MASSIVE SECURITY HAZARD in Spore!

(1/27) > >>

J. M. Pescado:
ACHTUNG!

As if SecuROM wasn't bad enough, there is also a MASSIVE SECURITY LEAK in Spore: If you EVER share ANY content with ANYONE, be warned that YOUR COMPUTER USERNAME is ENCRYPTED INTO THE CREATURE "IMAGE" FILE. YOU WILL NOT BE ABLE TO REMOVE THIS INFORMATION BY HEXING! This means that ANYONE who downloads it will know what your username is on your computer.

This represents a MASSIVE security breach because many people (foolishly) encode their real names into their Windoze username. Even if you don't, revealing this username to the world presents a point of vulnerability for attack by hackers. By sharing any Spore content ANYWHERE, you are leaving your computer open to attack and leaving yourself open to stalking and identity theft.

BEWARE!

nekonoai:
If this isn't a good enough reason to boycott Spore, I don't know what is. Granted, I don't use any semblance of my real name or any identity attached as such. I don't even use nekonoai for my computer names. They have interesting names based on their personalities.

What was wrong with using random numbers to identify who is uploading what? Or even a login name for the Spore sharing site? Wouldn't that have made more sense?

Oh, wait, this is EAxis. Sense goes out the window.  ::)

Simsbaby:
Well, this is just stupid. Would it be safe if I made a new account on my computer and named it after my user name here?

Zazazu:
Quote from: nekonoai on 2008 June 19, 15:08:15

If this isn't a good enough reason to boycott Spore, I don't know what is. Granted, I don't use any semblance of my real name or any identity attached as such. I don't even use nekonoai for my computer names. They have interesting names based on their personalities.

What about your account? I believe what Pes is saying is that it's the account name that shows, not the PC's name. I know all mine say "Kari" despite the fact that I never told Spore my name. The PC is named Addison.

A login name would have made infinite sense. Obviously, it could not be the correct solution.

jolrei:
Quote from: Zazazu on 2008 June 19, 15:56:29

A login name would have made infinite sense. Obviously, it could not be the correct solution.


I am not even slightly surprised by this.  A corporation as terminally obsessed with copy-protection, fighting teh pierassy, and being suspicious of their customers will naturally choose any procedure that allows them to gather as much personal information as possible from the users of their products.  This is a natural extension of normal EAxis paranoia.

Navigation

[0] Message Index

[#] Next page