Page 1 of 6 123 ... LastLast
Results 1 to 20 of 110
  1. #1
    Network Hub BTAxis's Avatar
    Join Date
    May 2012
    Location
    Sweden, Yurop
    Posts
    101

    Ubisoft DRM is a security risk

    Someone notified me of this:
    http://news.ycombinator.com/item?id=4311264

    It seems Ubisoft's Uplay DRM can be used by evildoers to gain access to your computer. I tried it and it does seem legit. Uninstalling the Ubisoft Game Launcher helped though.

  2. #2
    Vector Jams O'Donnell's Avatar
    Join Date
    May 2011
    Location
    Burgh of Mussels
    Posts
    829
    Waiting for a reliable news source. I'm skeptical that this is just scaremongering combined with "let's all hate Ubi" bandwagon-jumping.

  3. #3
    Network Hub BTAxis's Avatar
    Join Date
    May 2012
    Location
    Sweden, Yurop
    Posts
    101
    Well like I said I tried that demonstration link they posted. It starts up Uplay, which then starts up calc.exe.

  4. #4
    Network Hub Revisor's Avatar
    Join Date
    Jun 2011
    Posts
    459
    Hacker News is a very reliable source.
    And yes, this is real.

    Disable the Uplay plugin(s) in your browser ASAP.

    How to disable Uplay in Firefox:
    Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

    In Opera:
    Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

    In Chrome:
    Visit about:plugins and disable

    To check the vulnerability, visit this page
    http://pastehtml.com/view/c6gxl1a79.html

    If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
    Last edited by Revisor; 30-07-2012 at 11:39 AM.

  5. #5
    Lesser Hivemind Node
    Join Date
    Feb 2012
    Posts
    608
    I installed Ubisoft game launcher, and the link says missing plugin on both chrome and firefox. I can not play any Ubisoft game though. I am going to reinstall Uplay and see if they work.

    It might be an easier way for limited bandwidth people to make sure they are safe, and not having to redownload games later

    Edit: After a quick check it is only the Uplay or Ubisoft program that needs to be uninstalled. It will save on bandwidth as when this is patched and fixed you can just reinstall Uplay and be fine

    Also worth noting, uplay doesn't work when Uplay window is open or when you are not logged in
    Last edited by Kiril; 30-07-2012 at 11:44 AM.

  6. #6
    Activated Node Sweedums's Avatar
    Join Date
    Jun 2011
    Posts
    37
    Thanks for these instructions, i wouldn't have known otherwise!

  7. #7
    Secondary Hivemind Nexus neema_t's Avatar
    Join Date
    Nov 2011
    Posts
    1,173
    Good fucking lord.

  8. #8
    Activated Node Eric's Avatar
    Join Date
    Jun 2012
    Posts
    34
    Kaspersky stomped on the demonstration link for me. I've still removed the Uplay plugin though.

  9. #9
    Banned
    Join Date
    Jun 2011
    Location
    The land of slain white knights
    Posts
    850
    Disabled.

    Also they should add Anno 2070 to the list of affected games too.

    But FFS Ubitard get your act together.

  10. #10
    Secondary Hivemind Nexus Kadayi's Avatar
    Join Date
    Jun 2011
    Location
    Lagoon West, Vermilion Sands
    Posts
    4,312
    Quote Originally Posted by Jams O'Donnell View Post
    I'm skeptical that this is just scaremongering combined with "let's all hate Ubi" bandwagon-jumping.
    Pretty much tbh. Have to love Alec basically telling the world to burn everything Ubisoft on the front page over what is at this stage a potential threat (Fox news has nothing on this place when it comes gross exaggeration especially involving either Ubi or EA). Fundamentally unless you're visiting some dodgy websites or clicking on links in emails from complete strangers you're likely safe and undoubtedly Ubi will patch this issue out ASAP. Naturally of course the indignation and handwringing will likely go on for ever. No doubt a few more articles will be squeezed out about it as well.
    Why yes you're right I'm deliciously evil

    Tradition is the tyranny of dead men

    Steam:Kadayi Origin: Kadayi GFWL: Kadayi

    Probable Replicant

    *blush* I'm flattered by the attention boys, but please let's not make the thread about liddle old me

    Quote Originally Posted by Finicky View Post
    Kadayi will remain the worst poster on the interwebs.
    Gifmaster 4000 2014 Year of the Gif

    He who controls the Doge controls the universe

  11. #11
    Secondary Hivemind Nexus Drake Sigar's Avatar
    Join Date
    Jun 2011
    Location
    Jolly Ole England
    Posts
    3,089
    I use IE explorer (yeah yeah) and can't find any Uplay plugin...

    Edit: Ah, there it is.
    Last edited by Drake Sigar; 30-07-2012 at 12:53 PM.

  12. #12
    Lesser Hivemind Node Gorzan's Avatar
    Join Date
    Jul 2012
    Posts
    782
    The indignation is logical, no matter what, this shouldn't have happened on the first time.

  13. #13
    Lesser Hivemind Node Velko's Avatar
    Join Date
    May 2012
    Posts
    856
    Why do they want to install a browser plugin in the first place?

  14. #14
    Lesser Hivemind Node Kaira-'s Avatar
    Join Date
    Jul 2011
    Location
    Oulu, Finland
    Posts
    965
    Quote Originally Posted by Kadayi View Post
    Pretty much tbh. Have to love Alec basically telling the world to burn everything Ubisoft on the front page over what is at this stage a potential threat
    Remotely accessing your computer and running software on it is quite a big deal, you know.

    [E] Without your permission, obviously.

    [Edit of an edit]: To expand on your "dodgy websites"-thought: you don't even need to visit dodgy websites. It wasn't that long ago when RPS itself had some dodgy JS-script embedded to the site via ad. One infected ad is all it takes to make a "nondodgy" website a security risk.
    Last edited by Kaira-; 30-07-2012 at 12:56 PM.

  15. #15
    Secondary Hivemind Nexus Kadayi's Avatar
    Join Date
    Jun 2011
    Location
    Lagoon West, Vermilion Sands
    Posts
    4,312
    Quote Originally Posted by Kaira- View Post
    Remotely accessing your computer and running software on it is quite a big deal, you know.

    [E] Without your permission, obviously.
    Odds of happening Vs FUD.
    Why yes you're right I'm deliciously evil

    Tradition is the tyranny of dead men

    Steam:Kadayi Origin: Kadayi GFWL: Kadayi

    Probable Replicant

    *blush* I'm flattered by the attention boys, but please let's not make the thread about liddle old me

    Quote Originally Posted by Finicky View Post
    Kadayi will remain the worst poster on the interwebs.
    Gifmaster 4000 2014 Year of the Gif

    He who controls the Doge controls the universe

  16. #16
    Secondary Hivemind Nexus somini's Avatar
    Join Date
    Jun 2011
    Location
    NEuro Troika Franchulate #3
    Posts
    2,814
    Well, disabling the plugins in Firefox works for me.
    It's most likely that some intern coded this, and now it was discovered that it could be exploited, but I'm all for blowing this out of proportion so that Uplay is finally retired.
    Steam(shots), Imgur, Bak'laag, why do you forsake me?

  17. #17
    Secondary Hivemind Nexus Unaco's Avatar
    Join Date
    Jun 2011
    Posts
    1,898
    Quote Originally Posted by Kadayi View Post
    Pretty much tbh. Have to love Alec basically telling the world to burn everything Ubisoft on the front page over what is at this stage a potential threat (Fox news has nothing on this place when it comes gross exaggeration especially involving either Ubi or EA).
    Did you read the article? Or just see it was about UBI DRM and this and jump to conclusions? It's actually quite a restrained and measured article, considering. Here's a link, incase you missed it...

    http://www.rockpapershotgun.com/2012...soft-pc-games/

    An opening like...

    "We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC."
    ... hardly sounds like Alec is getting the pitchfork mob, does it?
    Quote Originally Posted by Hypernetic View Post
    I just have an opinion different to your own. Circle jerking is good for no one, be glad somebody isn't afraid to disagree with women on the internet.
    Quote Originally Posted by Hypernetic View Post
    No, you are literally the cancer that is killing gaming.
    Quote Originally Posted by Serenegoose View Post
    Nobody's ever lost sleep over being called a cracker.

  18. #18
    Secondary Hivemind Nexus Kadayi's Avatar
    Join Date
    Jun 2011
    Location
    Lagoon West, Vermilion Sands
    Posts
    4,312
    Quote Originally Posted by Unaco View Post
    Did you read the article?
    You mean the one that advocates this?:-

    I urge you to uninstall it and any games that use it immediately, until we know more.
    It's a web browser plugin. You can disable them. No need to nuke your entire Ubisoft game catalogue from Orbit as he advocates (should we maybe wipe our HDs and reinstall everything as well? Just to be absolutely certain? . Especially given for it to do anything, it is still reliant on you going to a compromised website (specifically orientated to exploit this particular plugins frailties) or clicking on a dodgy email link that does the same. Odds? Not high at this point in time tbh, and certainly not before it's patched out.

    Did you read what I wrote? Or just see it was by me and jump to conclusions Unaco?
    Last edited by Kadayi; 30-07-2012 at 01:30 PM.
    Why yes you're right I'm deliciously evil

    Tradition is the tyranny of dead men

    Steam:Kadayi Origin: Kadayi GFWL: Kadayi

    Probable Replicant

    *blush* I'm flattered by the attention boys, but please let's not make the thread about liddle old me

    Quote Originally Posted by Finicky View Post
    Kadayi will remain the worst poster on the interwebs.
    Gifmaster 4000 2014 Year of the Gif

    He who controls the Doge controls the universe

  19. #19
    Secondary Hivemind Nexus Heliocentric's Avatar
    Join Date
    Jun 2011
    Posts
    8,769
    Quote Originally Posted by Revisor View Post
    Hacker News is a very reliable source.
    And yes, this is real.

    Disable the Uplay plugin(s) in your browser ASAP.

    How to disable Uplay in Firefox:
    Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

    In Opera:
    Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

    In Chrome:
    Visit about:plugins and disable

    To check the vulnerability, visit this page
    http://pastehtml.com/view/c6gxl1a79.html

    If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
    Internet explorer was secure? =LOLZ
    I'm failing to writing a blog, specifically about playing games the wrong way
    http://playingitwrong.wordpress.com/

  20. #20
    Secondary Hivemind Nexus gundato's Avatar
    Join Date
    Jun 2011
    Location
    United States
    Posts
    5,284
    kad: That IS a good response. It is like when there are food recalls due to diseases or chinese lead. The news will say something like "Currently, it appears this is limited to Mike Tyson's Chicken Nuggets, but we urge you to dispose of all Mike Tyson chicken products purchased between the dates of X and Y"
    Steam: Gundato
    PSN: Gundato
    If you want me on either service, I suggest PMing me here first to let me know who you are.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •