exploit
Latest
Wowhead Beta key contest cancelled
Wowhead has put up an announcement this afternoon that the beta key contest they were running has been cancelled. The announcement tells us that the distribution of the keys were exploited. Though there is no official word on what exactly the exploitation was, there is some unconfirmed talk about the beta keys being ebayed.This is most unfortunate for those wishing to participate. Malgayne, the "Voice of Wowhead," does go on to say however that the remaining prizes will be given away using a different method soon. We'll get any more news up on this as soon as it becomes available.
Fable 2 Pub Games exploit will make you very, very rich
Let this be a lesson to developers: If you're planning to make a tie-in XBLA game that lets you earn gold in your main title, make sure to vet the game as much as possible for potential exploits. A trick has been found in Fable 2 Pub Games that lets you bet 60 on Tower of Fortune and potentially earn 600 each time. We've embedded the video after the break, should you wish to start Fable 2 with a gazillion trillion gold. %Gallery-29493%
Apple's DNS patch coming up short
The distance between good intentions and actual results seems to be getting longer and longer. While Apple did release a security patch yesterday that included a fix to BIND for the highly publicized cache poisoning exploit -- some time after most other vendors got updates out to customers -- that fix doesn't seem to be, you know, actually working.Multiple sources have noted that Apple's DNS patch, at least on Mac OS X 10.4 and 10.5 client versions, isn't implementing the key feature that's meant to block cache poisoning: port randomization on requests. While the same version of BIND running on Linux systems behaves as expected, Mac OS X machines doggedly issue DNS requests on sequential ports, making them far more vulnerable to spoofing by malicious folk.This may seem like an esoteric vulnerability, and indeed for most Mac users the more important question is whether or not your ISP or network manager has patched the primary DNS servers you rely on (you can check your DNS server status via Dan Kaminsky's tool here). The behavior of Apple on this security issue, however, is very troubling. Waiting weeks to issue a patch for a key vulnerability and lagging behind other OS vendors is bad enough; shipping that patch only to have the user community discover that it doesn't work worth a bucket of warm spit ... that's not the act of a company that claims to care deeply about the security of its customers.Update: Kaminsky suggests that we lighten up; Mac OS X Server (which would be the most vulnerable to attack, if it serves as the primary DNS for your network) has been patched, even if the client patch isn't behaving properly yet.
Hacker's security concerns elicit response from 'Nin Tendo,' Nintendo
Last week, while most gamers were off writing screeds about their disappointment with E3, Wii hacker bushing was drafting an open letter to Nintendo stating that he and fellow coders had found an exploit that allows stock Wii consoles to play copied games, and seeking cooperation from Nintendo to patch this hole in such a way that homebrew is left alone. He quickly received a response from Nintendo -- or, rather, a Gmail address for "Nin Tendo." "Tyson Green" (also the name of the Halo 3 Multiplayer Design Lead) sent a curt message stating that while Nintendo didn't approve of people messing around with their console, he wanted to talk about this piracy issue.Of course, that one is a fake, as are many of the responses posted. But bushing indicated that, while most of the emails he received and posted were fake, he did in fact receive correspondence from the for-real Nintendo.[Via DCEmu]
EVE Evolved: Suicide ganking investigated
EVE Online is a game where you're vulnerable to PvP in the safest of places. Even in high security systems where CONCORD will destroy any ship that attacks you, you're still vulnerable in the few seconds before the police arrive. Because of this, swarms of players in cheap ships are able to kill larger targets by synchronising their initial volleys. In recent years, suicide attacks have turned into a viable profession, with the primary targets being industrial ships and freighters carrying a high value of items.Safety versus consequences:A common misconception among newer players is that CONCORD are there to provide safety for players in high security space. Rather than provide direct safety to the player being attacked, they instead provide consequences for the attacker. While many other MMOs physically limit when and where you can attack someone, EVE starts with the assumption that PvP is possible everywhere and then adds punishments for engaging in safe areas. The attacking ships are destroyed and the security status of their pilots is lowered. If they lose too much security status, they won't be able to safely enter high security systems any more.Suicide attacks are on the rise in New Eden and cries for CCP to step in and resolve the situation have reached new highs. So what's the problem and how can it be avoided? Read on as I delve into the world of suicide ganking.
EVE Online: Using neutral characters in militia activities is an exploit
Oh you kids! When are you going to learn that you can't cheat at intergalactic war? Following up on the recent exploit of circumventing ship class restrictions in combat zones, EVE Online's GM Grimmi just decreed the following activity to be an exploit as well: "Using neutral characters to tank Faction Navy NPCs to stop them from attacking players involved in Factional Warfare with that faction is considered an exploit. Action will be taken against users found engaging in this activity." So it's official; using draft dodgers as a way to draw fire away from enlisted militia characters is evil, and will presumably get you thrown into a Concord cell with no windows. Be advised. Hippies.
Empyrean Age factional warfare exploit identified
Factional warfare in EVE Online, by design, ensures that ships of a much greater ship class cannot engage smaller ships in certain deadspace mission pockets. If you and your fellow militia pilots are in a zone designated for nothing larger than frigates, for instance, you shouldn't find yourself getting locked by battleships fighting for your rival militia. Apparently this has started to occur; some players have found that the jump gates to these zones don't actually prevent them from warping in ships of a magnitude not allowed in such areas. GM Grimmi had this to say at the EVE Online site: "Flying bigger class ships than allowed by the jump gates to Factional Warfare complexes has been classed as an exploit. If you are found doing this we will be forced to take in-game actions as abusing game mechanics is not allowed." So there you go. You might still be able to get in there with something obscenely overpowered and pop frigates like balloons, but you'll say goodbye to your account over it.
PotBS policy updates on cross teaming and selling durability
Pirates of the Burning Sea's 1.5 patch deploys tomorrow morning, but effective immediately are two policy changes. In regards to cross teaming which is when a player uses two different accounts to play as a separate nation on the same server. The rule will be enforced and now applies to multiple accounts tied to individual account owners. It's not possible to play two characters of opposing nations on the same account so players would bypass this by using another account. The second policy change is that the selling of durability to Pirates is no longer allowed. Players with multiple accounts that play as a differing nation on the same server will be given the opportunity to transfer their characters to another server. If players have any further questions regarding the new policy changes please petition in-game. The announcement also warns that repeat offenders are subject to further disciplinary action, most likely the ban stick. Joe Ludwig is responding to some dismayed players over on the official PotBS forums.
Runescape cheater exposes his 'black market' organization
PlayNoEvil points out an interesting blog entry on cheating in Runescape. The poster, who wishes to remain anonymous, describes himself as a retired Runescape cheater who devoted five years to the 'darker side' of the game. He states, "This article details all the intricacies of Runescape and cheating and what really goes on behind the scenes, I assure you that it will surprise you." The poster, identified only by the name ThirdEyeOpen, lays out how cheaters and buyers operated as a would-be organized crime ring. 'Welcome to the Dark Side' is his chronicle of how he began his Runescape cheating career, and how it all ended. He recounts being 'interrogated' online by Jagex Ltd. about his activities, and how the subsequent account banning led to a malevolent wish to get even. His anger eventually snowballed into the creation of an organization of similar-minded individuals, mostly other teenagers, who accumulated a fair amount of real-world currency through exploits in Runescape before cashing out altogether. It's an interesting read -- perhaps a bit disturbing in the sense that he views cheating as a kind of playstyle -- but worth checking out all the same. Via PlayNoEvil
RF Online server rollback combats cheaters and 500% inflation
RF Online in the Philippines recently had serious issues with dupe hacks, prompting an unannounced rollback of the servers. PlayNoEvil writes that the operator of RF Online for the Philippines, Level Up Games, discovered a dupe exploit and tried to purge it from the servers as well as those who used it. However due to time constraints with unraveling the intricacies of the exploit, the company decided to roll back the game to a point before the exploit was used. Level Up Games issued a statement on the problem: Based on DB evidence, numbers as well as feedback from the community, the GMs, the Vanguards and also from our field agents, there was an oversupply of in-game currency and gold - as high as 500 %. GMTristan of RF Online Philippines clarified the situation further on his blog:
McAfee report reveals the most dangerous web domains
In an era where clicking on the wrong link while browsing the web could mean your account will get hacked, and one of your guild members clicking on the wrong link means your guild bank could get emptied as well, it's always good to protect yourself and keep abreast of web security issues. In that vein, it's worth checking out a new report released by McAfee called Mapping the Mal Web Report Revisited. It tested 9.9 Million websites in 265 domains to find out which ones had a higher risk of exposing visitors to malware, spam, and malicious attacks via a red, yellow, and green system.
Age of Conan's Jorgen Tharaldsen addresses game issues
Jon Wood from MMORPG.com recently interviewed Funcom's Product Director Jorgen Tharaldsen about some of the issues affecting gameplay in Age of Conan. The interview was primarily focused on customer service issues, and hopefully provides a good indicator as to how things are improving in AoC. Some of the key issues that Tharaldsen addressed include: Customer support frustrations expressed by players. Inability to log in to the game's official forums. Funcom's actions taken against exploiters. Poor game performance despite meeting required system specs. Server downtimes during peak hours. Limitations on number of players in certain instances. Increasing the number of GM's to handle the petition backlog. Check out the interview over at MMORPG.com, where's there's quite a string of comments from the readers. Do you think Funcom is handling customer service issues properly (given that AoC had such a recent launch), or are they dropping the ball?
Blood Sport: Yup, still broken
PvP in its purest form is a beautiful thing. Amanda Dean, always obsessed with the thrill of victory and the agony of defeat brings you news you can use in the Arena. The World (of Warcraft) seems to be full of arena lovers and arena haters. I suppose somewhere out there you might find some folks that are completely indifferent to the arena. The recent changes to the Personal Rating system seems to have brought out a furor in both camps. Suince the dawn of the Burning Crusade Blizzard has made many attempts to balance the arenas, now I find that the arenas are still broken, just broken differently. In a sarcastically titled thread "New PR system is cool" Camelvendor of Korgath explained his situation. He played on his 2200 rated team with his old partner, who obviously had a lower rating for 33 games. Boasting a record of 29 wins and 4 losses for the day, the end result was a rating change of 56 points lost. Since the team rating was considerably higher than one of the personal ratings on the team, they found themselves playing in the 1500 bracket.
Square/Enix's anti-RMT task force reports in
Once again the crack team at Square/Enix dedicated to hunting down and eradicating the gold farmer has reported in. Final Fantasy XI has a particularly troublesome RMT problem, making communication to the playerbase on the issue critical. Recent reports have focused on strong initiatives with targeted crackdowns and mass bannings.This latest post to the official FFXI site is really more of a status update, keeping players abreast of the most recent areas of concern. For example, the ever-present problem of hacked accounts and stolen items has been on the task force's mind for some time now. Thanks to recent changes, re-obtaining items should be a much faster process. As for particular activities, they're keeping a close watch on fish farming, the abusive hunting of Notorious Monsters, and "enhanced character movement" exploits; ie: speedhacking. The update also takes note of a few questions that have been directed to the team of late; full details are available on the site.
Age of Conan: Senior CSR responds to the recent mass banning
Customer service in MMOGs leaves a lot to be desired. Normally you get a ticket, and you wait with ticket in mind, and your issue normally isn't resolved until your mind is lost. The petty bug that caused an item to disappear or quest reward isn't unheard of in EverQuest or World of Warcraft, but what about the larger exploitations like duping? Exploitation that involves players amassing an inordinate amount of items or gold in a relatively short amount of time requires prompt action before severe damage is caused. Not long after launch day, Age of Conan, fell victim to such exploits. One involved the Demonologist class and leveling, and the other was a severe duping exploit via the trader system. Funcom is now under scrutiny for their handling of the situation. In many cases, Funcom opted to ban now, and suspend players for investigatory purposes before determining the final outcome. The aftermath from their decision had players crying foul, claiming that they did nothing wrong. In this interview with Ten Ton Hammer, the Senior Customer Service & QA Manager for Age of Conan explains the situation and admits that some suspended accounts were free from any illicit activity and reinstated. Some players are still awaiting word on their fate.How do you think Funcom is handling the situation?
Age of Conan update re-adds Traders, fixes another leveling exploit
So far there have been two major updates to Funcom's still-new Age of Conan. The third has re-added a much-missed feature: the Trader. Traders are a combination bank, auction house, and mailbox. If you haven't yet had the chance to use them, all you have to do is drop your wares into the bank and set the item as 'for sale'. There's no option to do a traditional auction; other players can purchase your items at the price you list, or not. Additional tweaks to the game correct a leveling exploit formerly available via the apprenticing system, correct a few class ability issues, and smooth out a number of UI issues. Interestingly, Bear Shamans have had a number of abilities moved to an earlier level, correcting a bug where class representatives weren't getting certain spells at all. For the full notes, read on below the cut.%Gallery-9836%
AoC Demonologist exploit fixed in recent patch
How long has Age of Conan been out? Like 3 hours? Okay, it's been a week, but still. Players have already discovered a way to exploit a bug and powerlevel their Demonologists to level 80 in that brief time. This is both a testament to the genius of MMO players, and a sign of our complete lack of anything better to do. Apparently, the problem lied in the player's ability to stack certain spells repeatedly and insta-kill mobs. The first person to claim this feat reportedly posted screenshots, a movie and several emails to the GMs explaining his procedure, in hopes of getting it fixed soon. He claims it took him 4 days and 12 hours of in-game time to reach level 80.So now that we have this update fixed by Funcom, the real question is, what will they do with those who exploited the bug and have level 80 Demonologists running around already? Should they delete those characters, bump them down a few levels, or resort to something more severe like temporary or permanent account banning? I'm sure not all players who are level 80, or even in that vicinity have exploited this bug, so it will be interesting to see how Funcom decides to handle this one.
Hellgate: London giveths and takeths away
Flagship Studios announced some changes to Hellgate: London in the form of Patch 1.3b, which should resolve issues with the ill-fated Patch 1.3a. Indeed, the month of May has turned out to be HellPatch: London for Flagship and HG: L fans, with the patches even being patched. Some players who logged into the Test Server recently found that their characters were gone and, fearing the worst, assumed (incorrectly) that a character wipe had taken place. This was not the case at all; a Test Center database crash was the culprit, and a restore from backup solved the issue. Now that the updated patch has been rolled out, nightly restarts of the live servers have ceased, as of May 20th. The reboots were a precaution to prevent server instability while issues were being resolved. A notable change in Patch 1.3b is that HG: L now blocks non-subscribers from party portaling into subscriber-only areas. Although this change will likely disappoint the gamers who play for free, a quest NPC previously available only to paying players is now available to non-subs. Whether or not this balances the scales for the non-subs remains to be seen, but portaling into restricted areas would seem to be an exploit. The other changes and fixes in Patch 1.3b are numerous, and affect non-subscribers and subscribers alike. The complete breakdown is found after the jump:
Vigilante Meridian 59 players wage war against pirate servers
Meridian 59 is a game with a pirate problem. A while back, the server source code leaked onto the internet and seedy players began hosting their own servers without subscription fees. Pirate servers are a problem for many MMOs, but because of M59's comparatively small scale, it has a lot more to lose to the trend.Amidst these troubles, some M59 players can be quite loyal. Case in point: the blog of game developer Patrick Rogers tells the story of two former M59 players hacking into a pirate server and mass-killing all its residents with powerful admin commands. The vigilantes hoped to make life (and death) on the pirate servers as unpleasant as possible so as to encourage the residents to migrate to the legitimate servers hosted by Near Death Studios. That's not the most amazing bit, though.
The World of Warcraft bot-killer exploit
Tired of gold spammers clogging up the bank square in Stormwind? Lots of other World of Warcraft players feel the same way and have (apparently) found a way to deal with this issue firsthand. The site TechnoLlama notes a technique where Shamans can kill off the Level 1 goldspammer bots, despite being a part of the same faction. By logging off just a moment before their Fire Nova totem detonates, it essentially turns the explosive device into an unaligned item. When it goes off, it does damage to everyone around it regardless of faction. Even a level 70 totem doesn't do that much to your average player. The damage done is more than enough to kill a level 1 spambot, though. All of this is outlined in a post to the official WoW forums. It's (of course) been deleted, but it can be viewed in whole via Google cache. This unique post and discussion was highlighted by the commentary site Terra Nova. Commenter Greg Lastowka notes that this is a unique response from a fed-up player community. He ties it back to a previous discussion on the site about appropriate levels of RMT control.What do you think? Should players be allowed to "take the law into their own hands" when it comes to gold spammers?
