Asking a newbie to get D3 to run on a linux distro without explaining the complications of wine........

Although, if a newbie really does try it, it would be interesting to see the tears of frustration and rage.

You know, I see alot of posts being thrown around about some super hackers and some equally strange pieces of advice to avoid being hacked. As somebody who has been lucky enough to avoid these misfortunes, there are a few rules to adhere to.

Basic principle to avoid being hacked socially engineered

1. Emails. Don't click the links in them! Yes you just won a trip to Blizzard City but calm down and verify by independently going to your account. Some of you would be surprised how many people actually fall for this.
2. Passwords. Its not about password complexity. Its about password repetition. So many people use the same password or variation of the same password. Ironically, a notebook and a pen is a better password manager than any other digital locker.
3. Usernames are just as bad. People use the same username for everything. For example, xXHackMeXx@hotmail.com is attached to a xXHackMeXx at forum.suckerd3user.com and is also attached to a battlenet account.
4. Networks. ok, this is a little more technical. Public wireless networks, public VPN-s or proxies all are dangerous. So next time you sit at Starbucks on their public wifi showing off your Macbook, somebody is sniffing all the traffic on that wireless network.

Most of the time, its the small things that get you hacked, rather than your computer being compromised. And for god's sake, get an authenticator.

It just means that you are easier to track.

Err... I'm guilty of sniffing in public places too. Sometimes, waiting for ppl and I have laptop in hand so just busybody and see what ppl are doing.

I don't want to sound like a fanboi but on a balance of probabilities, it is far more likely that the account was compromised from the end user's side. However, I am somewhat curious about the state of Blizzard security now.

I really feel for you man. I am starting to think its more than just end user compromise. If its a session hijack, then this is really serious. Who want to play with me while I packet sniff? I'm curious.

Hmm, the high occurrence of hacking complains seems to suggest something is up. I think this has officially gone beyond end user compromise. Its really quite disturbing.

This doesn't sound like a session hijack. More keylogger/engineered type of compromise

Interstingly, last night, after dinner I realized I had about an hour or so of free time. So I decided to boot up my D3. After patching, I logged in with my username, password and then mobile authenticator (set to ask every log in) only to be greeted with a "your account is locked...... unusual activity" message.

Man, that was annoying. So I went to the Bnet website and then proceeded to initiate a new password. Armed with a new password, I logged back in and everythign was in place. The only thing I want to know is, what exactly was the "unusual activity"?

Perhaps. Its quite worrying because my passwords are unique and should not be cracked easily. Also, doesn't Bliz have a limit to login attempts? That should stop brute forcing.

Oh also, basic password generation technique.



This post has been edited by farkinid: Jun 8 2012, 09:58 AM

If anybody is still interested, an interesting story on account compromise.

http://blogs.avg.com/news-threats/chatted-hacker-virus/