LATEST CHATTY HEADER
Subscribe to Shacknews Mercury starting at $1/month!
Chrome Shack Community Guidelines Chatty Search
Scroll down to join the conversation.
New to Shacknews? Signup for a Free Account
Already have an account? Login Now
Subscribe to Shacknews Mercury starting at $1/month!
Chrome Shack Community Guidelines Chatty Search
Scroll down to join the conversation.
I've canceled my StarCraft 2 pre-order. It makes me sad Blizzard is take ing this stance on crushing trolls.
I've changed my pre-order over to FFXIV instead. Any other FF Shacker fanboi out there going to join me?
Thread Truncated. Click to see all 302 replies.
Someone posts on the forums. Their name is Dan Smith.
http://www.google.com/#hl=en&q=dan+smith+site%3Afacebook.com
Cool. Umm... shit, that's a lot of people. Okay, let's assume we only get one.
Now we need to know the e-mail address associated with the battle.net account.
Can't get contact information from a public facebook page, unless the person has downgraded their security settings. Shit, well.. let's assume they've done that.
Great, you now have an e-mail address. Possibly. Since they've downgraded security, you also have access to everything they post. You now have to assume their password is something easily related to their life, but you have all of their interests, names, birthdays, pet's names, etc. to plow through. You're also assuming the password is a word on the facebook page.
Okay, assume that's true. You build a script to pull all of the information off of this facebook page and try it as the person's password. Congratulations! You now have access to their account, assuming, of course, all of the assumptions above held true.
Want to know the funny thing?
Here are a few ways it's currently done :
- Post a link on the forums that points to a site you control, that looks & feels exactly like the blizzard login page. Person enters the information directly, and you have the l/p.
- Search the internet for the character name the person is posting under to find other forums they post to (ex: guild forums). Many of these are using old versions of messageboards with known exploits, or ridiculously insecure settings. Grab the person's e-mail and forum password. At least 50% of the time, it'll match their battle.net credentials, and you have the l/p.
- Do the same as above, but send the e-mail address a spoofed "account compromised" e-mail with a link to a login page. User clicks the link, puts in the l/p, and you now have it.
- Put up a mod/script/something that contains a keylogger. Build a script to parse the output. You now have the l/p.
That's how it currently works. Notice how all of those are significantly easier -- especially to do, en masse -- than your scenario? That's why a lot of this stuff is completely ridiculous.
The post has been reported. Thank you!
You must be logged in to post.
You must be logged in to post.