Support NeoGAF

[bigace33]

"Most people, I think, don't even know what a rootkit is, so why should they care about it?”

Correct me if I'm wrong, but if it was truly a rootkit it could not be removed so easily as to just delete it from Chrome or the various browsers correct? a rootkit would be in your registry and recreate itself upon start up even after deletion. I don't think this is a rootkit.

 

[dramatis]

Are Opera users affected too?

If you're not sure, just manually delete the plugin file in the Ubisoft folder.

 

[LiquidMetal14]

Ugh, thinking about just wiping my PC of all Ubi games because of this. I have 2 installed now. This is stupid.

 

[Visualante2]

Those numbers can't possibly be right, because AC1 was one of the most pirated titles around.

The fact it was available on torrents literally months before their marketing plan allowed for it to be sold at retail was a major factor to that, but still.

Most torrented games sometimes also the most sold games, probably.

 

[Visualante2]

Would be nice for an official statement from Ubisoft. Or, next time we see Yves, we can spit on him.

Read on twitter they're prepping a statement hours ago. Gotta feel sorry for the PR lackeys, they're going to struggle to spin this one. They probably have no clue what is going on.

 

[pelican]

Lol, fuck Ubisoft. Bought Anno and Driver on the Steam sale. Guess I'm never installing either once I build my new PC.

Talk about over-reaction.

It is just a plug in exploit. Not the black death.

While you are at it don't bother running flash on your new build pc either. Fuck it. Infact don't connect it to the Internet.

 

[FACE]

I installed SC: Conviction(ugh) a while ago and it didn't install any uplay plugin in my browsers Ahab.

 

[biocat]

I like how, when I clicked on that link, uplay updated to a new version for 7/30 and said it will no longer launch other programs(!!!!). Then I click the link again to test it, and wow! A calculator!

 

[pelican]

Ugh, thinking about just wiping my PC of all Ubi games because of this. I have 2 installed now. This is stupid.

That is stupid. You don't need to. Just remove the plug in. The games are fine

Seriously comments like this must be from people new to PC gaming.

 

[Orayn]

Chrome plugin eliminated. I knew Uplay was up to no good when it started losing my Assassin's Creed II saves!

 

[Ghizz]

Daaamn. Thank heavens they didn't do anything with it yet.

 

[PaulLFC]

I like how, when I clicked on that link, uplay updated to a new version for 7/30 and said it will no longer launch other programs(!!!!). Then I click the link again to test it, and wow! A calculator!

I'd read on RPS that they'd fixed it, but the fix doesn't even work? Ubisoft...

 

[dani_dc]

Those numbers can't possibly be right, because AC1 was one of the most pirated titles around.

The fact it was available on torrents literally months before their marketing plan allowed for it to be sold at retail was a major factor to that, but still.

Not sure about units sold, but sales were 90% down thanks to ubisoft DRM.


Regardless they considered it a sucess since it reduced piracy.

 

[LiquidMetal14]

That is stupid. You don't need to. Just remove the plug in. The games are fine

Seriously comments like this must be from people new to PC gaming.

Yeah hahaha, not from me. It leaves a bad taste is all. I paid them for games, that's all they care about. Stuff like this irks me and I will delete something if it's upsetting enough.

 

[Mikor]

Sensationalist reporting to the max here

This can hardly be called a "rootkit" - a browser plugin that contains URI handling isn't much different than iTunes or Steam. Are we going to call those rootkits, too?

Don't get me wrong, Ubisoft's DRM can suck a big fat one - its my machine, and fuck you for thinking you have the right to control any aspect of it, Ubisoft - but this is irresponsible reporting.

The code embedded in the example posted on the Y-Combinator article suggests Ubisoft employees simply do not know how to code proper URI handling. That's all.

 

[vocab]

I just launched Uplay, and this is already patched.

Continue the discussion of shitty tages by all means.

 

[Dog Problems]

My dad says Tages is a bastard DRM.

 

[iNvid02]

 

[feint_ruled]

Sensationalist reporting to the max here

This can hardly be called a "rootkit" - a browser plugin that contains URI handling isn't much different than iTunes or Steam. Are we going to call those rootkits, too?

Don't get me wrong, Ubisoft's DRM can suck a big fat one - its my machine, and fuck you for thinking you have the right to control any aspect of it, Ubisoft - but this is irresponsible reporting.

The code embedded in the example posted on the Y-Combinator article suggests Ubisoft employees simply do not know how to code proper URI handling. That's all.

URI handling? Please explain. And also explain how Steam does the same thing. I ask because I don't think your characterization of the problem is at all accurate, but I am prepared to be proven wrong.

EDIT: For clarity, my take on it was that they wanted you to be able to launch their app via a web link and created a plugin to allow it, but made the massive error of allowing specification of the exe path. A very basic security mistake, and only tangentially related to URI handling.

 

[surly]

Are Opera users affected too?

Yes.

Type "operalugins" (without quotes) into the address bar and hit Enter, then click "Disable" to the right of the plug-in so it looks like this: -

 

[wiggleb0t]

Takes 15 minutes to re-install Windows, takes a helluva lot longer to troubleshoot on your own, unless you sponge off the internet of course for a solution which rarely pops up until days / months later. Re-installing is a fix, helps in 99% of situations and in 96% it's a permanent solution*.

*Numbers may vary

15 minutes to reinstall windows +updates, Antivirus, firewall, browser, apps, etc & config it to the way you like? bullshit.

I clone my whole OS. It takes a reboot and a change of a HDD & I'm good to go. Update av.

 

[PaulLFC]

img

According to a post above, the exploit still hasn't been fixed. Haven't tested myself though.

 

[LiquidMetal14]

I will check this when I get on my main PC. If not fixed, I just won't play anything from my Ubi stuff until this is cleared. And of course, I will clear whatever need to be clear in my browsers.

 

[iNvid02]

According to a post above, the exploit still hasn't been fixed. Haven't tested myself though.

no its fixed, this test link only opens up the uplay app now as intended

sloppy mistake to make, but quick response from ubi - but the damage has been done

the whole upgrade process for this new uplay client which recently launched, has been a clusterfuck, this was the cherry

 

[Basileus777]

no its fixed, this test link only opens up the uplay app now as intended

sloppy mistake to make, but quick response from ubi - but the damage has been done

What damage? A bug that was quickly fixed before anyone was exploited isn't going to hurt them. Some small niche of PC gamers that actually hear about this might be a little more salty than they already were?

 

[dragonlife]

Thanks for the thread.

 

[iNvid02]

What damage? A bug that was quickly fixed before anyone was exploited isn't going to hurt them. Some small niche of PC gamers that actually hear about this might be a little more salty than they already were?

 

[surly]

I've just updated. I think the issue with some people saying the vulnerability is still there is because you need to restart your browser before the new version of the plug-in shows - at least, you do with Opera. The plug-in still showed as version 1.0.0.0 until I restarted my browser, then it changed to 1.0.0.1 and Calculator was no longer launched on that test page.

EDIT - The Twitterverse seems to be going a bit OTT with this one. Rootkit? They fixed it faster than most companies fix vulnerabilities. It's a storm in a teacup IMO.

 

[Pyronite]

This sucks, but as someone who works for Ubisoft, it also kinda sucks when you use it to paint the entire company/their myriad of people and games with the same brush. It was a serious mistake by someone who works for Ubisoft. It wasn't an edict brought down by Yves Guillemot.

 

[old manatee]

Going to play devil's advocate here, uPlay is a service first and a DRM second. With the popularity of Steam every publisher wants their own store, and to sell their games direct. The DRM aspect is just another layer on top of that.

Maybe they should make a service that competes with Steam, instead of one that who's sole purpose seems to be to make Steam look good by comparison.

 

[Str0ngStyle]

My dad says Tages is a bastard DRM.

Off topic, but +1 for the King of the Hill Reference

 

[charlequin]

http://i.imgur.com/LPIVl.png

FWIW, this is not what a rootkit is and I'm pretty disappointed in Charlie Stross for repeating the claim that it is one. Allowing a remote code vulnerability into any software is bad (and allowing it into a piece of useless, garbage software like DRM is worse) but this is absolutely minor compared to the malice and forethought involved in the Sony rootkit fiasco.

 

[Omegasquash]

Shit happens, and some get it shittier than others. Haven't ever been a fan of Ubi DRM, and haven't purchased any of their PC games because of it. Not to say that they make bad games, that is.

Just means that I won't need to consider buying PC games from Ubi in the future.

 

[patapuf]

I've just updated. I think the issue with some people saying the vulnerability is still there is because you need to restart your browser before the new version of the plug-in shows - at least, you do with Opera. The plug-in still showed as version 1.0.0.0 until I restarted my browser, then it changed to 1.0.0.1 and Calculator was no longer launched on that test page.

EDIT - The Twitterverse seems to be going a bit OTT with this one. Rootkit? They fixed it faster than most companies fix vulnerabilities. It's a storm in a teacup IMO.

If this is what it takes for ubi to stop putting in this kind of DRM in their games i'm fine with OTT reactions. They put themselves into this position in the first place, if you are going to implement this kind of DRM you will be watched very closely, just like EA and Origin.

 

[Kem0sabe]

This sucks, but as someone who works for Ubisoft, it also kinda sucks when you use it to paint the entire company/their myriad of people and games with the same brush. It was a serious mistake by someone who works for Ubisoft. It wasn't an edict brought down by Yves Guillemot.

Ubisoft doesn´t need this mess to make them look bad, they were doing a fine job as it was...

 

[surly]

Shit happens, and some get it shittier than others. Haven't ever been a fan of Ubi DRM, and haven't purchased any of their PC games because of it. Not to say that they make bad games, that is.

Just means that I won't need to consider buying PC games from Ubi in the future.

But you'll still use Steam, right? Despite things like....

Valve has fixed a man-in-the-middle vulnerability in the Windows Steam client, which would have allowed a correctly-positioned attacker to divert and decrypt HTTPS traffic without the victim's knowledge. This made sensitive payment details, such as PayPal credentials, vulnerable to eavesdropping.

http://www.highseverity.com/2012/03/valve-fixes-https-vulnerability-in.html

Or this.....

The way Steam handles authorisation is with a cookie named ‘steamLogin’, however when a user signs out the token is not destroyed. That would be bad enough however, the same token is used in subsequent logins.

Steam handles credit card information and allows you to store it server-side. Thus if a malicious user gained a copy of someone’s cookie, they could make charges to an already registered credit card and max it out very easily.

https://www.upsploit.com/index.php/advisories/view/UPS-2011-0019

 

[Carm]

Hrm, Firefox had the two plugins, disabled now. Steam version of Uplay is still NOT updated, at least for me. I've launched all uplay titles and none are pulling the July 30th update. Steam version is different than any other version of Uplay.

 

[LuchaShaq]

Just further reaffirming my decision to buy ubisoft games used only despite the fact I would have loved to play the AC series on my PC.

 

[tci]

Just further reaffirming my decision to buy ubisoft games used only despite the fact I would have loved to play the AC series on my PC.

If you read the thread the issue have been fixed. Wow at people calling this rootkit. As several have said, this is just a badly coded URL handling. Sure it is critical, but it was fixed very fast.

 

[LuchaShaq]

If you read the thread the issue have been fixed. Wow at people calling this rootkit. As several have said, this is just a badly coded URL handling. Sure it is critical, but it was fixed very fast.

I did read the thread.

The fact that this issue (not to mention their always online and low activation limit nonsense, and b.s. online pass shit for consoles) was even an issue for 1 single second lets me know they shouldn't get my gaming dollars at least not directly.

 

[AndyMoogle]

I did read the thread.

The fact that this issue (not to mention their always online and low activation limit nonsense, and b.s. online pass shit for consoles) was even an issue for 1 single second lets me know they shouldn't get my gaming dollars at least not directly.

PSN got breached and there were plenty of reports of people getting their Xbox Live accounts taken over. I hope you don't play games on PS3 or 360.

 

[tci]

The fact that this issue (not to mention their always online and low activation limit nonsense, and b.s. online pass shit for consoles) was even an issue for 1 single second lets me know they shouldn't get my gaming dollars at least not directly.

If you (and others) have a problem with their DRM, please make a thread about it. The problem with the exploit was fixed within a few hours. Which this thread is about.

I'm not supporting DRM, but complaining about everything else than the topic is just silly.

 

[LuchaShaq]

PSN got breached and there were plenty of reports of people getting their Xbox Live accounts taken over. I hope you don't play games on PS3 or 360.

I haven't used PSN since, I haven't had a xbl accunt taken or known anyone personally who has beyond idiots getting socially engineered. That said if my xbl account ever had that type of issue or if I couldn't find year subscriptions for 20-25$ I'd bail on gold as well.

Companies like Valve/Amazon/Newegg/Ms/Blizzard have had access to my computer or CC for years and years without issue. If one of them fucked that up? Would bail on their products/services and never look back, simple as that.

If you (and others) have a problem with their DRM, please make a thread about it. The problem with the exploit was fixed within a few hours. Which this thread is about.

I'm not supporting DRM, but complaining about everything else than the topic is just silly.

No it's about the Ubisoft general directive to be as shitty as possible to PC game buyers at all times at all costs which is pure insanity.

 

[faceless007]

What do the browser plugins even do in the first place? Is there any reason to re-enable them even after it's been patched?

 

[Vane_MagicCity]

"... a recent decision to ban a user account has reminded us all we don’t technically own the games bought through the service. If your account is banned, you can’t login and play your games. All that money you spent on tens, or even hundreds of titles doesn’t count for anything."

http://www.geek.com/articles/games/steam-proves-we-dont-own-the-games-we-buy-2012021/

There should be a law to protect consumers from this kind of BS.

- They should be forced to disclose the reason for a ban
- They should be forced to refund a certain percentage (say 50% of the price you paid)

There is no justification for this kind of theft by a corporation. To put this in perspective, if you buy a car and then send the dealership a nasty letter, they cannot steal the car back from you.

 

[Xanonano]

What do the browser plugins even do in the first place? Is there any reason to re-enable them even after it's been patched?

The plugin does two things: Informs the Uplay website that you have the Uplay client installed, and allows you to start a game by clicking on a button on a webpage. Steam can do that, but it uses its own steam:// protocol instead of a plugin, which is more secure and less likely to be exploited. So not only is it unnecessary, it didn't even need to exist in the first place.

 

[Megasoum]

The overreaction in here is really ridiculous.

I hope you guys don't have IE, Flash or Steam installed cause bad guys could be looking at your pron right at this moment!

Spoiler

Sigh....

 

[Derrick01]

Figured the fix would come fast but I'll wait for an outside party to confirm the problem is gone. Forgive me for not trusting Ubisoft's word when they've done nothing to earn it.

 

[GoofsterStud]

Opera users have the same problem.

Further reports are suggesting that spying is still a problem, they just prevented scripts to launch applications. Hopefully another patch will come soon.

 

[Geoff9920]

Figured the fix would come fast but I'll wait for an outside party to confirm the problem is gone. Forgive me for not trusting Ubisoft's word when they've done nothing to earn it.

I believe the article in the OP had a proof of concept that would open the calculator app. Using that as a test would be an easy way to see if their fix worked.