Update: Major Security Hole Found in Ubisoft's PC Titles

Furism

New member
Sep 10, 2009
132
0
0
EULAs are not legally enforceable. You can not sign away your rights. Also, EULA are usually considered null and void by judges because they are presented only after a purchase is made.
 

Wicky_42

New member
Sep 15, 2008
2,468
0
0
insanelich said:
Furism said:
1. Sony might beg to differ. [http://www.zdnet.com/sony-settles-class-action-lawsuit-over-drm-3039244664/] They had to settle out of court their own rootkit/copy protection problems.

2. It is a rootkit. It's installed without user's consent and allows running arbitrary code from a remote place. Even if the intent is not "evil", it's still a rootkit. You could argue that it's not a "rootkit" because it doesn't try really hard to hide itself, but at the very least it's a trojan.
1. I'm fairly sure Ubisoft buried clauses about uPlay in the EULA - making installing this at least somewhat legal. Now, settling out of court most definitely doesn't determine the legal status of anything, so the jury's still out.

2. This is simply not true. A rootkit is defined by how it hides itself - and uPlay doesn't do any hiding, so it's not a rootkit.

It is also not a trojan. Trojans masquerade as or within something legitimate. uPlay is quite open about what it is - and this problem was merely a flaw in the execution. If uPlay was meant to be a remote platform for spying, then it would be a trojan. As it is, it is merely a phenomenally badly thought out piece of software.
I'm pretty sure you're being too generous with the benefit of the doubt here... and EULAs carry no legal weight at all. uPlay may not have been intended as spyware, but its potential effect is more devastating than the majority of malware out there. That little plugin had the power to do ANYTHING on your computer, and they couldn't be fucked to make it secure? That's all kinds of irresponsible at the very least, criminal at the worst.
 

Azuaron

New member
Mar 17, 2010
621
0
0
I have Assassin's Creed II installed, and therefore Uplay.

I do not (I just checked) have any of the browser plugins installed.

Additionally, when I started Uplay just now, it had to update itself, and the update told me that it fixed the bug, and now browsers can only open Uplay, not run arbitrary code.

Except, if I go to this test page [http://pastehtml.com/view/c6gxl1a79.html], my calculator opens.

So Ubisoft has not only not fixed the problem, but they're lying to me and saying they have. Also, don't think you're safe just because you don't have the browser plugins.
 

Ickorus

New member
Mar 9, 2009
2,887
0
0
Ubisoft DRM, preventing legitimate customers from accessing their games whilst simultaneously letting hackers in.

Luckily I don't have the plugin installed so I'm safe.
 

the doom cannon

New member
Jun 28, 2012
434
0
0
This is considered news? Ubisoft has such terrible employees that this doesn't surprise me in the least. Remember when ubisoft's store broke and you could get a nearly all of their games for free? Well it happened 2 years in a row. I honestly don't understand how they remain in business with all the flops they've had.
 

nodlimax

New member
Feb 8, 2012
191
0
0
Well, let's check Ubisofts stocks:
http://www.marketwatch.com/investing/stock/UBSFF

It went really well for them the last 5 years. I'm sure that DRM crap helped a lot getting them on the road to failtown....

edit: And while we're at it - let's check EAs stocks as well:
http://www.marketwatch.com/investing/stock/EA

Origin should be considered awesome, simply because it seems that EA circling the drain much fast with it than without.
 

Clearing the Eye

New member
Jun 6, 2012
1,345
0
0
nodlimax said:
Origin should be considered awesome, simply because it seems that EA circling the drain much fast with it than without.
How edgy and cool. You want to see average workers lose their job. Screw the Man, right!

lul

OT: Why on Earth would you let it install the web plugin? Always, always say no to that shit. Take your toolbar/plugin/addon and shove it, I say!
 

Vivi22

New member
Aug 22, 2010
2,300
0
0
The client should update itself automatically on restart, and Korchaa recommends running the updater without any web browsers open so that the affected plugin can update properly.
I've got a better idea: how about the update provides instructions on how to remove the plug in for those who don't know how, and you remove it entirely from your shitty DRM Ubisoft? And the only reason I'm advocating that is because I know they won't ditch the DRM entirely.
 

Pearwood

New member
Mar 24, 2010
1,929
0
0
What, you mean the DRM so secure it required a constant internet connection to their servers? No, that couldn't possibly have a glaring weakness in it.
 

insanelich

Reportable Offender
Sep 3, 2008
443
0
0
Azuaron said:
So Ubisoft has not only not fixed the problem, but they're lying to me and saying they have. Also, don't think you're safe just because you don't have the browser plugins.
Actually, you are entirely safe as long as you don't have the plugins.
 

Bat Vader

New member
Mar 11, 2009
4,996
0
0
Here I was all ready to purchase Assassins Creed II from Steam too. It looks like I will be saving twenty dollars.
 

Baresark

New member
Dec 19, 2010
3,908
0
0
First they attempt to lockout paying customers from their games, then they put a harmful and dangerous exploit in the worthless DRM. Every time I hear Ubishit news I am just more glad I don't give their shitty company my patronage.
 

McMullen

New member
Mar 9, 2010
1,334
0
0
Funny, while I was making sure I didn't have the plugin, I got an email saying someone was trying to change the password on one of my online accounts. The Internets are unfriendly today.
 

Azuaron

New member
Mar 17, 2010
621
0
0
insanelich said:
Azuaron said:
So Ubisoft has not only not fixed the problem, but they're lying to me and saying they have. Also, don't think you're safe just because you don't have the browser plugins.
Actually, you are entirely safe as long as you don't have the plugins.
Blerrgh, Firefox distinguishes between "addons" and "plugins", and I looked at my "addons". Plugins disabled, exploit blocked.
 

faefrost

New member
Jun 2, 2010
1,280
0
0
Am I wrong in thinking that this isn't just a "oops we'll give everyone a coupon" type screw up and instead this is a "you go to Federal Pound me in the @zz prison!" Type of screw up? I mean this is willfull hacking on a scale of millions?
 

insanelich

Reportable Offender
Sep 3, 2008
443
0
0
faefrost said:
Am I wrong in thinking that this isn't just a "oops we'll give everyone a coupon" type screw up and instead this is a "you go to Federal Pound me in the @zz prison!" Type of screw up? I mean this is willfull hacking on a scale of millions?
Show me proof of the "willful" part.

That is also the key distinction for laws. Ubisoft will probably escape this with just bad PR - and frankly, uPlay is a bad PR machine anyway.
 

faefrost

New member
Jun 2, 2010
1,280
0
0
insanelich said:
faefrost said:
Am I wrong in thinking that this isn't just a "oops we'll give everyone a coupon" type screw up and instead this is a "you go to Federal Pound me in the @zz prison!" Type of screw up? I mean this is willfull hacking on a scale of millions?
Show me proof of the "willful" part.

That is also the key distinction for laws. Ubisoft will probably escape this with just bad PR - and frankly, uPlay is a bad PR machine anyway.
The point where it crosses the line is they went and modified a piece of your software that they neither sold you, nor informed you about. Their DRM wasn't just a DRM scheme. It went and modified Internet Explorer. Which thanks to previous court decisions can actually be viewed as seperate from the OS itself, and as such way out of bounds for Ubi to have been screwing with without informed consent. And yeah doing that wasn't a simple glitch. That was intentional. It's how their DRM program worked, not an unintended side effect. Their DRM worked by hacking another one of your applications. The massive security holes were the unintended consequence.

Oopsie!

If someone found a halfway competent lawyer they could have a field day with this one.