From: pbb (pbb65535.com)
Date: Mon Oct 17 2005 - 08:38:40 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Couldn't this open things up to someone writing a program that doesn't
show up as a windows but has something on the banned list in the window
title. Embed it in some kind of talent point calculator or other
tempting tool and get 1-2 million addicts to run it effectively getting
1/2 the subscribers banned and making Blizzard lose $300 million/yr as
well as a great deal of repuation.

I'd consider it like these DOS blackmailers too where the anti-cheating
mechanism could be abused to ban accounts. I guess they don't care,
weren't there MANY accounts banned in D2 with people using hacked items
(even though many had bought the items in game and had not cheated.) I
play WoW (I have no life now) and I don't like cheating (why reduce the
fun of a game) but I'm always worried about automated banning and the
chance of innocents being punished.(guilty until proven ..... just
guilty no proof.)

Paul.

Mary Landesman wrote:

>Well, I don't know. Chuck's comments seem deliberately evasive. But when I
>read through the back and forth in the Rootkit blog posts, I don't see
>confirmation that Greg actually witnessed data being sent. Here's one
>example:
>
>http://www.rootkit.com/board.php?thread=4631&did=edge358&disp=4631&closed=1
>
>If the method is what I think it is, comparing hashes client-side without
>actually transmitting that data to Blizzard (aside from the 'this account
>needs to be blocked), then it doesn't seem to be too drastically different
>than a scanner.
>
>Of course, if the data - even in hash form - is collected and sent to
>Blizzard, then that's an entirely different matter and, in such a case, I
>agree with Greg's assertion that it would amount to spyware.
>
>I'm just not convinced (yet). But very curious.
>
>-- Mary
>
>----- Original Message -----
>From: "security curmudgeon" <jerichoattrition.org>
>To: <dailydavelists.immunitysec.com>
>Sent: Thursday, October 13, 2005 10:26 PM
>Subject: [Dailydave] Re: Re: Blizzard's official response? (fwd)
>
>
>
>Forgot to include the second mail which verifies that they do receive some
>type of information, and where he refers to rootkit.com folks as 'random
>blog posters'.
>
>---------- Forwarded message ----------
>From: chucks.supportblizzard.com
>To: jerichoattrition.org
>Date: Thu, 13 Oct 2005 16:07:40 -0700
>Subject: Re: Re: Blizzard's official response?
>
>Hello,
>
>Because it would jeopardize our attempts to thwart those that would
>attempt to take advantage of our servers, I can not give out information
>about what system information is obtained. I can also not start to refute
>what a random person has posted on a Blog. Anything beyond what I have
>already said is more of a legal issue than anything else so I would
>recommend contacting our legal department if you have any more questions.
>
>Technical support cannot provide answers to legal questions. Any
>questions should be directed via mail to:
>
>Blizzard Entertainment
>Attn: Legal Department
>P.O. Box 18979
>Irvine, CA 92623
>
>Be sure to include all of your contact information (name, address,
>telephone number, email address).
>
>Best regards,
>
>
>
>Regards,
>Chuck S.
>Technical Support
>Blizzard Entertainment
>http://www.blizzard.com/support
>
>If you reply, please include all previous text and files related to this
>e-mail.
>
>
>
>
>-----Original Message-----
>From: jerichoattrition.org security curmudgeon
>To: chucks.supportblizzard.com
>Sent: 10/13/2005 9:55:43 AM
>Subject: Re: Blizzard's official response?
>
>: The information in that article is false.
>:
>: Blizzard has always taken an aggressive stance against cheating in our
>: games, and this measure, as discussed clearly in our Terms of Use, is an
>: example of our efforts to protect legitimate players and the integrity
>: of the game service from those attempting to gain an unfair advantage
>: through the use of hacks. As stated in the Terms of Use, the information
>: we obtain is solely for the purpose of identifying cheating in World of
>: Warcraft, and for no other reason. Please note that we do not share this
>: information with anyone outside of Blizzard.
>
>You say the article is false, then say Blizzard takes an aggressive stance
>against cheating, and suggest that much of the article is true. Does the
>client capture information from window titles? Is the list it compares
>that information to stored in the WoW client or the Blizzard server? Is
>the information transmitted to Blizzard for comparison?
>
>You say "the information we obtain.." and "that article is false". That
>said, what information does Blizzard capture from the customer machine?
>Who at Blizzard has access to this information?
>
>
>
>
>
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]