Post by Rilgon
Here's a thread wherein you can say that the OP is a fairly secure person, but was somehow hacked.
Doesn't mention using AdBlock Plus, which means he could've been bitten by the JPG ActiveX exploit that was going around a while back.
Doesn't mention keeping his Flash, Acrobat, etc. up to date, and god knows there's a metric assload of those exploits in the wild.
etc.
Seriously though, what the hell is with all this blame placing I see in every single "I've been hacked" thread?
Because the onus of account security is on the end user? Blaming Blizzard is infinitely more idiotic.
Post by xaratherus
This is lies and propaganda. They are not trying as hard as they could. If they were trying, the problem would have gone away, proof being that in other related fields, the problem has been successfully combated. If the level of security we see in WoW applied to other online ventures such as banking, email, academia, etc, the world would stop.
Oh, you mean the success that's led to a multi-billion dollar industry on protecting your identity in real life and on the Internet?
The problem has
not been successfully combated. According to the
research, 10 million identity thefts occurred in 2008 - a 22% increase over 2007. I can assure you, that number only rose in 2009, and it will continue to rise.
They need to go after these people in real life, by tracking and banning their IP.
If necessary, IP block then individually whitelist IPs from East Asia.
Which only works until your change your IP address or spoof a new IP -
fairly simple to do. Eventually (if they don't already), they will start spoofing valid IP addresses, and Blizzard would be forced to block 'innocent' paying customers - something that would hurt their bottom line more than account restoration.
Use private investigators to harass them in real life. Microsoft does this and it works very well, which is why no one ever hacks or pirates their products for long, and in the hacker community they are known as "the Gestapo".
That's odd - Microsoft states in a number of articles - including
this one - that software piracy is still a major issue. Heck,
major corporations still regularly wind up (intentionally or unintentionally) using pirated software.
Assign more GMs to police actions in-game.
So far the only sensible thing you've said. However, the question then becomes: Can you hire enough people to do any good? Looking at it as a microcosm of the world, we can't hire enough police to stop crime; could Blizzard really hire enough "police" to halt virtual crime in their world?
Conduct sting operations against botters and hackers.
How? Blizzard isn't a government, and the last time I checked, only authorized law enforcement is allowed to legally conduct sting operations.
More than that, Blizzard is a United States-based company, and many of the gold sellers and account pirates are in countries where there simply is no jurisdiction. Blizz can report them to the country's authorities, but in many cases the authorities simply don't have the resources to do anything about it.
Create automated tools to intercept suspicious activity.
Such as?
Staff a zero-wait-time hotline to report account theft, so they can action the issue while the trail is still warm.
Having an option on their customer service line's MVR similar to that of a credit card's "Report your card lost or stolen" would be a good idea. However, in this case there are no "cold" trails. Their systems automatically record all the information necessary to take action - and they do. The problem is that the action they can take is restricted to banning IPs (easily gotten-around) and accounts (also easily gotten-around).
Show me any major corporation who states that computer and information security starts with someone
other than the end user.*
Could Blizzard improve their customer service and account security? Yes. Do I think that they have a team of highly-paid analysts who have looked into those other options, and found that they would either be financially unfeasible, or realistically unworkable? Having worked for 10 years in corporate America - yes.
Do I think that anyone who believes that the first, most important point of account security is on someone
other than the end user is naive? Yes.
*By the by, I won't hold my breath. Given that every class on computer information systems I ever took stated that information security began with the end user, and that's been reinforced by my own experiences and the experiences of a number of very knowledgeable network and system admins, it's already apparent that you need to adjust your tinfoil hat.