• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Ubisoft DRM features exploit that allows arbitrary code execution (update: patched)

G

GoofsterStud

Member
Geoff9920 said:
I believe the article in the OP had a proof of concept that would open the calculator app. Using that as a test would be an easy way to see if their fix worked.
Click to expand...

That was only to test if it could launch apps and turn your computer into a zombie. The tracking what you do was already discovered and still exists, and can still be exploited. Ubisoft is acting, so there should be another patch soon, unless they can't figure out a way to wiretap you without sharing the info. :p
 
J

Joni

Member
LuchaShaq said:
Companies like Valve/Amazon/Newegg/Ms/Blizzard have had access to my computer or CC for years and years without issue. If one of them fucked that up? Would bail on their products/services and never look back, simple as that.
Click to expand...
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.
http://www.forbes.com/sites/danieln...0/steam-hacked-newell-watch-your-credit-card/
 
B

Blizzard

Banned
Joni said:
We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.
http://www.forbes.com/sites/danieln...0/steam-hacked-newell-watch-your-credit-card/
Click to expand...
The quote goes on to say that they had no evidence that credit card or personally identifiable information was taken, correct? It was a warning just in case, and I'm glad they did it.
 
J

jimi_dini

Member
Geoff9920 said:
I believe the article in the OP had a proof of concept that would open the calculator app. Using that as a test would be an easy way to see if their fix worked.
Click to expand...

Somewhat.
To be really sure, you would have to look at the code itself (via disassembly, using IDA).
There could be workarounds possible to still trigger the code execution.
 
G

Geoff9920

Member
jimi_dini said:
Somewhat.
To be really sure, you would have to look at the code itself (via disassembly, using IDA).
There could be workarounds possible to still trigger the code execution.
Click to expand...
Thanks! I've just uninstalled the damn uplay app for now as I haven't been playing Ubisoft games lately. Although I'd like to eventually get to Anno 2070 and Driver San Francisco...

It's threads like these that make me realize how much I don't know about computers and I can consider myself to be fairly tech savvy. :p
 
Boss Doggie

Boss Doggie

all my loli wolf companions are so moe
So it seems like it's the uPlay where it's its own service rather than a minor one that pops out when you only play the game.
 
J

Joni

Member
Blizzard said:
The quote goes on to say that they had non evidence that credit card or personally identifiable information was taken, correct? It was a warning just in case, and I'm glad they did it.
Click to expand...
We also never got the proof that credit card data was taken from Sony. By his reasoning, he should stop using Steam too.
 
G

Game Guru

Member
Joni said:
We also never got the proof that credit card data was taken from Sony. By his reasoning, he should stop using Steam too.
Click to expand...

To be fair, it should be more about the reactions of the companies... Valve immediately admitted that it happened, fixed it in a timely manner, and offered suggestions for their customers. Sony took their online service down for about a month without explaining what had happened.

These things happen, but Valve handled it much better than Sony did.
 
S

Shambles

Member
Wow, this is unbelievable. What else has ubi plugged in to give themselves unfettered access to your computer. Thank goodness I didn't pick up any of the AC games during the summer sale. I'll be sure to avoid Ubi in the future, they can go fuck themselves.
 
J

Joni

Member
Game Guru said:
To be fair, it should be more about the reactions of the companies... Valve immediately admitted that it happened, fixed it in a timely manner, and offered suggestions for their customers. Sony took their online service down for about a month without explaining what had happened.

These things happen, but Valve handled it much better than Sony did.
Click to expand...
They took it offline, informed the authorities, started investigating and explained it within the week. Before the PSN hack it was quite unheard off for a company to come clean so fast. Compare it to banks who try to hide it. For Valve it was easier, they had already seen it is better to react even faster.
 
A

apana

Member
DRM sucks, I've been warning people about it for a long time. I put up with Ubisoft when I should have known better. These jerks at Ubi, Sony, and damn near every company don't care about consumers. Stop trying to put your malware on my computer, assholes! We need an official thread monitoring DRM.
 
iNvid02

iNvid02

Member
Shambles said:
What else has ubi plugged in to give themselves unfettered access to your computer.
Click to expand...

apana said:
Stop trying to put your malware on my computer, assholes! .
Click to expand...

thats great and all guys but no, the sensationalist headlines have suckered you in

it was a security issue with a browser plugin, allowing the launch of other things apart from the uplay app it was intended to launch

it wasnt a rootkit, it most likely wasnt done on purpose, someone at ubi just got lazy and fucked up - the client has been patched now

DRM still sucks, but lets not get crazy here
 
S

Shaneus

Member
So if I disable the plugin, am I able to start Ubisoft games without having to click "Play" in Steam, then wait for Uplay to load, then click "play game" in Uplay as well? Because that's as annoying as shit.
 
S

Sysgen

Member
iNvidious01 said:




thats great and all guys but no, the sensationalist headlines have suckered you in

it was a security issue with a browser plugin, allowing the launch of other things apart from the uplay app it was intended to launch

it wasnt a rootkit, it most likely wasnt done on purpose, someone at ubi just got lazy and fucked up - the client has been patched now

DRM still sucks, but lets not get crazy here
Click to expand...

The plugin comes with the installation of the Uplay app so those quotes are right. You can separate the yolk from the egg white but they came from the same egg.
 
R

RPG_Fanatic

Member
I purchased Heroes VI on steam, which uses uplay, but I didn't see any uplay plugin on my web browsers. Do you think they weren't installed for some reason or are hidden?
 
C

Carm

Member
Has anyones Ubisoft Uplay games on Steam updated to the new Uplay client? My patch release notes for Uplay are still saying July 12th as the most recent. I already disabled the plugins, so shouldn't have any issues, but it would be nice for them to actually update the Steam version.
 
You must log in or register to reply here.

Similar threads

Final Fantasy XII Updated On PC and PS4 For Switch/Xbox Exclusive Features, Denuvo DRM Removed
45
4K
SlaughterX replied
Rocket League: Neo Tokyo Update Out Today. Features and Patch Notes
2 3 4
186
23K
CountAntonius replied
Grandia® II Anniversary Edition (PC) gets 60fps patch for combat
2
74
11K
Tye The Czar replied
Apparently the Division on PC has a fatal flaw in it's code that allows easy cheating
2 3 4
163
37K
giant_frying_pan replied
The best DRM is the one you’re paid to ignore - (Games.On.Net)
2
1K
MRORANGE replied
Top Bottom