Yesterday, noted security researcher (and Google employee) Tavis Ormandy published his discovery that Ubisoft's UPlay DRM installs a browser plugin that leaves your computer terribly vulnerable to drive-by attacks over the Internet. The plugin is meant to allow Ubisoft to start games on your computer over the Internet, but it lacks an effective authentication mechanism. This means that an attacker could check your browser to see if you have Ubisoft's DRM installed, and if it finds it, cause the plugin to run malicious software that hijacks your computer.
An early report on Hacker News characterized this as a "rootkit," which triggered a long (and tedious) debate about the formal definition of rootkits and whether Ubisoft's system qualified. To me, this seems rather beside the point, which is that Ubisoft's overall installation process involves a high degree of secrecy and obfuscation, because none of Ubisoft's users want DRM (some may not mind it, but it's a rare gamer who says, "Please install software on my computer that watches what I do and orders my computer to prevent me from doing things that displease a distant corporation"). As a result, security vulnerabilities that arise from sloppiness (or malice) are more difficult to discover and to put right.
PC Gamer got a rare and terse quote from Ubisoft on the issue, in which the company says it is "looking into" the issue, later updated with the statement that a "forced patch" has been issued to fix the issue (though this claim hasn't been independently verified by any source I can find).
There's more commentary on TorrentFreak, which places the DRM in context -- "seen as an essential part of life for many games developers." The Slashdot thread on the issue is lively, but also full of deeply misinformed legal speculation about which laws Ubisoft may or may not have broken in the process.
An excellent excerpt from Aaron Perzanowski and Jason Schultz’s The End of Ownership: Personal Property in the Digital Economy on Motherboard explains how Section 1201 of the 1998 Digital Millennium Copyright Act — which bans tampering with or bypassing DRM, even for legal reasons — has allowed corporations to design their products so that using […]
Securelist’s report on the security vulnerabilities in Android-based “connected cars” describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away.
Motherboard says a source told them that “an Apple representative, staffer, or lobbyist will testify” against the state’s Right to Repair bill, which requires companies to make it easy for their customers to choose from a variety of repair options, from official channels to third parties to DIY.
Python is immensely popular in the data science world for the same reason it is in most other areas of computing—it has highly readable syntax and is suitable for anything from short scripts to massive web services. One of its most exciting, newest applications, however, is in machine learning. You can dive into this booming […]
Learning new skills is a great way to improve your resume and stand out from other candidates. Especially in a workforce in which many job-seekers have a wide variety of qualifications. With lifetime access to Virtual Training Company, you won’t have to choose a specific focus. You can pick up new expertise whenever you deem it […]
Instead of throwing out all the empties after your next party, why not transform them into some new DIY glassware? Cut back on waste and add some home ambiance with the Kinkajou Bottle Cutter and Candle Making Kit.The Kinkajou is designed as a clamp-on scoring blade to make precise cuts. Just slide a bottle in, tighten […]