Potential Ubisoft UPlay exploit issue

[Lord Sinister]

I feel it's worth posting this here in case it affects anyone on this forum: http://www.rockpapershotgun.com/2012/07/30/psa-possible-security-risk-in-some-ubisoft-pc-games/

 

Basically it seems some sort of exploit Ubisoft's DRM utility Uplay. Looks like it's actually in a browser plugin it silently installs with the utility, but the article recommends removing Uplay entirely until things have been cleared up.

 

EDIT: The article's been updated saying that you only need to remove the browser plugin as that is the thing at fault, apparently.

[The Hamburglar]

I would uninstall it anyways, and not give Ubisoft any more support. That's unnecessary bullshit on their part.

[Lord Sinister]

Ubisoft have apparently swiftly issued a patch:

 

http://www.rockpapershotgun.com/2012/07/31/coding-error-caused-uplay-exploit/

[Obsidian]

This news just made me realize that I don't own any ubisoft games for the PC, and actually only own the Prince of Persia PS2 games. It's a shame this exploit was possible in the first place, however at least Ubisoft fixed it rather quickly. Other companies would take longer if they tried fixing a similar issue, assuming they'd bother trying in the first place.

[The Hamburglar]

This news just made me realize that I don't own any ubisoft games for the PC, and actually only own the Prince of Persia PS2 games. It's a shame this exploit was possible in the first place, however at least Ubisoft fixed it rather quickly. Other companies would take longer if they tried fixing a similar issue, assuming they'd bother trying in the first place.

EA would probably enforce it if they did something like it.

[Bjossi]

however at least Ubisoft fixed it rather quickly. Other companies would take longer if they tried fixing a similar issue, assuming they'd bother trying in the first place.

 

The only reason Ubisoft fixed it so promptly was because the vulnerability was made public. Had it been reported to them privately it would probably have taken Ubi's programmers weeks or even months to get around to fixing it. For the sake of publicity they had to act right away since all the major game sites had already reported on this.

 

Supposedly the vulnerability was limited to a Uplay browser plugin which Uplay secretly installs into people's browsers without their knowledge or consent. That sort of secrecy is a pretty prominent theme of spyware malware digital rights management.

[Obsidian]

however at least Ubisoft fixed it rather quickly. Other companies would take longer if they tried fixing a similar issue, assuming they'd bother trying in the first place.

 

The only reason Ubisoft fixed it so promptly was because the vulnerability was made public. Had it been reported to them privately it would probably have taken Ubi's programmers weeks or even months to get around to fixing it. For the sake of publicity they had to act right away since all the major game sites had already reported on this.

 

Supposedly the vulnerability was limited to a Uplay browser plugin which Uplay secretly installs into people's browsers without their knowledge or consent. That sort of secrecy is a pretty prominent theme of spyware malware digital rights management.

 

 

See: securom (which, if I recall, is another marvelous Sony creation).

 

And don't get me wrong, my comment wasn't praising ubisoft in the least (the beginning of my statement you quoted mentioned that this exploit shouldn't have been an issue in the first place). I agree that a leading reason the issue got fixed so quickly was because it was publicized. To take an example from Sony again, the PSN outage lasted much longer than the time between this exploit was discovered to the time it was supposedly remedied.