exploit
Latest
Refurbished iPhones are an excellent source of previous users' data
It looks like you might have to think twice before flipping that old iPhone on eBay when the 3G version finally hits -- it appears that restoring the phone doesn't actually erase the contents of the flash, meaning that your data is available to anyone with the proper tools until it's overwritten. Making matters worse, it appears that Apple doesn't do a low-level format when refurbishing iPhones either -- an Oregon State Police detective was able to use forensic software to pull files, emails, and screenshots off an out-of-the-box refurbished iPhone. This actually shouldn't be surprising to anyone -- we've seen several utilities that access "deleted" portions of storage -- but since Apple doesn't provide users direct access to the iPhone's filesystem, it's basically impossible to clear your personal data off the device short of restoring and filling the disk with junk data. Hopefully iPhone 2.0's Exchange-based "remote wipe" feature is a bit more secure, eh?[Via TUAW]
MMOGology: Attack of the bots
A few weeks ago Tateru Nino wrote a great piece about the use of bots in Second Life as marketing tools to make virtual worlds feel less lonely and appear more populated than they actually are. The article got me thinking about the use of bots in games and the many purposes they serve, not only as virtual avatars, but more frequently as tools used by players to assist them with everyday tasks.So what exactly is a bot? Although bot is short for robot we're not talking about Tom Servo or Crow T. Robot from Mystery Science Theater 3000 (although I guess technically they're puppets). Bots are programs with some level of artificial intelligence that are typically created to automate mundane tasks otherwise performed by a human. At their finest, they are tools that help make a gaming experience more enjoyable by streamlining our gameplay, providing us with useful information, or automating otherwise irksome tasks. At their worst, bots are exploits used by hackers to grind through a game while the player is away from their keyboards. For the purposes of today's article, I'll be referring to the "legal" variety.Even if a bot is perfectly legal to use and is not technically exploiting the game, it's still automating tasks you'd otherwise be performing yourself. When we're talking about playing video games, if a bot is doing some of the "gaming" for us, then what exactly are we doing? In automating some of the hum-drum tasks of a game has something of the fun or challenge been lost; or, do bots just help us get to the parts of the game that are fun and challenging?
Player vs. Everything: Pointless mini-zones
How pointless are so-called "pointless mini-zones," really? Michael did a post the other day which examined the history of a zone in EverQuest called Surefall Glade. Hitting his links gave me a nice little walk down memory lane -- I have fond memories of Surefall, being an old-school EQ fan who cut his teeth in Qeynos Hills, back in the day. There really isn't all that much to the zone, though. It's like the article says: a cabin, a lake, an archery range, and a few hidden caves with some bears. There's nothing to do but raise your fletching skill, and nothing to kill that's worth killing. Eventually they added some stuff to it, but it was still never anything more than a small, transitional town. Surefall was the essence of a pointless mini-zone: Most players never had any compelling reason to go there. Still, did it add something to the game with its mere presence? Like Moonglade in World of Warcraft, you could argue that it was kind of a neat place for players to discover and hang out. We get so focused on the "content" of these games that sometimes we forget that exploring a new zone you've never seen before, even if there's really nothing to do there, is content in its own right. Besides, does every single zone in our MMOGs have to be a big quest hub tied to a specific zone? Can't some places just be places?
Player vs. Everything: Exploits are fun
Pretty much everyone knows that "exploit" is a dirty word. An exploit in an MMOG is anything that lets you work outside of the established rules of the game to do something that you couldn't normally do, usually in a way that lets you bypass or defeat content more easily than you're supposed to be able to. Finding a way to jump the fence before Arathi Basin actually starts is an exploit. Purposely glitching trash mobs into walls so that you can walk past them to a raid boss is an exploit. Killing a monster from a position where they're totally unable to hurt you is an exploit. In PvP gameplay, exploits are the kiss of death -- they break the game and make things totally unfun, because one player is cheating at the game. But is that necessarily the case for PvE gameplay? I'm not so sure. The commonest way to avoid players using exploits to kill monsters is that when a monster decides that a player is jerking it around too much (and is able to damage it without being hurt themselves), the monster just starts evading and goes back to its starting point. It's the virtual NPC equivalent of saying, "Fine, you don't want to play fair? I'm going home." But that mechanic misses an important consideration -- it's kind of fun to find and use ways to exploit mobs.
A bug by any other name
When is a bug not really a bug? This is the conundrum that was recently addressed over at The Many Relms of Relmstein blog. Apparently, WoW's Patch 2.4 had introduced a bug that prevented players from taking advantage of an exploit with pre-made teams in battlegrounds. It allowed pre-made teams to send out a scout to determine who they'd be battling next. As you can imagine, this is causing some unfair advantages between the two factions. But Blizzard quickly remedied that new bug, which in turn reintroduced the original exploit. Read more about the details of this ongoing battlegrounds exploit over at Relmstein's blog.
PWN 2 OWN over: MacBook Air gets seized in 2 minutes flat
And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Air on display who its father really was. Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer, as about 20 onlookers [read: unashamed nerds] cheered him on." Of note, contestants could only use software that came pre-loaded on the OS, so obviously it was Safari that fell victim here. Nevertheless, he was forced to sign a nondisclosure agreement that'll keep him quiet until "TippingPoint can notify the vendor," but at least he'll have $10,000 and a new laptop to cuddle with during his silent spell.
Exploit or not?
I was scanning the internets for my nefarious purposes (I was bored. Yes, nefarious boredom.) when I came upon this thread in the Dungeons and Raids forum. While the discussion is not particularly polite, it seems poster Selenae of Mannoroth would like to know if a particular method of killing Archimonde is considered an exploit or not. From watching the video and reading the various posts, it seems that the method in question is to cluster on a hilltop in order to avoid having to deal with Doomfires. Now, I'm not sure if it means that they get Air Bursted more this way or not... to be honest, I could barely watch the video, the cluttered UI made my eyes hurt.Some posters seem to be of the opinion that this is 'cheesing' the encounter, while others compare it to ducking behind the pillars on Talon King Ikiss or ducking below the water to avoid spouts on The Lurker Below. So i put it to you, dear readers: when is terrain use 'creative use of game mechanics' and when is it an exploit? In the case of the Archimonde encounter, is not having to worry about the fear/doomfire combination really that big a deal? Or is the exploit inherent in the removal of the doomfire from the encounter entirely? Go ahead, discuss, mix it up, the comments await you.
Queue dodging: The latest in underhanded arena tactics
The arenas have been a nearly constant source of conflict for many players. It seems that many creative schemes have been used to inflate ratings in the pursuit of gear and glory. The developers implemented personal ratings to combat ill-gotten gains from a single slot buyouts and high-rated team sales. It seems that the latest fad for ratings boost may be queue dodging. Recently, Kenjiwing of Korgath brought this phenomenon to the attention of the official forums. There is currently no penalty for a team that fails to join an arena battle once the queue pops. The team that actually does show receives no reward and the match is recoded as a draw, which does not count toward the requisite games for the week. They are left to wait for another battle in hopes that the other team will show.
Twilight Princess exploit leads to explosion of Wii hacks
Hacking your Wii to play Pong is one thing, but the recently-revealed Twilight Princess exploit allows all sorts of unsigned code to run natively on the Wii. Homebrew developers are already starting to take advantage, releasing a bunch of interesting and/or useful unauthorized programs for Nintendo's little white box. Among them: Linux for Wii - Coming next: Linux on your toaster MP3 player - Just in case you don't like the crappy one included in the Photo Channel. SNES emulator - Who needs the Virtual Console when you can just steal ROMs of your fave SNES games? Wii Tetris - So much cooler than Pong. No, you shut up! Still no public announcement from Nintendo in reaction to the exploit, though given their recent aggressive pursuit of game pirates, you can expect a PSP-style battle of the firmwares to start any day now.[Thanks to reader Craig for many of these links]
Silver tabbies as far as the eye can see
Thanks to tipster Enaress, we have a short video of an amusing (albeit potentially annoying) exploit ingame that allows you to summon an unlimited number of noncombat pets. From the date on the video, it looks as if this has been live since at least patch 2.3.0,and a few of the commenters have successfully tried it for themselves. A note of warning: be careful if you do this, as dropping out of sync with Blizzard's servers can definitely be considered an exploit, and, at Blizzard's discretion, could get you banned from the game. Odds are a fix is already en route.I have to admit, I was amused at the prospect of having my small army of pets out and about, but from what Enaress has observed, doing this does have a tendency to contribute to the lag in Shattrath (which seems to be especially noticeable with complicated pets like Lil' Smoky). I don't think I'd try it for myself; Shatt can be bad enough during server high time. But there's something about the notion of my Druid as a dedicated cat-herder or, say, an Undead being followed by a swarm of cockroaches, that just made me laugh.One more thing; would the Disgusting Oozeling's aura stack, you think?%Gallery-16869%
Wii Tetris: homebrew edition
If that unplayable version of Pong we saw for the Wii wasn't quite doing it for you, you 'll be happy to know that homebrewer Christian Auby (aka DesktopMan) has just hit the next stage in evolution: Tetris. That's right, you can now get a fully functioning version of the puzzler running on your Wii, thanks to that handy Twilight Princess hack, and what was probably a gargantuan amount of work on Auby's part. The game loads from the GameCube memory slot (using an SD adapter) out of Twilight Princess, but after the hack has been engaged you can jump back to the loader to pull something new off of a card, which should make experimenting a little bit easier. Check the video after the break to see how it all works.[Thanks, Craig]
Super Glitch Bros. Brawl
var digg_url = 'http://www.digg.com/nintendo/Get_your_glitch_on_in_Super_Smash_Bros_Brawl'; Well, that was fast. Turns out, some have already found a pretty big glitch in Super Smash Bros. Brawl. While we'll say it involves a certain character (not the one pictured above) on a certain stage, we won't ruin anything else for you. Those looking to stay pure from all of the spoilers that are on the net for Super Smash Bros. Brawl might want to avoid the area past the break.You've been warned.%Gallery-3347%
Wii Pong: the Twilight Princess hack evolves
Those hackers work fast. Two days ago, we saw a demo of the Zelda: Twilight Princess exploit, which allowed for the possibility of Nintendo's Wii to boot homebrew code off of SD cards via stack smashing (buffer overflow). Now a clever coder named Auby has gone ahead and extended the hack to load an ELF version of Pong which was originally coded for the GameCube. Right now the controls aren't functioning, but it appears that this is a work in progress, so we should be seeing updates to it soon. Check the video after the break to watch the breathtaking drama unfold.[Thanks, Craig]
New iPhone and iPod touch Safari exploit discovered
It's difficult to tell if this is just a little fear-mongering, or cause for real concern, but it looks like there's another iPhone / touch exploit out there lurking on the unseen horizons of those device's browsers. According to reports, a memory exploit -- similar to the previously-patched TIFF exploit -- has been discovered which affects units with firmware 1.0.2 all the way up to 1.1.3, thus carrying over to new 16GB iPhones and 32GB touches. Apparently, all you have to do is browse over to a site containing the malicious code, and it triggers a memory-exhausting script which causes the phone or iPod to crash. At this point, it doesn't appear to be anything more than a nuisance which can be easily circumvented by disabling JavaScript for Safari, though that hardly qualifies as a fix. To date, Apple hasn't issued a patch for the problem, but keep in mind it's only been a known issue since January 24th.[Via iPhone World]
Oh Noes!!!1!1!1one: I've been hax0red!
On Saturday night I noticed a guildie acting strangely. He kept switching between characters and wouldn't respond to tells from even his closest friends in the guild. Concerned about him, we gave him a call... on the phone, to see what was up. You guessed it, he was nowhere near his computer at the time. He went to log in and found his password was changed. Unfortunately, he had also forgotten the correct response to his secret question "What is your favorite activity?" The hacker kept running in and out of the Shadow Labyrinth. I checked the customer service forums and found that this was common behavior among hackers. Either there is an exploit in that instance, or hackers just really enjoy hanging out with Blackheart the Inciter. I'm leaning toward the latter.
Blizzard cracks down on Arena pet naming exploit
Jagoex over at Warlock Therapy dropped us a note that Blizzard says they'll crack down on Arena fighting Hunters who name their pets after their Arena partners. Apparently some of the higher end Arena players will create macros to target certain opponents in the Arena (though I'm not sure if this is just because they constantly face the same people or because they create the macros quick while waiting for the match to start). And if a sneaky Arena Hunter names his or her pet the same name as the priest on their team, the macro will target the closest target with that name (usually the pet).Blizzard says no dice to that-- though Jago isn't clear how they'll enforce it (and we're not, either), they say that if they find a Hunter naming his pet the same thing as an Arena team member, the pet's name will be forcibly changed. Of course, using macros in the first place is pretty wily-- I could see an argument that if you choose to use macros, then you also choose to realize that they might not work all the time. But Blizzard has spoken, thus it shall be.
Security exploit bricks HP and Compaq laptops
A Polish security researcher calling himself porkythepig is apparently gunning hard for HP this month, first exposing a slew of vulnerabilities that affected 83 different HP and Compaq models ten days ago, and today releasing an exploit that allows an attacker to brick any HP or Compaq laptop. The 'sploit takes advantage of a vulnerable ActiveX control in HP's Software Update, allowing a hacker to easily corrupt Windows kernel files, or even take control of the machine with a little more effort. Porkythepig says the bug affects HP and Compaq laptops running Windows 2000, XP, Server 2003 and Vista, and that simply disabling the Software Update mechanism may not prevent attackers from taking advantage of the vulnerability. Even still, those of you out there running HP / Compaq machines may want take a second to shut down Software Update until HP issues a patch.Update: Wow, we didn't realize how seriously everyone took their slang. For what it's worth, the definition of "bricked" has caused some amusingly serious discussion amongst Engadget editors today, and most agree that it should mean "dead beyond all repair" -- except for Nilay, who keeps stubbornly saying that people "un-brick" devices all the time. We'll stick to the most common definition for now, so no, this exploit didn't "brick" anything.[Via Slashdot]
Apple releases QuickTime patch to close exploit
Two weeks ago, Second Life users were warned of a flaw in QuickTime that allowed carefully crafted QuickTime datastreams and file headers to access their accounts through the viewer, and could potentially be used to steal items and Linden Dollars. The flaw was in QuickTime itself and was usable to compromise a wide variety of software unless you disabled or uninstalled QuickTime to prevent it running. A few hours ago, Apple finally dropped a new version of QuickTime (version 7.3.1) which fixes these exploit issues. Whether you use Second Life or not, if you have QuickTime installed on your machine you should get the update without delay.
There is no summoning in the Zul'Aman room... yet
Tried summoning within Zul'Aman lately? If you have, you may have noticed that since yesterday's maintenance, it's a no go. Tigole confirms that summoning within Zul'Aman has been disabled due to an exploit (although we haven't heard what the exploit was-- it may have been something to do with the timer quests). It should be re-enabled soon.And he says something else that summoners everywhere will be extremely happy to hear. Blizzard is planning to enable summoning from within instances to anywhere else in the world. No longer will you have to wait for that extra healer or that battleground PvPer to make it all the way into the instance before you can summon them and the get the raid started-- after this gets implemented, you'll be able to summon people to the instance (with a Warlock, of course), directly from anywhere else they are in Azeroth.Huge change, and definitely will help not only raids to get started on time, but substitutions to join raids quickly as well. Not summoning in Zul'Aman now is a small price to pay for that update, which may come (Tigole says they're still working out the kinks) as soon as patch 2.4.
Sword of the Nude World
You type in your username and password on the logon screen, the game loads, and you see your character... in the buff. No, you haven't been hit by a keylogger-- if you're playing Granado Espada (a Korean MMO known as Sword of the New World in North America), then odds are you got hit by some kind of weird hack or hoax. Apparently, players logged out of the server on October 20th, and then logged back in to find their characters naked (NSFW, even though pics are blurred), complete with.. umm.. anatomically correct graphics.How incredibly strange. Random Battle suspects that it's a hoax of some kind, but changes like that have to come server side, so either a player was able to dial into the server and change models somehow, or a wayward mod messed with something as a joke. IMC Games, the game's maker, is reportedly looking into the incident. In other news, Sword of the New World's subscription rate among males has skyrocketed. Go figure.
