EPTOn August 10 2012 07:42 mataxp wrote:
As a PSN user, dejá vu
As a PSN user, dejá vu
loooool. Same here.... /fml
Blizzard Security Breach - Page 14
| Forum Index > SC2 General |
|
Trasko
Sweden983 Posts
loooool. Same here.... /fml | ||
|
Deleted User 101379
4849 Posts
I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen. Well, at least on the other hand it shows me that some other companies are as bad as the one i work for. | ||
|
Aterons_toss
Romania1275 Posts
But yeah, they are to incompetent to build an anti hack for there game and now they can't even protect customer info... Are there no good gaming companies left out there ? When you start failing at game design that's one, when you fail at protecting customer info and not fixing bug that's another thing. Oh well, CD projekt red for new blizzard ? | ||
|
imJealous
United States1382 Posts
On August 10 2012 16:48 Morfildur wrote: Every month another company loses customer data, when will this trend stop? I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen. Well, at least on the other hand it shows me that some other companies are as bad as the one i work for. + trick for the win  I don't think you can call it a trend though, hackers finding a way in is like a fact of life. | ||
|
windzor
Denmark1013 Posts
On August 10 2012 16:43 RoberP wrote: If the passwords they stole are encrypted, the chances of breaking the cypher on an 8 letter password are about zero. They'd be better off just trying to guess your password ^^. Still worth changing the secret question though. Actually wrong. It depends on what kind of hashed passwords they got. Seeing as they mention SRP i guess the hacker was eavesdropping the login information in that protocol, or else it makes no sense for blizzard to mention the protocol. If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared. But my money is still on the eavesdropping of the SRP which means blizzards security office isn't fired this time around. | ||
|
malaan
365 Posts
| ||
|
Rannasha
Netherlands2398 Posts
On August 10 2012 17:02 windzor wrote: If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared. MD5 hasn't been the "standard way of hashing passwords" for years now. Some websites with terrible security may still use it, but anyone who knows anything about securing a system will have moved away from MD5 a long time ago. | ||
|
multiversed
United States233 Posts
| ||
|
Eisregen
Germany967 Posts
They can spam my email if they want to, will bore me ^^ | ||
|
MaV_gGSC
Canada1345 Posts
| ||
Ragnarork
France9034 Posts
On August 10 2012 16:48 Morfildur wrote: Every month another company loses customer data, when will this trend stop? I use unique email adresses for everything i register to and it's funny to see new spam popping up all the time. The worst offenders are my sc2replayed@, buffed@ and startrekonline@ adresses, it got so annoying that i started blocking those completely since i stopped using those month before i started getting spam. I guess my blizzard[1-3]@ adresses will be next for the spam flood. I hope i'll never see the day where i have to block teamliquid@... but well, this site is protected by a wizard so it's unlikely to happen. Well, at least on the other hand it shows me that some other companies are as bad as the one i work for. It won't... I see one main reason for that (though I'm sure that there are more than one, I'm not sure which...) The fact that companies sometimes overlook security to gain efficiency is playing a role. I think you know what happened with LinkedIn and the leaked hashed password, they were hashed with SHA1 without what we call a "salt" (a random sequence of numbers/letters attached to the hash of the password in order to make this hash unique, even for 2 identical passwords). SHA1 is a hashing algorithm that we know since 2005 that it has security flaws ( for those interested in the details : http://en.wikipedia.org/wiki/SHA-1). Not adding a salt to the hashs also makes the security very weak. This weak security can be seen (personal opinion there) as either linkedIn wanting a fast encryption method, or plain stupidity. Moreover, those password were stolen thanks to an SQL injection, a common security flaw that is now known for a long time. Since we still have in 2012 companies that overlook security to gain efficiency, or just by plain stupidity, it won't help stopping this trend. I don't know if you remember Lulzsec, but they weren't "that" good as hackers. They just found very simple security breaches in companies that were quite carefree BEFORE being targeted by hackers. Today, any website that isn't secured against SQL injection is vulnerable to very simple (and easy to find) intrusive methods... Then, I don't think Blizzard was quite lazy, but a thing they say in the FAQ is that being a huge company on the internet makes you a target tested and tested again on security, either by Black hats or (unofficial) white hats (that first crack, and then contact the company to reveal the flaw). | ||
|
Jinsho
United Kingdom3101 Posts
| ||
|
klo8
Austria1960 Posts
On August 10 2012 17:02 windzor wrote: Actually wrong. It depends on what kind of hashed passwords they got. Seeing as they mention SRP i guess the hacker was eavesdropping the login information in that protocol, or else it makes no sense for blizzard to mention the protocol. If it was the actual database of the passwords, which might be because they got hold of other account information, the standard way of hashing passwords was considered broken by the author 2 months ago. Then blizzard should have be scared. But my money is still on the eavesdropping of the SRP which means blizzards security office isn't fired this time around. MD5 has been considered unsafe for a long while now. Already in 1996, a researcher wrote: "The presented attack does not yet threaten practical applications of MD5, but it comes rather close ... in the future MD5 should no longer be implemented...where a collision-resistant hash function is required." And in 2005: Later that year, MD5's designer Ron Rivest wrote, "md5 and sha1 are both clearly broken (in terms of collision-resistance)." I guess, the point is: Don't use MD5 (or SHA1, or any hash function that you can evaluate very quickly) for hashing passwords, not even a salt value will help you out because MD5 is broken. Use Bcrypt or something similar instead. | ||
|
teamamerica
United States958 Posts
| ||
|
XiWi
11 Posts
| ||
|
ChemBroTron
Germany194 Posts
On August 10 2012 16:48 Morfildur wrote: Every month another company loses customer data, when will this trend stop? This will never end and it is not a trend, it is a criminal act. The question is: how save were for example the passwords stored. Save (like Blizzard says for itself, but better change the password for more safety) or unsave (like Sony/PSN). | ||
|
seiferoth10
3362 Posts
| ||
|
Ragnarork
France9034 Posts
| ||
|
GabrielB
Brazil594 Posts
On August 10 2012 17:41 Ragnarork wrote: By the way I'm a bit confused. How can they say that, with the hackers possessing E-Mails AND security questions' answers, the accounts are safe... ? (Well, even before changing the answer...) I'm not sure how it works on Blizzard, but some sites ask for your email and the answer for your security question. If you provide them correctly, they send you an email with a link to reset your password. So the hacker would still need access to your email. | ||
|
multiversed
United States233 Posts
| ||
| ||
