EPTAlso sux that blizz was accessed. Can't put too much blame, not all companies can be permanently on the ball.
Well touche to this guy. I went on, but IDK what I'd want to change.
Blizzard Security Breach - Page 9
| Forum Index > SC2 General |
|
Bippzy
United States1466 Posts
Also sux that blizz was accessed. Can't put too much blame, not all companies can be permanently on the ball. Well touche to this guy. I went on, but IDK what I'd want to change. | ||
|
crawlingchaos
Canada2025 Posts
This just reminds me that I ALWAYS forget the answers my the security questions -_- | ||
|
JJH777
United States4406 Posts
| ||
|
AnachronisticAnarchy
United States2957 Posts
Also stupid, unless he doesn't want to play SC2 anymore. He probably forgot that we can do more than just bomb his MMR, such as changing his password and information. | ||
|
Integra
Sweden5626 Posts
On August 10 2012 09:11 Corrosive wrote: Stuff like this happens often to companies like this. As long as blizzard didn't store everything in plaintext like Sony did, everything should be fine. If you want to see how long it would take your password to be cracked check this out http://howsecureismypassword.net/ according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that. | ||
|
FryktSkyene
United States1327 Posts
On August 10 2012 10:16 Integra wrote: according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that. wow | ||
|
Psychonian
United States2322 Posts
God damn it blizzard there is no end of problems with your sites. | ||
|
Wuster
1974 Posts
On August 10 2012 09:55 delHospital wrote: But seriously, what is the reason for taking such a long time? 1 business week isn't all that long. What they said is pretty reasonable at face value. After all, the PSN mess was exacerbated by them claiming that no personal data was lost, then no financial data was lost, then 'actually they got everything'. That's not just bad PR, it also prevents customers from actually doing anything about the security breach in a timely manner (unless they just didn't trust PSN's everything's fine message, which why not, doesn't hurt to be extra safe). If Blizzard knew that sensitive data was compromised, then that's something you can just say. But if you're affirming that no sensitive data was compromised, you'd better be damned sure before you say anything. Plus, it's entirely possible that they were busy closing security breaches and just didn't get around to checking what was stolen until after the fact, after all you have to stop the problem rather than make press releases. Not to mention it would probably take a company as large as blizzard a non-trivial amount of time to verify what was and was not accessed by the hackers. | ||
|
Alakaslam
United States17336 Posts
On August 10 2012 09:11 Corrosive wrote: Stuff like this happens often to companies like this. As long as blizzard didn't store everything in plaintext like Sony did, everything should be fine. If you want to see how long it would take your password to be cracked check this out http://howsecureismypassword.net/ Thanks! 63 million years. I'm good XD Edit: bank acc is good against 38 septillion years worth of a desktop. Good to know. Thing is, how much time would 5 servers crunching in tandem save? | ||
|
MVega
763 Posts
On August 10 2012 10:27 Psychonian wrote: ffs God damn it blizzard there is no end of problems with your sites. I think in the last 10~ years of playing Blizzard games the only issues I had with their out of game stuff was this, which I understand happening as it's happened to several larger corporations in the last couple years, and battle.net emails would get lost routinely several years back. Their website is down for maintenance a lot, but that's not usually problematic. Sometimes they have what feels like excessive downtime on the games. What problems with their sites are you running into? O.o | ||
|
Bayyne
United States1967 Posts
I did also change my password as soon as I heard about this incident as there really is no pressing reason not to. | ||
|
oxxo
988 Posts
On August 10 2012 10:08 JJH777 wrote: Lol I'm glad this happened after all the blind fanboys were saying THERE WAS ABSOLUTELY NO WAY the huge amount of D3 accounts getting hacked was a problem on blizzard's end. Did you even read the announcement? This has nothing to do with the D3 accounts. They got encrypted passwords. Not only that, there's no way for the hackers to know who had D3 or not. They couldn't pick and choose D3 accounts with this stolen information. Only D3 accounts start getting stolen right after release? Far more likely that people are clicking stuff they shouldn't be. | ||
|
ggrrg
Bulgaria2716 Posts
On August 10 2012 10:16 Integra wrote: according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that. I feel like you're somewhat overdoing it ^^ Do you really feel like typing 29 characters just to enter bnet? According to that website my bnet password is crackable in 19 seconds... I use this password for most stuff I don't care about. But my "secure" password feels somewhat weak, too. 345k years for a regular desktop... I guess it's time to add a number and a special character. | ||
|
Alakaslam
United States17336 Posts
On August 10 2012 10:34 ggrrg wrote: I feel like you're somewhat overdoing it ^^ Do you really feel like typing 29 characters just to enter bnet? According to that website my bnet password is crackable in 19 seconds... I use this password for most stuff I don't care about. But my "secure" password feels somewhat weak, too. 345k years for a regular desktop... I guess it's time to add a number and a special character. Pick a random year. There's four numbers. Then sum up what that year is to you in a few words. Example: 1972lotof$$GAS would take 2 billion. Granted mine is 25+ characters but that's my bank acc! Sc2 is still over 16 though. | ||
|
ulan-bat
China403 Posts
On August 10 2012 10:34 ggrrg wrote: I feel like you're somewhat overdoing it ^^ Do you really feel like typing 29 characters just to enter bnet? According to that website my bnet password is crackable in 19 seconds... I use this password for most stuff I don't care about. But my "secure" password feels somewhat weak, too. 345k years for a regular desktop... I guess it's time to add a number and a special character. Please just don't use the same password on every site, that's it. Even if your password takes trillions years to decipher, things like key-loggers or someone behind you at a cafe or any over mean of getting your ULTIMATE PASSWORD would just wreck your world. At least use "base password+last letters of the site's url", or something. | ||
|
robjapan
Japan104 Posts
The whole of Japan can not access battle.net | ||
|
Ganondorf
Italy600 Posts
Unless there's a hack to send password hashes directly, they will crack the simplest and most common passwords. Instead of decrypting the hashes, they will encrypt a vocabulary of most commonly used passwords and find the ones with the same hash. So, if you're password wasn't secure, there's a good chance it's compromised. I'm in Europe so according to Blizzard nothing from there was compromised except emails (still bad if i'll get phishing emails now). | ||
|
entropius
United States1046 Posts
On August 10 2012 10:53 Ganondorf wrote: Was about to type my password on that site that measures how safe it is, but if i type on such a random site, doesn't it make much less safe ? :D Unless there's a hack to send password hashes directly, they will crack the simplest and most common passwords. Instead of decrypting the hashes, they will encrypt a vocabulary of most commonly used passwords and find the ones with the same hash. So, if you're password wasn't secure, there's a good chance it's compromised. I'm in Europe so according to Blizzard nothing from there was compromised except emails (still bad if i'll get phishing emails now). That site just downloads a Javascript code on your computer that does the math on your end; your password's never transmitted across the network. | ||
|
Sir.Kimmel
United States785 Posts
On August 10 2012 10:16 Integra wrote: according to this website it will take them 40 undecillion years or in numbers:40,464,702,078,891,060,000,000,000,000,000,000,000 years to crack my password... goodluck with that. This takes into account a basic desktop server..... which can do roughly I think 25k passwords a second with standard bruteforcing it really depends... while our system at work using 4 gpus (mmm cuda) can do 1.7 billion a second... there are custom password cracking machines such as Reliks which does 25 billion a second http://www.hackingtheuniverse.com/infosec/tools/gpu-password-cracking Now... yes brute forcing takes forever, and its not the most effective, the most effective way is to use rainbow tables... so a standard 8-14 character password can be cracked relatively quickly usually between 5-10 minutes... so while these websites are nice and give decent ideas.. the numbers are completely wrong... but remember .. when creating passwords.. complexity is important but the most important aspect of creating a password is length... the difference between 14 characters and 18 characters is exponential... (30 minutes to 3 months)... I always recommend using a passphrase... something simple like H! my name is Johny Mc Johnson and I am 24 years old simple to remember... hardddddd to crack unless u have a specifically tuned list | ||
|
sapht
Sweden141 Posts
On August 10 2012 10:53 Ganondorf wrote: Unless there's a hack to send password hashes directly, they will crack the simplest and most common passwords. Instead of decrypting the hashes, they will encrypt a vocabulary of most commonly used passwords and find the ones with the same hash. So, if you're password wasn't secure, there's a good chance it's compromised. Not if there's a salt, which there should be, considering that they actually thought about password security and didn't store them in plaintext. Assuming the salt wasn't compromised. I kinda expected this to happen so I used a unique password for bnet. 1 point for me. | ||
| ||
