43 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >
 |
| 43. |
Re: Ubisoft uPlay Security Flaw |
Aug 2, 2012, 03:36 |
Dev |
|
|
Verno wrote on Jul 31, 2012, 09:12:
It wasn't Steam surprisingly. I installed From Dust and it completed the setup procedures then when I ran UPlay it installed everything without consent. I had no idea the browser plugins were even installed until I tested the exploit yesterday morning. They fixed it quickly which is all well and good but they should never be using elevated process privileges to install things without users consent. I think thats because steam only installs pre-reqs such as directx, and visual c++ redistributable. Technically the uplay might not be one.
I dunno though, maybe it just depends on how the company tells steam they want to install the stuff. |
|
|
|
|
|
|
|
| |
|
| 42. |
Re: Ubisoft uPlay Security Flaw |
Jul 31, 2012, 09:12 |
Verno |
|
|
Creston wrote on Jul 30, 2012, 17:12:
Admittedly, the only game I ever had that installed Uplay was the latest Assassin's Creed, and I got that outside of Steam. And it simply asked me "Do you want to install our wonderful Uplay add-ins for your browser? It will let you do really awesome stuff, like... ehm... well... erm, really AMAZING STUFF!!!!"
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
It wasn't Steam surprisingly. I installed From Dust and it completed the setup procedures then when I ran UPlay it installed everything without consent. I had no idea the browser plugins were even installed until I tested the exploit yesterday morning. They fixed it quickly which is all well and good but they should never be using elevated process privileges to install things without users consent. |
|
|
|
|
|
|
|
|
Playing: Animal Crossing, Sleeping Dogs, Tales of Graces F
Watching: Survivorman, Justified, Silent Running |
|
|
|
|
| |
|
| 41. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 22:45 |
Dev |
|
|
2nd_floor wrote on Jul 30, 2012, 19:06:
Monkey-B did not come out easily! That was virus technology back then! Today, haha, I bet they can do nasty things! Eh, back then they were after a laugh. Nowadays they want to make money, so its more of putting spyware on your computer to get your bank account password and suck all your money. Or hold your computer hostage and continually demand you pay for fake antivirus. |
|
|
|
|
|
|
|
| |
|
| 40. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 20:31 |
Wret |
|
|
Creston wrote on Jul 30, 2012, 17:12:
Admittedly, the only game I ever had that installed Uplay was the latest Assassin's Creed, and I got that outside of Steam. And it simply asked me "Do you want to install our wonderful Uplay add-ins for your browser? It will let you do really awesome stuff, like... ehm... well... erm, really AMAZING STUFF!!!!"
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
Creston
That's not what's happening. uPlay 1.xx asked permission to install the browser plugins, but the recently released 2.0 silently installs it and actually requires it or the launcher refuses to function.
I have a copy of AC:B (from Amazon, not Steam) and installed uPlay on a brand new PC a week ago, straight from Ubi's website, in order to redownload it as Ubi's servers are faster. It didn't ask or even mention anything about a browser plugin, and there's nothing in the settings either. It was installed to FF and attempts to remove it caused uPlay to insist that it's installation was broken. Disabling it was the only option short of just not installing the game.
Try it for yourself and see what happens.
Nothing to do with Steam or "mindless clicking," sorry Creston. |
|
|
|
|
|
|
|
| |
|
| 39. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 19:10 |
2nd_floor |
|
|
Closed Betas wrote on Jul 30, 2012, 18:51:
lol, they give cleanup instructions?!?! If you been root kitted in todays age, you need to toss out your hard drive and probably your motherboard too in some cases. They can get pretty low... We really have the technology to stop this if someone wants to take virtual machines in the right direction... Also need to segregate common traffic more than currently done. which is hard for me to say since its a step closer to communism.
Trying to do a proper reply with the original quote there. |
|
|
|
|
|
|
|
| |
|
| 38. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 19:08 |
2nd_floor |
|
|
2nd_floor wrote on Jul 30, 2012, 19:06:
"lol, they give cleanup instructions?!?! If you been root kitted in todays age, you need to toss out your hard drive and probably your motherboard too in some cases. They can get pretty low..."
Haha. I remember back in 1996 my first computer with Windows 95 got a virus called "Monkey-B", that infected the MBR I think. We had to find a special program called "Killmonk" to get rid of it, Norton Antivirus didn't do it. Back in 1996, that was a big deal, and took a few weeks! The computer had to go in to get professionally repaired!
Monkey-B did not come out easily! That was virus technology back then! Today, haha, I bet they can do nasty things! |
|
|
|
|
|
|
|
| |
|
| 37. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 19:06 |
2nd_floor |
|
|
"lol, they give cleanup instructions?!?! If you been root kitted in todays age, you need to toss out your hard drive and probably your motherboard too in some cases. They can get pretty low..."
Haha. I remember back in 1996 my first computer with Windows 95 got a virus called "Monkey-B", that infected the MBR I think. We had to find a special program called "Killmonk" to get rid of it, Norton Antivirus didn't do it. Back in 1996, that was a big deal, and took a few weeks! The computer had to go in to get professionally repaired!
Monkey-B did not come out easily! That was virus technology back then! Today, haha, I bet they can do nasty things! |
|
|
|
|
|
|
|
| |
|
| 36. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 19:03 |
Bet |
|
|
Closed Betas wrote on Jul 30, 2012, 18:51:
lol, they give cleanup instructions?!?! If you been root kitted in todays age, you need to toss out your hard drive and probably your motherboard too in some cases. They can get pretty low... We really have the technology to stop this if someone wants to take virtual machines in the right direction... Also need to segregate common traffic more than currently done. which is hard for me to say since its a step closer to communism.
It's not a root kit, it's an exploit. An exploit that can be used to give you a rootkit, granted, but not directly a rootkit.
As far as paranoia regarding whether we all have been rooted thanks to the exploit, that's further down the rabbit hole. |
|
|
|
|
|
|
|
| |
|
| 35. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 18:51 |
Closed Betas |
|
|
lol, they give cleanup instructions?!?! If you been root kitted in todays age, you need to toss out your hard drive and probably your motherboard too in some cases. They can get pretty low... We really have the technology to stop this if someone wants to take virtual machines in the right direction... Also need to segregate common traffic more than currently done. which is hard for me to say since its a step closer to communism.
|
|
|
|
|
|
|
|
| |
|
| 34. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 18:38 |
Dev |
|
|
Creston wrote on Jul 30, 2012, 17:12:
Admittedly, the only game I ever had that installed Uplay was the latest Assassin's Creed, and I got that outside of Steam. And it simply asked me "Do you want to install our wonderful Uplay add-ins for your browser? It will let you do really awesome stuff, like... ehm... well... erm, really AMAZING STUFF!!!!"
Yeah thats what happened to me with settlers 7 which I got as a steam version. It opened a web page and begged me to install the plugin, and I said NO FRACKING WAY.
I don't think steam installs the plugin as the first time install script. Thats more stuff like updated direct x and updated visual C++ redistributables. |
|
|
|
|
|
|
|
| |
|
| 33. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 18:10 |
Ozmodan |
|
|
Another reason to avoid Ubisoft games like the plague. Have not bought one since they implemented their horrid DRM.
Made the kids take a couple of their games back. |
|
|
|
|
|
|
|
| |
|
| 32. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 18:06 |
eunichron |
|
|
NKD wrote on Jul 30, 2012, 17:51:
Creston wrote on Jul 30, 2012, 17:12:
[
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
Creston
But Steam is the greatest and can do no wrong.
All Hail King Gabe Newell, the First of His Name. King of the Andals, the Rhoynar, and the First Men. Lord of the Seven Kingdoms and Protector of the Realm.
Hallowed are the Ori!
Wait... |
|
|
|
|
|
|
|
| |
|
| 31. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:51 |
NKD |
|
|
Creston wrote on Jul 30, 2012, 17:12:
[
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
Creston
But Steam is the greatest and can do no wrong.
All Hail King Gabe Newell, the First of His Name. King of the Andals, the Rhoynar, and the First Men. Lord of the Seven Kingdoms and Protector of the Realm. |
|
|
|
|
|
|
|
|
| If you don't like where gaming is heading, stop giving your money to the people who are taking it in that direction. |
|
|
|
|
| |
|
| 30. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:44 |
RailWizard |
|
|
Mordecai Walfish wrote on Jul 30, 2012, 17:19:
Just got a message on firefox telling me the uplay plugin would be disabled because of security reasons, with this information linked:
Ubisoft Uplay has been blocked for your protection.
Why was it blocked?
Version 1.0.0.0 of the Ubisoft Uplay plugin has a security vulnerability that can be exploited by malicious websites to gain control of the user's system.
Who is affected?
All Firefox users who have this plugin installed.
What does this mean?
Users are strongly encouraged to disable the problematic add-on or plugin, but may choose to continue using it if they accept the risks described.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.
Blocked on July 30, 2012. View block request.
Firefox FTW. I really cannot imagine myself using any other browser, ever. They all suck rotten dog cocks in hell. |
|
|
|
|
|
|
|
| |
|
| 29. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:27 |
Mordecai Walfish |
|
|
Creston wrote on Jul 30, 2012, 17:12:
jacobvandy wrote on Jul 30, 2012, 14:45:
Creston wrote on Jul 30, 2012, 14:36:
What's really baffling is that people apparently said "Yes, that sounds like a GREAT IDEA!" when uplay asked if it could install plugins in their browsers...
Users mindlessly clicking "yes" is the number one reason why PCs are so horribly infected with all kinds of shit.
Creston
Unfortunately, when Steam does the 'first time setup' installation of whatever various runtimes and add-on apps the publisher wants the player to have, it's almost always done in the background with no dialog windows at all...
Admittedly, the only game I ever had that installed Uplay was the latest Assassin's Creed, and I got that outside of Steam. And it simply asked me "Do you want to install our wonderful Uplay add-ins for your browser? It will let you do really awesome stuff, like... ehm... well... erm, really AMAZING STUFF!!!!"
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
Creston
I can attest to this, I only had the uplay plugin from installing Anno 2070 a couple weeks ago for the Summer Sale on Steam. No notification of browser plugins whatsoever.
I would leave it up to the publisher/producer to make these kinds of options available to opt-out, as Valve/Steam cannot police the install routines of every installation to prevent them from installing browser plugins. I would say the trust is more broken from UBI (who has control of how their installer deploys, after the initial steam layer)
|
|
|
|
|
|
|
|
|
| Playing: MechWarrior Online, Natural Selection 2, PlanetSide 2, NFS: Hot Pursuit, Torchlight 2, Sine Mora, GTAIV, River City Ransom(NES), Final Fantasy IV Complete(PSP), Patapon 2(PSP), Dariusburst(PSP) |
|
|
|
|
| |
|
| 28. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:19 |
Mordecai Walfish |
|
|
Just got a message on firefox telling me the uplay plugin would be disabled because of security reasons, with this information linked:
Ubisoft Uplay has been blocked for your protection.
Why was it blocked?
Version 1.0.0.0 of the Ubisoft Uplay plugin has a security vulnerability that can be exploited by malicious websites to gain control of the user's system.
Who is affected?
All Firefox users who have this plugin installed.
What does this mean?
Users are strongly encouraged to disable the problematic add-on or plugin, but may choose to continue using it if they accept the risks described.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.
Blocked on July 30, 2012. View block request.
|
|
|
|
|
|
|
|
|
| Playing: MechWarrior Online, Natural Selection 2, PlanetSide 2, NFS: Hot Pursuit, Torchlight 2, Sine Mora, GTAIV, River City Ransom(NES), Final Fantasy IV Complete(PSP), Patapon 2(PSP), Dariusburst(PSP) |
|
|
|
|
| |
|
| 27. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:14 |
Julio |
|
|
SimplyMonk wrote on Jul 30, 2012, 13:53:
Actively pirate them? Make a bunch of of real looking "Assassin Creed: Brotherhood" CDs with pirated versions on them and leave them lying around at playgrounds, subways, internet cafes, Starbucks.
You could just leave blank CDs around with the labels printed on them - they'd work as well as the real Ubi games. |
|
|
|
|
|
|
|
| |
|
| 26. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 17:12 |
Creston |
|
|
jacobvandy wrote on Jul 30, 2012, 14:45:
Creston wrote on Jul 30, 2012, 14:36:
What's really baffling is that people apparently said "Yes, that sounds like a GREAT IDEA!" when uplay asked if it could install plugins in their browsers...
Users mindlessly clicking "yes" is the number one reason why PCs are so horribly infected with all kinds of shit.
Creston
Unfortunately, when Steam does the 'first time setup' installation of whatever various runtimes and add-on apps the publisher wants the player to have, it's almost always done in the background with no dialog windows at all...
Admittedly, the only game I ever had that installed Uplay was the latest Assassin's Creed, and I got that outside of Steam. And it simply asked me "Do you want to install our wonderful Uplay add-ins for your browser? It will let you do really awesome stuff, like... ehm... well... erm, really AMAZING STUFF!!!!"
I guess I didn't think about Steam just forcing that shit straight onto your computer. THANKS STEAM!
Creston |
|
|
|
|
|
|
|
| |
|
| 25. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 16:36 |
Bet |
|
|
Unfairly, Anno is saddled with Ubi as publisher. I think you need a degree of OCD to enjoy those games though. Most of the world's population is gaining a degree of that yearly though, so it's up and up for the Anno series!
Again, aside from being saddled with Ubi... |
|
|
|
|
|
|
|
| |
|
| 24. |
Re: Ubisoft uPlay Security Flaw |
Jul 30, 2012, 16:10 |
RailWizard |
|
|
SimplyMonk wrote on Jul 30, 2012, 13:53:
RailWizard wrote on Jul 30, 2012, 13:40:
Their games aren't even worth all this DRM.
I'm already boycotting them, feel like I need to escalate now, but how. lol
Actively pirate them? Make a bunch of of real looking "Assassin Creed: Brotherhood" CDs with pirated versions on them and leave them lying around at playgrounds, subways, internet cafes, Starbucks.
Yeah that's the thing. I've looked at their crap on a certain 'privateer' website and I don't even want their crap for free. Guess I'm just not that bored. heh
|
|
|
|
|
|
|
|
| |
43 Replies. 3 pages. Viewing page 1.
< Newer [ 1 2 3 ] Older >
|
|
Twitter 
