More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 24, 22:07:05
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
Serious Business
Secret Desert Headquarters
Spore Discussions
MASSIVE SECURITY HAZARD in Spore!
0 Members and 1 Chinese Bot are viewing this topic.
« previous
next »
Pages:
1
2
[
3
]
4
5
6
Author
Topic: MASSIVE SECURITY HAZARD in Spore! (Read 102965 times)
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #50 on:
2008 June 21, 07:17:45 »
Yes. (I had to log out as Ibis to complete the change, and I figured I might as well reboot completely.) So Spore keeps the name it knew at installation. But I'm happy with it that way, because "Ibis" is not the name the computer is registered under.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #51 on:
2008 June 21, 08:11:51 »
I have a few hunches on where it is stored at the moment, and have also made some progress is understanding the spyware components. Research is ongoing.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Mirelly
Pinheaded Pissant
Posts: 1037
Pompous Twitter
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #52 on:
2008 June 21, 08:51:43 »
Can someone explain to me why someone knowing my account's log-in name on my PC is dangerous to me?
I submit that 90% of Windoze users operate with a single account using the generic MS account name and with no password set. I was one of those until a few ago when I migrated from dial-up to DSL. At that point I realised that I needed additional levels of security and installed a firewall and began operating password protected user accounts.
Logged
me shit
Wayward Ink now with SMF shiny and no ads
I see the Dome is filled with Lamb Chop conspiracy theories. The only authentic Mirelly sock is "readordead", who will not be posting, for obvious reasons.
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #53 on:
2008 June 21, 09:51:35 »
Quote from: Mirelly on 2008 June 21, 08:51:43
Can someone explain to me why someone knowing my account's log-in name on my PC is dangerous to me?
If your login name is not sensitive information, then you are relatively safe. However, a disturbing number of computers I have encountered actually contain the user's real name, which is highly sensitive information that should not be shared with the world, especially given that other information tends to be incidentally attached to it by IP. All in all, the fact that it transmits potentially sensitive information to the entire world is cause for concern.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Mirelly
Pinheaded Pissant
Posts: 1037
Pompous Twitter
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #54 on:
2008 June 21, 12:02:51 »
Ah, my computer's log-in name is my real name that my friends use to address me, but that name has no direct correlation with my "real" real name as found in government records and which I use only to notarise documents for the purposes of accepting liabilities and responsibilities.
I also have two signatures. One for official purposes and one for sundry purposes, for example signing for a delivery; I believe in plausible deniability ....
Logged
me shit
Wayward Ink now with SMF shiny and no ads
I see the Dome is filled with Lamb Chop conspiracy theories. The only authentic Mirelly sock is "readordead", who will not be posting, for obvious reasons.
Menaceman
Horrible Halfwit
Posts: 361
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #55 on:
2008 June 21, 16:52:09 »
When I use the SCC the lower left of the screen shows my full name until it "phones home" when it changes to display my Spore account name. I never got to name my user account as the laptop was delivered to me with it already named after me and I never saw the need to change it. I've asked a friend what my creations show up as on his machine as he has downloaded some of them and he says they are listed with my Spore account name, not my laptop user account name.
Should I still be worried or not? I hate finding threads like this as they make me so paranoid.
Logged
Baroness
witch
Breakfast of Champions!
Senator
Posts: 11636
Shunning the accursed daystar.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #56 on:
2008 June 21, 22:53:40 »
Question for JM.
If I'm running the game on a hardware profile that doesn't allow for networking and internet, will the EAxis phone home info be held after the machine has been rebooted?
Logged
My fists are named Feminine and Wiles.
BastDawn
Retarded Reprobate
Posts: 1355
I'll stop by to read Awesomeland once in a while.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #57 on:
2008 June 22, 00:17:22 »
I was checking out the forums at Penny Arcade for more creatures to download, and found this:
Quote
jonxp wrote:
The creature data is encoded in the actual PNG images not as metadata, but through stenographically altering the image. Each pixel is made of four bytes of data (Red, Green, Blue, and Alpha) to extract the data from the image, one needs to take each byte of the image, divide it by two, and use the remainder as a single bit (this is known as a modulus operation). So for each byte in the decoded image you get a bit of information, each pixel is a nibble, and every two pixels is a full byte. Since the thumbs are 128x128, you can store 8KB of information in this manner.
I have written a program to extract the creature data, unfortunately it seems to be signed and/or encoded in some fashion, so I can't actually manipulate it (as far as I can tell).
I will put up some proof-of-concept "spore rolled" creatures soon that appear to be one creature, but are in fact a different one when loaded.
Interesting, but not very useful until it's decoded.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #58 on:
2008 June 22, 00:19:50 »
Quote from: Menaceman on 2008 June 21, 16:52:09
When I use the SCC the lower left of the screen shows my full name until it "phones home" when it changes to display my Spore account name. I never got to name my user account as the laptop was delivered to me with it already named after me and I never saw the need to change it. I've asked a friend what my creations show up as on his machine as he has downloaded some of them and he says they are listed with my Spore account name, not my laptop user account name.
Should I still be worried or not? I hate finding threads like this as they make me so paranoid.
You should panic now, yes. In the event that the Splorch server cannot be logged in, anything you make will contain your name in it. You can freak out now.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #59 on:
2008 June 22, 05:11:06 »
I saw a post elsewhere claiming that the data is in the color channels at all the locations that are transparent (where teh alpha is zero). It seems like a reasonable conjecture and also a very clever method.
If it bears out to be true I will eat my words here publicly (and this may very well be necessary), although I am correct that there are only standard PNG chunk types in any of the files I examined (no private or metadata chunks). Since I do not have any significant tools here or previous experience to aid me in decompressing and checking these files, I will leave that research to the ongoing efforts of others.
I will say that I know the username is saved in .package files, along with the creature name and other data (likely ID values similar to the TS2 group and instance) after the file is downloaded, and that at least a significant amount of the creature data is an XML file. Unlike TS2, it appears when the file is donwloaded that the package file containing your creature data (created by you and that downloaded) is updated, rather than separate files existing for each creature.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #60 on:
2008 June 22, 05:25:30 »
Where are these package files HIDING, anyway? I can't seem to locate them inside the directories.
Quote from: wes_h on 2008 June 22, 05:11:06
I saw a post elsewhere claiming that the data is in the color channels at all the locations that are transparent (where teh alpha is zero). It seems like a reasonable conjecture and also a very clever method.
I wouldn't worry about that. An experiment is meaningful even when the hypothesis is proven to be false.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Baronetess
Lorelei
Grammar Police
Posts: 6512
I like pie. A cake is fine, too.
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #61 on:
2008 June 22, 20:01:58 »
Photoshop has a "feature" where you can add data info (name of artist, source of image(s), address, copyright, contact data, whatever) to images. I haven't used it in ages, so I can't recall if this data is only for Photoshop-format files or if jpgs, pngs and gifs can also be data-enhanced. At any rate, there are ways to embed data that don't require a lot of nerdery or specialized knowledge. Said data can be very complex.
As far as reading info off a standard compy, also easy. Simplistic Javascripted code embedded in HTML has been used since practically the first days of the graphical (rather than text-based) WWW, and before.
Not a great stretch of the imagination that an unethical data-mining company like EA might seek to tweak existing old tech to steal your personal info. Fuckers.
Logged
Super INTJ.
MATY's Big Cat.
LOLcult.
Pescado:
Like the ancient Egyptians, the Internet worships cats.
Mirelly
Pinheaded Pissant
Posts: 1037
Pompous Twitter
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #62 on:
2008 June 22, 20:48:42 »
Quote from: J. M. Pescado on 2008 June 22, 00:19:50
In the event that the Splorch server cannot be logged in, anything you make will contain your name in it. You can freak out now.
Muahaha. I visited the Sporepedia today and broke it.
proof
... it's a screencap.
ETA Cold Fusion ... yeesh.
Logged
me shit
Wayward Ink now with SMF shiny and no ads
I see the Dome is filled with Lamb Chop conspiracy theories. The only authentic Mirelly sock is "readordead", who will not be posting, for obvious reasons.
wes_h
Knuckleheaded Knob
Posts: 530
Lady on Rancho Como
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #63 on:
2008 June 23, 02:03:40 »
Quote from: J. M. Pescado on 2008 June 22, 05:25:30
Where are these package files HIDING, anyway? I can't seem to locate them inside the directories.
I am running the program here on a Vista machine. On Vista the packages are in C:\Users\myusername\AppData\Roaming\SPORE Creature Creator\
I would believe on XP there will be a SPORE Creature Creator in your user area in a folder called "Application Data". This folder or it's analog is, under both Vista and XP, a locked system folder, and to see the files in Windows Explorer you have to uncheck the option "Hide Protected Operating System Files", ignoring the dire warnings that messing with these files could ruin your system, and may perhaps be the source of all strife in the world.
SimPE Phails at opening them, because the format has been updated to version major 2. This has become the latest time sink for me.
Logged
Menaceman
Horrible Halfwit
Posts: 361
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #64 on:
2008 June 23, 21:14:10 »
Quote from: Mirelly on 2008 June 22, 20:48:42
Quote from: J. M. Pescado on 2008 June 22, 00:19:50
In the event that the Splorch server cannot be logged in, anything you make will contain your name in it. You can freak out now.
Muahaha. I visited the Sporepedia today and broke it.
proof
... it's a screencap.
ETA Cold Fusion ... yeesh.
I get those error screens a lot when browsing the spore site.
As to my earlier post, I have since created creatures without being connected to the net and they have indeed been stored to
my
sporpedia with my real name attached. I figure I can just edit them and save as new creatures to get them to use my account name before uploading.
Logged
CM
Asinine Airhead
Posts: 11
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #65 on:
2008 June 25, 03:04:28 »
Thank you for telling us this! This only shows that EA is in it for the bucks and nothing else. If they actually listened to the customers, this would have stopped awhile ago. If this is any indication of what is to come for The Sims 3, count me out.
Logged
Zilla
Blathering Buffoon
Posts: 59
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #66 on:
2008 June 25, 16:10:07 »
Quote from: J. M. Pescado on 2008 June 19, 11:29:26
ACHTUNG!
As if SecuROM wasn't bad enough, there is also a MASSIVE SECURITY LEAK in Spore: If you EVER share ANY content with ANYONE, be warned that YOUR COMPUTER USERNAME is ENCRYPTED INTO THE CREATURE "IMAGE" FILE. YOU WILL NOT BE ABLE TO REMOVE THIS INFORMATION BY HEXING! This means that ANYONE who downloads it will know what your username is on your computer.
This represents a MASSIVE security breach because many people (foolishly) encode their real names into their Windoze username. Even if you don't, revealing this username to the world presents a point of vulnerability for attack by hackers. By sharing any Spore content ANYWHERE, you are leaving your computer open to attack and leaving yourself open to stalking and identity theft.
BEWARE!
All ass kissing aside Pes, but after not beiing here for awhile I was rather disappointed to read this. Certainly you must have a a trick or two up your sleeve to bypass this problem? Not that I was going to buy it, but still.
Silly people still feeding the cash cow. All one is ask is, why?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #67 on:
2008 June 25, 23:41:33 »
Quote from: Zilla on 2008 June 25, 16:10:07
All ass kissing aside Pes, but after not beiing here for awhile I was rather disappointed to read this. Certainly you must have a a trick or two up your sleeve to bypass this problem? Not that I was going to buy it, but still.
Yeah, don't put your name on your computer and/or don't share your files. It's really a problem that afflicts Sheeples, but there's an awful lot of them.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
zolabee
Asinine Airhead
Posts: 30
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #68 on:
2008 June 28, 12:49:30 »
You know, I don't post ofter - usually when I need help (stupid non tech here), but I just have to say EA stinks! *read sucks* What chance does someone like me who is miles below you guys, but miles above even more people?
Thanks for sharing this info. I hadn't intended to get spore, but will pass this on to student's parents when school starts back.
Logged
I admit I'm probably a retard - but I'm only retarded if I stay there - so laugh at me- but, watch your back, because I learn pretty da*n fast!
SilentDream
Asinine Airhead
Posts: 27
Diva
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #69 on:
2008 July 01, 00:01:32 »
Quote from: wkndplaya on 2008 June 26, 20:24:34
spore will use the name of the account it was installed under so even though you changed your login name it will still use the name it was installed with. (if you uninstall,reinstall it will use your new one
).
I don't think so. When I got my computer, the account was named something other than it is now. In documents and settings, the account folder still has the previous name and I have had games pull from that name before. So I wouldn't doubt that spore, though installed after I changed the account name, would pick up the previous name.
Logged
With broken wings, we'll fly away
kuronue
Querulous Quidnunc
Posts: 1154
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #70 on:
2008 July 08, 02:29:50 »
Out of curiosity, JM, how dangerous are slightly-unusual firstnames? I've heard varying opinions from varying people, most of which can't tell their heads from their asses...
ETA: And are we sure the
computer
name isn't stored anywhere? I got this lappy from my school, so if there's both that gives a first name and a school. . .
Logged
INFP or something
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #71 on:
2008 July 08, 02:35:23 »
Quote from: kuronue on 2008 July 08, 02:29:50
Out of curiosity, JM, how dangerous are slightly-unusual firstnames? I've heard varying opinions from varying people, most of which can't tell their heads from their asses...
Extremely. I mean, if your name is something like "John" or "Emma", you probably have little to worry about...
Quote from: kuronue on 2008 July 08, 02:29:50
ETA: And are we sure the
computer
name isn't stored anywhere? I got this lappy from my school, so if there's both that gives a first name and a school. . .
DEAD MEAT. Reformat that sucker NOW. Tell them it got hacked by mudkipz. A name alone may not be enough, but three points of data in the form of a name, an organization, and an IP is enough to definitely peg you to within 50 meters. With that much information, someone with the resources of EAxis can take you out with an artillery strike right there.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
kuronue
Querulous Quidnunc
Posts: 1154
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #72 on:
2008 July 08, 23:54:01 »
Quote from: J. M. Pescado on 2008 July 08, 02:35:23
Quote from: kuronue on 2008 July 08, 02:29:50
Out of curiosity, JM, how dangerous are slightly-unusual firstnames? I've heard varying opinions from varying people, most of which can't tell their heads from their asses...
Extremely. I mean, if your name is something like "John" or "Emma", you probably have little to worry about...
It's not, it's one of those last names that is sometimes used as a first name, for a boy, when spelled differently. Googling it shows no relevant results in the first five pages (after that I lost count)
Quote
Quote from: kuronue on 2008 July 08, 02:29:50
ETA: And are we sure the
computer
name isn't stored anywhere? I got this lappy from my school, so if there's both that gives a first name and a school. . .
DEAD MEAT. Reformat that sucker NOW. Tell them it got hacked by mudkipz. A name alone may not be enough, but three points of data in the form of a name, an organization, and an IP is enough to definitely peg you to within 50 meters. With that much information, someone with the resources of EAxis can take you out with an artillery strike right there.
Glad I haven't installed the Creature Creator yet then. I'll put it on the more anonymous computer after checking to ensure there's nothing on it.
Logged
INFP or something
edalbformat
Exasperating Eyesore
Posts: 208
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #73 on:
2008 July 15, 11:14:46 »
According to last thing I read, EA/Maxis accuse to have more than 100 million copies of their games sold. Everyday you read users saying "I'm totally excited waiting for the new Ep, or whatever".
You are BUYING boy, no matter what kind of rape is done to you. I don't have Spore, or any other product from EA and I decided that no one in my circle will ever buy anything else with EA logo in it. We avoid even the shops that place the logo on the window.
No one has to care about what you have to say, because you say it and run to buy the next crap released.
Game players are developping the same relation as the whore to the pimp. You destroy me but what am I without you?
-x-x-x-x-x-
90% of the people in this planet, should use the brain outside the cranium. It is only decorative anyway!
Logged
Zazazu
Fuzzy Pumpkin
Whiny Wussy
Posts: 8583
Potiron flou
Re: MASSIVE SECURITY HAZARD in Spore!
«
Reply #74 on:
2008 July 15, 15:15:37 »
Quote from: edalbformat on 2008 July 15, 11:14:46
Game players are developping the same relation as the whore to the pimp. You destroy me but what am I without you?
-x-x-x-x-x-
90% of the people in this planet, should use the brain outside the cranium. It is only decorative anyway!
Who needs Gali?
Logged
Capitalism, Ho!
"Continue to beat it in masturbatory ecstasy if you like, but only Pescado can make it go away." - Lemmiwinks
My Urinal
Pages:
1
2
[
3
]
4
5
6
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...