Legendary 88: Security Breach

Written by: Gary Gannon (@garygannon) | August 10, 2012 4:30 pm

75 Comments

Another interesting and controversial week in the World of Warcraft. Each and every week Gary Gannon, Mike B, and Josh Allen break down the latest and greatest news in the Blizzard universe.

Topics on this weeks show include:

Battle.net Hacked
Valor & Justice Points
Legendary Items And The LFR!

Tune is live every Thursday at 8PDT right here.

45:20

World of Warcraft

Patch 5.3: Blizzard’s First Ever Live Video Interview!

Legendary is joined by Blizzard's Greg "Ghostcrawler" Street and Brian Holinka for a live video interview!Read more »

8 comments
1:00:49

MMO News

This Week in MMO Ep 144:
WildStar, Rift, Dust 514

WildStar details finally coming out!Read more »

9 comments
1:22:33

World of Warcraft

Legendary Ep126:
Raiding Ra-Den Revelations!

This week the Legendary crew are talking patch 5.3, raiding, and more with World First raider Treckie!Read more »

25 comments

Emilio Aguinaldo

In future, there will be stable Diablo 3, WOW & other blizzard games going to get Private servers.

I believe those hackers dont intend to steal the user infos but the server files instead.
Just a thought
RolyVento

I knew something was wrong when yesterday I received an email from a hacker pretending to be Blizzard offering me a few unique mount if i click a link they provided…little do they know that I had cancelled my wow account.

Also, the email had typos and a bunch of weird asci characters in the end.
- Old Ben
  
  I get those every day and I canceled my subscription almost one year ago.
  
  The funny part is that I get them on the e-mail accounts I used to register at Curse, Elitist Jerks and Wowhead, but never on the one I used to register my Battle.Net account (in other words, the phishers obviously got access to those sites).
  
  No e-mails on my actual Battle.Net address yet (despite this breach), so either they haven’t started using them or they were smart enough to notice that my account is inactive.
- Karizee
  
  Yeah, I logged into my Battlenet account a couple weeks back to check my transaction history and got a too many tries error message. Been unsubbed for over 2 months. I also got an email to RaF for a JC mount. Never recieved spam emails on that account before as I use that email for WoW only.
http://www.facebook.com/rodriguezcorreamiguel Miguel Rodriguez

Logged into wow after a year and i got my account hacked i has near 4000 gold in my account wut. I never traded or anything or got past lvl 20, its on a few low lvl 1 random toon i never made.
http://twitter.com/Bahska Bahska

You could do the recruit a friend thing with Worgen and Goblins so meh not a big deal.
- http://www.facebook.com/lpeace.88 Leo Lamphier
  
  I think what they are talking about is the monk class not the panda race really because you can just race change to get an 85 panda But there is no class change. So people that want a monk have to level 1 to 90. A fast jump to level 80 would make that a way quicker thing.
http://twitter.com/Bahska Bahska

@Miguel Rodriguez – was probably a key logger, they don’t care how long you have (or haven’t) been playing or what level your toons are.
sometimes they make toons on peoples accounts as bots.

Now if you had a authenticator and that happened that would be a different story.
http://www.facebook.com/andre.pires.754 André Pires

The guy whit the glasses its so retarded! how you let some one like that dick head talk? serius grow up stupid ugly virgin
- http://www.facebook.com/bagler Bagler Thomas
  
  Wow. Projecting much?
- iamthemikeb
  
  Nice public facebook.. Blizzard Employee since 2000, eh? So, either you’re full of crap (likely), or umad (also likely).
  - http://twitter.com/dularr Dularr
    
    I think he is trying out for the point-counterpoint segment Gary mentioned, in this or another broadcast.
    
    Host 1 ”You’re a retard.”
    Host 2 “No, you’re a retard.”
    Always makes for fascinating chat posts and gameplay chat.
- TheHolgar
  
  Aawww look at you, all grown up and stuff… hahaha
- Old Ben
  
  Isn’t the guy with the glasses Tom Cruise?
  - http://twitter.com/Luke_Malcolm Luke Malcolm
    
    Yes it is
    - Old Ben
      
      Well, then I’m pretty sure he’s not a virgin. In either sense.
- http://twitter.com/thekkadvance The KK Advance
  
  LOL ”The guy whit the glasses its so retarded!” then ”
  serius grow up ” followed by “stupid ugly virgin”. So if you want to be the grown up pointing out that someone is childish or stupid you should perhaps not use sentences like that. It is not a very grown up sentence is it? Also, a GM since 2000? what game needed GMs back then, please do tell.
- http://twitter.com/Waswat Edin Besic
  
  Hahahaha. Oh wow. Good job. Telling someone to grow up while calling him names. Real mature there.
- http://www.facebook.com/profile.php?id=1219410304 Will Davis
  
  You mean mike? He’s married has a kid on the way and hosts a extremely popular webshow.
- Deathstar2x
  
  1. What’s your criticism/point?
  2. Nice ad hominem, bro.
ArsenicSundae

So they finally are forced to admit that Battle.net security has more holes that swiss cheese. I figured that out the hard way, just weeks after being forced to link my account to Bnet. At least there’s now a bright light shining on Blizzard’s incompetence. Looking forward to watching the cockroaches running for the cracks.
http://www.facebook.com/lpeace.88 Leo Lamphier

{Prediction} WoW will stop adding levels at level 100. So 10 more levels after MoP. Whether that means the last expansion will be 10 levels a way from now, or they will stop adding levels. I don’t know. By the way that would put it in line with that “leaked timeline” MoP and 2 expansions then Titan.
As for new character models. I think its something that they have done already and are waiting for that oh shit moment to give to us. Like they are doing with the item squish. For example if Guild Wars 2 isn’t going to be like Rift and SWTOR. Were people “quite WoW”. Then end up go back when they see that, “Oh this game is kinda crap”. Then they will go and drop the bomb of “They you know those new character modes you want?” “Well here you go.” I could see a VERY LARGE reflux of subscribers if they did that. Think about it. If you have played WoW for going on 8 years and have quite to going to GW2, or any game really and WoW drops new modes that look as good as GW2. Are you going to go over to GW2 learn a new game and start over, or go back to WoW. A game you are somewhat familiar with and know you like, that now has modes like GW2?
- http://twitter.com/dularr Dularr
  
  At one time, I thought WoW would stop at level 100, not sure anymore. Depends on how Blizzard handles the “mega” squish of stats. The squish of stats could open room for more levels.
  
  If Blizzard released new character models, I would hope they are far better looking than the GW2 models. While the GW2 models are fine and have highlights, Asura eyes/Sylvari glow, I really hope someone bring the next gen of models. Could you imagine a character model system that allows you to customized emotes, casting and combat actions. Add a little knuckle ball throw to the fireball. Add a little superman punch to a charge. Let me know if there is an MMO out there that does that now.
  
  GW2 should be fine, once you finish the personal story, complete the dungeons, invade Orr and kill the dragon, I suspect more than a few players will be done. One complaints I hear from former Guild Wars players is once they complete the harder content, they rarely go back.
  - Old Ben
    
    Unless they let players create their own animations (which they won’t, unless they want to give up that “Teen” rating), any emotes in the game have to be created by the company.
    
    If you want to control your character’s limbs interactively, there’s always Clop.
    - http://twitter.com/dularr Dularr
      
      woot, woot unlock lame horse mode.
      
      You would still need limits, I would love to see a fist pump when your character has a especial good crit hit.
      
      Others would be changing the color of fire, as mentioned about giving warlocks a green fel fire option.
      
      One of my favorite current character customizations is when you equip a trinket or weapons with a special animation, whether it be a tendril that spouts from the ground to fight beside you or a volley of shadow bolts that proc.
http://www.facebook.com/people/Robert-Caliolo/100003765889295 Robert Caliolo

Should have superimposed Shafnets” Face on Tom Cruise there. It is close enough to get away with it
http://www.facebook.com/people/Robert-Caliolo/100003765889295 Robert Caliolo

This is a terrible thing that has happened.
Think about it. The game account is not important at all. The security questions that are associated with your email account name is the biggest problem.
Think about this. How many use their one email account to associate it with the game account. Now think about those security questions that you know are pretty much the same for anything that uses security questions…Mothers maiden name, Fathers birth day, favorite pet, first pet and so on. How many use the same question response to keep things straight? You probably have that security question associated with your banking, school, credit cards???
Screw Blizzard and their game , this goes a lot further then their stupid Battlenet accounts now.
They need to have people reset their secret questions asap and have everything changed asap.
Your email is not a hard thing to associate with the person it is linked to. Once someone has that BN account, secret question’s and thus able to change their PW all bets are off.
Just a FYI.
I went to BN, typed in my account name (email address) and password and just changed my password…no security question to do so. No back up and it allowed me to just change the pw to whatever. Now if that was not me, the person who stole the account email addresses can do the same thing and all is lost. Granted if you have a very good PW then you have time, but every PW can be cracked, even if you change it today. It is those security questions that MUST be changed.
This now gives them access to my first name and whatever info they will want on the BN site.
- http://twitter.com/dularr Dularr
  
  Yeah, losing the secret question is a really nasty bit of data to lose. When Blizzard went with the email address for battlenet, I created an email address just for Blizzard.
  So, that email address, password, secret question combo was only used for Battlenet.
  - http://twitter.com/Luke_Malcolm Luke Malcolm
    
    Well hopefully they will opt us to change are Secret Question & Answer soon.
    - http://twitter.com/dularr Dularr
      
      Yep, but I’m assuming Blizzard doen’t trust the secret question until they implement their update.
Old Ben

Blizzard mentioned the passwords were “protected by SRP”, but SRP is a protocol used to exchange credentials, not to hash the actual passwords. The ease of decrypting them will depend on the hash function they used and whether or not they salted the passwords.

If passwords were unsalted (i.e., hashed directly), or if the salt is known to the attackers, then short passwords can be absolutely trivial to decrypt with rainbow tables (we’re talking seconds or minutes).

The really scary part (from an incompetence point of view) is that, apparently, Blizzard doesn’t bother to encrypt the answers to the secret questions. Since those can be used to recover “lost” passwords, they’re effectively as important as the passwords themselves.
- ZackForester
  
  Passwords were salted, but the salt was publicized so the hackers have it.
http://twitter.com/Aemris BC

So funny seeing how last week I had gotten a sms telling me that my password was changed however it was not and then blizzard tells me that I have a keylogger in an email and now I find I never had anything at all!!!!!!!!
http://www.facebook.com/people/Mauro-Marino/731535823 Mauro Marino

this legendary really sucked!
Old Ben

> “I leave my DNA everywhere!”

Do you mean the 23-chromosome variety, Lore…?
http://twitter.com/FabioPizzini Fabio Pizzini

But who watch GAMEBREAKER???? LOL!!!
Ryan Doyle

LFR is terrible feature. It’s a mindless faceroll that is borderline necessary to get your maximum advantage to maintain your competitive edge and it burns you out on the content 10x faster. My logic has unfathomably more validity than any counter argument anybody could ever muster; and doing so would only be of detriment to their credibility. Good day.
- http://twitter.com/dularr Dularr
  
  lfr is amazing, it’s like watching a slow moving train wreck that some hows makes it into the station.
  
  Right now, lfs really good for the returning players. I’ll take three or four core raiders who roll for the same token as the returning player and we will run lfr with them. We will give them the tokens so they can gear up for alt runs with the core raiders.
  - Old Ben
    
    > Right now, lfs really good for the returning players.
    
    Yeah, it was great for me when Blizzard sent me some free time after the last patch. It reassured me that my decision to unsubscribe had been the right one.
    - http://twitter.com/dularr Dularr
      
      Oh, I don’t think you are coming back anytime soon, lfr or not.
      
      lfr, has it place and really helps out the returning player. Gives the returning player a basic overview of DS and a chance at gear upgrades.
      
      The really skilled players are picking up a couple of pieces from lfr and jumping into heroic DS(with the 30% nerf) and are holding their own.
      
      Old Ben, if you came back, I believe you are in the camp of jumping straight into the heroic DS with nerfs.
      
      No lfr for you!!!
      - Old Ben
        
        > Gives the returning player a basic overview of DS
        
        That is precisely one of its main problems.
      - http://twitter.com/dularr Dularr
        
        Then don’t run lfr, run normal and heroic raids.
        
        But, I can understand your argument. I can see the desire to rip the plates off Deathwings and defeat Deathwing before he destroys the world, with your core raid team. Avoiding the pug crap that comes with lfr.
        
        lfr also gives you a chance to watch the cinematic without delaying your “real” raid members.
        
        I can understand the arguments against lfr. But, they are not strong enough if you are still enjoying WoW raiding.
      - Old Ben
        
        > I can understand the arguments
        > But, they are not strong enough
        > if you are still enjoying WoW raiding.
        
        If you are enjoying Dragon Soul (especially after 10 months of repetition), the only argument strong enough to convince you of anything is made from Afghan poppies.
      - http://twitter.com/dularr Dularr
        
        DS is a two hour clear, no big. I spend more time in the care and feeding of the returning players.
http://twitter.com/dularr Dularr

Just picked up the WoW battlechest for $5. Use this account to fast level a Monk on my main account.

Guess the WoW 5.0.1 update has started its download.
jaymon1579

Got an idea for a valor trick but not sure if it would work or not.

I have no plans right now of buying MoP or reactivating my WoW account but if I were I’d try to first cap an alt on valor points & then see if my main gets bonus Valor point buff because I don’t think the game knows the difference between alt & main toon
- Old Ben
  
  What would be the benefit of that? Presumably if your main has better gear, reaching the cap with it is easier.
  
  A “trick” to make things harder for yourself?
- http://profile.yahoo.com/BFPLPQIAEG7XCBYN65LGTMSPY4 Taras Kravchuk
  
  you could do that but it would not make any sense see the cap is still 1000 valor per week so its not like you would be getting more valor the point of the buff is to make the lives of those with a dozen alts a little easier
- http://twitter.com/dularr Dularr
  
  Why would you need a trick? It’s a fairly srightfoward concept.
  
  Once one of your toons gets 1000 VP, the rest of your account gets a 50% buff.
  
  Except for holidays, I typically run dailies on one toon per day. Especially, now that many mounts are account based. I can help that lazy ass farmer with farm, so I can earn the Mountain Goat mount on my Druid and share the reward with my lazy ass mage (who only comes off the shielf for raids and legendary staff questing).
  
  So, I can max out VP on my Druid with raids, heroics and dailies, then get a bonus for my raid-only mage.
http://www.facebook.com/justin.pfeifer.58 Justin Pfeifer

Already getting hit with fake blizzard spam
- http://twitter.com/dularr Dularr
  
  For sure, when big news (good or bad) comes out, the spammers come out.
http://profile.yahoo.com/BFPLPQIAEG7XCBYN65LGTMSPY4 Taras Kravchuk

whats that movie they were featuring at the beginning? the guy was using a floppy disk and the entire system it self looked pretty outdated so i assume around early 90′s?
- http://twitter.com/dularr Dularr
  
  Mission: Impossible (1996) I believe that was a magneto-optical disk.
http://profile.yahoo.com/Z36GPOU3Q2QIQYBIDVNQAVGNGE Raul

This has been doable for some time, methinx…

The goldfarmers are gearing up for the Chinese demand.There is method to the timing of this unpunishable crime.Blizzard could’ve done alot to prevent this, but needs to make this game as attractive as possible to the pacific rim market.Never thought they would stoop this low, but they need to unload this old game soon.Even more Glad I unsubbed, now.
http://profile.yahoo.com/RAHQ6XOIAVJHM4ZOWRAPAODRQA Michael B

Gary WTF is up with that annoying “PVP POWER!!!”screeching at 27:32?? Don’t ever do that again please,actually hurt my ears,you must have your balls in a vice or something to hit that pitch.
- Old Ben
  
  Well, there _is_ a disturbance in his pants…
  - http://twitter.com/mjedwards15 Mathew Edwards
    
    Not saying it’s aliens but…
http://www.facebook.com/nik666 Nikolai Tzolev

I really wish Garry stop moaning “Uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuhhhhhhhhhhhh” all the time.
- http://www.facebook.com/enlyss Anton Kurakov
  
  I totally agree. Mike B seems to be the only one who is contributing to the discussion in a pleasant to listen manner, without cracking any stupid jokes, repeating the same phrase several times or talking in a very annoying way as mentioned in the message above (supposedly funny).
- Lediath
  
  ^ agreed, also sometimes Gary speaks so softly that I can barely here him
- Old Ben
  
  Well, stop giving him a blowjob, then!
  
  (sorry, but someone had to say it )
http://justgizzmo.com/ Michael

When Mike brought up that the Secret Answer would point to your Secret Question, I thought “Dont have your Answer reveal your question”.

“Where were you born? Fido”
“Where is your home town? The Simpsons”.

Also some sites will ask the question, and you give the answer. Not have you choose the question as well.
http://www.facebook.com/davidallmighty David Cohen

I like the LFR gem, makes people wanna do it even if they didn’t think they wanted to. So more people are doing more things
- Old Ben
  
  “World of Warcraft – Making people do things they didn’t want to do since 2008.”
  
  Could be their new tagline.
http://profile.yahoo.com/ITHF7XKYGVXFAPCDMDJTKHLBBU Lian Wan

Wouldn’t new character models require new models for everything else as well? High resolution characters in a lower resolution environment would look a bit weird. If that is a case it would mean a huge amount of work but more importantly that could mean a huge jump in system requirements. How many of the current customers will still be able to run the game if they make those changes?
- http://twitter.com/dularr Dularr
  
  The high resolution artwork is there, it’s just an very old engine and based on the PC renders the artwork at a much lower resolution.
  
  If the PC can only support lower resolution environments, the new characters would probably still be lower resolution, just with more polygons.
  - http://profile.yahoo.com/ITHF7XKYGVXFAPCDMDJTKHLBBU Lian Wan
    
    Oops, when I said “high resolution” I was including higher poly count in there. More polygons also need better hardware.
    
    I seemed to have finished writing what I was getting at. If they are going to be bumping the models to compete with current games then they will have to bump system requirements to similar levels.
    
    I do not see having two versions as being viable since that means having to maintain two versions. When you come up out with a new update/expansion that will also be double the amount of things you need to create.
    - Old Ben
      
      Adding another LoD isn’t the same as creating a new object. Models need to be checked and in some cases tweaked (to make sure parts don’t intersect, etc.), but the actual creation of a higher or lower LoD model is mostly automated.
      
      Besides, WoW _already_ has some pretty detailed models, so any system that can render those would be able to render models of similar complexity in other areas.
      
      Outland is more detailed than (pre-Cataclysm) Azeroth, Northrend is more detailed than Outland, Cataclysm zones (Deepholm, Uldum, etc.) are more detailed than Northrend, and Pandaria is more detailed than those. The same goes for the characters themselves.
      
      I think Blizzard’s reasoning is that, as long as new expansions introduce better-looking models and areas, those improvements are an extra incentive to make players buy the expansions.
      
      “Do you find the graphics in the battle chest a bit too primitive? Well, if you buy Wrath, Cataclysm and MoP you’ll be able to pick more detailed races and play in more detailed areas…”
  - Old Ben
    
    > it’s just an very old engine
    
    WoW’s engine was updated half way through Wrath (when we got sunshafts, ripply water, etc.) and again with the launch of Cataclysm. It even has a native DirectX 11 path, which many games coming out today don’t.
    - http://twitter.com/dularr Dularr
      
      Well, WoW 5.0.1 finished downloading, see if it is released in the next two weeks.
- Old Ben
  
  There’s no reason why they couldn’t implement the new models as a higher LoD version, and people with older systems would simply keep the option “high resolution models” unchecked to use the old (current) ones.
Morturion

So somebody was bored while playing WoW, Alt+tabbed and thought “Let’s hack Blizzard for lolz !”
- http://twitter.com/dularr Dularr
  
  More likely the hacker said, MoP is coming out, time to prep for the next expansion.
http://www.facebook.com/nate.amaral.5 Nate Amaral

So i only watched this because i saw that Blizzard was hacked and i love watching MikeB videos BUT are any of you guys getting guildwars2?
Nate Amaral

How do i delete this comment?

Patch 5.3: Blizzard’s First Ever Live Video Interview!

This Week in MMO Ep 144:
WildStar, Rift, Dust 514

Legendary Ep126:
Raiding Ra-Den Revelations!

Monday

Tuesday

Wednesday

Thursday

Friday

Sign in to your account