Update: Major Security Hole Found in Ubisoft's PC Titles

Recommended Videos

theultimateend

New member
Nov 1, 2007
3,621
0
0
Clearing the Eye said:
nodlimax said:
Origin should be considered awesome, simply because it seems that EA circling the drain much fast with it than without.
How edgy and cool. You want to see average workers lose their job. Screw the Man, right!

lul

OT: Why on Earth would you let it install the web plugin? Always, always say no to that shit. Take your toolbar/plugin/addon and shove it, I say!
Not to point out the obvious but depending on the speed that it happened they'd be able to move elsewhere.

I've been at a game company that closed down and that was what I ended up doing >_>.

Similarly I'm not very big on the Pentagon, doesn't mean I want every soldier to be jobless and homeless, I'd rather they end up with better jobs elsewhere.

Not really edgy. Also the "Screw the man." 'observation' is no less contrived and cliche than the commentary itself.
 

Alma Mare

New member
Nov 14, 2010
263
0
0
008Zulu said:
I remember when Sony pulled this crap, at least Ubi had the goodwill to fix their problem.
Fixing incompentence in such a scale that is borderline criminal has nothing to do with goodwill. It's the very least they should be doing.
 

Starke

New member
Mar 6, 2008
3,876
0
0
Sigilis said:
Starke said:
Sigilis said:
It seems kind of odd that their game DRM has a browser component. Why would you need to use one when you've got the uplay program?

I'm calling Orwellian surveillance now, before someone else takes it.

(Also, don't buy Ubisoft, its a cheap and easy way to help make the world a better place.)
Because UPlay itself works as a shitty webpage. But rather than handling things locally, it executes the programs through the website itself. Obviously this is something it can't normally do (for good reason), so they added a plugin that lets them remotely start the game for you... only, turns out, the security on this plugin is non-existent, so anyone can execute just about anything they want to on your system remotely, including gaining command line access through cmd.exe.
Sometimes I program things, so this response hit me like a jackhammer. I liked it better when they were an evil conspiracy of devious executives who siphon credit card details and personal passwords. It was a much better image than this evil cabal of idiots that can't figure out how to make a client application so they just make an especially insecure trojan hook you up to a botnet.

On the flip side, if their DRM programming is so bad, I don't think I'm missing anything by abstaining.
Yeah, what was that old truism? "Never blame malice for something that can be adequately laid at the feet of incompetence"? Or was it "stupidity"? Either way, it certainly holds true here.

That said, I'm working off other people's assessment of it, so I could be mistaken, but the cabal of idiots who can't find their ass with both hands in a well lit room seems accurate.
 

darkszero

New member
Apr 1, 2010
68
0
0
Genuine Evil said:
But I guess at an extent all DRM is essentially a rootkit, and I only use windows for gaming so it?s not really a big deal for me .
Remote execution is serious problem. It could easily hook into your computer's boot (even if it's a grub) and insert some malicious code there.
From there, it could do whatever it wanted.
 

Andy of Comix Inc

New member
Apr 2, 2010
2,234
0
0
First thing I thought when I heard there was a hackable "backdoor" entrance:

"Did you fix the firewall yet, Pritchard?"
"You don't 'fix' an entire firewall, Jensen. You find the loophole and you plug it."

I've played too much Human Revolution. It's stuck in my braaaaiin
 

chadachada123

New member
Jan 17, 2011
2,309
0
0
insanelich said:
There's no need to uninstall the games - all you need to do is disable the plugin.

And apparently Ubisoft has already replied. I wonder what they broke this time.

EDIT: And the situation in a nutshell: http://www.escapistmagazine.com/articles/view/comics/stolen-pixels/7265-Stolen-Pixels-175-Ubisoft
Uhhh...when I visit their test page to see if my computer is still at risk, it asks if I want to install missing plug-ins. I don't really like that, lol. Someone that wasn't paying attention might accidentally install it without thinking.

OT: That's a really serious hole. I got a ZeroAccess Root Kit a week or two ago, and had to spend hours upon hours cleaning my computer. I'm not dumb when it comes to browsing or allowing programs to have access to my PC, either, and I was quick to recognize that there was an issue. I pity anyone that isn't at least as capable as me in this respect, and hope that Ubisoft dies in a fire patches this quickly.
 

nodlimax

New member
Feb 8, 2012
191
0
0
Clearing the Eye said:
nodlimax said:
Origin should be considered awesome, simply because it seems that EA circling the drain much fast with it than without.
How edgy and cool. You want to see average workers lose their job. Screw the Man, right!

lul

OT: Why on Earth would you let it install the web plugin? Always, always say no to that shit. Take your toolbar/plugin/addon and shove it, I say!
It's always sad for the "little guys", but I can't change that. It's the company itself I want to see going down, because they make stupid decisions to hassle the customers.

It's the same with car manufacturers. If they build shitty cars, people wont buy them. That will cause the company to go bancrupt and the people will loose their jobs. It's how business works.

All hail to capitalism.......
 

Starke

New member
Mar 6, 2008
3,876
0
0
Furism said:
insanelich said:
First of all, installing rootkits is not any more illegal than installing any other piece of software - that is, not illegal at all. You could say it's immoral, but it isn't illegal.

Second of all, this isn't a rootkit - this is a badly programmed browser plugin.

Third of all, there's no evidence this was used to spy on anyone - the evidence says this was a launcher for uPlay that a developmentally disabled monkey wrote.
1. Sony might beg to differ. [http://www.zdnet.com/sony-settles-class-action-lawsuit-over-drm-3039244664/] They had to settle out of court their own rootkit/copy protection problems.

2. It is a rootkit. It's installed without user's consent and allows running arbitrary code from a remote place. Even if the intent is not "evil", it's still a rootkit. You could argue that it's not a "rootkit" because it doesn't try really hard to hide itself, but at the very least it's a trojan.

3. It doesn't mean there isn't any tool that exploits this (like in the Sony case) as most likely somebody else found the hole way before that Google engineer. The groups that crack games for fun must have found this years ago.
It's not a rootkit, it's a backdoor. A rootkit is something that installs itself at the lowest levels of the operating system, and is virtually impossible to remove, this is an unsecured browser plugin. Now, someone could use this plugin to install a rootkit of their own, but the plugin is not, by any stretch of the imagination, a rootkit.
 

Starke

New member
Mar 6, 2008
3,876
0
0
chadachada123 said:
insanelich said:
There's no need to uninstall the games - all you need to do is disable the plugin.

And apparently Ubisoft has already replied. I wonder what they broke this time.

EDIT: And the situation in a nutshell: http://www.escapistmagazine.com/articles/view/comics/stolen-pixels/7265-Stolen-Pixels-175-Ubisoft
Uhhh...when I visit their test page to see if my computer is still at risk, it asks if I want to install missing plug-ins. I don't really like that, lol. Someone that wasn't paying attention might accidentally install it without thinking.

OT: That's a really serious hole. I got a ZeroAccess Root Kit a week or two ago, and had to spend hours upon hours cleaning my computer. I'm not dumb when it comes to browsing or allowing programs to have access to my PC, either, and I was quick to recognize that there was an issue. I pity anyone that isn't at least as capable as me in this respect, and hope that Ubisoft dies in a fire patches this quickly.
It actually won't install. If you do try to click the option to find and install the missing plugin, you get a message about how the plugin can't be found. I know this because I tried it... FOR SCIENCE! Anyway, that site isn't a huge threat on it's own.
 

lapan

New member
Jan 23, 2009
1,455
1
0
I have long since made it my policy not to buy any pc versions of Ubisoft games, so i should be fine.
 

Adam Jensen_v1legacy

I never asked for this
Sep 8, 2011
6,647
0
0
As a PC gamer, I have a love/hate relationship with Ubisoft. Their support of the PC as a platform is abysmal. But at the same time they make some of the best games. Assassin's Creed is probably one of the best series I have ever played. And it's the only reason I still buy some of their games. I couldn't give a fuck about multiplayer so I just use a crack and go about my day. So this doesn't really affect me.
 

nodlimax

New member
Feb 8, 2012
191
0
0
Oh just wait for it. The console versions are going to be next with the DRM stuff and guess what - it's more difficult to get around this stuff there.
 

Clearing the Eye

New member
Jun 6, 2012
1,345
0
0
Mr.Tea said:
Clearing the Eye said:
OT: Why on Earth would you let it install the web plugin? Always, always say no to that shit. Take your toolbar/plugin/addon and shove it, I say!
That's what I thought too.

Then I checked "chrome://plugins"... Motherfuckers.
They got you! You're... one of them now :O
 

Nalgas D. Lemur

New member
Nov 20, 2009
1,316
0
0
halobolola said:
Doesn't affect me, and i got IE. maybe IE has been proven useful.
If you're unaffected by it, IE is not the reason. There's more than one version of the plugin, and it affects IE, Firefox, Chrome, Opera, etc. Everyone's pretty much equally screwed this time around.
 

wottabout

New member
May 4, 2011
153
0
0
I installed Assassin's Creed II last week on Steam, and it looks like UPlay installed, but I do not see any UPlay plugins. Also, the test site doesn't load on any browser on my computer. So... I guess I'm safe-ish? I don't know why I wouldn't have the plugins though, I didn't exactly go out of my way to avoid them...
 

Antari

Music Slave
Nov 4, 2009
2,246
0
0
What a lovely reward for being a customer. An exposed system. I'm glad I stopped buying Ubi's crap a long while ago.