Back in August, Elie Bursztein, the man in charge of Google's anti-abuse research team, detailed how he developed a tool to exploit Blizzard's popular collectible trading card game, Hearthstone. Bursztein gave a lengthy presentation on how he accomplished the hack during the Defcon 22 hacking conference in Las Vegas, but broke from convention by refusing to release his work online.
Ubisoft calls yesterday's story about a rootkit being found in Uplay false and blames "a coding error" for the security hole. Ubisoft denied the whole "rootkit" angle altogether. After quickly patching the Uplay software yesterday, the company issued a statement saying that a coding error was the cause of the software being able to launch any executable on a remote computer - a fact hackers demonstrated as a proof of concept this week.
Update: The BBC is reporting that Ubisoft has rushed to patch the exploit unearthed by a Google engineer in its Uplay DRM. The company also issued instructions for Uplay users:
"We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said. "This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com."
Not all hackers are out to destroy the universe. Recently, a "white hat" hacker going by the nickname "ManWitDaPlan" helped developer Trion Worlds fix a serious security hole in its massively multiplayer online game Rift mere hours after it became public knowledge. After becoming victim of account theft, ManWitDaPlan began investigating the problem and posted his findings on the official forum. Responding to ManWitDaPlan's forum post, Trion Worlds (Hartsman) admitted that RIFT was not 100 percent secure and that users should be wary of hackers and botnets exploiting the game.
Dutch website PS3-Sense claims that "a reliable source" has told them that all future PS3 game discs will contain a unique serial code that players will have to input into the system prior to launch. The source also claims that a similar system already exists on Sony’s PlayStation Network. The code will also make it so that a game can only be used on five different systems. This would serve as a way to keep a game from being resold more than five times, the Dutch site posits.
Naturally, Sony is not commenting on this story. PC gamers are very familiar with serial codes. They are now second nature to anyone that has bought a PC game in the last ten years. They have also proven to be ineffective in doing anything other than inconveniencing gamers.
In the event a cyber attack cripples the World Wide Web, seven members of a “chain of trust” have been given the responsibility of restarting the Internet, with each individual armed with a key.
The key holders include one member from each of the following countries: Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.
According to PopSci.com, five of the seven would need to gather at a U.S. base with their keys in order to restart the Internet.
PopSci further described the keys:
The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.
I'm a fan of the [gaming] ecosystem overall. I can see the positive in [used game trades], because I can see that what you then get is more and more people touching, playing, experiencing a game that they may not otherwise have access to.
I think you've got to try and extract some positive from it, and that's undoubtedly a good factor - a positive swirl of ecosystem that results. Clearly it's a reality, and certain retailers are very focused and spend a lot of time on it. It's good business for them.
I think things like premium downloadable content, and that kind of thing, will ultimately play a part in used games - and that's not me saying that it's a great way for us to try and minimise that. I think it will be a great enhancement to the way that people experience games. If some additional content is available via the Xbox Live service, for instance, that further enriches the game experience and might encourage folks to hang on their games for a bit longer.
GP: For showing a pro-consumer attitude on used game trades, we'll toss Chris a white hat...
Valve founder Gabe Newell did some outside-the-box musing during his DICE Summit keynote, reports Stephen Totilo of MTV Multiplayer.
Among other topics, Newell ripped DRM for games:
Newell believes that [DRM] that is presented as copy-protection gives a game a stink. It leaves customers unsure about how flexibly they can access their games. So they turn to pirates who offer games with fewer strings, he suggested. “There is evidence anecdotally that DRM is increasing piracy rather than decreasing piracy.”
Valve’s solution: battle the pirates by providing better services than the pirates do. The effectiveness of pirates, he said, is to get content to people who want it more swiftly and easily than the companies who make the content do. An outfit like Valve, however, can get provide even better service, even by doing something as intrusive as data-mining their customers’ computers — as long as they are transparent about it and can prove to the customer that taking such measures will make the customers’ games better.
GP: Nice... We're adding Gabe Newell to our list of game industry white hats who are keeping the most important person in the business - the game consumer - in mind.
Big Download is the latest beneficiary of Randy's insights. The site has posted a fascinating interview in which the PCGA head talks about the issue of piracy and PC games.
Most notably, Randy points out that, back in the day, piracy actually helped grow the PC industry:
I don't think that [those who protested Spore's DRM scheme] is anti-DRM as much as they are anti-Spore's approach to DRM. Their protest has been echoed many times on many gaming forums and the PCGA is listening...
If you ask [Valve and Stardock] about the rate of piracy for their games you may find that one has rampant piracy and the other has almost none. The PC Gaming Industry's history is littered with examples of startups (including Stardock and Valve) that actually benefitted from wide spread piracy to grow a market for their future titles.
Don't get me wrong, I am not advocating piracy... However, how would Quake, Doom, Starcraft, Counter-Strike, or Half-Life have been able to grow widespread brand recognition without a widespread network of gamers openly sharing these games. These titles (and many more) defined the industry. Personally, my first experience with a first person shooter was with Doom (back in the day) and I did not pay for it. Id Software turned the corner and has a very successful business built on the back of the early free/open source exchange of their games...
As a gamer who made his bones on the PC, one of the most encouraging developments of 2008 has been the launch of the PC Gaming Alliance, an association comprised of companies with a stake in the computer games market.
Beyond the formation of the PCGA, however, I'm encouraged by the outspokenness of its president, Randy Stude. In his day job Randy is the Director of Intel's Gaming Program Office. His love of PC gaming is evident and his eminently reasonable voice has given cheer to millions of PC gamers who sometimes feel like outcasts in an increasingly console-centric world.
Randy spoke with GP at length recently on a number of topics, including piracy, where PC gaming is heading and why you can't really play strategy games on an Xbox 360 or PS3.
GP: Randy, what's the outlook for PC gaming?
RS:The PC is leading the way when it comes to hardware innovation and business model innovation. When we released our Horizons research [in Leipzig] which shows the software revenues being generated for PC gaming, I think a lot of people were stunned to see how much revenue is being generated out of Asiain particular.
It shouldn’t be too stunning, I mean this trend has been underway of quite some time. Almost half of the $10.7 billion that are being generated in PC gaming software revenues are coming out of Asia. And this is a trend that obviously many of us who sell hardware are very well aware of because there’s a huge appetite for our technology in the Asian region - anywhere from Vietnam to Korea to China. Even Japan is taking off at this point for PCs and PC gaming.
The usual perception that the West has [is that the Asian market is primarily subscription-based] but it’s more like what Battlefield Heroes is going to be. Its more either pay-to-play, time-on-wire or micro- transactionsgaming where the game client itself is free but in order to advance and level up you need the assistance of certain in-game merchandise that you have to acquire. It’s the acquire vs. accumulate business model. Accumulating takes a lot longer, so most gamers will go for the acquire model.
A lot of these games are finding their way to the U.S. as well. I think the first AAA U.S. title will be the Battlefield Heroes game. Of course there’s Maple Story that’s already here as well as several other similar titles. I think Battlefield Heroes will blow it out for us in the West.
GP: So, will packaged games go away in favor of online distribution and browser-based games?
RS: I don’t think the PCGA is in a position to predict [whether the packaged titles will go away] necessarily, because there are those in the PCGA who rely on packaged goods as their primary source of revenue… I think it’s an important trend and one that several analysts are predicting that the consoles will follow shortly in terms of more content being distributed through the online stores for Nintendo, and Microsoft and Sony, direct to the hard drive of the console. (Hit the jump for more with PCGA's Randy Stude)
In the current environment, game publishers seem perfectly willing to push their customers around, especially when it comes to gaming on the PC.
That's why - as a long time PC gamer - the more I hear about the PC Gaming Alliance, the more enthusiastic I become.
While publishers like Electronic Arts need a lawsuit or three, along with a wave of bad publicity, to clue them into the fact that computer gamers don't want restrictive DRM on their games, the people at the PCGA are studying the piracy issue with an eye toward balancing the needs of publishers to turn a profit and consumers to enjoy a positive gaming experience on their PC.
Ben Kuchera of Ars Technica interviews outspoken PCGA head Randy Stude:
I don't think [piracy is] getting worse, as much as it's getting easier. As broadband has gotten more prolific the issue has been exacerbated... The PCGA will take up the challenge of piracy, not to assume the responsibility that [game publishers lobby] the ESA has taken on... rather the PCGA would like to address the methodology that publishers might be able to take to solve, or to do a better job trying to solve, the piracy challenge for their substantial investments in content.
I think [in the Spore DRM revolt] gamers wanted to make their voices known; it was the equivalent of the Boston tea party... [PC Gamers] don't buy one machine, stick it in the corner, hook it up to the TV, and play it forever. We play on multitudes of machines, and we want the same rights an Xbox 360 purchaser has, to move the game to whatever machine we want to play on.
We [at PCGA] are the guardians of the PC as a platform for gaming. We need to make sure there is an environment where publishers are not afraid to invest tens of millions of dollars in developing great gaming experiences.
PCGA members include hardware types like Dell, INtel, nvidea, AMD, Acer and Antec, as well as Microsoft and Activision.
Consumer-friendly PC publisher Stardock is working on a non-intrusive copyright protection scheme for PC games, according to Edge Online.
Citing an interview with CEO Brad Wardell, EO reports that Stardock is developing the solution for other publishers. GamePolitics readers will recall that Wardell and Gas Powered Games head Chris Taylor released the controversial Gamers Bill of Rights during PAX 2008.
It seems that major PC game publishers were unwilling to sign onto the Bill of Rights, however. While not naming names, Wardell commented on the publishers' reluctance:
While Stardock doesn't put copy protection on its retail games, the fact is that most publishers are never going to agree to do that. So the publishers are telling us, 'Put your money where your mouth is. Why don't you guys develop something that you think is suitable that would protect our IP, but would be more acceptable to users?'
We're investigating what would make users happy to protect their needs, but also provide some security for the publishers. ... We're actually developing a technology that would do that.
Wardell stopped short of terming his new project a form of DRM:
The problem with 'DRM' is that it's so loosely defined... Stardock's products use activation, and I wouldn't say that it's DRM. We're just verifying if you're real customer... We want that [game user] license to be yours, not per machine... It's not your machine buying the game. It's you...
Publishers should have the right to be stupid [about DRM] if they want. That's their right. And it's the right of the consumer to choose not to buy.
The revision addresses the need for more specific wording in order "to get to a place that most users and most publishers can agree on." In addition, Wardell examined the common complaints regarding controversial DRM practices, breaking them down into legitimate, borderline, and illegitimate categories.
He also noted that while Stardock will continue to release titles with no DRM, owners will need to download meaningful updates directly from Stardock. The CEO further revealed that Stardock will soon add "IP protection services" to its digital distribution platform Impulse "so that publishers at least have an alternative to methods like SecureROM, Tages or Steamworks. As a practical matter, most game publishers who want to protect their IP have few options right now."
"There is no solution to the issue of protecting intellectual property (IP) that will satisfy all parties," explained Wardell. "There are customers who will accept nothing less than publishers acquiescing to a quasi-honor system for purchasing software. That doesn't work."
Among what Wardell sees as legit consumer gripes:
They don't want the copy protection to interfere with their enjoyment or use of the software or game.
If a program wants to have a limited activation system, then it needs to provide a way to de-authorize other computers (ala iTunes).
A program should not be installing drivers or other hidden files on the system that use system resources.
Activation-based DRM means that if the publisher goes out of business or simply stops supporting their content that the customer can no longer use their legally purchased item.
Having an arbitrarily low limit on personal activations makes the program feel like it's being rented.
Requiring the user to always be online to play a single-player game. Though we do think publishers have the right to require this as long as they make it clear on the box.
Wardell visited GamePolitics yesterday to respond to concerns about the Gamer's Bill of Rights voiced by PC Gamer editor-in-chief Kristen Salvatore.
Gamer-friendly PC publisher Stardock (Sins of a Solar Empire) has released what it is terming the "Gamer’s Bill of Rights" at PAX.
The company calls the document:
...a statement of principles that it hopes will encourage the PC game industry to adopt standards that are more supportive of PC gamers. The document contains 10 specific “rights” that video game enthusiasts can expect from Stardock as an independent developer and publisher that it hopes that other publishers will embrace...
the objective of the Gamer’s Bill of Rights is to increase the confidence of consumers of the quality of PC games which in turn will lead to more sales and a better gaming experience.
Of the Bill of Rights, Stardock CEO Brad Wardell commented:
As an industry, we need to begin setting some basic, common sense standards that reward PC gamers for purchasing our games. The console market effectively already has something like this in that its games have to go through the platform maker such as Nintendo, Microsoft, or Sony. But on the PC, publishers can release games that are scarcely completed, poorly supported, and full of intrusive copy protection and then be stuck on it.
Chris Taylor, CEO and founder of Gas Powered Games, expressed support for the Bill of Rights, which Stardock enumerates as:
Gamers shall have the right to return games that don’t work with their computers for a full refund.
Gamers shall have the right to demand that games be released in a finished state.
Gamers shall have the right to expect meaningful updates after a game’s release.
Gamers shall have the right to demand that download managers and updaters not force themselves to run or be forced to load in order to play a game.
Gamers shall have the right to expect that the minimum requirements for a game will mean that the game will play adequately on that computer.
Gamers shall have the right to expect that games won’t install hidden drivers or other potentially harmful software without their consent.
Gamers shall have the right to re-download the latest versions of the games they own at any time.
Gamers shall have the right to not be treated as potential criminals by developers or publishers.
Gamers shall have the right to demand that a single-player game not force them to be connected to the Internet every time they wish to play.
Gamers shall have the right that games which are installed to the hard drive shall not require a CD/DVD to remain in the drive to play.
GP: While this would more properly be termed the PC Gamer's Bill of Rights, we have to say, Bravo, Stardock!
Infophile: (cont'd) about non-union police officers being given hell until they joined the union.07/07/2015 - 4:58pm
Infophile: Paradoxically, the drive in the US to get rid of unions seems to have left only the most corrupt surviving. They seem to be the only ones that can find ways to browbeat employees into joining when paying dues isn't mandatory. I've heard some stories ...07/07/2015 - 4:57pm
Matthew Wilson: I am old school on this. I believe its a conflict of interest to have public sector unions. that being said, I do not have a positive look on unions in general.07/07/2015 - 3:59pm
Technogeek: What's best for the employee tends to be good for the employer; other way around, not so much. So long as that's the case, there's going to be a far stronger incentive for management to behave in such a way that invites retalitation than for the union to.07/07/2015 - 3:10pm
Technogeek: Teachers' unions? State legislatures. UAW? Just look at GM's middle management.07/07/2015 - 3:05pm
Technogeek: In many ways it seems that the worse a union tends to behave, the worse that the company's management has behaved in the past.07/07/2015 - 3:02pm
james_fudge: Charity starts at home ;)07/07/2015 - 2:49pm
james_fudge: So mandatory charity? That sounds shitty to me07/07/2015 - 2:49pm
E. Zachary Knight: Goth, if Union dues are automatically withdrawn, then there is no such thing as a non-union employee.07/07/2015 - 2:38pm
Goth_Skunk: a mutually agreed upon charity instead.07/07/2015 - 2:33pm
Goth_Skunk: you enjoy the benefits of working in a union environment. If working in a union is against your religious beliefs or just something you wholeheartedly object to, dues will still be deducted from your pay, but you can instruct that they be directed towards07/07/2015 - 2:33pm
Goth_Skunk: Basically, if you are employed in a business where employees are represented by a union for the purposes of collective bargaining, whether or not you are a union member, you will have union dues deducted from your pay, since regardless of membership,07/07/2015 - 2:32pm
Goth_Skunk: It's something that has existed in Canada since 1946. You can read more on it here: http://ow.ly/PiHWR07/07/2015 - 2:27pm
Goth_Skunk: See, we have something similar in Canada, called a "Rand Employee." This is an employee who benefits from the collective bargaining efforts of a union, despite not wanting to be a part of it for whatever reason.07/07/2015 - 2:22pm
Matthew Wilson: @info depends on the sector. for example, have you looked at how powerful unions are in the public sector? I will make the argument they have too much power in that sector.07/07/2015 - 12:39pm
Infophile: It's easy to worry about unions having too much power and causing harm. The odd thing is, why do people seem to worry about that more than the fact that business-owners can have too much power and do harm, particularly at a time when unions have no power?07/07/2015 - 12:31pm
Matthew Wilson: the thing is unions earned their bad reputation in the US. the way unions oparate the better at your job you are, the likely you want to be in a union.07/07/2015 - 11:33am
Infophile: Put that way, "right to work" seems to have BLEEP-all to do with gay rights. Thing is, union-negotiated contracts used to be one of the key ways to prevent employers from firing at will. Without union protection, nothing stops at-will firing.07/07/2015 - 11:06am
Infophile: has an incentive to pay dues if they're represented either way, so the union is starved for funds and dies, unless things are bad enough that people will pay dues anyway.07/07/2015 - 11:02am
Infophile: For those who don't know, "right to work" laws mean that it can't be a condition of an employment contract that you pay union dues. That is, the right to work without having to pay dues. Catch is, unions have to represent non-members as well, so no one...07/07/2015 - 11:01am