Activision Took Down Call of Duty Game After PC Players Hacked (techcrunch.com) 23
Activision removed "Call of Duty: WWII" from Microsoft Store and Game Pass after hackers exploited a security vulnerability that allowed them to compromise players' computers, TechCrunch reported Tuesday, citing a source. The gaming giant took the 2017 first-person shooter offline last week while investigating what it initially described only as "reports of an issue."
Players posted on social media claiming their systems had been hacked while playing the game. The vulnerability was a remote code execution exploit that enables attackers to install malware and take control of victims' devices. The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game.
Players posted on social media claiming their systems had been hacked while playing the game. The vulnerability was a remote code execution exploit that enables attackers to install malware and take control of victims' devices. The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game.
THE ONLY COD I OWN (Score:2)
patch pending?
Re: (Score:3)
This is why people should practice "device segregation" if they can afford to do so.
It means you have one computer that you use for online banking, investing, and tax filing.
A separate computer is for gaming, shopping, and browsing online.
This way, even if you get hacked though the sorts of risky activities that involve installing a lot of software that runs locally, and roaming around the open internet, the hackers won't steal anything related to your nest egg. Or your social security number.
The good news
Re: (Score:1)
This is why people should practice "device segregation" if they can afford to do so.
It means you have one computer that you use for online banking, investing, and tax filing.
A separate computer is for gaming, shopping, and browsing online.
If you're doing that, don't go shopping together with gaming or they might grab your credit card number
Re: (Score:2)
You could break shopping out to yet-another device, but generally speaking you don't need to.
Services like paypal help you protect your credit card number. And also, even if you do get your credit card stolen, you can just dispute the charges and get the money back. If this happens a lot that's a problem of course, but the industry is built to tolerate this level of crime so long as it isn't excessive.
It helps if you do things like clear you cookies every time you close the browser, so session hijacking i
So the PS3 servers are apparently still up (Score:2)
Re: (Score:1)
not everyone lives in the first world
classism rears its ugly head once again
Re: So the PS3 servers are apparently still up (Score:2)
You do, you live in Canada. Go away cunt.
Re: (Score:2)
lol your attitude speaks volumes about you
I pity you
Kernel or userspace? (Score:3)
If this is an exploit in the anti-cheat driver, that's a far more serious matter.
I hope it's a userspace hack.
Re: (Score:3)
I hope it's a userspace hack.
I hope it's a vulnerability in a kernel DRM component so that gamers learn to hate that bullshit more.
Re: (Score:3)
Gamers do hate it. It's not DRM, but anti-cheat, so it's only really accepted as a necessary evil, because cheating in online multiplayer games, especially popular ones like CoD, is rampant. Unless you can come up with a way to resolve this, it's going to be around. Network communications can be secured with TLS, but you can still cheat using hacks that don't even interact directly with a program. There are
Re: (Score:3)
Gamers do hate it. It's not DRM, but anti-cheat, so it's only really accepted as a necessary evil, because cheating in online multiplayer games, especially popular ones like CoD, is rampant. Unless you can come up with a way to resolve this, it's going to be around.
This problem was solved decades ago: private servers.
Anti-cheat mandates for public servers? Makes sense. But the way to allow online multiplayer without invasive anti-cheat is to allow users to host their own game servers, so the anti-cheat is good old fashioned community pressure - when everyone knows everyone and games are password protected, it's trivial for a community to self-police to a level they're comfortable with - including servers that expressly allow for cheats, if desired.
I'd almost go so far
Re: (Score:2)
Re: (Score:2)
I just got mod points, and looked in on responses, and I couldn't agree more too.
I almost want to delete the OP and mod that one up.
Re: (Score:2)
Why is this still a thing? FFS. A stack overflow? Why. Is. This. Still. A. THING?!
Could we cut it out with the C# already? Computers are powerful enough that you no longer need that sort of latitude.
How does something like that happen? (Score:3, Insightful)
Everywhere I've ever worked, when you release an update to one channel, you release to all channels. This sort of process should be scripted and automatic, to the maximum extent possible. More to the point, there should have been someone responsible for making sure that critical updates have been successfully pushed out to every channel before they declare the update release process closed. There literally should have been someone checking on this on a daily basis for that entire time.
So unless this security bug was just fixed on those other platforms within the last single-digit days, what we have here is a serious process problem, and if it can happen on one game, it can happen on any Activision game. What is Activision doing to fix its processes to ensure that nothing like this ever happens again?
Re: (Score:2)
This is videogame development. You almost never have a "main" where all your games are made from - a game is a self-contained app.
Typically development starts by cloning a copy of the game engine to where you will do your development. This will go into a new tree because after the game is released, other than updates, it will never be used again. Even though you have say, Call of Duty 1 and Call of Duty 2, they are about as same as Microsoft Word and Microsoft Excel.
So it's likely it was discovered and fixe
Re: (Score:2)
This is videogame development. You almost never have a "main" where all your games are made from - a game is a self-contained app.
Typically development starts by cloning a copy of the game engine to where you will do your development. This will go into a new tree because after the game is released, other than updates, it will never be used again. Even though you have say, Call of Duty 1 and Call of Duty 2, they are about as same as Microsoft Word and Microsoft Excel.
Yeah, but the summary says "The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game." Not other games based on the same engine. Other versions of the same game. I assume that they have one product manager that oversees Call of Duty: WWII, and that this person should be aware of what's happening on every platform.
So it's likely it was discovered and fixed for one game, but that fix was not propagated to other trees because well, they're pretty much all independent and to do so would require manually applying the patch.
This is why real software companies have "one version" policies, where you aren't allowed to check in a single project in
Re: (Score:2)
In this case, there's a decent possibility that "other versions" refers to other "Call of Duty" titles. I have read elsewhere that this exploit was patched on another Call of Duty game years ago (I don't recall which one)
Re: (Score:2)
"The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game."
"The game for the Microsoft Store and Game Pass remains down at the time of publication, per Activisionâ(TM)s status page."
i mean fuck (Score:1)
why are there humans dumb enough to give microsoft money?