Tag: security

Categories
video games

Dark Souls Remastered PC Multiplayer Servers Back Online

FromSoftware shut down the multiplayer servers for all of the Dark Souls games on Windows way back in January due to an remote code execution security exploit that was also potentially present in Elden Ring which was released in February. (Watch my complete play through of Elden Ring here!)

Dark Souls 2: Scholar of the First Sin was brought back online late last month and I was surprised to catch a patch a few hours ago for Dark Souls: Remastered on Steam for Windows that brought back online support alongside an announcement from From Software.

The passive messages and ghosts and active multiplayer pvp features of these games really help make their worlds feel less lonely and more active, so I’m incredibly happy to see the online service return. 

Categories
video games

Fortnite Skipping Google Play to The Detriment of User Security

Epic is skipping Google’s Android app store (the advertising publisher calls it Google Play as if that meant anything) for their upcoming Android version of the free-to-play Fortnite (which is already on iOS and almost every gaming and computing platform.) There’s a beta signup here and the compatibility situation on Android is already a nightmare, check out the list of supported devices. It is extremely specific and the few Android devices I have aren’t supported.

Epic’s Tim Sweeney was pretty straightforward about why they’re avoiding Google’s app store in this interview with Dean Takahashi:

There’s typically a 30/70 split, and from the 70 percent, the developer pays all the costs of developing the game, operating it, marketing it, acquiring users and everything else. For most developers that eats up the majority of their revenue. We’re trying to make our software available to users in as economically efficient a way as possible. That means distributing the software directly to them, taking payment through Mastercard, Visa, Paypal, and other options, and not having a store take 30 percent.

I’m not sure how well this is going to work out for people playing Fortnite. Google’s app store security is awful and routinely distributes software that compromises user privacy and security already, but at least they can moderate that. To get started with Fortnite on Android users are going to have to disable built-in security functionality that disallows third-party apps. Sideloading applications is useful and should be possible on any computer we use, but there are going to be negative consequences for users who don’t fully understand the risks involved.

Parents and tech savvy folks helping their friends and family are going to be busy when they realize their devices are compromised by installing a phony version of Fortnite, or a version that works but steals their credit card data. Try searching your favorite web search engine for the premium currency in the game, “Fortnite Free V-Bucks”, those scammers are oiled up and ready for anyone who falls into their trap.

Julia Alexander investigated the versions of these “V-Buck” scams that run on YouTube:

Since Fortnite’s meteoric rise, there have been multiple YouTube videos running as ads that pitch Fortnite players easy ways to get free V-Bucks. (V-Bucks are Fortnite’s premium in-game currency, which lets them purchase limited-edition skins, gear and weapons.) Search “free V-Bucks” in YouTube’s search bar, and more than 4.3 million results will populate.

Categories
apple security

Apple Has a Patch out for the macOS Root Access Security Vulnerability

Go to the Updates tab in the Mac App Store to apply it now, you won’t even need to reboot. Apple has more details about the update at this link.

Here’s the post from yesterday with the details of the vulnerability.

Update:
If you have any trouble with file sharing after applying this security patch Apple has another fix for that, oops.

Categories
apple security

The macOS Root Access Security Vulnerability

There’s a vulnerability in the latest version of macOS High Sierra (10.13.1) that may let anyone with physical access to a Mac log in and gain system administrator (root) access. Or, if they already have an account, upgrade their access to the system administrator (root) level.

You can work around the issue by setting a root password as described in this support document from Apple. They’re working on fixing it.

The vulnerability works like this:

  1. At any login or a privilege escalation dialog a user types in the username root
  2. The user hits the login button or enter a few times in quick succession
  3. The system enables the root user account and assigns it no password.

This is incredibly bad for Apple to have a vulnerability this easy to exploit, and it’s ridiculous that it was also apparently publicly available on Apple’s developer forums weeks ago.

Categories
security

Uber Hid Hack of Data From 57 Million Users & Drivers

Bloomberg’s Eric Newcomer:

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. driver’s license numbers. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.