exploit
Latest
The Diamond trade gets destroyed in Runes of Magic
There's an understandable problem with selling game currency in subscription games, where it's generally considered verboten for good reason. While some subscription games will sell you things in addition to the monthly fee, there's a general sense that you should earn your advantages. But in free-to-play games that have a cash shop allowing players to purchase items directly... well, the very idea of gold selling seems kind of silly. But it can happen, and Runes of Magic has experienced a bit of a problem of late with the trade of Diamonds (their cash shop currency) for gold. The game has traditionally treated the currencies as interchangeable insofar as players with lots of Diamonds and not enough gold could sell their excess to other players. Unfortunately, the current spate of RMT activities have called for draconian measures: they've taken away the ability to trade Diamonds for gold. They've also temporarily removed the ability to send gold through the mail. The official announcement stresses that this is a temporary measure to combat unacceptable behavior. While less gold spam is a good thing, fewer features are a negative, so this new is a mixed bag for Runes of Magic players.
CCP changes deep safe spot nerf due to player feedback
On Wednesday, we brought you the news of CCP's plans to nerf deep safe spots in EVE Online. Deep safe spots are bookmarks far outside the outer boundaries of a solar system. Being several hundred AU from the nearest celestial body, ships in a deep safe spot are far outside normal scanning range. The spots have been created using a variety of exploits over the years, and with Tyrannis on the way they're headed for a nerf. The announcement of the change was met by strong opposition from some players on the official EVE forums, not about the nerf itself but the planned implemention. On May 18th, all ships and objects over 10AU further from the system's star than the outer-most planet were scheduled to be deleted. Any ships or items inadvertently left there would be gone and any pilots logged off in these locations would log in to find themselves without a ship. In response to player feedback, CCP have decided to rethink their plan to delete objects in deep safe spots. These objects will instead be moved to the outer edge of the solar system. In the new announcement, CCP took the time to clarify what objects will be moved with a handy diagram. The announcement was rounded off with some interesting statistics, showing that there are currently about 345 ships without pilots abandoned at deep safe spots across EVE. As these ships will eventually be moved to within normal probing distance, some lucky players may find them unexpectedly.
Mission Architect fix goes haywire in City of Heroes
With any player-generated content system, a game becomes a struggle between two equal and opposing forces: the designers who want to cram in every possible exploit to get the best possible rewards with the least possible effort, and those who just want to make really neat story arcs. City of Heroes recently dropped a small patch in the hopes of fighting something that had been a target for exploits, and unfortunately the latter group got caught in the crossfire. In short, the patch was designed to target allied NPCs in missions who didn't attack, but buffed the player characters to the gills in order to make missions easier. Unfortunately, caught in the crossfire were almost any missions that involved things other than enemies, up to and including missions where players would rescue hostages. Needless to say, player response has not been kind. Sean "Dr. Aeon" McCann was quick to give an official statement on the matter, explaining that the idea was to implement a temporary fix that would prevent current farming, with a more permanent one coming around Issue 17's launch. (Although we don't have a specific date on that, it's been generally pegged for early this month.) Until then, City of Heroes players might find themselves advised to take a break from Mission Architect for a little while. [ Thanks to Steve for the tip! ]
Geohot advises against updating PS3, will find 'safe way' around losing OS support
In case you hadn't heard, there's a PlayStation 3 firmware update coming this Thursday that'd knock out the "install other OS" option and remove any currently-installed non-PS3 platform. Our guess is it's not going to affect the majority of owners, but the diehard users are certainly up in arms, and no one really likes losing a feature, even if it's rarely used. Leave it to Geohot, then, to right the wrong. Arguably the reason for Sony's reversal (see: PS3 exploit), the famed hacker has published not only a letter of sorrow at the company (unsurprising), but also a call for users not to update. Instead, he claims he will "look into a safe way of updating to retain OtherOS support" and issued a tech-savvy threat about "touching the CFW," much to the company's chagrin (trust us, you don't even want to know what he's talking about here -- far too scary). We wouldn't normally say a war's brewing, but ol' George Hotz has proven himself more than capable at starting something fierce. [Thanks to everyone who sent this in!]
iPhone SMS database hacked in 20 seconds, news at 11
It's a story tailor-made for the fear-mongering subset of news media. This week, a pair of gentlemen lured an unsuspecting virgin iPhone to a malicious website and -- with no other input from the user -- stole the phone's entire database of sent, received and even deleted text messages in under 20 seconds, boasting that they could easily lift personal contacts, emails and your naughty, naughty photos as well. Thankfully for us level-headed souls, those gentlemen were Vincenzo Iozzo and Ralf-Philipp Weinmann, security researchers performing for the 2010 Pwn2Own hacking contest, and their $15,000 first prize ensures that the winning formula will go to Apple (and only Apple) for further study. Last year, smartphones emerged from Pwn2Own unscathed even as their desktop counterparts took a beating, but this makes the third year in a row that Safari's gotten its host machines pwned. That said, there's no need for fear -- just a healthy reminder that the Apple logo doesn't give you free license to click links in those oh-so-tempting "beta-test the new iPad!" emails.
Charlie Miller to reveal 20 zero day security holes in Mac OS X
Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders down within 'Documents.' The famed Apple security expert is planning yet another slam on OS X at CanSecWest, where he'll reveal no fewer than 20 zero day security holes within OS X. According to Miller, "OS X has a large attack surface consisting of open source components, closed source third-party components and closed source Apple components; bugs in any of these types of components can lead to remote compromise." He also goes on to reemphasize something he's been screaming for years: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." In other words, Apple users are "safer" (due to the lack of work that goes into hacking them), "but less secure." So, is this a weird way of applying for a security job in Cupertino, or what?
1024-bit RSA encryption cracked by carefully starving CPU of electricity
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
Goon Squad downs Tirion Fordring
Perennial pariahs Goon Squad, Horde-side on Mal'Ganis-US, have really carved out a niche for themselves in the World of Warcraft. Well, two niches. The first is a rock-solid reputation of being the foremost trolls and griefers in the MMO market, period -- a reputation perpetuated by a community that operates mostly on word-of-mouth and lovingly crafted by the guild itself. The second is providing some of the best and most hilarious WoW videos on the internet. This one is no exception -- they managed to score a victory for the Lich King by defeating the dread paladin Fordring. It's a rare ability, possessed by Goon Squad and a few other community figures, to be able to take the building blocks of the game experience provided by Blizzard -- strictly compartmentalized and defined by sets of incontrovertible rules -- and then cobble together something wholly new and, frankly, ridiculous out of them. You're not supposed to be able to bring together two often-'shipped faction leaders for an impromptu date. You're not supposed to be able to blow the Wintergrasp fortress wall to smithereens in a minute's time. You're certainly not supposed to be able to kill the head of the Argent Crusade who, by the way, should learn to cast Consecrate.
Update: Keylogger source identified
Just a quick update from from our friends at World of Raids about the current situation regarding circumvented authenticators. It appears there are multiple websites being used for this malware. Be careful of which sites you go to in order to update your addons from; fake website addresses are being used to trick users. For example, one of the fake sources appears as a "Sponsored Link" right at the top of a Google search. Don't actually visit that site and be sure to warn players asking about addons where to go. What happens is the fake site will allow you to download a fake copy (did you see fake?) of the WowMatrix AddOn Manager which installs the emcor.dll. This Trojan (Malware.NSPack) can currently be detected by Malware Bytes. Thanks Kody!
Man in the middle attacks circumventing authenticators
It has been brought to our attention that Blizzard's technical support department is currently handling a security exploit that is, in a limited capacity, circumventing authenticators. Before we get into the details, please do not panic. This does not make authenticators worthless, and it is not yet a widespread problem. Do not remove your authenticator because of this, and do not base your decision on whether or not to buy an authenticator off of this. They are still very useful, and your account is much safer with an authenticator than it is without one. This is not the only report of this that we've seen, but it is the first time that a Blizzard representative has openly acknowledged that there is something afoot. For a full account of what happened, check the thread on the EU Technical Support forums. To sum up: There is a piece of malware (emcor.dll is what is being reported at the moment) that is being used as a hijacking tool to facilitate Man-in-the-Middle attacks on users. Kropaclus After looking into this, it has been escalated, but it is a Man in the Middle attack. http://en.wikipedia.org/wiki/Man-in-the-middle_attack This is still perpetrated by key loggers, and no method is always 100% secure. source To explain in the simplest way possible, instead of data being broadcast directly to Blizzard when trying to log in to your account, that data is being broadcast to a third party via this malware. This includes your authenticator code. Rather than you logging into your account, the hacker on the other end does so. They log into your account, clear out your characters, and move around virtual funds to fulfill orders from players buying gold. This method of circumvention has been theorized since the release of the key fobs, but it has only now started to actually happen.
Windows 7 Activation Technologies Update now live, ready to be dodged
Remember that polarizing Windows 7 Activation Technologies Update we told you about? You know, the one that helps you to "verify that the copy of Windows 7 that is running on your computer is activated correctly and is genuine?" It's available for download now through Windows Update, and it's not particularly easy to spot. The main label simply says "Update for Windows 7," though we'd be sure to avoid KB971033 if you weren't up for having this thing looking into your business. Your call, though. [Thanks, Elijah and bighap]
Windows 7 Activation Technologies Update coming down the pike, will tell you things you (should) already know
Wondering why your PC has been infested with malware, random popups, intermittent shut downs and all sorts of other atypical garbage since the day you installed that downloaded copy of Windows 7? In case you aren't capable of determining that your copy of Windows isn't genuine (as in, you didn't buy it from a legitimate source), Microsoft is about to lend you a serious hand. In the "coming days," the software behemoth will be pushing out a new update for Windows Activation Technologies, which will look for over "70 known and potentially dangerous activation exploits." It sounds as if the update is intended to alert folks who purchased complete PCs from the back of their local White Van that they may have gotten ripped off, but either way, we're not particularly stoked about having yet another item running in the background, consuming system resources and telling us that we've been naughty. Thankfully it's a voluntary update, but keep your eyes peeled if you don't want to okay the installation accidentally. [Thanks, Troy]
Editorial: Thoughts on the Ensidia ban
Are you wondering what has caused all the ruckus in the raiding community the past few days? Have you been typing your fingers to the bone since Wednesday night, arguing for one side or the other in forums and chat channels? Whoever you are, or whatever side you're on, in the still-burning aftermath of Ensidia's ban, I feel some reflection is needed. Thus, I am going explain, to the best of my ability, what happened to cause such uproar in the raiding community this week. I am also going to, as the title implies, offer my speculations.
Saronite Bombs and similar items disabled [Updated]
We do not know whether or not this was used in the Lich King kills we've seen so far (Ensidia's kill screenshot suggests they did), but Daelo hit the European forums to make the announcement that they've temporarily disabled Saronite Bombs and the Global Thermal Sapper Charge. What does this have to do with the Lich King? Well, Daelo says... We just made a hotfix that disables the siege damage dealt by Saronite Bombs and the Global Thermal Sapper Charge. The siege damage of the bombs was causing the Frozen Throne platform to rebuild, which greatly decreases the difficulty of the encounter. We'll reenable the siege damage in a later update when the issue with the Frozen Throne is fixed. It is a longstanding tradition for end bosses to be exploited in the most hilariously awful of ways, so seeing something like this isn't all that surprising. Here's hoping nothing else like it crops up. Update: Ensidia has released a statement regarding their use of this bug. Update, take 2: Ensidia's raiding crew has received a 72-hour ban from the game (as well as loss of loot and achievements) for using Saronite Bombs to "bypass The Lich King fight mechanics."
PlayStation 3 exploit released, hackers rejoice
In case you ever doubted his feat, or you simply wanted to recreate for sport, iPhone hacker extraordinaire George "Geohot" Hotz has released the exploit code he devised for properly hacking the PS3. This should give any aspiring minglers full memory access, and while he's only tested it with firmware version 2.4.2, he "imagine[s] it works on all current versions." A guide might follow sometime in the future, he says, but if you're really antsy to get your coding kicks, we wouldn't wait up. Update: EuroGamer's got a pretty thorough piece on what Geohot is claiming to have accomplished and what it means to the community -- and as Joystiq points out, until we see some "Hello World" proof of concept program, we don't quite know the extent of his claims. The guy's got a helluva track record, at least with iPhone, so we presume that's next on his and the community's list of to-do's. [Thanks to everyone who sent this in]
Microsoft patches IE security hole, human rights activities fully resume
Ready for an update? Good. If you're still using Microsoft's Internet Explorer (versions 5.01 to 8) for some inexplicable reason, there's a patch that you should probably install on the double -- that is, if you're a hardcore human rights activist that just might end up on a Chinese hit list. All kidding aside, the devs in Redmond have broken free from their usual monthly update cycle in order to push out a patch to fix the hole that was exploited by a group of sophisticated hackers last week. Refresh that Windows Update if you're scared, or -- you know -- just download one of the many other free web browsers that are far, far superior to IE.
Blizzard policy changes in reaction to account security concerns
WoW.com has learned through sources close to the situation that after our series of posts describing some questionable internal policies at Blizzard concerning account administration and security, as well as the likely introduction of mandatory authenticators, a few of these policies have been changed this evening. First, the abilities of billing representatives to directly roll back characters to previous states has been more or less removed, preventing the onioning exploit we spoke about earlier. Account administrators still have the ability, of course, but it should prevent people from being able to game the system over the phone. We do not know if this ability will be returned when billing representatives obtain the proper training and tools. Second, the care package deal has been sweetened. We're not exactly sure how, only that it's been improved from what it was this morning. World of Raids was tracking the response to these stories on the Customer Service Forums and found a post by CSF blue Syndri detailing some specifics of the care page as it stood earlier today. We cannot be sure Syndri's post applies to the package now or not (given its changes), however it's probably safe to assume that it does. We have also learned that managers are being directed to ensure everyone is presented this care package as an optional alternative to full restoration, something we understand was not consistently happening before. Syndri's enumerations after the break.
How flaws in Blizzard's billing department are being exploited
Please see the update to this original post. In our continuing series on account security issues present within Blizzard's offices, we bring you news that lax training in Blizzard's billing department is being exploited by those attempting to game the system and illegitimately acquire more gold and high value in-game items. The critical flaw in Blizzard's system is that billing support personnel are currently given the ability to "roll back" characters to previous versions more or less on the spot, with the customer on the phone. Because of this, there is a high degree of flexibility and personal accountability on the part of the billing representative. The flexibility extended here is vitally important to customer service, however the training that comes with the flexibility, we are told by multiple sources, is inadequate and leads to this exploit being practiced by a growing number of individuals. The exploit involves human interaction (aka social engineering), which in security systems is the notoriously weak point. The exploit is often referred to internally as "onioning," which involves the player repeatedly claiming the account was compromised to the Blizzard billing support representatives. There are obviously more details to doing this, but we don't want to provide a how-to. Blizzard is aware of how this is done, and they are currently not implementing checks to combat this.
The best of WoW.com: December 22-29, 2009
There have been widespread reports of earthquakes happening around Azeroth, seemingly at random. People believe that these earthquake are the beginning of a very large world event that will usher in WoW's third expansion, Cataclysm. After a bit of digging, WoW.com speculates that they might be coming form invisible mobs roaming around the virtual world. Blizzard has since come out and started slyly commenting on the in-game earthquake, neither denying nor supporting the conclusions drawn. Of course, there's other things going on in the WoW universe as well, and after the cut we'll take a look at the top stories of the week.
Modern Warfare 2 update 1.06 fixes Javelin glitch, infinite care packages, geography exploits
If amazingly fast and explosive men have been the bane of your existence in Modern Warfare 2 as of late, then know that Activision's go-to guy, Robert "fourzerotwo" Bowling, has got the hot scoops on a patch in the works to address the despised Javelin glitch. Version 1.06 of the game will not only do away with that awful bit of frustration, but will also address two other notable exploits in the multiplayer experience: Fixes the Javelin glitch (thank the Flying Spaghetti Monster!) Fixes unlimited care packages glitch Fixes areas where players could exploit geography (e.g. hide inside rocks in Afghan) Bowling says the patch is currently in the hands of Microsoft for certification on Xbox 360 and presumably in Sony's for PS3 certification. We've contacted Bowling for more info and will update the post when we hear back. Source - 1.06 in Microsoft cert Source - 1.06 patch notes
