Joystiq

Blizzard faces class action suit over account authenticators

Mike Suszek — Sat, 10 Nov 2012 15:00:00 EST

Blizzard Entertainment is facing a class action lawsuit over the sale of its Battle.net authenticators, which are used to provide security for player account information for games such as World of Warcraft and Diablo 3. The suit, filed by the law firm Carney Williams Bates Pulliam & Bowman, PLLC in the Central District of California, alleged that the authenticators were needed by players "in order to have even minimal protection for their sensitive personal, private, and financial data." The lawsuit referred to an August security breach in which no financial user data was reported to be stolen.

The class action suit posited that Blizzard practiced "deceptive upselling," in that it allegedly failed "to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing."

A Blizzard representative told Forbes that "this suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels." The representative said the use of the authenticator tool was optional for players, and offered players "an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."

Blizzard's statement continued, "the suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed."

Continue reading Blizzard faces class action suit over account authenticators

Blizzard faces class action suit over account authenticators originally appeared on Joystiq on Sat, 10 Nov 2012 15:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

EA and Origin plug up unintended game giveaway

Mike Schramm — Mon, 15 Oct 2012 20:00:00 EST

EA hosted a survey this past weekend that, when finished, awarded a nice prize: A code to download one free game, under $20, on the company's digital distribution site Origin. Just a few things went wrong, however.

It turns out the codes distributed weren't matched up to a specific Origin account; they could be used by anyone. Oh, and the codes worked multiple times, which means users could download as many under-$20 games as they wanted. Oh, and one more thing: Reddit figured all of this out.

As you can imagine, all hell broke loose on Origin, as what must have been thousands of users downloaded games like Dead Space 2, Burnout Paradise, Sim City 4, and Mass Effect 2 for exactly zero dollars. The site went down, and when it came back up the codes (which were supposed to work until October 21) had been disabled. Not only that, but all promo codes have been disabled for the time being, apparently.

There's no word on if EA will still honor the codes from the survey [see update: They will], or if there will be a new system in place at all, but we can almost guarantee that whatever solution EA comes up with, the IT team will probably have double- and triple-checked it for security, just to be sure. We've contacted EA for comment on what its plans are, and will let you know if we hear anything more.

Update: EA has gotten back in touch to say that those users who completed the survey will be getting new codes via email soon, to provide the specified discount. In other words, no more stealing allowed.

EA and Origin plug up unintended game giveaway originally appeared on Joystiq on Mon, 15 Oct 2012 20:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Report: Ubisoft's UPlay service may have browser exploit on PC [update: Ubisoft responds]

Richard Mitchell — Mon, 30 Jul 2012 12:00:00 EST

Between delays and draconian DRM, Ubisoft doesn't exactly have the best track record when it comes to the PC versions of its products. We might have to add browser exploits to that list, if a post on Seclists.org is to be believed. According to a poster by the name of Tavis Ormandy, Ubisoft's UPlay browser plugin, designed to let users launch a game from the web, contains an exploit - namely one that allows "wide access to websites."

Ormandy discovered the flaw in the PC version of Assassin's Creed Revelations, though it's reasonable to assume it would appear in all of Ubisoft's UPlay enabled PC titles.

The upshot of this, according to TechDirt, is that the exploit could allow any website - i.e. "bad websites" - access to your computer. Both Joystiq and Engadget have contacted Ubisoft to confirm the flaw. In the meantime, you may want to disable the UPlay browser plugin.

Update: Ubisoft has made a statement on the issue, reports RPS. The company has acknowledged the flaw and has made a "forced patch" to resolve the issue. The company recommends that "all Uplay users update their Uplay PC application without a Web browser open," which will "allow the plug-in to update correctly." The UPlay PC installer has also been updated to include the patch, and is available via the UPlay website.

Report: Ubisoft's UPlay service may have browser exploit on PC [update: Ubisoft responds] originally appeared on Joystiq on Mon, 30 Jul 2012 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Microsoft: Xbox Live security strengthened, sneakily started with spring update

David Hinkle — Thu, 19 Jul 2012 05:00:00 EST

Despite Microsoft working to ensure the security of its Xbox Live network, the company has encouraged users to check their security information and update their passwords in a community blog post today. It's a cruel (virtual) world out there, folks.

It's all part of new security measures that Microsoft is employing, measures that began with the spring update issued last month. The update helped Microsoft "build on security enhancements for the near future," says Xbox Live general manager Alex Garden.

Xbox Live took its share of security lumps this year, including claims of a FIFA hack and purported Windows Live ID problems. In the community post, Microsoft also provides some general internet security tips - in case you didn't know it was a bad idea to use the same password for every site you've ever logged onto.

Microsoft: Xbox Live security strengthened, sneakily started with spring update originally appeared on Joystiq on Thu, 19 Jul 2012 05:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Diablo 3's real-money auction house requires an authenticator

Jessica Conditt — Mon, 11 Jun 2012 16:00:00 EST

Diablo 3's real-money auction house is set to go live tomorrow, and when it does, it will require players use an authenticator for an "added layer of account protection," Battle.net's Meozeldian wrote. The authenticator, which comes in a physical version for $6.50 or as a free mobile app, will be required for anyone to add funds to a Battle.net balance.

Those who have already added funds to their Battle.net accounts will be able to use those without an authenticator, but from today on, all new additions will only work with an authenticator attachment.

Blizzard has previously suggested all players use an authenticator to prevent hacking, but this is the first feature for which it is a requirement. As this is to protect players' real money, it's difficult to find the rule egregious, especially as Blizzard generally handles thousands of hacks per day, and the mobile authenticator is entirely free.

Diablo 3's real-money auction house requires an authenticator originally appeared on Joystiq on Mon, 11 Jun 2012 16:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

League of Legends EU accounts hacked, no billing info at risk

Jessica Conditt — Sun, 10 Jun 2012 15:45:00 EST

League of Legends accounts in certain European regions have been hacked, Riot Games notified players yesterday. The EU West and EU Nordic and East databases were breached, with hackers accessing email addresses, encrypted account passwords, summoner names, dates of birth and, for a small number of players, full names and security questions and responses.

"Absolutely no" billing or payment information was breached, Riot said. Riot stores passwords in encrypted form, but more than half of the passwords at risk were simple enough to fall victim to simple cracking.

Riot has fixed the security exploit and is emailing all players in the affected region, and will be updating this post. Security experts and the appropriate authorities have been notified, Riot said.

For now, League of Legends players would do well to change their passwords, and make sure they're something more complex than "password."

"Brandon and I want to sincerely and personally apologize to you for this situation," Riot's Marc Merrill concludes his post. "We take your privacy and security seriously, and we're working diligently to improve it for the better."

League of Legends EU accounts hacked, no billing info at risk originally appeared on Joystiq on Sun, 10 Jun 2012 15:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Report: UK retailer GAME's customer database breached

JC Fletcher — Mon, 16 Jan 2012 12:30:00 EST

A customer database belonging to UK retailer GAME has been breached, as has one belonging to Australian website Catalyst-Gaming, MCV reports. A list of over 2000 customer usernames, email addresses, and hashed passwords has been released.

GAME denied that it's been hacked. "The published email addresses are not registered users of GAME.co.uk, and there has been no breach of our database security." That leaves catalyst-gaming as a potential source of email addresses. Regardless, if you've used either site recently, a password change wouldn't hurt.

Report: UK retailer GAME's customer database breached originally appeared on Joystiq on Mon, 16 Jan 2012 12:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Windows Live login suggested as Xbox Live security flaw

Alexander Sliwinski — Fri, 13 Jan 2012 11:50:00 EST

Since reporting on the "FIFA hack" and related security concerns with Xbox Live and the Windows Live ID system, we've received stories, documentation and theories on how this is happening from dozens of victims. As we continue to follow up on several leads, Analoghype posits an interesting theory on how some of these breaches may be occurring.

AH suspects that the hackers grab gamertags from a game of Halo or Call of Duty, then Google the tags to find associated emails on social networking sites. They now have a potential list of Windows Live IDs. Going to Xbox.com, the hacker can now test if the email is a valid ID by attempting to sign in. An error message of "account is invalid" has them moving on to another email; "password is incorrect" means they've got a real account, but a bad password.

Continue reading Windows Live login suggested as Xbox Live security flaw

Windows Live login suggested as Xbox Live security flaw originally appeared on Joystiq on Fri, 13 Jan 2012 11:50:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Xbox Live 'FIFA hack' concerns continue to escalate, Microsoft states Windows Live ID not compromised

Alexander Sliwinski — Wed, 04 Jan 2012 12:00:00 EST

Additional reporting provided by Xav de Matos, Senior Editor for Shacknews.

Following an increasing occurrence of Xbox Live account hack reports, we are growing concerned over Microsoft's Windows Live ID system, the only layer of protection between a hacker gaining access to a person's Xbox Live account and their information. In our research, the only consistency we saw across users who were hacked was the general inconsistency of what email and payment method was used on their account. Hotmail, Gmail and school emails were used for their Windows Live ID, while payment methods used were credit cards and PayPal. Other than a compromised Windows Live ID, there wasn't a common thread we could identify.

It's been several months since we started following the "FIFA hack," a rather blunt scam that saw Xbox Live accounts drained so thieves could purchase in-game FIFA 12 'Ultimate Team' cards for use and sale. We have been tracking the FIFA issue and following up on other tips that weren't necessarily rooted in the FIFA hack, but related in that users saw exploitation of payment methods tied to their account. A recent Shacknews editorial detailed accounts compromised by the FIFA exploit.

Continue reading Xbox Live 'FIFA hack' concerns continue to escalate, Microsoft states Windows Live ID not compromised

Xbox Live 'FIFA hack' concerns continue to escalate, Microsoft states Windows Live ID not compromised originally appeared on Joystiq on Wed, 04 Jan 2012 12:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Trion Worlds database hacked, 'no evidence' of credit card info stolen

Griffin McElroy — Fri, 23 Dec 2011 20:45:00 EST

We were starting to think we'd make it through the rest of the year without once again worrying about having our social security numbers stolen, Tweeted and written in the sky. How foolish of us! Trion Worlds has announced on its blog it "recently discovered that unauthorized intruders gained access to a Trion Worlds account database," a list which included "user names, encrypted passwords, dates of birth, email addresses, billing addresses, and the first and last four digits and expiration dates of customer credit cards."

Trion added there's no evidence that credit card info was taken, and that the company has "taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access." In the meantime, Trion game users will want to change their password, which they'll be prompted to do the next time they try to log in to the company's site, or one of its titles.

We'd also suggest that Trion change its logo, because that open-door-looking letter "I" is starting to seem a tad prophetic.

Trion Worlds database hacked, 'no evidence' of credit card info stolen originally appeared on Joystiq on Fri, 23 Dec 2011 20:45:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Square Enix: No personal information accessed from SE Members server

JC Fletcher — Tue, 20 Dec 2011 17:31:00 EST

Last week, Square Enix told us it had yet to find any evidence of personal information being compromised as a result of the intrusion into its Square Enix Members server. The company has since posted a most welcome update on the Members site.

"As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion," Square Enix said, capitals and all. "Therefore, your personal information was NOT compromised by an unknown third party."

The Members service will be reactivated, presumably with more security in place, "by the end of December."

Square Enix: No personal information accessed from SE Members server originally appeared on Joystiq on Tue, 20 Dec 2011 17:31:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

NIntendo servers attacked, no customer info stolen

Alexander Sliwinski — Mon, 06 Jun 2011 06:00:00 EST

Nintendo admitted Sunday that its US-based servers were attacked several weeks ago by hackers, but that no customer data was taken. "The server contained no consumer information. The protection of our customer information is our utmost priority," Nintendo of America told Reuters.

Lulzsec, the same group that took responsibility for the recent Sony Pictures incursion, said it had hacked Nintendo but took one file and "didn't mean any harm."

NIntendo servers attacked, no customer info stolen originally appeared on Joystiq on Mon, 06 Jun 2011 06:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

PSN servers were 'unpatched and had no firewall installed,' security expert testifies

Randy Nelson — Thu, 05 May 2011 18:35:00 EST

The House of Representatives Energy & Commerce Subcommittee on Commerce, Manufacturing and Trade continues to seek answers regarding last month's breach of the PlayStation Network's security. The one it got yesterday from Purdue professor and security expert Dr. Gene Spafford is troubling, to say the least, if the situation he detailed actually played out as described.

Spafford told the subcommittee that, according to security mailing lists he subscribes to, "individuals who work in security and participate in the Sony network" had learned "several months ago" that PSN was hosted on servers running "very old versions of Apache software that were unpatched and had no firewall installed."

The professor continued, "they had reported these [issues] in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software." The timeframe for these events was "two to three months prior to the incident where the break-ins occurred," according to Spafford.

It's important to note that his account of the situation and information is second-hand. Still, the potential for this testimony to cause the subcommittee, headed by representative Mary Bono Mack (R-CA), to demand more answers from Sony -- and, more specifically, the individuals mentioned by Spafford -- does exist.

Sony could not be reached for comment.

PSN servers were 'unpatched and had no firewall installed,' security expert testifies originally appeared on Joystiq on Thu, 05 May 2011 18:35:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Sony: New PS3 firmware to accompany PSN relaunch, network being physically rebuilt

Randy Nelson — Wed, 27 Apr 2011 20:47:00 EST

Sony has posted an updated PSN outage FAQ on the PlayStation Blog, and while some information it contains seems to reiterate things we already know -- "some services" will return within a week, you should monitor your credit card(s) -- new details have been brought to light.

First off, Sony is "working on a new system software update that will require all users to change their password once PlayStation Network is restored." It's also been confirmed that PSN is being physically rebuilt as a result of last week's intrusion. SCEA PR director Patrick Seybold states in the FAQ that the company is "moving our network infrastructure and data center to a new, more secure location, which is already underway."

Also revealed: While "the entire credit card table was encrypted" and there remains "no evidence that credit card data was taken," PSN's personal data table "was not encrypted, but was, of course, behind a very sophisticated security system." Not sophisticated enough, apparently.

Sony: New PS3 firmware to accompany PSN relaunch, network being physically rebuilt originally appeared on Joystiq on Wed, 27 Apr 2011 20:47:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Rumor: Sony distributing new security-enhancing SDK to PS3 devs

Randy Nelson — Wed, 27 Apr 2011 20:20:00 EST

Sony is reportedly making the most of the PlayStation Network's hacker-triggered downtime by providing developers with new security tools to integrate into their games. Gamasutra cites development sources who say that they are being asked to begin using a new version of the PS3 SDK prior to PSN going back online, something that's supposed to happen within the next seven days.

Joystiq has reached out to its own development sources in an attempt to confirm this report. If you're a developer with insight into the steps Sony is taking to secure PSN against future security breaches, we'd love to hear from you at tips@joystiq.com.

Rumor: Sony distributing new security-enhancing SDK to PS3 devs originally appeared on Joystiq on Wed, 27 Apr 2011 20:20:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Sony may be hit with £500K fine over PSN data loss

JC Fletcher — Wed, 27 Apr 2011 16:40:00 EST

The UK's Information Commissioner's Office (ICO), a non-departmental public body, has contacted Sony to determine where PlayStation Network data is stored -- not in an effort to locate the hackers who reportedly grabbed it, but to determine whether any of it is being stored in the UK.

If PSN user data is stored in the UK, then it is subject to the Data Protection Act, which requires companies that hold personal data to provide adequate security for it. Notably, the law would trump Sony's PSN Terms and Conditions, which includes the line: "We exclude all liability for loss of data or unauthorised access to your data, Sony Online Network account or Sony Online Network wallet and for damage caused to your software or hardware as a result of using or accessing Sony Online Network."

"If we found a breach," an ICO rep told Edge, "one of the actions we could take would be to issue an undertaking, which is an agreement between the ICO and the company that if they are handling personal information they have to bring about set improvements in order for them to be compliant with the act." If the company fails to comply, the rep added, "further action would be taken, and we might consider an enforcement notice or issue a monetary penalty." For a serious breach, the fine can reach £500,000 (more than $800,000).

Admittedly, that wouldn't be a huge payout for Sony, but considering the other costs of the security breach and PSN outage the company stands to incur, it would probably sting a little.

Sony may be hit with £500K fine over PSN data loss originally appeared on Joystiq on Wed, 27 Apr 2011 16:40:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Modern Warfare 2 patch arrives March 8, 'to address hacking'

Ben Gilbert — Mon, 07 Mar 2011 09:00:00 EST

It appears that whatever Sony did to mitigate security issues in its most recent PlayStation 3 patch has enabled Infinity Ward to address its "unplayable" version of Modern Warfare 2. Creative strategist Robert Bowling announced on Twitter that a patch "will release on PlayStation 3 worldwide on March 8," with an Xbox 360 and PC release following at some point. The patch, Bowling said, is specifically intended "to address hacking."

Bowling detailed the process on the Infinty Ward forums, having updated his original post about the PS3 situation as new information was available from IW while staying intentionally light on details, "as we don't want to give out any information that could potentially hinder the security any further." He additionally noted that the patch "will also address a small geo exploit on the map Fuel, which players exploited in order to get inside a rock on the outskirts of the map." Apparently some players were ... rocking that exploit real hard.

[Thanks Tom M.]

Modern Warfare 2 patch arrives March 8, 'to address hacking' originally appeared on Joystiq on Mon, 07 Mar 2011 09:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Valve introduces Steam Guard to fight account phishing and hijacking

Andrew Yoon — Thu, 03 Mar 2011 13:30:00 EST

What's Steam's "number one support issue" according to Valve's Gabe Newell? "Account phishing and hijacking," says the boss. In an effort to combat the theft of digital goods, Valve has announced Steam Guard, a new service that allows users to restrict account management to a specific Intel-powered PC.

Using Intel Identity Protection Technology (IPT), a hardware-based feature available in second generation Intel Core processors, Steam Guard users will be notified whenever a different PC attempts to log into or modify their account settings. This should give Steam users "the account security they need as they purchase more and more digital goods," said the filthy rich Newell.

Because Steam Guard is hardware-reliant, the service will not be available to all Steam users. Still, Valve's Doug Lombardi expects "to see widespread adoption of hardware-based security like Intel IPT by other service providers" in the future. "If as a customer you are buying movies, music, games, or digital goods, you want to know that they are more secure than your physical goods."

Continue reading Valve introduces Steam Guard to fight account phishing and hijacking

Valve introduces Steam Guard to fight account phishing and hijacking originally appeared on Joystiq on Thu, 03 Mar 2011 13:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Retrospective follows the 2003 theft of Half-Life 2's code

Andrew Yoon — Mon, 21 Feb 2011 14:15:00 EST

Half-Life 2 was never destined to release on time. It is a Valve project, after all. However, Gabe Newell and company couldn't have predicted that -- months before its expected release -- the game's source code would be stolen and distributed on the internet. "Is this going to destroy the company?," a designer supposedly asked Newell when it happened in 2003.

Eurogamer interviewed Axel Gembe, the young man responsible for breaching Valve's security and stealing the code. Gembe describes himself as a devoted fan of Valve, admitting that the original Half-Life was his favorite game. After his computer became infected with malware, he became inspired: instead of trying to remove the program, he reverse-engineered it to understand how it worked, and then began working on his own code. Hungry for details on the long-delayed Half-Life 2, Gembe knocked on Valve's virtual doors and found it "easy" to get access.

After the breach, Valve struggled in finding leads on how the source code got stolen. But on February 14, 2004, Newell received a rather odd e-mail. Gembe was confessing to the crime, noting that he was "sorry for what happened." Naively, he asked Newell for a job at Valve, thinking it would be best for both parties involved. "I hoped for the best," although Valve was already coordinating with the FBI for his arrest. "I was not the brightest kid back then."

After serving a two-year probation, Gembe eventually found work in the security sector, wisened from his experience. "I was naïve and did things that I should never have done," he told Eurogamer. "There were so many better uses of my time. I regret having caused Valve Software trouble and financial loss."

Retrospective follows the 2003 theft of Half-Life 2's code originally appeared on Joystiq on Mon, 21 Feb 2011 14:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Sony finally releases official statement on PS3 jailbreak

Griffin McElroy — Wed, 16 Feb 2011 15:30:00 EST

Though Sony has been dealing with the legal and metaphysical struggles associated with GeoHot's PS3 jailbreak discovery for some time now, the company had yet to release an official statement on the matter until today. The statement comes via a PlayStation Blog post and warns users:

"Notice: Unauthorized circumvention devices for the PlayStation 3 system have been recently released by hackers. These devices permit the use of unauthorized or pirated software. Use of such devices or software violates the terms of the 'System Software License Agreement for the PlayStation 3 System' and the 'Terms of Services and User Agreement' for the PlayStation Network/Qriocity and its Community Code of Conduct provisions. Violation of the System Software Licence Agreement for the PlayStation 3 System invalidates the consumer guarantee for that system. In addition, copying or playing pirated software is a violation of International Copyright Laws. Consumers using circumvention devices or running unauthorized or pirated software will have access to the PlayStation Network and access to Qriocity services through PlayStation 3 system terminated permanently.

"To avoid this, consumers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems."

We've provided a handy summation for our friends who lack long attention spans:

Hey, you! Cut that out.

Sony finally releases official statement on PS3 jailbreak originally appeared on Joystiq on Wed, 16 Feb 2011 15:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

BBC: Spanish police arrest blackmailing Nintendo hacker [update]

Griffin McElroy — Tue, 15 Feb 2011 10:55:00 EST

According to a report from BBC News, Spanish police recently arrested a man in the southern province of Malaga who illicitly obtained personal information on over 4,000 "Nintendo users" -- assumedly gamers who made purchases on the Wii and DSi Stores. The man reportedly warned Nintendo that he would contact the country's data protection agency and reveal the gaps in Nintendo's defenses -- though it's unclear whether the info was obtained directly through Nintendo or a third-party source. After Nintendo failed to respond to him, he reportedly began to leak the info onto the internet.

We've contacted Nintendo for a comment on the BBC report, but don't have our fingers crossed as this is still an ongoing investigation. Maybe we should contact this incarcerated hacker to get Nintendo's comment, since he's apparently capable of getting all up in their infos.

Update: According to a report on El Mundo, the hacked data in question didn't come from one of the console-based services, but a website for upcoming 3DS preview events. ElOtroLado user adan_gecko discovered a vulnerability allowing any user to see or even modify the list of people who signed up for more information. He said that he reported this vulnerability to Nintendo, and this appears to be the infraction in question. Thanks to Elideb for the extra information.

BBC: Spanish police arrest blackmailing Nintendo hacker [update] originally appeared on Joystiq on Tue, 15 Feb 2011 10:55:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Latest PS3 firmware update brings the bans for Black Ops hacks

Griffin McElroy — Fri, 28 Jan 2011 10:50:00 EST

Dirty, dirty Black Ops cheaters that downloaded the new PS3 firmware, update 3.56, are finding out exactly what Sony meant when it said the patch would help bolster "security." A grip of consoles have been permanently banned from Black Ops multiplayer servers for hacking or cheating after their users installed the new firmware -- though some of the outspoken among the banned are contesting the presumption that they are cheaters on the game's official forums. (Which is like, the first thing you'd do if you were a dirty, dirty cheater.)

In a seemingly cooperative attack executed by two mortal enemies, firmware 3.56 joins last week's mandatory Xbox Live update, which also stopped pirated and modded copies of Black Ops and Modern Warfare 2 in their tracks. Is Activision's cash cow so powerful that the publisher can request its own console updates at will? If that's the case, Activision: Would you please, please ask Sony to add cross-game chat?

Oh, and see if Microsoft will bring black the blades. We miss the blades.

Latest PS3 firmware update brings the bans for Black Ops hacks originally appeared on Joystiq on Fri, 28 Jan 2011 10:50:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Little brothers beware the Xbox Security Kit

Richard Mitchell — Fri, 31 Jul 2009 18:00:00 EST

You know how your little brother is always totally absconding with your Xbox 360 and making an ass of himself on Xbox Live, thus banning you from teh Haloz and Gears of Warz? Well, now you can keep your console under lock and key, literally, thanks to the Xbox Security Kit from NewPCGadgets.com. Utilizing steel plates, some cable and a padlock, this baby will make sure your 360 stays put. Of course, it's only as effective as whatever you anchor it to, but we're sure you can figure something out (we suggest a Bengal tiger).

If you want one of your very own, it will set you back $30 (tiger not included).

[Via 360Sync]

Little brothers beware the Xbox Security Kit originally appeared on Joystiq on Fri, 31 Jul 2009 18:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Researchers use PS3 cluster to reveal internet security flaw

Andrew Yoon — Tue, 30 Dec 2008 13:38:00 EST

Filed under: News

Stopping cancer, simulating black hole collisions, and now ... breaking internet security? Is there anything the PS3 can't do? Researchers have been using the PS3 in interng ways. Most recently, a team of researchers from the U.S., Switzerland and the Netherlands have found a way of bypassing the security of digital certificates provided by companies like Verisign. These digital certificates help transmit your credit card information on the internet in a secure manner.

By using 200 PS3 systems linked together, researchers were able to do the math that helped them decrypt the MD5 hash that's used by Verisign. The researchers would be able to mimic online retail sites, potentially stealing tons of valuable information from consumers. It appears researchers want the hash to be replaced by a more potent one.

It's unrealistic to expect hackers will be able to replicate the results of these researchers any time soon. Getting 200 PS3s linked to each other can be quite a pricey feat! Of course, when you're stealing all of the internet's credit card info, you might be able to afford buying a few hundred PS3s.

[Thanks, BPerry!]

Researchers use PS3 cluster to reveal internet security flaw originally appeared on Joystiq on Tue, 30 Dec 2008 13:38:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Blizzard's WoW Authenticator to be revealed at WWI

Ross Miller — Thu, 26 Jun 2008 22:00:00 EST

Filed under: Culture, Hacks, Mac, PC, Online, RPGs, MMO

An added security feature for those worried about account theft, Blizzard is introducing an Authenticator at this weekend's Worldwide Invitational (WWI) in Paris. The Authenticator is a piece of hardware (we're guessing USB-related) has a button you press whenever you start World of Warcraft that must be inputted to log in.

The purpose of the dongle is to prevent keyloggers and other instances of account theft. We doubt it's the big suprise, but it's certainly good news for those worried about security. More information can be found via the FAQ.

Blizzard's WoW Authenticator to be revealed at WWI originally appeared on Joystiq on Thu, 26 Jun 2008 22:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Law of the Game on Joystiq: Of Pirates and Prostitutes

Mark Methenitis — Wed, 30 Apr 2008 19:00:00 EST

Filed under: Features

Each week Mark Methenitis contributes Law of the Game on Joystiq, a column on legal issues as they relate to video games:

From cheating to piracy, game security has become a major issue. In fact, the most recent Computer Law & Security Report features a piece by Steven Davis, author of PlayNoEvil, and W. Joseph Price about the state of security in the gaming industry. Their verdict was less than reassuring if you're a player or developer. Sure enough, just a few weeks after the report was issued, Grand Theft Auto IV was leaked prior to release. So what is a developer to do? What about the video game community?

To start, a "pirate" is someone who illegally reproduces or distributes something that is protected by an intellectual property right. In simple legal terms, that person is infringing on the rights of the copyright, patent, or trademark owner. While any intellectual property can theoretically be "pirated," I'm only talking about items that can be copyrighted. And before anyone points this out, yes, this is what groups such as the RIAA have taken pretty extreme steps to combat. Of course, the music industry and game industry are two different beasts.

Continue reading Law of the Game on Joystiq: Of Pirates and Prostitutes

Law of the Game on Joystiq: Of Pirates and Prostitutes originally appeared on Joystiq on Wed, 30 Apr 2008 19:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Touch! criminals in CCTV

JC Fletcher — Tue, 27 Nov 2007 13:10:00 EST

Filed under: News, Screens

Nikitova Games, who works on licensed games such as Casper Scare School, has announced two original projects for the DS and Wii. One is Mind Games, which is ... some training thing. But the other one, CCTV, sounds pretty neat!

The game seems to involve watching security footage and picking out perpetrators from a crowd, as well as X-raying luggage in an airport. The game's description hints at more tasks: "... this fast paced game of observation, identification & interrogation." Success gets you promoted from mall security up to "international head of security".

We're glad to see an original game idea, and we're always happy when a developer of licensed games moves on to something more ambitious -- even if it's a more ambitious licensed game. We're also thrilled to see a game based on watching security cameras, if only because it reminds us of Night Trap. Maybe with the security camera gimmick used for something other than delivering FMV, a good game can come from the idea!

[Via Siliconera]

Touch! criminals in CCTV originally appeared on Joystiq on Tue, 27 Nov 2007 13:10:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Imposter gains access to PSN; Sony contains situation

Alexander Sliwinski — Tue, 02 Oct 2007 22:15:00 EST

Filed under: Sony PlayStation 3, Online, Business

A person impersonating an SCEA IT employee apparently weaseled their way through customer service and into getting unauthorized access to two PSN user accounts. The situation was discovered very soon after and access was disabled, with both account holders being notified. Kimberly Otzman of Sony's Corporate Communications said, "No consumer experienced any financial loss or damage. In response to the incident, SCEA immediately enhanced its customer service protocol, implementing additional security safeguards, and began an intensive investigation of the incident that remains ongoing."

Sony doesn't perceive this as a "security breach" as it was not attributed to a hacker and there was no electronic breach, just a person who slickly got access to the accounts through customer service. As long as it doesn't happen again, we guess that's OK.

Imposter gains access to PSN; Sony contains situation originally appeared on Joystiq on Tue, 02 Oct 2007 22:15:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Climax denies responsibility for Silent Hill demo leak

Andrew Yoon — Tue, 21 Aug 2007 21:00:00 EST

Filed under: News, Silent Hill

A few days ago, a Silent Hill demo was leaked onto the internet. This potentially damaging loss spread like wildfire, with sites generating upwards of 1200 downloads of the demo, which only operates on PSPs with unpatched, or unofficial firmware. Karl Jeffery, CEO and founder of developer Climax, told GamesIndustry.biz that the UK developer is not responsible for the leak. "All I can say is that code did not leak from Climax - 100 per cent guaranteed," said Jeffery. "The code that is out there is fingerprinted and was supplied solely to Konami for marketing purposes."

"At Climax we have strong and proven security procedures that protect all of our code, assets and builds," he added. "We have developed over 100 titles in 20 years in business and have never had a leak or theft from inside the company." In spite of this apparent security breach, it doesn't appear as though the release will be pushed back. Thank goodness -- could we really have waited even longer for Silent Hill Origins?

Climax denies responsibility for Silent Hill demo leak originally appeared on Joystiq on Tue, 21 Aug 2007 21:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

New air safety rules require console inspection

Kyle Orland — Tue, 07 Aug 2007 13:13:00 EST

Filed under: Hacks, Sony PlayStation 3, Nintendo Wii, Microsoft Xbox 360

Man, going through the airport security process is such a hassle these days. Remove all the metal from your pockets ... take off your shoes ... present your game consoles for inspection. Wait, what was that last one?

Yes, as of Saturday new TSA rules require travelers carrying "full-size electronics," including game consoles, to remove them from carry-on bags for a separate X-ray screening. Portable game systems and other small electronics can stay inside your luggage.

TSA spokesperson Jennifer Peppin told The Seattle Times that consoles were being given the same treatment as laptops and video cameras because "these types of devices can resemble components that could be used in explosives." What, and smaller electronics can't? Peppin also told ShackNews that the consoles would not be subject to explosive swab testing or other security measures besides the separate X-ray screening. So don't worry about the residue from that firecracker tying up your flight plans, we suppose.

[Via Gamespot]

New air safety rules require console inspection originally appeared on Joystiq on Tue, 07 Aug 2007 13:13:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Suspicious 'game board' causes airport evacuation

Alexander Sliwinski — Fri, 27 Jul 2007 13:45:00 EST

Filed under: Culture, Nintendo DS, Sony PSP

A suspicious item found yesterday at Long Beach Airport, Calif. caused the terminal to be evacuated for about 90 minutes and left five aircraft stranded on the tarmac. The item, found in a checked bag, ended up being a "handheld game board." Transportation Security Administration spokeswoman Jennifer Peppin says, "It certainly was nothing but it certainly looked like something. It had all the wires and components that you would see in an explosive device." The bomb squad was called to the airport -- but no word if they disposed of the nefarious device. Also, the adult passenger is "being interviewed."

We wonder if those TSA agents played the Airport Security game to train for their jobs. So, best suggestion on how to avoid a similar incident would probably be not to put your gaming devices together in your bag. A bundled up package of DS, games with cord could look like a bomb to the ~~untrained eye~~ TSA. Better safe than sorry, please wrap each component separately and keep your DS and/or PSP on your body at all times.

[Thanks Tacohead]

Suspicious 'game board' causes airport evacuation originally appeared on Joystiq on Fri, 27 Jul 2007 13:45:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

The E3 badges for 2007

Alexander Sliwinski — Tue, 10 Jul 2007 13:25:00 EST

Filed under: Culture, E3

Following incidents in previous years, the new E3 badges have the ultimate security precaution added -- pictures. In previous years the badges had names and ultraviolet backgrounds, but completely lacked pictures, which allowed people to pass their badge around. Better yet, it allowed people to photocopy their badges (in some cases sell those copies) and by day two security was in full force after many people started showing up that didn't have authentic badges.

And every year there were incidents of people getting to the badge generating area (which happened to be right next to the the media room). This caused the media to listen to the screams of a very irate members of the group running the event screaming about how somebody got into the room and printed unauthorized badges. We'd show off the new badge for this year, but frankly, it's even less secure than the previous year's badges and would be ridiculously easy to duplicate with a quick trip to Michael's craft store. Then you just have to get a picture ...

The E3 badges for 2007 originally appeared on Joystiq on Tue, 10 Jul 2007 13:25:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Analyst: hackers to target online consoles this year

Ross Miller — Thu, 05 Apr 2007 12:24:00 EST

Filed under: Hacks, Sony PlayStation 3, Nintendo Wii, Microsoft Xbox 360

And so we're raising the Console Terror Alert Level to intense orange-red, based on very credible, detailed information on a non-specific threat.

A security analyst for Australia's Computer Emergency Response team (who, contrary to the emergency response phrasing, don't get their own vans with flashing lights and sirens) has warned that, due to the online integration of new game consoles, he expects hackers to soon target your Xbox 360 and PlayStation 3 consoles.

"I haven't seen any malicious code that is specifically designed to run on a PlayStation 3 or an Xbox but I would expect it is not very far away," he said. CVG notes that these predictions come after the Xbox Live account hack fears, though those turned out to be nothing more than some idiotic customer service reps being talked into divulging info over the phone.

Given that Xbox Live titles are tied to the original console and gamertag only, we'd say the possibility of a theft of your games and / or save files very unlikely. Not only that, but the peer-to-peer transfer of files over any of the console's self-contained networks is not possible. (In this sense, the PS3 and Wii are more vulnerable by merit of having a web browser.) There is always a worry over any medium where you have to enter financial or personal information (in this case your credit card), and the Xbox 360's inability to let you erase that card information has been chronicled in the past. However, the likelihood that you will be the victim of a console hack (and not in the traditional sense) without instigating it through your own console modding is, in our estimations, very slim.

Analyst: hackers to target online consoles this year originally appeared on Joystiq on Thu, 05 Apr 2007 12:24:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

DS Daily: Router issues and WiFi problems

Alisha Karabinus — Mon, 12 Mar 2007 09:01:00 EST

Filed under: Nintendo Wi-Fi, Features

Reader wiiminator is having router issues when it comes to his DS WiFi. Since switching to an Apple Airport Extreme router, he's unable to take his DS online. He says the issue seems to have something to do with security options, which could definitely be it, since the DS doesn't like WPA. But instead of throwing out a bunch of theories, since we don't know how wiiminator's security is configured, we thought we'd see about a group powwow today. If you've had issues with any aspect of your WiFi connection, throw 'em out there ... and those of you in the know, here's your chance to show off. It's not always the best network, but it's what we've got, and we should do what we can to make sure everyone can play.

DS Daily: Router issues and WiFi problems originally appeared on Joystiq on Mon, 12 Mar 2007 09:01:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

Goodbye PSP 3.00, hello PSP 3.01

James Ransom-Wiley — Wed, 22 Nov 2006 11:45:00 EST

Filed under: Portable, Sony PSP

PSP got a little stronger today, as Sony released firmware v3.01 -- just one day after the v3.00 rollout. Be advised, 3.01 is merely a security patch, so consider sticking with 3.00 as long as it affords you the functionality you seek. That 3.01 was so hastily offered up (before 3.00 was even officially released in North America), suggests that 3.00's got a crack soon to be breached.

Goodbye PSP 3.00, hello PSP 3.01 originally appeared on Joystiq on Wed, 22 Nov 2006 11:45:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Sony releases new 3.01 firmware, a day after 3.00

Andrew Yoon — Wed, 22 Nov 2006 01:45:00 EST

Filed under: News

Firmware 3.00 isn't even available on the US website yet, and it looks like there might be a reason for it. 3.01. Gyuh? Yes, in just one day after 3.00's release, Sony has released yet another firmware upgrade: 3.01. It appears Sony somehow discovered a security hole in the firmware hours after the previous major release.

If for some crazy reason, you desperately need to have the latest firmware, and remove the possibility of homebrew on your system, set your PSP to run Network Update. Just know that there's no other benefits to running the update other than this security revision.

[Via PSP3D]

Sony releases new 3.01 firmware, a day after 3.00 originally appeared on Joystiq on Wed, 22 Nov 2006 01:45:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Sony releases security patch, calls it PSP firmware 2.82

James Ransom-Wiley — Thu, 26 Oct 2006 10:20:00 EST

Filed under: Hacks, Sony PSP, Business

PSP firmware 2.82 is now available via Network Update reports PSP Fanboy. New features, you ask? There aren't any; just a security patch. Read: there's no good reason to download, yet.

So what firmware level are you sittin' at? Any upcoming titles gonna change your mind?

Sony releases security patch, calls it PSP firmware 2.82 originally appeared on Joystiq on Thu, 26 Oct 2006 10:20:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Tips for avoiding asses on XBL

Ken Weeks — Fri, 06 Oct 2006 16:00:00 EST

Filed under: Peripherals

Xbox Live Man-Ass Avoidance Technician Christopher (aka the Xbox Live Policy Program Manager) has some tips for protecting yourself and your family members from the glut of exposed anatomy in the post-Vision Cam XBL universe. Rule # 1 for teens: If you run across any overly friendly congressmen, staple your eyes shut.

[Thanks AoE]

Tips for avoiding asses on XBL originally appeared on Joystiq on Fri, 06 Oct 2006 16:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

Security hole found in early HD-DVD software

Ken Weeks — Sat, 08 Jul 2006 19:05:00 EST

Filed under: Peripherals

We all know that HD-DVD and Blu-Ray movies will be chock-full of anti-piracy measures, but it looks like one glaring hole didn't get plugged:

Computer magazine c't has discovered that the first software players running on Windows XP allow screenshots of the movies to be created in full resolution. To do so, you only need to press the Print key on your keyboard while the movie is running. Such a screenshot function could then be automated to produce copies of HD movies both from Blu-ray Discs and from HD DVDs picture by picture. As c't calculated, the performance of current PC systems is sufficient for a clean recording using this procedure. Once a pirate has all of the individual pictures, they can be put together to create a complete movie and mixed with the audio track that is grabbed separately.

This copy protection hole affects both Sony's first Blu-ray PC Vaio VGC-RC 204 and Toshiba's first HD DVD notebook Qosmio G30. Both of them use special OEM versions of Intervideo's WinDVD player software.

It's amusing that the powers-that-be would miss something so obvious as the good ol' print key. You'd probably be more interested in this news if your console was mortally tied to the success of a certain format.

Security hole found in early HD-DVD software originally appeared on Joystiq on Sat, 08 Jul 2006 19:05:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments

360 firmware hackers speak

Ken Weeks — Tue, 21 Mar 2006 01:45:00 EST

Filed under: Hacks / mods

The curious minds behind that DVD firmware hack are giving interviews. Xboxic had a chit chat with hacker Robinsod and posted a helpful summary of what they learned:

The hack is completely unfit to be applied to a modchip.
Anyone selling a modchip based on this is a scammer.
Trying to replicate the hack without having multiple years of experience at this kind of things will most certainly brick your 360.
Microsoft will quite probably be able to detect fake firmwares very soon as the cat/mouse game commences so you will get your ass kicked out of Xbox Live for the rest of your life.
Watch out for brickware. Some moron will release one probably.

Robinsod also answers the skeptics who think their "video proof" is a fake. Meanwhile, TheSpecialist talked to a Dutch Xbox site (translated here) and said pretty much the same thing. Both of these guys say that "hacker ethics" and fear of legal action prevent them from making the full details of their work public.

360 firmware hackers speak originally appeared on Joystiq on Tue, 21 Mar 2006 01:45:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments