Not really, I think? Maps have a way to log keys and input them in banks (which I think can be accessed by the mapmaker relatively easily), but they'd really only be able to steal your password if you'd actually type it in at some point while playing the map. Seeing as you're never required to do this, there isn't much to steal.
considering what you can do with dialogs, I would not be surprised if there has been a map made to mimic the sc2 log in screen, but even if you typed in your password, I don't know what could come from that, unless it was displayed to others or even the owner of the map.
To sumarise though, unless you type your password in whilst in a custom game, then no it is not possible
They can see anything you save into a bank file. So unless you actually save your password into a bank file (which makes no sense at all, there's never a need to do that) your fine.
Rollback Post to RevisionRollBack
Feel free to Send me a PM if you have any questions/concerns!
Now that you mentioned it, it is very possible to do this. The map can pretend you got disconnected from b.net after you load up the map. And you have to retype in username+password. While you doing that, the other players could see what you are typing in. No doubt a lot of fake maps like this would arise if they ever fix b.net so any map can be played. Something to beware of..
@sandround: Go
Misunderstood the question a bit. I thought you meant can people steal the password from your OWN map. lol
People have recreated the battle net interface before. And it looks pretty convincing. But that kind of map would get banned immediately.
Basically, if you are inside a map, and you type your password, it could get stolen. But that would require you to actually type the password inside the map (and if you did that, it's your own fault lol). But the map can not steal your password unless you enter it yourself.
They could also set up an RPG where you save your character with a password and some people might use the same pass they use to log into bnet. That would really be that person's fault though.
considering what you can do with dialogs, I would not be surprised if there has been a map made to mimic the sc2 log in screen, but even if you typed in your password, I don't know what could come from that, unless it was displayed to others or even the owner of the map.
Now there's a thought.
Not that I'm suggesting anyone do such, but I suppose a determined hacker could accomplish the following;
Ask someone to join your map. The map itself looks identical to a normal looking custom game or melee map. You start, and you're given normal melee resources. After a second, your units are paused, animation time set to 0, and your camera is locked. A dialog displays saying "You were dropped!".
If you click the dialog, another dialog opens which is identical to the sc2 login screen. It's made using dialogs after all. Anything you type into the password section is relayed to the host.
To end the map, the host would have some repeating data error which would deliberately crash the game. Something like a search effect which performs the same search effect on impact, which should crash both the host and the target's SC2.
Again, not condoning this, just pointing out how it would be possible.
The one cravat is that the Battle UI icon would be visible throughout unless you can find a way to hide it.
I dare someone to replicate the b.net login screen and the "dropped" dialog. Not saying it's impossible, but definitely not easy to make a perfect copy. The account name would be missing (who doesn't use the "remember account" option? :P), the password wouldn't be obscured with * * * * * when you type it (might be possible to fake it, not sure).
And it's not like someone could publish this kind of map and then just magically get the passwords of everyone who played it from their banks. The guy who wants to steal the password has to be playing in the same game as the victim. It would only be feasible when targeting a specific person and inviting him to a game on that map.
Quite an elaborate way to stealing a single password...
If anyone is worried that he's being cheated like this: press esc to find out. When the default interface is hidden, esc will always bring up the menu, no matter what.
If anyone is worried that he's being cheated like this: press esc to find out. When the default interface is hidden, esc will always bring up the menu, no matter what.
Yes and you can identify keylogger links by the poor spelling and =ref in the link, but that doesn't stop thousands of people clicking them.
Just thought of something for all those saying a fake login screen would be the way. I'm not sure about you but my email is always written in. So unless there is a way to get the email to show up right for the player then it will fail because they might think something is up when their email isn't there. Although some might be stupid and go oh well.
It only has to work on 10% of the people to be successful and most people would not be looking out for it. Considering that it is currently very easy to deprotect maps I could see making fakes of popular maps with this (or something like it in them). So long as you manage to steal two accounts before your account is banned you still make a profit (Not that I am condoning this in any way shape or form).
O wow, seems like it's pretty possible. Hmm, what if you opened a map in your editor.. can data be sent out/collected just via editor? Like, you can log into bnet from the editor so I'm wondering if a map can send information the same way.
Not all the time. Sometimes when I open up SC2, the login name is empty and i have to manually type in the account name again. And pressign esc is a very easy to way to see if you are being fooled. But honestly, when is the last time you press esc while at the login screen?
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
Jus wondering ┐('~`;)┌
Not really, I think? Maps have a way to log keys and input them in banks (which I think can be accessed by the mapmaker relatively easily), but they'd really only be able to steal your password if you'd actually type it in at some point while playing the map. Seeing as you're never required to do this, there isn't much to steal.
considering what you can do with dialogs, I would not be surprised if there has been a map made to mimic the sc2 log in screen, but even if you typed in your password, I don't know what could come from that, unless it was displayed to others or even the owner of the map.
To sumarise though, unless you type your password in whilst in a custom game, then no it is not possible
-
View User Profile
-
View Posts
-
Send Message
Curse PremiumThey can see anything you save into a bank file. So unless you actually save your password into a bank file (which makes no sense at all, there's never a need to do that) your fine.
@iE4TM4PS: Go
Now that you mentioned it, it is very possible to do this. The map can pretend you got disconnected from b.net after you load up the map. And you have to retype in username+password. While you doing that, the other players could see what you are typing in. No doubt a lot of fake maps like this would arise if they ever fix b.net so any map can be played. Something to beware of..
-
View User Profile
-
View Posts
-
Send Message
Curse Premium@sandround: Go Misunderstood the question a bit. I thought you meant can people steal the password from your OWN map. lol People have recreated the battle net interface before. And it looks pretty convincing. But that kind of map would get banned immediately.
Basically, if you are inside a map, and you type your password, it could get stolen. But that would require you to actually type the password inside the map (and if you did that, it's your own fault lol). But the map can not steal your password unless you enter it yourself.
They could also set up an RPG where you save your character with a password and some people might use the same pass they use to log into bnet. That would really be that person's fault though.
Now there's a thought.
Not that I'm suggesting anyone do such, but I suppose a determined hacker could accomplish the following;
Ask someone to join your map. The map itself looks identical to a normal looking custom game or melee map. You start, and you're given normal melee resources. After a second, your units are paused, animation time set to 0, and your camera is locked. A dialog displays saying "You were dropped!".
If you click the dialog, another dialog opens which is identical to the sc2 login screen. It's made using dialogs after all. Anything you type into the password section is relayed to the host.
To end the map, the host would have some repeating data error which would deliberately crash the game. Something like a search effect which performs the same search effect on impact, which should crash both the host and the target's SC2.
Again, not condoning this, just pointing out how it would be possible.
The one cravat is that the Battle UI icon would be visible throughout unless you can find a way to hide it.
-
View User Profile
-
View Posts
-
Send Message
Curse Premium@Eiviyn: Go
aha! That, my friend, is something you can't do with data. ;)
@Eiviyn: Go
That is interesting. And also surprisingly very easy.
I dare someone to replicate the b.net login screen and the "dropped" dialog. Not saying it's impossible, but definitely not easy to make a perfect copy. The account name would be missing (who doesn't use the "remember account" option? :P), the password wouldn't be obscured with * * * * * when you type it (might be possible to fake it, not sure).
And it's not like someone could publish this kind of map and then just magically get the passwords of everyone who played it from their banks. The guy who wants to steal the password has to be playing in the same game as the victim. It would only be feasible when targeting a specific person and inviting him to a game on that map.
Quite an elaborate way to stealing a single password...
-
View User Profile
-
View Posts
-
Send Message
Curse Premium@Tolkfan: Go
Somebody already made the battle net screen. Cant remember where it was though. It was for the UI contest we ran.
@zeldarules28: Go
This? It's fun, but I wouldn't be fooled by it :P
If anyone is worried that he's being cheated like this: press esc to find out. When the default interface is hidden, esc will always bring up the menu, no matter what.
You're seriously ruining the fun of thinking of ways to do this.
Yes and you can identify keylogger links by the poor spelling and =ref in the link, but that doesn't stop thousands of people clicking them.
Just thought of something for all those saying a fake login screen would be the way. I'm not sure about you but my email is always written in. So unless there is a way to get the email to show up right for the player then it will fail because they might think something is up when their email isn't there. Although some might be stupid and go oh well.
Also, pressing Enter would bring up the chat frame.
It only has to work on 10% of the people to be successful and most people would not be looking out for it. Considering that it is currently very easy to deprotect maps I could see making fakes of popular maps with this (or something like it in them). So long as you manage to steal two accounts before your account is banned you still make a profit (Not that I am condoning this in any way shape or form).
O wow, seems like it's pretty possible. Hmm, what if you opened a map in your editor.. can data be sent out/collected just via editor? Like, you can log into bnet from the editor so I'm wondering if a map can send information the same way.
@Keyeszx: Go
Not all the time. Sometimes when I open up SC2, the login name is empty and i have to manually type in the account name again. And pressign esc is a very easy to way to see if you are being fooled. But honestly, when is the last time you press esc while at the login screen?