RE: Hack Attempt
March 18, 2013 at 1:28 pm
(This post was last modified: March 18, 2013 at 1:29 pm by Autumnlicious.)
Heh.
Since you play Blizzard games, let me inform you of a little security "secret" (open secret) that Blizzard wants to pretend isn't there.
Battle.net is in a bind.
Their old system from Warcraft II: Battle.net Edition uppercased all letters in the password entry.
That means that:
mYSeCrEtPassWoRD and MYSECRETPASSWORD and all variants in between validate for an account that uses any form of "mysecretpassword"
Due to this, the Blizzard does not know the original password that the user "knows".
If they were to fix this but not force a mass password reset (bad), the best they could do is split the authentication services to direct all older services to a legacy framework and all new "improved" services to the new framework.
But they didn't.
Battle.net 2.0, if I recall, suffers the same flaw.
Meaning that it is relatively simple still to break a users password if it is mostly alphabetical symbols, since the casing is irrelevant.
Herp derp Blizzard.
This is what I recall from my days participating the in Broodwar hacking community.
Since you play Blizzard games, let me inform you of a little security "secret" (open secret) that Blizzard wants to pretend isn't there.
Battle.net is in a bind.
Their old system from Warcraft II: Battle.net Edition uppercased all letters in the password entry.
That means that:
mYSeCrEtPassWoRD and MYSECRETPASSWORD and all variants in between validate for an account that uses any form of "mysecretpassword"
Due to this, the Blizzard does not know the original password that the user "knows".
If they were to fix this but not force a mass password reset (bad), the best they could do is split the authentication services to direct all older services to a legacy framework and all new "improved" services to the new framework.
But they didn't.
Battle.net 2.0, if I recall, suffers the same flaw.
Meaning that it is relatively simple still to break a users password if it is mostly alphabetical symbols, since the casing is irrelevant.
Herp derp Blizzard.
This is what I recall from my days participating the in Broodwar hacking community.
Slave to the Patriarchy no more
