Mini-Games Can Stop Account Hacking

Posted by Daeity On Wednesday, March 2, 2011

Did you know that there's a fun way in-game whereby Blizzard could stop, prevent or at least mitigate the effect of account hacking in World of Warcraft? Not only that, but it can be easily implemented and they already have the system in place to do it.

Now, Blizzard has already done a bunch of neat features that reduce the impact of account hacking. I'm not talking about region based account locking or Warden updates - but rather smaller things, like making gear Bind on Pickup and setting their vendor price really low and/or making them immune to disenchanting.

You see, when your account is hacked, they want to clean out your account as quickly as possible. The cleaner will disenchant or sell all of your gear/items and transfer that gold to a laundering account. The most gold they get from you is your on-hand gold and what they can get for vendoring/disenchanting.

Vendoring, for the most part, has been taken care of - you can hardly get anything for vendoring gear, so it's not really worth it.

The big one is protecting your own gold (or your guild's gold).

What if you had the optional ability to deposit your gold into your bank account, and then purchase an in-game Goblin "combination lock" for your bank account?

The Goblin "Gold iLock™" would be a device sitting next to your personal bank (or guild bank if you're the GM) that you interact with it and enter a code to access your personal belongings and gold.

Say that you only have to unlock it once when you login, and it stays unlocked until you log off (e.g. to avoid having to enter the combination every time you try to access your bank.)

The combination lock could be programmed by yourself by using a total of 5 simple movements. For example, UP, DOWN, LEFT, RIGHT, and JUMP. Or it could be made more complicated (eg, spell casts, numbers, etc. to increase the number of permutations.)

The beauty of using standard player movement as a code is that even if you had a keylogger installed on your PC - your account gold and belongings would still be protected. To the keylog file, it would just appear as normal character movements with no special identifying keystrokes. The hacker would not be able to differentiate between normal game play and combination unlocks. So, if your account was hacked, they still couldn't access your gold or valuables. =]

Imagine the Vashj'ir Seahorse training quest where you need to move in different directions. For example, you interact with the Goblin "Gold iLock" system, it asks for you to enter your code, then just press UP UP DOWN DOWN LEFT RIGHT or whatever. Bingo, your personal bank unlocks and you can access your expensive items and gold. (Your player doesn't have to actually move or have character animations during your sequence presses either for additional security.)

This is purely optional too. Some users might find it fun to have it in-game, plus the added security measures are simply invaluable. This could also be applied to Guild Banks.

Now that covers a big part of the issue - your gold, mats, expensive items, etc.

Even though that would make a big difference on it's own, let's take it to the next level. What about gear on your person?

Gear that can't be disenchanted works really well, however that defeats the purpose of enchanting doesn't it? I suppose you could put a timer on it so that it has to be disenchanted on pickup or within a certain time frame. For example, 24 hours to D/E before it's permanent - that would surely revitalize the disenchanting industry for many.

But what if you could have special "enchants" for your gear (for free) that makes the item IMMUNE to disenchanting? =]

This might be very useful for a character that didn't have the enchanting profession, for example, since they probably intend on keeping the equipment for a really long time.

I suppose you could remove this special "enchant" at a later date by using the same lock/unlock code that's shared with your bank account. But even then, this is gear that would typically stay with them for a long time.. and this method would start prioritizing dungeon raids between gear-grinding for profit or for use. (From a Blizzard business perspective, this makes sense since this would actually encourage players to play longer.. which is what they want.)

You put all of these strategies together and you get something simple, fun in-game, and significantly useful. It would essentially kill the account-hacking industry too. What's the point in hacking an account if you can't access their gold and can't D/E their items?

After all, you can't rely on players (who are mostly technically illiterate) to secure and protect their own PCs themselves.. part of their $15 per month bill is paying for insurance, and if Blizzard has the tools and ability, they should be taking these extra steps to protect their customers.

Ignorance is Bliss

Posted by Daeity On

You gotta love some of the people from MMO-Champion.com. For the most part, it's an awesome community with great users who have a lot of questions or they're just looking for interesting news and information. But unfortunately, there are a few immature trolls and some close-minded individuals.. and it's especially unfortunate when they are moderators.

After all, moderators are the folks with higher authority (and therefore held to a higher standard) and can control all of the information on the forums.

Check out this recent discussion about WoW statistics and figures and where they discuss information from this blog.

Herecius? More like Hilarious.

I absolutely loved this part:

When Blizzard states 'we have 11.5 million active subscriptions,' they are doing so under penalty of law. The statement is made not to us, the players, but to shareholders. If they lie on such statements, it's considered a federal crime.
Oh man.. I died laughing.

There are just so many things wrong here, I don't know where to start.

For one, he's saying that whatever Blizzard says is the absolute truth. When Blizzard says 12 million active subscriber, they indeed have exactly 12 million subscribers. Not 11,999,999 subscribers and not 12,000,001 subscribers.. they have EXACTLY 12 million subscribers.. UNDER PENALTY OF LAW!

Blizzard would never lie about active subscriptions. It's a FEDERAL CRIME after all.

And yes.. as you're aware, like 50% of the blog post (that he supposedly read since it was impossible to miss) was all about Blizzard's Active Subscription definition and how Blizzard has made it clear that "Active Subscriptions" does not mean real players. And yes, Blizzard has created "special definitions" for what a Subscriber is according to Blizzard. And yes, Blizzard has special caveats in their SEC filings and their press releases. According to Hilarious, though, you have to ignore all of those special citations(6), references, and definitions.. because whatever Blizzard writes in black-and-white is, in fact, absolute truth.

They don't use approximations in their numbers either. When Activision Blizzard says "GAAP net revenues increased to $4.45 billion". That's apparently $4.45 billion EXACTLY.. under penalty of law.

When they say "Activision Blizzard was the #1 publisher in North America on the Xbox® 360, PlayStation® 3 and PC collectively for the calendar year.(4)". That means they were the #1 publisher.. whatever that means. And because they said it to their shareholders, that means it's the truth.. under penalty of law. It's not like the statement came from a different group or study or anything.. say for example "(4) According to The NPD Group".

There are no special definitions, rules, caveats, "if's", "and's" or "but's".. when Blizzard states *something*, they are doing so under penalty of law dammit!

This is a perfect example of a market research team's wet dream. Gullibility and naivety under the guise of high idealism.

He's the kind of guy who buys impulse items and always reaches for items on the right and at eye-level in retail chains.

.. the kind of guy who buys 5 copies of Batman Forever on DVD because you can save money by buying in bulk.

.. the kind of guy who buys an expensive toy because there's a giant shiny sign stating that it's been marked down by 50%.

.. the kind of guy who only buys the same brand of beer because TV told him that hundreds of attractive women will have sex with him if he does.

And while he's being manipulated by ad-targeting all day, marketing psychology (and social science and sociology and neuroscience) and other perfectly legal methods of persuasion, at least he can sleep soundly at night wrapped tightly in a self-righteous American flag with a lawbook underneath his pillow and 5 copies of Batman Forever on his bedside table.

Does he truly not know that corporate propaganda, "spin", and marketing speak are common and actually take place in the real world?
EDIT: Especially a blogger that's using extrapolated data from addons
Weird.. I never used any addons at all. I mentioned an addon, but said that the information was unreliable and it was why I never used that information in any of my calculations.

A pretty big warning sign here if you ask me. He has made it very clear that he never actually read the article, however he's making other believe that he did thoroughly read it.. very deceptive and very disappointing for someone in his position on the forums.

This also gives you a really good idea of typical fanboy mind-set in general. He thinks the blog post is trying to attack World of Warcraft or something, so he immediately goes on the defensive, skips reading the article, picks out certain keywords, and then lies to everyone on his forum.
anecdotal evidence
Anecdotal evidence like you know.. Activision Blizzard's SEC filings, Quarterly Results, Fiscal Reports, published articles and interviews with Blizzard, revenue figures, raw server data, official announcements and press releases. You know, hearsay and untrustworthy stuff like that.
and figures that are 'peak number of players' as final numbers.
Once again, pure fiction.

The entire article was all about establishing the most (e.g. a ceiling limit) it could ever be based on official data provided. They were never called final and total numbers, that's just silly. In fact, I'm pretty sure that I said "maximum figure". For example, "That's the absolute most it could ever be". However, that number goes down as you include game sales, paid services, pet sales, etc.
He states that the peak number of players on Chinese servers was around.. 3.2 million? That's not subscriptions, that's people playing at once, and yet, he goes on to treat that as if it accounted for every single Chinese WoW player.
I have no idea what he's trying to say here.. it sounds like he's just repeating back something obvious to create confusion and pretend that it supports his "arguments". There's a difference between "Subscriptions" and real players - some "Subscriptions" don't even have a real player playing the game (for example, active but unused game cards). The entire article is all about trying to figure out player counts which I had thought I made clear.

Anyways..

What's most disappointing about this is that Hilarious is a MMO-Champion MODERATOR with thousands of posts and comments, and yet he used the same old arguments that I've seen hundreds of times on other forums whenever anyone mentions Subscribers vs Players. There was no insight or strong arguments.. the best he had in disproving the information was that the data was from some "addon" and that all of the evidence (from Blizzard and Activision's SEC filings) was untrustworthy.

So far, I'm not impressed. It's quite obvious that he didn't read a thing (just picked out keywords), and then lied to everyone so that they wouldn't talk about it anymore ("Nothing to see here folks, move along"). Does he do this often?

It looks like he's going through the 5 stages of grief too (he's at stage 3 right now):

1. Denial: "It's a federal crime to lie! I'm more apt to believe Blizzard than a blogger who has little to no credibility."
2. Anger: "ESPECIALLY A BLOGGER THAT'S USING EXTRAPOLATED DATA FROM AN ADDON AND ANECDOTAL EVIDENCE! AND YET.."
3. Bargaining: "Well.. maybe it's not _exactly_ 12 million. And yeah.. Blizzard can make estimates... Just a sec, let me add a post and make some edits.."
4. Depression: "I feel disillusioned. I need time to think about this.. I won't be making as many posts for a few days."
5. Acceptance: "Oh my God. Truth is all about wording. I see the whole world differently now.. every business with marketing teams do this."

Other than the usual crazy fanboy comment, most MMO-Champion users found the article interesting. It's too bad their moderators can't remain impartial though, but I guess some prefer to abuse their privileges when they hear something they don't like.

Speaking of which, here's some other guy who also had a comment after not reading the post:
It would be nice to know these numbers but arbitrarily saying twenty percent of the accounts are secondary accounts as a fact is ridiculous. since there has been no studies on this and Blizzard has never given out user information. It might be close to that be we can't say its fact.
You won't find that anywhere, because I never actually wrote it.

So, I have to wonder..

Why do all fanboys say the _exact same thing_ every time?

It's like there's a disease, a cosmic joke, or some support group where all of these people (fanboys) get together and plan on what to do or say:

"Hey everybody! Let's NOT read this book, but then claim we actually read the book okay?

Then we'll tell everyone that the book was full of misinformation!

Just make stuff up, and say that the author and their sources were not credible.. even though we don't know who they are! Tee hee. Wouldn't that be hilarious??

If you want to get more people to believe you, just grab some random statements from the book and then just say you know for a fact that they're wrong. "That's not true!" works really well. "I work in this field and this is wrong!" is even better, since more people will believe you.

WHATEVER YOU DO THOUGH, DON'T PROVIDE ANY EVIDENCE TO THE CONTRARY! You know we can't! Tee hee!

P.S. If someone asks for evidence, just stop replying. Alternatively, you can say that there WAS a link but it's gone now or you forgot it."


* UPDATE (03/21/2011):

Herecius promised me a 800 word retort, and he was going to post it just as soon as he was done. This was 48 hours ago now, though.. but I'm still waiting for it. I mean, Herecius wouldn't LIE to me now would he?

3DS Hacked Already

Posted by Daeity On Saturday, February 26, 2011

Remember last month when Nintendo said that the 3DS was unhackable, and that piracy was a thing of the past?

Well, it was just hacked.. a few hours after the Japan launch.

The R4i team (not to be confused with the original R4 team) managed to get their DS flashcarts working on the 3DS. These aren't 3DS games mind you, just DS flashcarts - but they're fully working on the 3DS allowing you to play DS games.

Only a matter of time before you'll start seeing the 3DS gaming library on torrent sites though.. unhackable indeed.