bug

EA’s Origin software had a bug that could expose user data

by
EA's Origin software had a bug that could expose user data 1

EA’s Origin software was found to have a bug that could allow malicious users to gain access to user account data.

The bug was found by a person named “beard” on Twitter, who’s a security researcher. Beard confirmed in an interview with ZDNet that they originally found this bug on October 1st. Apparently, when users try to edit their account details on EA.com using the Origin client, it’ll automatically generat3e an auto-login URL which has the users’ username and password in the URL. This is a practice that should obviously be avoided and isn’t exclusive to Origin. Many older sites and software use still use this method of authentication.

Usually, IP addresses or cookies are stored during the authentication, so no one can access the account other than the user. But in this exploit, the auto-login URL doesn’t use either of these processes, so the URL would work no matter who’s logging into the account. This could be an issue for users who access their account via WiFi that’s unsecured such as those in stores, malls, cafes, and anywhere else.

They can also be collected by bots without notice. This means anyone with the URL on any device could log in to the exploited user’s Origin account. Beard shows off a demo of the bug in action and says that attackers can access user info like real names, credit card last 4 digits, phone number digits, and more:

The article states that EA already knew about this bug earlier this month and worked on a fix, which was rolled out this month. They also report that no user data has been accessed through this bug. Regardless, be wary about sharing your information and always safeguard your data. Never give out more than you have to.

PS4 users forced to factory reset system after seeing glitched message

by
PS4 users forced to factory reset system after seeing glitched message 2

PlayStation 4 users are having a problem with their consoles where it gets frozen and are forced to do a factory reset after getting a prompt from the console. Users are advising other players to set their messages to private after receiving a message on their console. When it’s viewed, it freezes the entire system and requires a complete wipe to get it working again.

The message can’t be deleted from the console dash or the mobile app, but mixed reports surfaced on the web. This bug was found on Saturday and has yet to be fixed. Reddit users are reporting the problem all over the PS4 subreddit:

“Even deleting the message from the mobile app doesn’t work. It happened to me during Rainbow Six: Siege. A player from the other team used a dummy account to send the message and crashed my entire team. We all have had to factory reset. Only one of our guys wasn’t affected and he has his messages private. Do this ASAP to prevent this from happening to you.” (Via Huntstarck on Reddit.)

Setting messages to private will prevent getting this message that locks up your machine- just to be safe. Sony hasn’t reported or announced anything about this problem just yet. Stay tuned for some quick updates on this system-breaking bug.

Player Housing demolished without warning in FFXIV; Investigation continues

by
Player Housing demolished without warning in FFXIV; Investigation continues 3

Player-owned houses in Final Fantasy XIV are being razed without any warning. Reports across multiple servers warrant a warning on the FFXIV subreddit and a thread on their official forums. GMs have already acknowledged the issue by reimbursing affected players, but they’re not able to fully restore their lost properties.

The bug usually occurs after the owners visit the house- just days later. Housing works on a timer: if you don’t visit your house for a set period of time, it’s automatically reclaimed by the server. If it’s reclaimed, 80% of the land fees and 100% of the furnishing are returned to the owner. Square Enix has turned off the demolition timers before, such as during the heat and flooding in Japan. The North American servers also had it turned off last year due to the flooding and damage caused by Hurricane Harvey. However, it’s currently active right now even though numerous reports are surfacing while they attempt to fix the issue.

Players get a full 45 days before scheduled deletion- with two warning emails. However, there have been reports that the email system wasn’t working- all the way back since May of this year.

The housing crisis is something that Square Enix is definitely aware of. Directory Naoki Yoshida knows about the issue and changes were made earlier in 2018 so that players could only own one piece of land, which stop squatting. Smaller servers don’t really have much of an issue because land can be reclaimed due to lower populations. Populated servers are where there are problems due to competition between players for plots.