Adam Jensen said:
Just because it isn't unusual doesn't make it acceptable. In fact, it makes it even more unacceptable that they still don't know how to deal with this issue.
I can break down the problem for you quite easily: computer security, like
any security is a balance. It is possible to make a system very close to unbreakable but doing so greatly limits people's ability to use it. Thus one must always balance security against usability and, in this sort of case, there are simply factors that Blizzard cannot control. They can't control if I give out my password, fall for a phishing attempt or download a keylogger because in that aspect of security, the responsibility simply falls to the end user.
PercyBoleyn said:
That's not a fucking excuse. This wouldn't have happened if the game wasn't always online, especially since this particular instance of hacking is entirely Blizzard's fault.
Beyond the obvious fact that the game is always online, how exactly is it entirely Blizzard's fault? Unless systems they owned were penetrated to gain login information, or there exists some mechanism to bypass authentication (neither seems valid considering either would have resulted in an epidemic rather than a rather sparse assortment of angry shouting from an already angry crowd), then fault lies with the end user. It is the end user who allowed the breach, even unknowingly, by revealing their password and (if you believe Blizzard's story about the authenticator, and given how such devices work, bypassing that would require a brute force attempt or a very silly authenticator) choosing to not use the freely available security extensions. Sure, the conditions that allowed hacking to occur (i.e. that the game is online) fall on Blizzard. But it is the users that let the villains past.
Therumancer said:
Seems like Blizzard not wanting to take responsibility for their own security and other problems. I'm paticularly annoyed with them trying to say "oh well, the hacking isn't actually all that rampant, this is how it normally is". If this is how it normally is when a new game is released they bloody well should have been ready for it before now.
They certainly could have taken additional steps. They could require the use of an authenticator. They could require users have a verified and useful virus scanner on their machine before letting them launch the game. They could require that any log on be authenticated by forcing a response to an SMS message. You'll also note that these steps, while undeniably improving security to near perfection, are annoying to extent that it would adversely impact user experience and undermine sales.
Or you can just advise people that they should think about doing those things and hope for the best.
I think what people seem to largely forget is that security is never perfect. In a public facing system, there are always going to be breaches of security. Any door that is meant to be opened can be opened by someone who isn't supposed to if the conditions are right. I mean, if various portions of the federal government cannot ensure the security of their systems when they dedicate
billions of dollars to research and development coupled with
decades of experience wearing both hats, is it really so hard to believe that Blizzard cannot do better than they?
Seriously though, all these stories remind me of why I washed my hands of Blizzard years ago.