Possible Security Risk In Some Ubisoft PC Games ???
you just have to install ANY DRMed Ubisoft game to be unsafe right away (same goes for Origin)
Comment has been collapsed.
must DRM work in windows ring 0 level so, no, I was not fooling around. think of it as installing a rootkit.
Comment has been collapsed.
to be honest I was thinking more about SecuROM and Tages while commenting)
about origin... use wireshark or some sniffer and amaze yourself (oh! and use some process viewer and lock it on origin :D)
and I accept steam as DRM (only exception) as it is not satanic like many others
Comment has been collapsed.
that is good news, I guess the german ban, which leads automatically to an european ban, paid off, I'd not use other version than germany one anyway, even if german is my 5th language.
in the news: http://www.youtube.com/watch?v=01Gdr0DP5Mk
if you don't understand german, the EULA states you allow them to grab your hardware and software information (hence the banhammer) AND SENDING IT to their marketing partners, it is illegal to use it as a spyware, and you have security experts confirming it on the news
origin grabbing your personnal info: http://www.youtube.com/watch?v=6lGUOFjMuQA
as you can see in the latter it grabs which disease you have and sexual orientation the player have and also skype info, you can find dozens of youtube videos of origin sniffing all your machine
so from your tests, and I see you are no LOLcat, it seems EA started using their heads, as I said, good news!
Comment has been collapsed.
another epic fail DRM :)
http://en.wikipedia.org/wiki/Sony%5fBMG%5fcopy%5fprotection%5frootkit%5fscandal
Comment has been collapsed.
I clearly felt that already the way you took the conversation hehe, I am not a nazi DRM hater either, people do what they want to do, but some DRM -are- satanic (too bad because I'd buy the games :) and they should inform themselves about what they are installing
Comment has been collapsed.
This Torrentfreak article mentions the name of the person, who found the vulnerability.
Comment has been collapsed.
sighs From what I can gather, once I've disabled the plugins, I'm safe and can keep playing AC2, right?
Comment has been collapsed.
Heh, only Ubisoft game I have that's on that list I didn't even know uses Uplay cause I haven't even installed it. I just got it as part of a bundle. Still, just to be safe I checked to see if I had the stuffs on my computer and I didn't so yay.
Comment has been collapsed.
Anyone happen to have a contact e-mail address for Ubisoft? I scanned their website and couldn't find anything. As one of the shrinking group of PC users who was (reluctantly) not boycotting them before this news broke, I'd like to share my displeasure with them. Not that it's likely to make a difference, but whatever.
Comment has been collapsed.
"There are reports on the Ubi forums that Uplay has been updated to version 2.04, which if the commenter is accurate bears the note “‘Fix addressing browser plugin. Plugin now only able to open uPlay application.” If your Uplay hasn’t/won’t update to version 2.04, I’d get rid of it and its plugin for now. To be honest I’d get rid of the plugin regardless, until we’re sure the problem’s been resolved."
Comment has been collapsed.
From what I've read, it is essentially a rootkit, although it doesn't appear as though that was the intention. The plugin itself is coded really poorly. In essence they wanted you to be able to launch games from a browser, but didn't put anything in to prevent websites from launching other programs.
I imagine they'll have a quick fix out in a few days, but unfortunately the damage from negative publicity has already started. At least it won't be as bad as Sony's rootkit years ago.
Comment has been collapsed.
There's literally hundreds of vendors who managed to implement their own pseudo-protocol for that, especially if it concerns playing on multiplayer-servers. None of them uses a browser addon D; For example: steam://run/<game>
Start Sanctum - open steam://run/91600 in a browser.
Comment has been collapsed.
I was just stating that as far as rootkits are concerned, this would be classed as one which means they're potentially facing a backlash like Sony received.
The fact that there are so many other developers who have accomplished the same as you mentioned, makes it even more of a blunder for Ubisoft.
I think the moral of the story is, check the interns work before implementation. If you play Diablo 3 at all, you'll know that even companies like Blizzard have been slipping up on basic things lately.
Comment has been collapsed.
My uplay just updated, and steam closed itself :\
Comment has been collapsed.
326 Comments - Last post 28 minutes ago by duocalins
113 Comments - Last post 2 hours ago by Matwyn
21 Comments - Last post 6 hours ago by Dayannah
3,223 Comments - Last post 6 hours ago by drbeckett
10 Comments - Last post 10 hours ago by fedeLaria
228 Comments - Last post 12 hours ago by Reidor
5 Comments - Last post 16 hours ago by RobbyRatpoison
81 Comments - Last post 9 minutes ago by olehsamoilenko
5 Comments - Last post 11 minutes ago by Lugum
120 Comments - Last post 19 minutes ago by Metalhead8489
1,595 Comments - Last post 53 minutes ago by ColdOut
1,319 Comments - Last post 59 minutes ago by GraVe23
127 Comments - Last post 1 hour ago by Andreas89
1,983 Comments - Last post 1 hour ago by BGF12
Clicky
It seems to be a browser-only thing, so if you disable the Uplay plugins (why are there even plugins?) you should be fine I guess
To be absolutely sure you could delete everything from Ubisoft on your pc
To test this exploit: Clicky
Luckily Kaspersky already blocked that site for me because of this exploit (Note that that site isn't harmful, just shows what it could do - it only opens up the calculator).
Comment has been collapsed.