Also hacked

Blizzhackers were reverse engineering logins and sessions back in december. Maybe they finally made it a reality.

"

gw_epyon wrote:

Blizzhackers were reverse engineering logins and sessions back in december. Maybe they finally made it a reality.

You literally just made that up. You can't steal a game session, that's not the way the internet works.

I'll pm you a link to the topic if you'd like. I'm sure you'll just pretend I'm trying to phish you though so feel free to ignore it.

They are probably reverse engineering that to make an emulated server, not to hijack sessions. PoE uses standard SSL or TLS encryption, implemented by millions of other sites web services. Chris (the lead developer) is also a software security guru.

"

ionface wrote:

They are probably reverse engineering that to make an emulated server, not to hijack sessions. PoE uses standard SSL or TLS encryption, implemented by millions of other sites web services. Chris (the lead developer) is also a software security guru.

I'd definitely agree with the intended use of what they're finding out...but most big hacks they have developed have started by sniffing packets and injecting their own. If there is no deterrent against this early on, then holes will be found quickly.

"

gw_epyon wrote:

I'll pm you a link to the topic if you'd like. I'm sure you'll just pretend I'm trying to phish you though so feel free to ignore it.

I looked at it, funny enough how you visit blizzhackers, probably explains how you got hacked.

Because you don't understand what the dev is talking about, I will break it down to something pretty simple. He said you needed to start a network capture - to steal a session this is correct. Here is the tricky part - you need everything, not just a packet or two. You would have to be sitting somewhere where you can grab all the traffic and modify it in real time to steal a session. Pretty much a technological impossibility, not to mention you would either have to be sitting on the entrance node that GGG uses to get on the internet, or have access to everything the ISP sends to the victim. Good luck with that. The dev isn't talking about stealing accounts, though I wouldn't be surprised if he was looking for something to exploit.

If you want to play with the big boys, do your homework.

"

Lask001 wrote:

If you want to play with the big boys, do your homework.

why were some of us able to log into/onto others' accounts? are we leet hackers? or was there something wrong with (gasp)GGG Authentication servers.

all i see you do is talk. talk on that.

"

Lask001 wrote:

"

gw_epyon wrote:

I'll pm you a link to the topic if you'd like. I'm sure you'll just pretend I'm trying to phish you though so feel free to ignore it.

I looked at it, funny enough how you visit blizzhackers, probably explains how you got hacked.

Because you don't understand what the dev is talking about, I will break it down to something pretty simple. He said you needed to start a network capture - to steal a session this is correct. Here is the tricky part - you need everything, not just a packet or two. You would have to be sitting somewhere where you can grab all the traffic and modify it in real time to steal a session. Pretty much a technological impossibility, not to mention you would either have to be sitting on the entrance node that GGG uses to get on the internet, or have access to everything the ISP sends to the victim. Good luck with that. The dev isn't talking about stealing accounts, though I wouldn't be surprised if he was looking for something to exploit.

If you want to play with the big boys, do your homework.

I love that insinuation. Didn't get hacked btw. Also, the reason you "know" what you know is because you visit similar sites to stay current...as do I. If I notice someone doing something I've never seen before in a game, I go there first to see what it is. Knowing your enemy is the best defense.

Anyway. I see your style of debate and I'm not going to get caught up in it. I sincerely hope you're right, though.

are ionface and Lask001 underage relatives of some devs? Or really really needy mods in disguise? It's apparent from your posts that you are completely ignorant when it comes to security matters, and yet you post with a religious enthusiasm usually reserved for Bieber fans on Youtube! Seriously.