Yesterday, noted security researcher (and Google employee) Tavis Ormandy published his discovery that Ubisoft's UPlay DRM installs a browser plugin that leaves your computer terribly vulnerable to drive-by attacks over the Internet. The plugin is meant to allow Ubisoft to start games on your computer over the Internet, but it lacks an effective authentication mechanism. This means that an attacker could check your browser to see if you have Ubisoft's DRM installed, and if it finds it, cause the plugin to run malicious software that hijacks your computer.
An early report on Hacker News characterized this as a "rootkit," which triggered a long (and tedious) debate about the formal definition of rootkits and whether Ubisoft's system qualified. To me, this seems rather beside the point, which is that Ubisoft's overall installation process involves a high degree of secrecy and obfuscation, because none of Ubisoft's users want DRM (some may not mind it, but it's a rare gamer who says, "Please install software on my computer that watches what I do and orders my computer to prevent me from doing things that displease a distant corporation"). As a result, security vulnerabilities that arise from sloppiness (or malice) are more difficult to discover and to put right.
PC Gamer got a rare and terse quote from Ubisoft on the issue, in which the company says it is "looking into" the issue, later updated with the statement that a "forced patch" has been issued to fix the issue (though this claim hasn't been independently verified by any source I can find).
There's more commentary on TorrentFreak, which places the DRM in context -- "seen as an essential part of life for many games developers." The Slashdot thread on the issue is lively, but also full of deeply misinformed legal speculation about which laws Ubisoft may or may not have broken in the process.
Steven Boyett writes, “Humble Bundle has released a unicorn-themed Bundle, with proceeds to benefit the World Wide Fund for Nature and Fauna & Flora International. For as little as $1.00, you can get Ariel, by Steven R. Boyett (full disclosure: that’s me); Unicorn Mountain, by Michael Bishop; Homeward Bound, by Bruce Coville; and Unicorn Triangle, […]
Brewster Kahle, who invented the first two search engines and went on to found and run the Internet Archive has published an open letter describing the problems that the W3C’s move to standardize DRM for the web without protecting otherwise legal acts, like archiving, will hurt the open web.
Timothy from Creative Commons writes, “The purpose of copyright is to empower — not frustrate! — creativity and knowledge production. Nowhere is a balanced copyright more important than in education. But 15-year-old EU copyright laws don’t take into account modern digital and online teaching methods, tools, and resources.”
Even the most expensive pair of hi-fi headphones can’t match the feeling of bass rumbling through your body at a live show. That’s why music aficionados designed The Basslet, an accessory that reproduces that sensation from your wrist. Does it make your whole body shake with deep subs? Not really, because that would be terrifying, but […]
They probably just sleep a lot. But still, you can remotely keep an eye on them when you’re at work and missing them deeply with this HD monitor from Kodak.If you have a new puppy that destroys everything in sight, or you just want to be a little more security-conscious, this WiFi camera is a […]
Thinking of a business idea is the easy part. Doesn’t even have to be a “good” idea, you can still get people to throw money at a non-existent venture, but to do that you need to at least have something even resembling a viable business plan. Why doesn’t anyone do it then? Because building that semi-viable […]