More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 21, 22:32:25
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
Serious Business
Secret Desert Headquarters
Spore Discussions
MASSIVE SECURITY HAZARD in Spore!
0 Members and 5 Chinese Bots are viewing this topic.
« previous
next »
Pages:
[
1
]
2
3
...
6
Author
Topic: MASSIVE SECURITY HAZARD in Spore! (Read 102700 times)
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
MASSIVE SECURITY HAZARD in Spore!
«
on:
2008 June 19, 11:29:26 »
ACHTUNG!
As if SecuROM wasn't bad enough, there is also a MASSIVE SECURITY LEAK in Spore: If you EVER share ANY content with ANYONE, be warned that YOUR COMPUTER USERNAME is ENCRYPTED INTO THE CREATURE "IMAGE" FILE. YOU WILL NOT BE ABLE TO REMOVE THIS INFORMATION BY HEXING! This means that ANYONE who downloads it will know what your username is on your computer.
This represents a MASSIVE security breach because many people (foolishly) encode their real names into their Windoze username. Even if you don't, revealing this username to the world presents a point of vulnerability for attack by hackers. By sharing any Spore content ANYWHERE, you are leaving your computer open to attack and leaving yourself open to stalking and identity theft.
BEWARE!
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
nekonoai
Weeaboo
Retarded Reprobate
Posts: 1448
Hell yeah.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #1 on:
2008 June 19, 15:08:15 »
If this isn't a good enough reason to boycott Spore, I don't know what is. Granted, I don't use any semblance of my real name or any identity attached as such. I don't even use nekonoai for my computer names. They have interesting names based on their personalities.
What was wrong with using random numbers to identify who is uploading what? Or even a login name for the Spore sharing site? Wouldn't that have made more sense?
Oh, wait, this is EAxis. Sense goes out the window.
Logged
Simsbaby
Pinheaded Pissant
Posts: 1062
INTP - I didn't do it.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #2 on:
2008 June 19, 15:12:19 »
Well, this is just stupid. Would it be safe if I made a new account on my computer and named it after my user name here?
Logged
Remember - a bimbo is for life and not just for christmas!
Zazazu
Fuzzy Pumpkin
Whiny Wussy
Posts: 8583
Potiron flou
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #3 on:
2008 June 19, 15:56:29 »
Quote from: nekonoai on 2008 June 19, 15:08:15
If this isn't a good enough reason to boycott Spore, I don't know what is. Granted, I don't use any semblance of my real name or any identity attached as such. I don't even use nekonoai for my computer names. They have interesting names based on their personalities.
What about your account? I believe what Pes is saying is that it's the account name that shows, not the PC's name. I know all mine say "Kari" despite the fact that I never told Spore my name. The PC is named Addison.
A login name would have made infinite sense. Obviously, it could not be the correct solution.
Logged
Capitalism, Ho!
"Continue to beat it in masturbatory ecstasy if you like, but only Pescado can make it go away." - Lemmiwinks
My Urinal
Count
jolrei
Senator
Posts: 6420
Son of Perdition
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #4 on:
2008 June 19, 16:06:52 »
Quote from: Zazazu on 2008 June 19, 15:56:29
A login name would have made infinite sense. Obviously, it could not be the correct solution.
I am not even slightly surprised by this. A corporation as terminally obsessed with copy-protection, fighting teh pierassy, and being suspicious of their customers will naturally choose any procedure that allows them to gather as much personal information as possible from the users of their products. This is a natural extension of normal EAxis paranoia.
Logged
Tribulatio proxima est
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #5 on:
2008 June 19, 16:16:55 »
Man, that's really stupid. But honestly, EA didn't prevent this because they don't care. Why should they? Proving liability would be very difficult, so they don't have to worry about the repercussions.
Logged
nekonoai
Weeaboo
Retarded Reprobate
Posts: 1448
Hell yeah.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #6 on:
2008 June 19, 16:24:59 »
Quote from: Zazazu on 2008 June 19, 15:56:29
Quote from: nekonoai on 2008 June 19, 15:08:15
If this isn't a good enough reason to boycott Spore, I don't know what is. Granted, I don't use any semblance of my real name or any identity attached as such. I don't even use nekonoai for my computer names. They have interesting names based on their personalities.
What about your account? I believe what Pes is saying is that it's the account name that shows, not the PC's name.
My accounts are also having nothing to do with my name or any online handles. Generally, since I'm the only one who ever uses my computers (UNDER PAIN OF DEATH!), the account has the same name as the computer.
Logged
Kraken
Asinine Airhead
Posts: 23
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #7 on:
2008 June 19, 16:45:42 »
First secuROM and now this! Thanks to the most awesome for finding this out and giving the alert.
Has anyone informed the sheep on the Sims/Spore website yet?
Logged
Lord Vader
Asinine Airhead
Posts: 6
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #8 on:
2008 June 19, 18:06:35 »
Hmm good thing I'm not buying the game. Looks like a stupid concept to me anyway. I don't know why there's so much hype for it.
Logged
Count
jolrei
Senator
Posts: 6420
Son of Perdition
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #9 on:
2008 June 19, 18:22:25 »
Quote from: Lord Vader on 2008 June 19, 18:06:35
Hmm good thing I'm not buying the game. Looks like a stupid concept to me anyway. I don't know why there's so much hype for it.
* jolrei gets popcorn and settles in to watch the fur fly.
You know that quite a number of MATY folks appear to be interested in this game, do you? And you've just called their new interest stupid. I think you may become quite "popular", in a manner of speaking.
Logged
Tribulatio proxima est
Baronetess
Lorelei
Grammar Police
Posts: 6512
I like pie. A cake is fine, too.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #10 on:
2008 June 19, 21:12:53 »
Quote from: jolrei on 2008 June 19, 18:22:25
Quote from: Lord Vader on 2008 June 19, 18:06:35
Hmm good thing I'm not buying the game. Looks like a stupid concept to me anyway. I don't know why there's so much hype for it.
* jolrei gets popcorn and settles in to watch the fur fly.
You know that quite a number of MATY folks appear to be interested in this game, do you? And you've just called their new interest stupid. I think you may become quite "popular", in a manner of speaking.
Only with butthurt F-types who think someone expressing disagreement about a subject is equivalent to them saying "I hate you and you are stupid."
Ts could not care less about some random forumdweller's negative opinion if they have decided that they are interested in something.
Also? I DO NOT WANT Spore, either.
Logged
Super INTJ.
MATY's Big Cat.
LOLcult.
Pescado:
Like the ancient Egyptians, the Internet worships cats.
lordrichter
Dimwitted Dunce
Posts: 190
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #11 on:
2008 June 19, 21:19:52 »
This does not make sense. Why store the user name? What good does that do? It is hardly unique across all installations, even if someone is silly enough to use a real name. So, it can't be for tracking outside of the PC... at least, not by itself. The only purpose would be to establish ownership of creatures built by different players on the same PC, each with a different ID. Is there something about Spore where anyone would care?
I worry that time will tell us that they store more than the user name... either something obvious like the IP address or something less obvious like a system identifying fingerprint.
Logged
Danger: Chaotic Neutral Human Wizard, 4th Level
Tchan
Little Bitch
Feckless Fool
Posts: 251
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #12 on:
2008 June 19, 21:22:50 »
Mine's called "Administrator". I don't think you can tell anything about me from it.
Though I'm quite grateful that it wouldn't let me rename it now. Very grateful.
Logged
MaryH
Garrulous Gimp
Posts: 309
I can haz Polar Bearz
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #13 on:
2008 June 19, 22:20:42 »
Quote from: Kraken on 2008 June 19, 16:45:42
First secuROM and now this! Thanks to the most awesome for finding this out and giving the alert.
Has anyone informed the sheep on the Sims/Spore website yet?
Nobody on the Sims site will believe this, because it comes from the blazing hell that is "pirate city". They will believe exactly what EA wants them to believe, and will buy the demo, the game and anything else that EA puts out with SecuRom on it because EA says it's all good.
You don't want to open the can of worms-because you'll get banned or banished to the tech area of the BBS. EA has been doing that for a while now-if they see
any
truth, they will hide it, or delete it.
Logged
Of all the things I've lost, I miss my mind the most.
Faizah
Lipless Loser
Posts: 692
INFP/INTJ
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #14 on:
2008 June 19, 22:26:21 »
As I am getting a new PC, what is my safest option here? Fake name, second non-admin account for Spore (with fake name), just not share, or what? I'm afraid simply not installing it isn't an option. I want to make creatures! I'll be honest, that's what got me into the
Geneforge
series of games, which are awesome, but Spore is probably closer to what I was looking for. Though I am quite fond of the RPG nature and storylines of the Geneforge games as well, which I highly doubt Spore can match. (Even the third game, with all that stupid annoying island hopping. If I never see another dock again, it'll be too soon!)
...
I think I have to make a
Fyora
now, once I've got my new PC set up. (They said 2-3 days, and it's day 3...)
Logged
Cosy Lane -- 1x1 Lots for TS2
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #15 on:
2008 June 19, 23:13:46 »
Quote from: J. M. Pescado on 2008 June 19, 11:29:26
As if SecuROM wasn't bad enough, there is also a MASSIVE SECURITY LEAK in Spore: If you EVER share ANY content with ANYONE, be warned that YOUR COMPUTER USERNAME is ENCRYPTED INTO THE CREATURE "IMAGE" FILE.
Are you lobbing dud grenades again?
I see the username that was used on the spore site registration, which is about as secret and useful as "J. M. Pescado" is.
And encrypted is more correctly labelled compressed, with the same 0x10FB compression as used in The Sims 2 and the compressorizer.
Paranoia is a useful survival trait, but if you don't want to get bombarded with gamma rays, you can't lay out at the beach.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #16 on:
2008 June 19, 23:44:54 »
Quote from: wes_h on 2008 June 19, 23:13:46
I see the username that was used on the spore site registration, which is about as secret and useful as "J. M. Pescado" is.
That is not what others are reporting. Also, the username is displayed before there even IS a registration. Given that not all users are registered and no input is solicited, this means your username is still being displayed to the world.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
morriganrant
Terrible Twerp
Posts: 2382
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #17 on:
2008 June 19, 23:59:06 »
Trial says admin as my user title on my creatures. Never bothered to change it. I suppose if I got an account, then it would say the username I would register with.
Logged
One day in college I was feeling very stupid. So I drove with Ben down to Maitland and toured EA Tiburon for an hour as an 'honorary intern'. I left feeling MUCH smarter. I recommend the experience to everyone. -this is a quote from an Ex-boyfriend of mine..
http://www.mediafire.com/?ng20de0zmly
lordrichter
Dimwitted Dunce
Posts: 190
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #18 on:
2008 June 20, 00:11:45 »
What is the preferred method of extracting the creature data from the PNG file so that it can be examined?
Logged
Danger: Chaotic Neutral Human Wizard, 4th Level
jfade
Obtuse Oaf
Posts: 904
Esteemed Senator Emeritus
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #19 on:
2008 June 20, 00:50:02 »
Quote from: lordrichter on 2008 June 20, 00:11:45
What is the preferred method of extracting the creature data from the PNG file so that it can be examined?
There is none, yet.
And there probably won't be any, if EA has their say. EA doesn't seem too keen on modders touching this game:
Quote from: EULA
You may not further modify Spore Creatures with any other materials, tools, or software programs. All rights not expressly granted herein, are reserved by EA.
Logged
Nifty Sims hacks and programs at:
DJS Sims
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #20 on:
2008 June 20, 01:02:14 »
Quote from: lordrichter on 2008 June 20, 00:11:45
What is the preferred method of extracting the creature data from the PNG file so that it can be examined?
The PNG file is just a picture, so the CC has to be using the filename to trigger a download.
As for extracting things, I have enough information gathered to split the DBPF V2 package files into component parts with a commandline tool. Ugly but effective. I am trying to leverage the dead Dizzy's decompression code in the dead "simpemustbedestroyed" tools to complete my file splitter.
Then I can try to determine what these part pieces are used for (except the PNG parts, I already know what they are). My findings are posted at my place.
And no Spore Creature Creator programs have been, or need be, reverse engineered to determine the .package file layout.
Logged
lordrichter
Dimwitted Dunce
Posts: 190
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #21 on:
2008 June 20, 02:17:51 »
Got it. The only reason that we know that the user account name is being stored in the creature data inside the PNG file is that CC displays this information when showing the saved creatures. However, we don't know what other data may be tucked away in the PNG file that might identify the system that it came from because we really don't have a good way to extract and decode the data... yet. Although, it looks like people are working on the extraction tools already.
Edit: I can see why EA would not want the creatures edited. Already, I am seeing people talking about crafting creature files that have a picture that is entirely different from the creature contained in it. Looking at what they likely store in these creature files, I am not certain that editing them would be useful anyway. There is not enough room in the creature PNG file to do more than store building block reference and connection information. The creatures have to be built from a known library of parts. That, in itself, sounds like something that could well be unfriendly to third party creations.
Logged
Danger: Chaotic Neutral Human Wizard, 4th Level
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #22 on:
2008 June 20, 03:41:45 »
It looks like the creature data is stored inside custom blocks accepted as part of the PNG spec, thus allowing foreign data to be bundled inside a PNG which will be ignored (and possibly shredded) by other graphics-editor tools. However, the data appears to be unreadable as a cursory glance in a hex editor reveals nothing, not even the strings, so it looks like it's encrypted in some way to prevent modification.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #23 on:
2008 June 20, 03:51:07 »
The file name of the png is meaningless. I've changed the name of every creature png file I've downloaded to a "creator name-creature name" format, and they still work. I've heard the information is stored in the alpha channel, and if you look at a spore creature on a colored background, you can see how pixelated it is. Presumably you could "hack" a png file to have the data for one creature while showing the picture of a completely different creature, just by replacing the right part of the image. I could probably do it in less than two minutes in Paintshop Pro.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #24 on:
2008 June 20, 03:58:09 »
Quote from: BastDawn on 2008 June 20, 03:51:07
Presumably you could "hack" a png file to have the data for one creature while showing the picture of a completely different creature, just by replacing the right part of the image. I could probably do it in less than two minutes in Paintshop Pro.
The utility of such an act seems somewhat limited, though.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Pages:
[
1
]
2
3
...
6
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...