exploits
Latest
WikiLeaks CIA cache: Fool me once
This week's poorly conceived distraction from Trump and Putin sittin' in a tree was brought to us by WikiLeaks, which dumped 8,761 documents of the CIA's hacking arsenal online for all to see. The leak factory didn't even bother trying to play coy -- it actually made the "Vault 7" password an anti-CIA JFK quote about destroying the agency. Hilarity ensued. Well, if you think it's funny when the press parrots WikiLeaks' misleading claims wrapped in PR spin.
Apple says it's already patched 'many' Wikileaks iOS exploits
Less than 24 hours ago, Wikileaks published a large cache of documents detailing top secret CIA operations conducted by its Center for Cyber Intelligence. Included in the 8,761 documents and files, referred to was Vault 7, are references to zero-day exploits that were reportedly being used to track and control iPhones but also Android phones and Samsung smart TVs. While the authenticity of some of Wikileaks' claims are still in question, Apple has confirmed that some of the threats towards its mobile operating system are very real. In a move to reassure customers, the company issued a statement noting that it has already taken steps to patch "many" of the 14 iOS vulnerabilities listed and is working to "rapidly address" the rest.
New Android exploit can hack any handset in one shot
Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. Quihoo 360 researcher Guang Gong demonstrated the vulnerability to the PSN2OWN panel at the PacSec conference in Tokyo yesterday. While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.
Samsung announces a fix for wide-reaching Galaxy keyboard exploit
Samsung is finally responding to a major security bug that affects the keyboards on its Galaxy smartphones and tablets. The security firm NowSecure revealed the exploit earlier this week, which gives hackers the ability to execute code on Samsung's mobile devices. Today, Samsung announced that it's issuing a fix to its mobile security policies over the next few days. The company also stressed that it didn't think the exploit wasn't much of a threat, since it required a hacker being on an unsecured network with your phone. Also, the company's Knox security software offers kernel protection to prevent malicious code from running. Still, this isn't the sort of exploit any company can ignore, especially when a research firm has already detailed exactly how it works.
Google now rewards Chrome bug hunters all year round
One way to reduce the number of bugs or exploits in your software is to throw it open to some of the best and most devious minds in the industry and ask them to pull it apart. That's what Google has done with its annual Pwnium conference, where it's rewarded researchers with millions of dollars in Chrome-based security bounties. However, the search giant has decided now is the time to do things a little differently. As of this week, the Pwnium competition is shifting from an annual affair to a "year round, worldwide opportunity for security researchers."
H1Z1 suffers overnight downtime, whispers of server wipes [Updated]
It's not an easy time to be playing H1Z1 right now, especially since you sort of can't. The game's servers went down last night for a quick fix, according to Sony Online Entertainment president John Smedley; they've been down since, with players getting increasingly vocal and anxious about what comes next. No further updates have come from the company after Smedley's assurance that there are issues to be fixed that cannot be solved simply by rolling back to the previous patch. Once players can get back in to the game, there may very well be a server wipe greeting them (a possibility suggested by the technical director), although perks like tickets, crates, and cosmetic recipes will not be lost in the event of a server wipe. SOE has promised to give plenty of notice before taking such drastic measures. Players are divided on whether this is a good thing or not, although widespread reports of item duping sit at the root of the issue. There's still no ETA on when the servers will be back online or what will be fixed when they come back up, but players could be looking at a very different environment. [Update: Servers appear to be up again now. SOE has said that the promised European servers are still incoming: "getting MORE servers, still calculating what we can fit."]
Path of Exile unholsters the banhammer for cheaters
The team behind Path of Exile has been pretty forgiving up to this point. Players have been a bit more commonly warned that there will be penalties if they're cheating. But that's over now. The latest race season has finished, and players who were found to have cheated have been given a grand total of no rewards even if they were technically eligible. Nearly 4,000 players will log in to find a warning to disable any cheats they have running before they get banned. From this point forward, any incidents with cheating software will result in a ban, end of discussion. This is true even if the player in question argues that the cheat was being used for quality-of-life purposes; those issues will be addressed in the future and don't justify cheating. Players are reminded that they are allowed to run tools that don't require the client to be running and single-action hotkeys without a problem, so don't worry about being punished just for having Fraps in the background. Just... don't cheat.
Hyperspace Beacon: Handling SWTOR exploits
On this week's Hyperspace Beacon, I'd like to discuss the exploit issues that have popped up in Star Wars: The Old Republic as of late. Admittedly, the widespread exploit that SWTOR recently experienced wasn't gamebreaking, and it certainly didn't fracture the economy as exploits in other games have. In fact, I don't even think that a rollback or anything severe was even considered for this particular exploit. However, the community team mentioned some things in its handling of the situation that made me wonder about exploits and cheats that violate the intent of the game designers. I don't know that I will have all the answers in regard to how to handle specific situations, but I really intend for this to be a conversation starter. I want to read your thoughts in the comments.
Elite: Dangerous rolls back decision on billionaire rollback
There was a bit of a to-do recently about money in Elite: Dangerous. A bug caused numerous players to receive a credit "refund" that wound up making them instant billionaires, which might have had some long-term ramifications for anyone who had hoped to actually play in the sandbox economy in the future. While the developers had initially opted against wide-scale rollbacks, asking instead for affected players to choose whether to be rolled back or not, that decision has been reversed. Unexpected billionaires will find all of their bug-gotten gains rolled back and removed, with the development team contacting those affected personally to make sure that nothing legitimate gets caught in the crossfire. Meanwhile, players who found a way to exploit the game explicitly will also see their gains removed. So those who were hoping for rollbacks in the wake of these issues will be happy; those happy with billions of credits for no real effort will be... less happy. [Thanks to Cotic for the tip!]
Black Desert Korean OBT exploits lead to permabans
If you were hoping for an exploit-free experience when Korean sandbox import Black Desert heads west, you may still get it. But you may not, if Steparu's recent experience in the game's K-OBT is any indication. Problems include a buy-back dupe, mob kills that gave abnormal amounts of experience, and "something with the shop." Steparu also reports that developer Pearl Abyss and publisher Daum have permabanned serious offenders and deleted ill-gotten gains from "light abusers."
Hartsman addresses ArcheAge APEX exploit: 'There isn't a dupe bug'
ArcheAge has been having a bit of trouble with bugs and exploits since its launch, if you haven't noticed. Trion Worlds head Scott Hartsman has weighed in on the APEX bug that has been affecting the game; specifically, he's said that the bug is not a dupe bug. Players were rather upset as soon as this announcement was made, pointing out that the bug is a known issue that has been affecting the game and the playerbase since it was first discovered. Community manager Evan "Scapes" Berman clarified that the bug in question is not, strictly speaking, a dupe bug; rather than duplicating an item multiple times, the bug was allowing players to continue to reap the benefits of an item without consuming it as intended. APEX are still unavailable as more hotfixes are put into place to prevent further abuse of exploits, with action already being taken to both patch out the issue and remove funds accumulated by abuses of the exploit.
Economy exploits plague ArcheAge [Updated]
If you were hoping that this would be the week in which there were no stories of ArcheAge bugs or exploits hitting the news, we're sorry to say that reality has dashed your hopes. Players are reporting numerous exploits hitting the game, some of which have been publicly detailed on the game's subreddit, such as a method to force the game to offer specific loot when random boxes are opened. The exploits are being investigated and will be rolled back illegal character gains will be reversed if discovered, according to Trion Worlds. Further posts clarify that players who were unknowingly involved in these exploits (through the Marketplace or simple dumb luck) will not be targeted, although players are advised to use caution in their dealings and avoid obviously suspicious deals. [Thanks to squidgod2000 and Thunder for the tips! Our original story conflated the words rollback and reversal. Trion Worlds has told us that server rollbacks are not on the table. The studio says it will reverse characters found to have knowingly benefited from the exploit. The marketplace has been taken offline while the exploit investigation continues.]
Blizzard issues thousands (more) Hearthstone bot bans
Good news, Hearthstone players. If you've been using a bot to automate your gameplay, you'll log in today to find a shiny new prize! Specifically, that shiny new prize is not being able to log in because you've been banned. Your prize was being banned. Blizzard has awarded this prize to "several thousand" Hearthstone accounts using third-party tools to automate gameplay; the bans are permanent, so no need to worry about losing them at the end of the season. Players who have not been botting and violating the game's TOS will also log in to find a shiny new prize, which is a play environment with far fewer bots. Isn't that nice? The official post reminds players to report suspicious behavior by emailing the development team so that in the future another group of cheaters can wake up to find a brand-new lifetime ban locking them out of the game. Those of you who can still log in may also want to take the opportunity to vote on the next teaser for the Goblins vs. Gnomes expansion. [Thanks to Dengar for the tip!]
An ArcheAge player found a way to kill the servers at will
It's never a good day when you see players on the forums boasting about causing server crashes. In nearly every single case, it's a matter of someone bragging about doing something with no actual proof as a bit of pointless ego boosting. What's worse, of course, is when a player posts about causing a crash and claiming it can be replicated... and then proceeds to do exactly that, demonstrating that the server can be crashed at will. This is apparently what happened to ArcheAge. User ArchegeDown posted a thread on the forums on Friday, stating that a specific bug was responsible for bringing down the servers and that it needed to be fixed. To prove these claims, the user caused two more server crashes at scheduled times, demonstrating the ability, with the stated intent being to simply get Trion's attention. The thread is currently locked, but it's possible that subsequent server crashes are a result of other players discovering the same method of inciting a server crash. [Thanks to xpactor and Matt for the tip!]
Star Trek Online restores players flagged for exploits
Star Trek Online recently launched a new expansion with a level cap bump, and unfortunately some people decided to quickly exploit the mechanics to race up to the renewed level cap via exploits. Unfortunate, but not totally surprising. Cryptic Studios, needless to say, rolled back the gains made by those players. Unfortunately, as can happen, a few innocent players were caught in the crossfire, but what can you do about that? Well, in this case you can re-examine players who were erroneously rolled back and restore their points. Producer Stephen D'Angelo made a post on the official forums stating that instead of trying to make another adjustment, all players will have the points that were removed restored to them. So it's back to how things were before, and if you lost out on points through no real fault of your own, you have them back. Or even if it was through direct fault of your own. [Thanks to Some_Guy for the tip!]
Turns out Blizzard found more Hearthstone cheaters to ban
Earlier this week, Blizzard banned "several thousand" botter accounts in MMOTCG Hearthstone for the crime of botting. But the bans were only temporary, and the problem players will be back in the game by the turn of the year. The subjects of a new wave of bans, says Blizzard, won't be let off so easily. Community Manager Whirthun told forumgoers last night that win traders have and will continue to be banned -- permanently: We've recently banned Hearthstone accounts that were found to be participating in win trading. Win trading at any rank is something that we do not take lightly, and is in violation of our Terms of Use. As we mentioned in our previous statement regarding fair play in Hearthstone, instances of cheating will not be tolerated. Accounts that were discovered participating in win trading have received permanent account closure and disqualification from events where ranking is used as a method of qualification. Win trading is an exploit of the matchmaking system to position accounts for easy ladder climbing. PC Gamer reports that several big-name Hearthstone players have already fallen to the ban, including a grey hat player who went public with the exploit nearly a year ago in the hopes of provoking Blizzard to fix it.
Star Trek Online tackles power-leveling exploit
Star Trek Online Executive Producer Stephen D'Angelo has given players a rare explanation about a power-leveling exploit that some players had been using and the difficulty the team had in dealing with it. The exploit took place on certain maps and allowed players to advance 17 times faster than normal. D'Angelo said that only around 250 players were engaging in these actions and that "intensive data analysis" was used by the team to determine who was abusing the exploit on purpose and who had accidentally triggered it. "I'm certain that at least some of the players feel they were acting in the right," D'Angelo wrote, "that errors the dev team makes should be fair game. There are likely some others who feel that I drew the line in the wrong place, either too high or too low. It is challenging to walk the line between protecting the playe base that wants the game to be fair, and allowing players to be efficient and 'game the game.'"
ArcheAge's Hartsman: 'We're banning about 5K a day'
Trion CEO Scott Hartsman took to Twitter today to address concerns over botting and economy-destroying exploits in ArcheAge. He says that some of the shenanigans making the rounds on Reddit are legit and are "on XL's plate for fixing," though "much of it is false forum bragging." He also says that Trion is banning five thousand bots per day and has "dozens of people here working on this very thing."
Destiny player jumps into the game's DLC regions
Do you want to start exploring Destiny's second expansion region? Don't start fretting about tiny details like not having it installed or the fact that it's not out yet. You can go there right now! A video by YouTube user Nowise10 is embedded just past the break and details the exact sequence of jumps needed to climb up some scaffolding, hop into a gravity lift, and wind up coming out in an area that the developers certainly didn't intend for players to explore just yet. Lest you get overly excited, the game does note that you do not have the DLC, and the area is absent of most everything you'd want to find in the region aside from a handful of dead ghosts. If you're the sort to go spelunking before an area is officially released, however, take a look at the video and enjoy a bit of acrobatic exploration.
Hyperspace Beacon: Exploits and SWTOR_Miner
Over the last couple of years, the Star Wars: The Old Republic community has changed. I believe it's matured. We changed from a community that wants everything yesterday to one that understands timetables but is still very interested in what's coming next. When we hear about the next storyline, we want to see how that's going to fit with everything that came before. Originally, I wanted to talk to the king of predicting the future of the game, SWTOR_Miner, about where the game is headed and what hidden secrets are in the client files. However, last week something happened that redirected my thinking. Late last Monday night, Miner posted on Twitter, "Just got word that @SWTOR is cutting ties with fan sites that have dealings with me. Guess I won't be coming in from the cold." Of course, the whole community went bug-eyed, wondering what exactly had happened. So when I sat down to talk to SWTOR_Miner, the only thing I wanted to talk about was what's going on?
