[Cyberwar Central Links & Resources][Cyberwar Central][Cyberwar Central Members Area]



  << Previous Topic | Next Topic >>Return to Cyberwar Central  

uPlay security flaw 'a huge risk' says hack expert

July 31 2012 at 10:51 AM

Coalde  (Login cwc.mgmt)
CWC Member


One has to wonder just how many other "mandatory" online registration software have huge gaping security holes large enough to drive buses through? The one thing you can be certain of is that YOUR security and privacy was the last thing on the developers mind (first being the protection of the publishers intellectual property of course...at whatever cost to you).

padlock-security-protection-hacking.jpgUbisoft's PC service "does not feature rootkit, just really bad code". Ubisoft must patch its uPlay online service "as a matter of urgency", an online security expert has told CVG.

By Rob Crossley, CVG UK, Monday 30th Jul 2012

Early reports indicate that Ubisoft's online PC network has been hacked into with new exposed data suggesting that the service includes an alleged "rootkit"; a term given for software that gains privileged access onto sensitive computer files.

Ubisoft has declined to comment at this early stage.

Rik Ferguson, the director of security research at Trend Micro, challenged the assumption that the service features a rootkit.

However, he added that the security flaw represents a huge risk and must be resolved immediately.

"This certainly looks like an easily exploitable software flaw, but I'm not sure I would go as far as calling it a rootkit," Ferguson told CVG.

"The reports state the exploitable code is in the form of a browser plugin, the plugin does not attempt to hide its presence on your system and can be relatively simply disabled. It's not a malicious root, just really bad code," he added.

Ferguson's account reflects another IT expert's view, who told CVG that the exploit was likely an unintentional security vulnerability, as opposed to an intentional backdoor left in the system.

uPlay is a mandatory service that registers PC games published by Ubisoft.

Ferguson urged Ubisoft to fix the loophole as soon as possible now that the exploit is public information.

"Pushing out such easily exploitable code, to such an easily targeted platform as a web browser through such a huge gaming population presents a huge risk and will of course be of interest to online criminals.

"Ubisoft should be patching this code as a matter of urgency and in the meantime, gamers should be disabling the plug-in".


[CyberWar Central]

 Respond to this message   
  Respond to this message   
  << Previous Topic | Next Topic >>Return to Cyberwar Central  
Find more forums on SocietyCreate your own forum at Network54
 Copyright © 1999-2018 Network54. All rights reserved.   Terms of Use   Privacy Statement  
      free countersMember of The Internet Defense League   [Exchange Links with CWC]