is what happened.
Finally, in regards to your unsubscribed account having game time on it, gold sellers often use free game time promotions or fraudulent means to add game time to inactive accounts.
The way it's worked with both WoW and Starcraft II is that it only affects the particular game licence you were cheating with.
With WoW, you can have multiple WoW licenses on the same Battle.net account. If you cheat on your WoW1 and get banned for it, it does not affect your WoW2 and you can continue playing it.
With Starcraft II, you could put a new authentication key on the same Battle.net which makes it remove your old Starcraft II license and then add the brand new license which would need a new character and likewise achievement and match records are also new and reset.
I suspect Diablo III will work like Starcraft II, you will be able to buy a new copy of the game and use it to overwrite your old license on the same Battle.net account, but your characters and items on the banned Diablo III account are permanently inaccessible.
Blizzard is very practised at this, they have been banning WoW accounts permanently for years and those have *much* bigger time and money investments than any Diablo III account of today.
Blizzard is no doubt fully aware that upholding an incorrect account closure does more harm than good, so most likely they are *very* careful.
If you dislike Diablo III because of the controversial lack of single player, then that is your opinion.
However, this article refers to Blizzard banning cheaters and if you aren't playing the game because you can't cheat, then myself and many other Blizzard fans are quite happy to see you stay away from Blizzard games.
As someone who formerly did customer service for Blizzard, this was one of two kinds of emails.
1. A phishing mail, trying to "scare" you into entering your login details into a fake site. 2. Your account was closed due to it being used by gold farmers for nefarious activities, in which case, *your* computer security practices are laughable.
You conveniently failed to mention that it wasn't as simple as "you could accidentally get more loot than you should", people who exploited this went out their way to do so.
The steps required was something like *all 25 players* had to manually choose to pass on the loot, then having the member who wanted the loot leave and then re-enter the instance.
On top of this, the once per week per boss rule was highly publicised prior to the patch going live and the UI clearly explains this limitation, *everyone* knew it shouldn't be possible, but when the bug was found which allowed them bypass this limitation, some players exploited it for all the could.
Interestingly, no one had their account closed permanently for this, however anyone found involved had their account suspended for a full raid lockout (one week), and had all Raid Finder items removed.
One of the reasons I am a Blizzard fan is their stance on cheating, and I feel they dealt with this very fairly.
I say "Okay, hold on a moment please." I then leave the phone call active, put the phone on my desk or something and do something else until they get bored.
Yes, there are quite a few things to keep in mind for password hashing, when it comes to cryptography and hashing, it's always best to go with solutions which have been thought up by people who are properly familiar with the subject. Only fools try think up their own scheme and don't get it critically reviewed by peers first.
I just bought an HP monochrome laser printer which runs over WiFi, a LaserJet 1102w, I needed it to print out Mathcad assignments and it will also be useful for printing out the occasional online tickets.
A very interesting feature (which was not really promoted) is that the drivers for the printer are on it. Initially I had to plug it in via USB (it has no RJ45 port) to configure the WiFi password and the printer presents itself to Windows as a mass storage device with the drivers on. Once the the WiFi networking was set up, I could access the printer by a web interface, which also has the drivers available for "download" for other clients. Although it came with a CD, never needed it, and never needed to access the internet.
It's little convenient things like this which I am willing to pay for and even though I didn't do a lot of research apart from seeing what my usual online retailer sold and choosing from that, I am exceptionally happy with it. I chose HP because whenever I have worked with them, they always seemed fairly "solid" in terms of reliability and finding drivers on their website has never been a challenge.
As it happens I was recently looking at some mini-ITX options, but for doing a DIY home ADSL router.
My router was giving issues and restarting, so was thinking I might need a new one and was most frustrated to see that when it comes to consumer routers, it's typically hit and miss in terms of reliability, so was thinking of maybe building my own.
My conclusion was that while one could do it with these, they are completely overkill for such an application as they're more geared towards HTPC systems.
Nevertheless, it's still somewhat appealing, I would love to make a DIY router which is powerful enough that it would always be plenty powerful and stable enough that it could handle anything you would want on a home router. I would like things like being able to set up a VPN dial in, tunnels and QoS (I would only be able to affect upstream packets I know, but it would still help as more often than not my latency for games is due to upload bandwidth being starved by stuff like peer to peer).
If I recall, I couldn't see one where I could get a riser PCI slot, fanless set up and built in wifi. I would also need to ensure any built wifi card could behave as an AP.
Another product looked promising, namely routerboards, running routerOS, but I have no idea how good the software is and while I found an occasional PCI ADSL2+ card, could find none for mini-PCI which is all that routerboards could take.
I know I could potentially get a regular ADSL modem connected running in bridged mode connected by a LAN cable, but I would far rather have an all in one box since I would probably already need a GB/s switch, less wires and devices I need, the better.
My router has been stable the last few days though, so haven't looked into it deeper, so for now, not changing anything.
I used to do this a long time ago, but I found I was going against the flow. It felt like a never ending battle of me vs the default set up. And then, any time I sat on a computer with "defaults", I wouldn't be used to it.
It would be fine if I never changed computer, or never needed to re-install the OS, however, any time you used a different computer / OS, you would need to re-organize things, go against the defaults. The other problem I had was that sometimes it was hard to perfectly categorize things.
I used to be an IT techie and can't remember if I changed my habits before or after I got my current job in customer support for a computer game company. Our busiest times are after work when everyone is at home, so that's when we have the most people on shift. They tend to change shifts every now and again to give people a chance at the better work hours, not so often any more, but when I started it was once every 2 months. Because of that, I got very good at deciding what settings are worth customizing. I also got pretty good at making most of my important data roaming friendly.
We don't use windows roaming profiles, but we each have our own personal network space. So, when I sit down at a new computer, I have a quick check list file for what I need to set up on new computer which is something like this: - Change "My Documents" to point to a location on my personal network space - Have Firefox use a profile which is located on my personal network space (I have a.bat file which edits a file for me automatically to set this up with one click). - Set up outlook. - Turn off keyboard layout shortcut keys. We have a multilingual office, so our system images include other language keyboard layouts like French. (Did you know that Ctrl+Shift+Left will change to a different keyboard layout on the fly, and will do it only for that current application which will confuse you even more!) - Turn off accessibility shortcut keys (Yes, I held down shift for 5 seconds because I was thinking about what I wanted to write, not for you to pop up a disruptive dialogue asking if I want to use sticky keys). - Shortcuts in quick launch for applications I use every day. - Installation of in house developed.NET managed and auto updating support tool. - And a few other little tidbits.
I can be up and running in less than 15 minutes on a new computer.
Although, about the start menu thing, at work on WinXP (windows 7 is coming "soon") I use Win+R to bring up the Run box to start things not on my quick launch bar, at home on my Win7 machine I use instant search.
People on here slamming instant search obviously haven't used it. It's really great, at work it's absolutely awesome in outlook, you can search for email by recipient, time, subject or body and have results within seconds. On Windows 7 and Vista, it's really fast on the start menu. Keep in mind that by default it only indexes certain locations like your documents and start menu, to keep the index efficient and fast. It seems to update itself pretty much in real time as you save new files or install new programs.
As for resources it uses up, can't say I feel the pinch at all, then again when I bought my Core i5, I also got 8GB of RAM at the same time as RAM is really pretty cheap these days. I absolutely love my home PC through and through. I use it for games, virtual machines, development, all sorts of stuff.
What the person was doing was illegal and deserves to be punished to the full extent of the law, as they were profiting off other people's work by copying it and then selling it.
However, pirated media *thrives* in a place like South African because luxury goods like imported media is over priced for that economy.
Although certain aspects of South Africa are 3rd world, all the major cities are pretty much first world, as someone presently living in Ireland, and having lived in France, I can tell you that for the middle class South African, their life style isn't radically different, but any luxury item is significantly more expensive relatively speaking.
Salaries are based on the price of living, and in South Africa the price of living is considerably less than places like the the US or UK. To put it in perspective, as per 12 months ago (http://www.oanda.com/currency/big-mac-index), the price of a big mac in USD was $2.70 compared to it costing $3.73 is the US. The cost of living is very much like this, most day to day things cost less, consequently, salaries work the same way, you get paid a bit less in terms of USD, because your money goes further, however, anything luxury, is prices in USD and then converted into the local currency.
So, relatively speaking, for our salaries, we pay a lot more for things like software, music CDs and movies. It's also not just luxury goods, business is also expensive, imagine your copy of Microsoft or Adobe software package always costing ~30% more? Thus it's hardly surprising to see so many people turn to cheaper, but illegal avenues.
Copyright holders annoy me greatly because even though we have this global distribution medium called the internet which should really make borders disappear to all intents and purposes, you still get youtube blocking videos because "this content is not available in your region due to copyright issues" and Netflix can't be used outside the US, however, despite them locking down copyrighted work to regions, they still keep the price of the these works the same in all countries, regardless of economic differences. They then get surprised at the lack of loyalty from their "customers", however, in South African, they're more like "suckers".
After some people I know in the UK on Virgin Media seemed to have latency issues, I did some digging and it seems every few months their traffic shaping appliance incorrectly starts classifying WoW traffic as peer to peer and consequently lag in WoW is in the 1000s of milliseconds.
Any time it breaks, they take days to acknowledge the issue, when they eventually do, it then takes days before the fix is implemented. Despite no other European ISPs having the same issue, they have also had the audacity to claim in the same statement that although the fix will need to be done on Virgin Media's side, that Blizzard is also to blame because they made changes on their end without notifying Virgin Media.
Yes, it could potentially be an excellent teaching tool, it has occurred to me I could potentially make a "tutorial" system built into it, to introduce people to basic redstone concepts and then later different kinds of logic gates and components. The quicker short term solution though is to make a gallery of components.
Right now there are lots of things I need and want to do. At the moment I am working in implementing proper user accounts, so one can find all their own uploaded schematic and also save their own personal options, as configurable options is my next biggest priority. I then plan on implementing importing and copy/pasting which will then be followed by a way to show a gallery of "components" available for import. Sideview editing and more block types is also a huge priority, in fact I have so much planned, but only so much time.
On top of it all, I am cleaning up and refactoring some of the earlier code to make it easier to manage, by myself and possibly others. My job has nothing to do with programming, I have no formal training in it, this is my first attempt at anything in javascript and this is by far away the biggest programming project I have ever undertaken, so there has been *lots* of learning needed along the way, resulting in some less than ideal code at times.
All that being said, it's been an immensely rewarding and fun experience, especially when you see other people get excited about something you have made and making active use of it.
Shameless self promotion here, but since my project exists for some of the same reasons and because it's also in a javascript, I feel it's considered relevant to this article.
It's an an attempt at a schematic editor and simulator for Minecraft's redstone circuitry, written in javascript: http://mordritch.com/mc_rss/#1166
The goal was to make it easy for people to share their ideas or solutions to problems easily on forums, as one can just link directly to schematics. It supports uploading and downloading schematics in a standard format which many existing tools can import into the game's save file.
The reason for doing it in javascript was that people with a few spare minutes, even at places like their work, could look at and play with the schematics, without needing to download the file and open it separately in some program which they may not even have installed. It "just works" on any browser which has support for the canvas HTML element. Although it's not very friendly to them yet as I have made no attempts to optimise it yet, it actually already works to an extent on iOS's Safari and reportedly on Android devices as well.
What I found interesting about the project in the article is that they made it embeddable, something I have already considered for my own simulator. One merely includes a javascript file reference on their forum's HTML, and users on that forum could embed schematics which could be fiddled around with right there in the forum post, in much the same way Youtube videos can be viewed right there in a forum post.
My personal little amateur project is immensely simple by comparison and needs a lot more work, but interesting to see other people have similar ideas.
Slashdot Mirror
Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.
From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.
The thread indicates it may have appeared during WotLK alpha builds and only contains:
- Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included)
- IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers).
- The time the screenshot was taken
I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Of course privacy zealots will say otherwise, but each to their own.
It's not just about features, it's just that it feels like Google properly thought about every aspect of functionality of their chrome for the browser. For example, it took ages for Firefox to implement that tabs don't resize themselves after closing until after you move the mouse away. And even now, the drag handle for the Firefox window is only on the window title area and you still can't use the unused tab area as a window drag handle, where on Chrome it works fine. It's these tiny little details that I really appreciate about Chrome.
That being said, I still love Firefox's awesome bar, works better than Chrome's default address bar by a long shot, if I recall there is a Chrome extension which works the same, I may look into that, but it's not a deal breaker for me.
Country code TLDs are a symptom, not a feature. They come about because local governments want to exert their own control over some aspect of the internet, but really the whole point of the internet is to transcend borders and unite people in a single global network, even if that is a threat to entrenched interests.
I always thought of it as a delegation thing which is really convenient for the users of that country. I can pay in my local currency for a local domain name and deal with a local company, rather than having to deal with dollar exchange rates and US based companies which may have vastly different business hours. It also means that things like trademark disputes can be handled locally, rather than one having to deal with US laws. It's also in the interest of said governments to keep money local (for local only businesses) rather than a constant stream of money trickling from their country to some U.S company for no particularly good reason except that the U.S. kind of got the monopoly.
In fact, if anything I think it's the generic top level domains which messed things up. With the U.S. controlling the internet first, no one really bothered with the .us ccTLD and instead used the "default" top level space, while ccTLDs are effectively 2nd class.
I think a lot of the problems with GLOBAL contention of .com namespace would be much less of a deal if it never existed and like pretty much the rest of the world, US entities used something like .co.us / .com.us.
Of course ccTLDs create their own set of challenges for international businesses, who may feel forced to maintain their domain names in all the countries in which they operate, but it also means that a silly local only mom and pop business in the US wouldn't get the the "default" .com address which is greatly coveted by a multinational, but European only company.
I'm not saying I feel this way myself, but if anyone ever wondered why Americans are often stereotyped as self-centred and oblivious to the fact they are only a part of an international community, it's stuff like this which doesn't help them. However, I acknowledge that DNS and the Internet was originally just an American thing and wasn't initially conceived to service the entire planet, but still, we are living in the world we live in, regardless of the intent or lack there of.
Cool story Mr Anonymous Coward. Believe whatever conspiracy theories that make you feel better about yourself, but fooling yourself into believing this is on Blizzard's side will not stop you getting hacked in the same way the next time you play any online game in which gold sellers can make a profit off hacking accounts.
If your account was used for farming, then it makes sense they waited until you cancelled your sub, that way you wouldn't interrupt their activities.
There are various different gold selling companies with different MOs, some steal gold, others hijack accounts and farm.
Haven't taken much action to remedy it, because, well, frankly I don't mind as I don't have time to play games anymore.
If you're actually never going to play WoW, then fair enough, if there is a chance you will do so at some point in the future, I advise you report it now while they still have logs and can make a record of any damage. If it's reported too late, the logs are gone and there is no chance of item/gold recovery. Reporting compromised accounts is really streamlined and painless, would take you less than 5 minutes to report it through the website.
Mr Anonymous Coward,
I am just someone who happens to be in the know on this subject, trying to inform fellow Slashdotters in general to not fool themselves into thinking they aren't insecure by shifting the blame to where it shouldn't be.
You are welcome to go ahead and convince yourself it *must* be Blizzard at fault here, but that won't magically stop you getting hacked the same way in the future for the next game or service you use unless you fix the real problem.
I was a Blizzard fan for years before working there, a Blizzard fan while working there and still one today, but I am also a hobbyist website developer, before there I worked there I worked as an IT technician, I am a long time Slashdot user and a fellow gamer.
But sure Mr Anonymous Coward, if you and your friends who got hacked sleep better at night being ignorant on their account security practices by believing this, go right ahead, it's not me potentially making myself a future hacking target.
Inherently with any software, there are sometimes bugs which is of course always going to be a frustration for support staff.
While your mileage may vary between the representative you speak to, most of the people I worked with were all passionate about the games and about giving the best support they could. I know this sounds cheesy, but it made my day when I managed to help someone out with a really obscure issue, or that I got a compliment on the service I gave.
I left the company to start a job in software development, which I am totally stoked about. And even though I tended to undervalue the job of a customer service representative before working there, I will tell you now that decent agents have pride in their work and from a personal sanity point of view I had to come home and feel good about myself and the best way to do that was knowing that the service I gave is the kind I would hope to be given.
I don't know enough about your particular issue to comment on the real cause, but as the launcher is working fine on my 64 bit win7 installation, it leads me to believe thisis only affecting a minority of those users meaning it could be a very hard one for the developers to track down. However, support requests costs them money and I would imagine people are being appropriately pestered to get it fixed.
I can offer some very generic advice, almost always, it was background program's or antivirus interfering with the game. Do try a selective startup with nothing else running in the background and see if it helps:
http://us.battle.net/support/en/article/shutting-down-background-applications
Also, keep in mind that for every forum post about that issue, there are likely 10, 20 or maybe a hundred other users with no problem at all and thus haven't posted there. It is one of those unfortunate thing about support forums, you tend to only see the problems and never all the other users with none.
With your use of swear words and capital letters, it's not unreasonable for one to question the rationality of your statements, however, for the benefit of other readers I will say a little more on this.
Even if one were to ignore the difficulty of an employee dealing with all the internal measures against them doing such a thing, there isn't a good enough financial incentive for them to risk a job doing it. No support is outsourced, and as a first world employee, the amount of money they could get from this doesn't even remotely justify the risk to their job. Gold selling in WoW is very low margins making it only worthwhile to third world citizens.
When I left, there were no notification emails for an account being reactivated, as such, unless a friend questions you through other means about being online, you would not be aware your account was activated. Gold sellers use phishing sites, malware and engage an array of other criminal behaviour to hack accounts, as such they are not fussed to use fraudulent credit card details to add game time or even make use of any other scheme they can to get game time on an inactive account.
An experience of a small group of friends does not make a global pattern, wow has millions of players, there is a staggering amount of coincidence as a result. Also, if you and a friend visit some common website which had their password database hacked, then that could very well explain why both of you got hacked around the same time.
Generally, only big companies which have personal details or credit card data actually notify their users of security breaches, a little fan site which only has your email address and password might not even know they got owned, never mind actually tell their users if they found out.
Compromised accounts are nothing but bad news for Blizzard who loses customers, and thus revenue, as a result of them. It is worth it for them to do everything they can to prevent compromises, they have a serious financial motivation for doing so. It doesn't pay Blizzard to be ignorant on their security, it would cost them way more in terms of lost revenue than spending the money to be doing everything they can to keep their side secure.
With the above in mind, what is more likely, there was a failure with Blizzard, or that your username and password combination was unfortunately leaked into the into the hands of hackers.
No one is infallible, not me, not Blizzard and not *you*. However, once one considers how much compromised accounts cost Blizzard, then the only options become that either there really is a somewhat irrational conspiracy and Blizzard is to blame for your compromise, or the more reasonable explanation is that the compromise was completely external of Blizzard.
You are spreading misinformation and creating uncertainty and doubt.
As someone who until recently worked in Blizzard customer support, I can tell you there is absolutely no chance that your account details were leaked from within the company.
Gold sellers are in the business of selling gold for real money, they have a vested interest in compromising accounts in any way they possibly can. Most commonly, people are the victims of phishing scams, but gold sellers try exploit every weakness they can, including: use of malware, zero day software vulnerabilities, trying email passwords they got from hacked websites and forums, use of common passwords between, account sharing, etc. They are *very* determined since they get a paycheck from it at the end of the day.
At this point you are no doubt already thinking of your response in which you will endeavour to explain that it's impossible *you* were compromised in some way and that it *must* be through a fault of Blizzard. I am sorry, but even though you may be too ashamed or proud to admit it, you need to swallow your pride and accept that your account was *in fact* compromised due to a failure on your part with account security and you should carefully evaluate your account security practices or you will be compromised again in a similar way in the future, if not in WoW, then for some other service.
If you choose to believe it couldn't have been your fault, then you are simply in denial and although it may make you may sleep better at night, you are still as insecure as when your account got compromised in the first place.
Blizzard also expends a significant amount of resources addressing compromised accounts and even worse, it's bad PR for them when people are victims, Blizzard has *every* interest in cutting down the number of compromised accounts. This is also demonstrated by them making the mobile authenticator a free download, or the physical token which is available for a nominal fee (less than $10 *including* shipping).
In regards to your account still having not been unbanned after 4 months, there are few explanations. They may have asked you to do a virus scan first and never heard back from you. Sometimes the account management page doesn't get updated until you try log into the game. Or, possibly, but sadly, the agent you dealt with slipped up, they're only human, but it's still exceedingly poor service if that is what happened.
Finally, in regards to your unsubscribed account having game time on it, gold sellers often use free game time promotions or fraudulent means to add game time to inactive accounts.
The way it's worked with both WoW and Starcraft II is that it only affects the particular game licence you were cheating with.
With WoW, you can have multiple WoW licenses on the same Battle.net account. If you cheat on your WoW1 and get banned for it, it does not affect your WoW2 and you can continue playing it.
With Starcraft II, you could put a new authentication key on the same Battle.net which makes it remove your old Starcraft II license and then add the brand new license which would need a new character and likewise achievement and match records are also new and reset.
I suspect Diablo III will work like Starcraft II, you will be able to buy a new copy of the game and use it to overwrite your old license on the same Battle.net account, but your characters and items on the banned Diablo III account are permanently inaccessible.
Blizzard is very practised at this, they have been banning WoW accounts permanently for years and those have *much* bigger time and money investments than any Diablo III account of today.
Blizzard is no doubt fully aware that upholding an incorrect account closure does more harm than good, so most likely they are *very* careful.
If you dislike Diablo III because of the controversial lack of single player, then that is your opinion.
However, this article refers to Blizzard banning cheaters and if you aren't playing the game because you can't cheat, then myself and many other Blizzard fans are quite happy to see you stay away from Blizzard games.
As someone who formerly did customer service for Blizzard, this was one of two kinds of emails.
1. A phishing mail, trying to "scare" you into entering your login details into a fake site.
2. Your account was closed due to it being used by gold farmers for nefarious activities, in which case, *your* computer security practices are laughable.
You conveniently failed to mention that it wasn't as simple as "you could accidentally get more loot than you should", people who exploited this went out their way to do so.
The steps required was something like *all 25 players* had to manually choose to pass on the loot, then having the member who wanted the loot leave and then re-enter the instance.
On top of this, the once per week per boss rule was highly publicised prior to the patch going live and the UI clearly explains this limitation, *everyone* knew it shouldn't be possible, but when the bug was found which allowed them bypass this limitation, some players exploited it for all the could.
Interestingly, no one had their account closed permanently for this, however anyone found involved had their account suspended for a full raid lockout (one week), and had all Raid Finder items removed.
One of the reasons I am a Blizzard fan is their stance on cheating, and I feel they dealt with this very fairly.
I say "Okay, hold on a moment please." I then leave the phone call active, put the phone on my desk or something and do something else until they get bored.
I'm in Cork, Ireland. Maybe it's a US thing.
Yes, there are quite a few things to keep in mind for password hashing, when it comes to cryptography and hashing, it's always best to go with solutions which have been thought up by people who are properly familiar with the subject. Only fools try think up their own scheme and don't get it critically reviewed by peers first.
I use this for my PHP projects:
http://www.openwall.com/phpass/
I'm not clever enough to know for sure it's sound, but I am fairly confident it is based on the technical explanation on the website.
I just bought an HP monochrome laser printer which runs over WiFi, a LaserJet 1102w, I needed it to print out Mathcad assignments and it will also be useful for printing out the occasional online tickets.
A very interesting feature (which was not really promoted) is that the drivers for the printer are on it. Initially I had to plug it in via USB (it has no RJ45 port) to configure the WiFi password and the printer presents itself to Windows as a mass storage device with the drivers on. Once the the WiFi networking was set up, I could access the printer by a web interface, which also has the drivers available for "download" for other clients. Although it came with a CD, never needed it, and never needed to access the internet.
It's little convenient things like this which I am willing to pay for and even though I didn't do a lot of research apart from seeing what my usual online retailer sold and choosing from that, I am exceptionally happy with it. I chose HP because whenever I have worked with them, they always seemed fairly "solid" in terms of reliability and finding drivers on their website has never been a challenge.
As it happens I was recently looking at some mini-ITX options, but for doing a DIY home ADSL router.
My router was giving issues and restarting, so was thinking I might need a new one and was most frustrated to see that when it comes to consumer routers, it's typically hit and miss in terms of reliability, so was thinking of maybe building my own.
My conclusion was that while one could do it with these, they are completely overkill for such an application as they're more geared towards HTPC systems.
Nevertheless, it's still somewhat appealing, I would love to make a DIY router which is powerful enough that it would always be plenty powerful and stable enough that it could handle anything you would want on a home router. I would like things like being able to set up a VPN dial in, tunnels and QoS (I would only be able to affect upstream packets I know, but it would still help as more often than not my latency for games is due to upload bandwidth being starved by stuff like peer to peer).
If I recall, I couldn't see one where I could get a riser PCI slot, fanless set up and built in wifi. I would also need to ensure any built wifi card could behave as an AP.
Another product looked promising, namely routerboards, running routerOS, but I have no idea how good the software is and while I found an occasional PCI ADSL2+ card, could find none for mini-PCI which is all that routerboards could take.
I know I could potentially get a regular ADSL modem connected running in bridged mode connected by a LAN cable, but I would far rather have an all in one box since I would probably already need a GB/s switch, less wires and devices I need, the better.
My router has been stable the last few days though, so haven't looked into it deeper, so for now, not changing anything.
I used to do this a long time ago, but I found I was going against the flow. It felt like a never ending battle of me vs the default set up. And then, any time I sat on a computer with "defaults", I wouldn't be used to it.
It would be fine if I never changed computer, or never needed to re-install the OS, however, any time you used a different computer / OS, you would need to re-organize things, go against the defaults. The other problem I had was that sometimes it was hard to perfectly categorize things.
I used to be an IT techie and can't remember if I changed my habits before or after I got my current job in customer support for a computer game company. Our busiest times are after work when everyone is at home, so that's when we have the most people on shift. They tend to change shifts every now and again to give people a chance at the better work hours, not so often any more, but when I started it was once every 2 months. Because of that, I got very good at deciding what settings are worth customizing. I also got pretty good at making most of my important data roaming friendly.
We don't use windows roaming profiles, but we each have our own personal network space. So, when I sit down at a new computer, I have a quick check list file for what I need to set up on new computer which is something like this: .bat file which edits a file for me automatically to set this up with one click). .NET managed and auto updating support tool.
- Change "My Documents" to point to a location on my personal network space
- Have Firefox use a profile which is located on my personal network space (I have a
- Set up outlook.
- Turn off keyboard layout shortcut keys. We have a multilingual office, so our system images include other language keyboard layouts like French. (Did you know that Ctrl+Shift+Left will change to a different keyboard layout on the fly, and will do it only for that current application which will confuse you even more!)
- Turn off accessibility shortcut keys (Yes, I held down shift for 5 seconds because I was thinking about what I wanted to write, not for you to pop up a disruptive dialogue asking if I want to use sticky keys).
- Shortcuts in quick launch for applications I use every day.
- Installation of in house developed
- And a few other little tidbits.
I can be up and running in less than 15 minutes on a new computer.
Although, about the start menu thing, at work on WinXP (windows 7 is coming "soon") I use Win+R to bring up the Run box to start things not on my quick launch bar, at home on my Win7 machine I use instant search.
People on here slamming instant search obviously haven't used it. It's really great, at work it's absolutely awesome in outlook, you can search for email by recipient, time, subject or body and have results within seconds. On Windows 7 and Vista, it's really fast on the start menu. Keep in mind that by default it only indexes certain locations like your documents and start menu, to keep the index efficient and fast. It seems to update itself pretty much in real time as you save new files or install new programs.
As for resources it uses up, can't say I feel the pinch at all, then again when I bought my Core i5, I also got 8GB of RAM at the same time as RAM is really pretty cheap these days. I absolutely love my home PC through and through. I use it for games, virtual machines, development, all sorts of stuff.
What the person was doing was illegal and deserves to be punished to the full extent of the law, as they were profiting off other people's work by copying it and then selling it.
However, pirated media *thrives* in a place like South African because luxury goods like imported media is over priced for that economy.
Although certain aspects of South Africa are 3rd world, all the major cities are pretty much first world, as someone presently living in Ireland, and having lived in France, I can tell you that for the middle class South African, their life style isn't radically different, but any luxury item is significantly more expensive relatively speaking.
Salaries are based on the price of living, and in South Africa the price of living is considerably less than places like the the US or UK. To put it in perspective, as per 12 months ago (http://www.oanda.com/currency/big-mac-index), the price of a big mac in USD was $2.70 compared to it costing $3.73 is the US. The cost of living is very much like this, most day to day things cost less, consequently, salaries work the same way, you get paid a bit less in terms of USD, because your money goes further, however, anything luxury, is prices in USD and then converted into the local currency.
So, relatively speaking, for our salaries, we pay a lot more for things like software, music CDs and movies. It's also not just luxury goods, business is also expensive, imagine your copy of Microsoft or Adobe software package always costing ~30% more? Thus it's hardly surprising to see so many people turn to cheaper, but illegal avenues.
Copyright holders annoy me greatly because even though we have this global distribution medium called the internet which should really make borders disappear to all intents and purposes, you still get youtube blocking videos because "this content is not available in your region due to copyright issues" and Netflix can't be used outside the US, however, despite them locking down copyrighted work to regions, they still keep the price of the these works the same in all countries, regardless of economic differences. They then get surprised at the lack of loyalty from their "customers", however, in South African, they're more like "suckers".
After some people I know in the UK on Virgin Media seemed to have latency issues, I did some digging and it seems every few months their traffic shaping appliance incorrectly starts classifying WoW traffic as peer to peer and consequently lag in WoW is in the 1000s of milliseconds.
See this ongoing thread:
http://community.virginmedia.com/t5/Fibre-optic-broadband-cable/World-of-Warcraft-Latency-Issues/td-p/167089/page/39
Any time it breaks, they take days to acknowledge the issue, when they eventually do, it then takes days before the fix is implemented. Despite no other European ISPs having the same issue, they have also had the audacity to claim in the same statement that although the fix will need to be done on Virgin Media's side, that Blizzard is also to blame because they made changes on their end without notifying Virgin Media.
Yes, it could potentially be an excellent teaching tool, it has occurred to me I could potentially make a "tutorial" system built into it, to introduce people to basic redstone concepts and then later different kinds of logic gates and components. The quicker short term solution though is to make a gallery of components.
Right now there are lots of things I need and want to do. At the moment I am working in implementing proper user accounts, so one can find all their own uploaded schematic and also save their own personal options, as configurable options is my next biggest priority. I then plan on implementing importing and copy/pasting which will then be followed by a way to show a gallery of "components" available for import. Sideview editing and more block types is also a huge priority, in fact I have so much planned, but only so much time.
On top of it all, I am cleaning up and refactoring some of the earlier code to make it easier to manage, by myself and possibly others. My job has nothing to do with programming, I have no formal training in it, this is my first attempt at anything in javascript and this is by far away the biggest programming project I have ever undertaken, so there has been *lots* of learning needed along the way, resulting in some less than ideal code at times.
All that being said, it's been an immensely rewarding and fun experience, especially when you see other people get excited about something you have made and making active use of it.
Shameless self promotion here, but since my project exists for some of the same reasons and because it's also in a javascript, I feel it's considered relevant to this article.
It's an an attempt at a schematic editor and simulator for Minecraft's redstone circuitry, written in javascript: http://mordritch.com/mc_rss/#1166
The goal was to make it easy for people to share their ideas or solutions to problems easily on forums, as one can just link directly to schematics. It supports uploading and downloading schematics in a standard format which many existing tools can import into the game's save file.
The reason for doing it in javascript was that people with a few spare minutes, even at places like their work, could look at and play with the schematics, without needing to download the file and open it separately in some program which they may not even have installed. It "just works" on any browser which has support for the canvas HTML element. Although it's not very friendly to them yet as I have made no attempts to optimise it yet, it actually already works to an extent on iOS's Safari and reportedly on Android devices as well.
What I found interesting about the project in the article is that they made it embeddable, something I have already considered for my own simulator. One merely includes a javascript file reference on their forum's HTML, and users on that forum could embed schematics which could be fiddled around with right there in the forum post, in much the same way Youtube videos can be viewed right there in a forum post.
My personal little amateur project is immensely simple by comparison and needs a lot more work, but interesting to see other people have similar ideas.