Back in August, Elie Bursztein, the man in charge of Google's anti-abuse research team, detailed how he developed a tool to exploit Blizzard's popular collectible trading card game, Hearthstone. Bursztein gave a lengthy presentation on how he accomplished the hack during the Defcon 22 hacking conference in Las Vegas, but broke from convention by refusing to release his work online.
Ubisoft calls yesterday's story about a rootkit being found in Uplay false and blames "a coding error" for the security hole. Ubisoft denied the whole "rootkit" angle altogether. After quickly patching the Uplay software yesterday, the company issued a statement saying that a coding error was the cause of the software being able to launch any executable on a remote computer - a fact hackers demonstrated as a proof of concept this week.
Update: The BBC is reporting that Ubisoft has rushed to patch the exploit unearthed by a Google engineer in its Uplay DRM. The company also issued instructions for Uplay users:
"We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said. "This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com."
Not all hackers are out to destroy the universe. Recently, a "white hat" hacker going by the nickname "ManWitDaPlan" helped developer Trion Worlds fix a serious security hole in its massively multiplayer online game Rift mere hours after it became public knowledge. After becoming victim of account theft, ManWitDaPlan began investigating the problem and posted his findings on the official forum. Responding to ManWitDaPlan's forum post, Trion Worlds (Hartsman) admitted that RIFT was not 100 percent secure and that users should be wary of hackers and botnets exploiting the game.
Dutch website PS3-Sense claims that "a reliable source" has told them that all future PS3 game discs will contain a unique serial code that players will have to input into the system prior to launch. The source also claims that a similar system already exists on Sony’s PlayStation Network. The code will also make it so that a game can only be used on five different systems. This would serve as a way to keep a game from being resold more than five times, the Dutch site posits.
Naturally, Sony is not commenting on this story. PC gamers are very familiar with serial codes. They are now second nature to anyone that has bought a PC game in the last ten years. They have also proven to be ineffective in doing anything other than inconveniencing gamers.
In the event a cyber attack cripples the World Wide Web, seven members of a “chain of trust” have been given the responsibility of restarting the Internet, with each individual armed with a key.
The key holders include one member from each of the following countries: Britain, the U.S., Trinidad and Tobago, Canada, China, Burkina Faso and the Czech Republic.
According to PopSci.com, five of the seven would need to gather at a U.S. base with their keys in order to restart the Internet.
PopSci further described the keys:
The keys are actually smartcards that each contain parts of the DNSSEC root key, which could be thought of as the master key to the whole scheme. But it is interesting to know that there is a group of individuals out there that hold actual, physical keys that would reboot the Internet as we know it.
I'm a fan of the [gaming] ecosystem overall. I can see the positive in [used game trades], because I can see that what you then get is more and more people touching, playing, experiencing a game that they may not otherwise have access to.
I think you've got to try and extract some positive from it, and that's undoubtedly a good factor - a positive swirl of ecosystem that results. Clearly it's a reality, and certain retailers are very focused and spend a lot of time on it. It's good business for them.
I think things like premium downloadable content, and that kind of thing, will ultimately play a part in used games - and that's not me saying that it's a great way for us to try and minimise that. I think it will be a great enhancement to the way that people experience games. If some additional content is available via the Xbox Live service, for instance, that further enriches the game experience and might encourage folks to hang on their games for a bit longer.
GP: For showing a pro-consumer attitude on used game trades, we'll toss Chris a white hat...
Valve founder Gabe Newell did some outside-the-box musing during his DICE Summit keynote, reports Stephen Totilo of MTV Multiplayer.
Among other topics, Newell ripped DRM for games:
Newell believes that [DRM] that is presented as copy-protection gives a game a stink. It leaves customers unsure about how flexibly they can access their games. So they turn to pirates who offer games with fewer strings, he suggested. “There is evidence anecdotally that DRM is increasing piracy rather than decreasing piracy.”
Valve’s solution: battle the pirates by providing better services than the pirates do. The effectiveness of pirates, he said, is to get content to people who want it more swiftly and easily than the companies who make the content do. An outfit like Valve, however, can get provide even better service, even by doing something as intrusive as data-mining their customers’ computers — as long as they are transparent about it and can prove to the customer that taking such measures will make the customers’ games better.
GP: Nice... We're adding Gabe Newell to our list of game industry white hats who are keeping the most important person in the business - the game consumer - in mind.
Big Download is the latest beneficiary of Randy's insights. The site has posted a fascinating interview in which the PCGA head talks about the issue of piracy and PC games.
Most notably, Randy points out that, back in the day, piracy actually helped grow the PC industry:
I don't think that [those who protested Spore's DRM scheme] is anti-DRM as much as they are anti-Spore's approach to DRM. Their protest has been echoed many times on many gaming forums and the PCGA is listening...
If you ask [Valve and Stardock] about the rate of piracy for their games you may find that one has rampant piracy and the other has almost none. The PC Gaming Industry's history is littered with examples of startups (including Stardock and Valve) that actually benefitted from wide spread piracy to grow a market for their future titles.
Don't get me wrong, I am not advocating piracy... However, how would Quake, Doom, Starcraft, Counter-Strike, or Half-Life have been able to grow widespread brand recognition without a widespread network of gamers openly sharing these games. These titles (and many more) defined the industry. Personally, my first experience with a first person shooter was with Doom (back in the day) and I did not pay for it. Id Software turned the corner and has a very successful business built on the back of the early free/open source exchange of their games...
As a gamer who made his bones on the PC, one of the most encouraging developments of 2008 has been the launch of the PC Gaming Alliance, an association comprised of companies with a stake in the computer games market.
Beyond the formation of the PCGA, however, I'm encouraged by the outspokenness of its president, Randy Stude. In his day job Randy is the Director of Intel's Gaming Program Office. His love of PC gaming is evident and his eminently reasonable voice has given cheer to millions of PC gamers who sometimes feel like outcasts in an increasingly console-centric world.
Randy spoke with GP at length recently on a number of topics, including piracy, where PC gaming is heading and why you can't really play strategy games on an Xbox 360 or PS3.
GP: Randy, what's the outlook for PC gaming?
RS:The PC is leading the way when it comes to hardware innovation and business model innovation. When we released our Horizons research [in Leipzig] which shows the software revenues being generated for PC gaming, I think a lot of people were stunned to see how much revenue is being generated out of Asiain particular.
It shouldn’t be too stunning, I mean this trend has been underway of quite some time. Almost half of the $10.7 billion that are being generated in PC gaming software revenues are coming out of Asia. And this is a trend that obviously many of us who sell hardware are very well aware of because there’s a huge appetite for our technology in the Asian region - anywhere from Vietnam to Korea to China. Even Japan is taking off at this point for PCs and PC gaming.
The usual perception that the West has [is that the Asian market is primarily subscription-based] but it’s more like what Battlefield Heroes is going to be. Its more either pay-to-play, time-on-wire or micro- transactionsgaming where the game client itself is free but in order to advance and level up you need the assistance of certain in-game merchandise that you have to acquire. It’s the acquire vs. accumulate business model. Accumulating takes a lot longer, so most gamers will go for the acquire model.
A lot of these games are finding their way to the U.S. as well. I think the first AAA U.S. title will be the Battlefield Heroes game. Of course there’s Maple Story that’s already here as well as several other similar titles. I think Battlefield Heroes will blow it out for us in the West.
GP: So, will packaged games go away in favor of online distribution and browser-based games?
RS: I don’t think the PCGA is in a position to predict [whether the packaged titles will go away] necessarily, because there are those in the PCGA who rely on packaged goods as their primary source of revenue… I think it’s an important trend and one that several analysts are predicting that the consoles will follow shortly in terms of more content being distributed through the online stores for Nintendo, and Microsoft and Sony, direct to the hard drive of the console. (Hit the jump for more with PCGA's Randy Stude)
In the current environment, game publishers seem perfectly willing to push their customers around, especially when it comes to gaming on the PC.
That's why - as a long time PC gamer - the more I hear about the PC Gaming Alliance, the more enthusiastic I become.
While publishers like Electronic Arts need a lawsuit or three, along with a wave of bad publicity, to clue them into the fact that computer gamers don't want restrictive DRM on their games, the people at the PCGA are studying the piracy issue with an eye toward balancing the needs of publishers to turn a profit and consumers to enjoy a positive gaming experience on their PC.
Ben Kuchera of Ars Technica interviews outspoken PCGA head Randy Stude:
I don't think [piracy is] getting worse, as much as it's getting easier. As broadband has gotten more prolific the issue has been exacerbated... The PCGA will take up the challenge of piracy, not to assume the responsibility that [game publishers lobby] the ESA has taken on... rather the PCGA would like to address the methodology that publishers might be able to take to solve, or to do a better job trying to solve, the piracy challenge for their substantial investments in content.
I think [in the Spore DRM revolt] gamers wanted to make their voices known; it was the equivalent of the Boston tea party... [PC Gamers] don't buy one machine, stick it in the corner, hook it up to the TV, and play it forever. We play on multitudes of machines, and we want the same rights an Xbox 360 purchaser has, to move the game to whatever machine we want to play on.
We [at PCGA] are the guardians of the PC as a platform for gaming. We need to make sure there is an environment where publishers are not afraid to invest tens of millions of dollars in developing great gaming experiences.
PCGA members include hardware types like Dell, INtel, nvidea, AMD, Acer and Antec, as well as Microsoft and Activision.
Consumer-friendly PC publisher Stardock is working on a non-intrusive copyright protection scheme for PC games, according to Edge Online.
Citing an interview with CEO Brad Wardell, EO reports that Stardock is developing the solution for other publishers. GamePolitics readers will recall that Wardell and Gas Powered Games head Chris Taylor released the controversial Gamers Bill of Rights during PAX 2008.
It seems that major PC game publishers were unwilling to sign onto the Bill of Rights, however. While not naming names, Wardell commented on the publishers' reluctance:
While Stardock doesn't put copy protection on its retail games, the fact is that most publishers are never going to agree to do that. So the publishers are telling us, 'Put your money where your mouth is. Why don't you guys develop something that you think is suitable that would protect our IP, but would be more acceptable to users?'
We're investigating what would make users happy to protect their needs, but also provide some security for the publishers. ... We're actually developing a technology that would do that.
Wardell stopped short of terming his new project a form of DRM:
The problem with 'DRM' is that it's so loosely defined... Stardock's products use activation, and I wouldn't say that it's DRM. We're just verifying if you're real customer... We want that [game user] license to be yours, not per machine... It's not your machine buying the game. It's you...
Publishers should have the right to be stupid [about DRM] if they want. That's their right. And it's the right of the consumer to choose not to buy.
The revision addresses the need for more specific wording in order "to get to a place that most users and most publishers can agree on." In addition, Wardell examined the common complaints regarding controversial DRM practices, breaking them down into legitimate, borderline, and illegitimate categories.
He also noted that while Stardock will continue to release titles with no DRM, owners will need to download meaningful updates directly from Stardock. The CEO further revealed that Stardock will soon add "IP protection services" to its digital distribution platform Impulse "so that publishers at least have an alternative to methods like SecureROM, Tages or Steamworks. As a practical matter, most game publishers who want to protect their IP have few options right now."
"There is no solution to the issue of protecting intellectual property (IP) that will satisfy all parties," explained Wardell. "There are customers who will accept nothing less than publishers acquiescing to a quasi-honor system for purchasing software. That doesn't work."
Among what Wardell sees as legit consumer gripes:
They don't want the copy protection to interfere with their enjoyment or use of the software or game.
If a program wants to have a limited activation system, then it needs to provide a way to de-authorize other computers (ala iTunes).
A program should not be installing drivers or other hidden files on the system that use system resources.
Activation-based DRM means that if the publisher goes out of business or simply stops supporting their content that the customer can no longer use their legally purchased item.
Having an arbitrarily low limit on personal activations makes the program feel like it's being rented.
Requiring the user to always be online to play a single-player game. Though we do think publishers have the right to require this as long as they make it clear on the box.
Wardell visited GamePolitics yesterday to respond to concerns about the Gamer's Bill of Rights voiced by PC Gamer editor-in-chief Kristen Salvatore.
Gamer-friendly PC publisher Stardock (Sins of a Solar Empire) has released what it is terming the "Gamer’s Bill of Rights" at PAX.
The company calls the document:
...a statement of principles that it hopes will encourage the PC game industry to adopt standards that are more supportive of PC gamers. The document contains 10 specific “rights” that video game enthusiasts can expect from Stardock as an independent developer and publisher that it hopes that other publishers will embrace...
the objective of the Gamer’s Bill of Rights is to increase the confidence of consumers of the quality of PC games which in turn will lead to more sales and a better gaming experience.
Of the Bill of Rights, Stardock CEO Brad Wardell commented:
As an industry, we need to begin setting some basic, common sense standards that reward PC gamers for purchasing our games. The console market effectively already has something like this in that its games have to go through the platform maker such as Nintendo, Microsoft, or Sony. But on the PC, publishers can release games that are scarcely completed, poorly supported, and full of intrusive copy protection and then be stuck on it.
Chris Taylor, CEO and founder of Gas Powered Games, expressed support for the Bill of Rights, which Stardock enumerates as:
Gamers shall have the right to return games that don’t work with their computers for a full refund.
Gamers shall have the right to demand that games be released in a finished state.
Gamers shall have the right to expect meaningful updates after a game’s release.
Gamers shall have the right to demand that download managers and updaters not force themselves to run or be forced to load in order to play a game.
Gamers shall have the right to expect that the minimum requirements for a game will mean that the game will play adequately on that computer.
Gamers shall have the right to expect that games won’t install hidden drivers or other potentially harmful software without their consent.
Gamers shall have the right to re-download the latest versions of the games they own at any time.
Gamers shall have the right to not be treated as potential criminals by developers or publishers.
Gamers shall have the right to demand that a single-player game not force them to be connected to the Internet every time they wish to play.
Gamers shall have the right that games which are installed to the hard drive shall not require a CD/DVD to remain in the drive to play.
GP: While this would more properly be termed the PC Gamer's Bill of Rights, we have to say, Bravo, Stardock!
Wonderkarp: though not strictly games. I have Lightsabers mounted on the wall, and on a shelf you'll see the Infinity Gauntlet, the Ocarina of Time, a Sith Holocron, and some of my Ghostbusters Props11/22/2014 - 8:57pm
Wonderkarp: swag of all kinds, Andrew. I'm trying to build a game room as impressive as AVGNs nerd room. I'm also trying to build a coffee table/storage space shaped like a NES Controller11/22/2014 - 8:55pm
E. Zachary Knight: I need new controllers for my Gamecube. Its not everyday you can get brand new 1st party controllers.11/22/2014 - 8:51pm
Andrew Eisen: Predominately figurines or swag of all kinds?11/22/2014 - 8:37pm
Wonderkarp: I would like a new gamecube controller....but I also just like gaming swag....11/22/2014 - 8:32pm
Andrew Eisen: I'm just waiting to buy a new Gamecube controller for my Gamecube.11/22/2014 - 7:15pm
Wonderkarp: http://kotaku.com/smash-bros-gamecube-adapters-sold-out-online-prices-g-1662162871 Smash Bros Gamecube adapter sold out, online prices go nuts11/22/2014 - 6:50pm
Andrew Eisen: I bet there's a lovely comedy of errors surrounding that list's journey to the IGDA's page!11/22/2014 - 6:49pm
Andrew Eisen: And the fact that it was curated by some random person on Twitter should have been another.11/22/2014 - 6:48pm
Andrew Eisen: Yep, it's pretty clear that whoever at the IGDA grabbed that list, didn't look at it first. I think the fact that there's over 10,000 names on it should have been a bit of a red flag.11/22/2014 - 6:44pm
Wonderkarp: penguin books is on the list. wow.11/22/2014 - 6:43pm
Wonderkarp: thats better, though I'd prefer something a little more than a simple tweet, I'll take it.11/22/2014 - 6:37pm
Andrew Eisen: Kate Edwards' Twitter: "like people, tools are imperfect; we've removed it for now."11/22/2014 - 6:35pm
Andrew Eisen: Hard to say with any certainty but it appears it at least understands the tool didn't do what it thought it did.11/22/2014 - 6:34pm
Wonderkarp: I've yet to find the IGDA responding too the situation other than deleting a link.11/22/2014 - 6:34pm
Matthew Wilson: I hope the IGDA understands why its a mistake, that's all I want.11/22/2014 - 6:33pm
Andrew Eisen: Heh, lawyering up would be grossly overracting! And really silly. Well, if what the IGDA did say was not enough for you, try contacting them and letting them know how you feel.11/22/2014 - 6:31pm
Wonderkarp: all I want is an apology from the IGDA. nothing fancy, not even addressed to me. Just something that says, "We messed up. We're Sorry" thats it. Not exactly those words except Sorry. If I was overreacting, I'd be lawyering up.11/22/2014 - 6:29pm
Andrew Eisen: I get it, I just think you're taking it the wrong way and overreacting.11/22/2014 - 6:27pm
Wonderkarp: atleast Matthew understands why I am miffed at that list11/22/2014 - 6:26pm