-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
Jason Schreier - Hackers found a security vulnerability in a patch for an older ND game and used it to leak TLOU 2
- Thread starter Deleted member 8196
- Start date
User Banned (2 weeks): Hostility, history of similar behaviour
Now you just sound like a cunt.
Yeah, don't include keys for private AWS buckets inside your game. That's stupid mismanagement, not security vulnerability.
That's awful.
I don't expect anyone who died on their hill to refrain from concocting conspiracy theories to avoid having to say they were wrong, though.
I don't expect anyone who died on their hill to refrain from concocting conspiracy theories to avoid having to say they were wrong, though.
If you aren't a conspiracy theorist, it doesn't apply to you.
If you are, then yes - I am being a cunt to you.
I don't think so Jason. I have it on good authority from some very reliable sources, randoms on the internet, that it was an ex-Naughty Dog employee or contractor or some kind of human being fighting back against the evil greedy corrupt Sony as to why this happened. You think people would just make up shite and spread it around the Internet without caring if it's true or not? Come on Jason, I'm not an idiot. This lift goes to the top floor, you know what I mean.
They should be criticised for crunch. Absolutely. That doesn't mean people are given the right to start speculating about any old shit though.
The other threads were full of bad faith arguments that ignored actual credibility in favour of believing some place full of toxic shitheads. Now I'm sure some of those genuinely care about ND's working conditions and just jumped the gun, but I'm also sure there were a lot of people just hoping to get their shots in, and don't actually care all that much.
So they hacked a company and committed a crime and all they did was.....leak spoilers for a video game and ruin it for people
like...why? How sad do you have to be
like...why? How sad do you have to be
Nah they'll complain about people wanting these hackers punished.
Would love to say this has all been eye opening but not really. People will still believe rumors and run with it no matter how crazy it is, especially if there are silly reasons behind it.
Yikes, hopefully ND and Sony learn from this so it can't happen again. Really glad to see its not from an employees or contractors and that ND is actually paying contractors more. These hackers are going to be facing the full wrath of Sony's lawyers I guess, and they deserve whatever punishment will be given to them by the legal system.
Probably not. However, you will likely see them in the next negative ND thread if there is any.
I mean, crackers commit crimes by virtue of their very action. Whether or not those crackers actually obtain information worth any money/etc - is a different story. In this case, they obtained access to ND files and the only value of said files to them is to either sell em to an outlet willing to buy em, or to... leak em.
Scum. Hope they're punished severely.
Agree, and if this happened regarding any other company I believe they probably would be.
If nothing else this incident has really highlighted how bad the toxicity from bad faith posters around any ND related discourse on Era has gotten. This is why I pretty instantly put most threads about them on ignore.
Agree, and if this happened regarding any other company I believe they probably would be.
If nothing else this incident has really highlighted how bad the toxicity from bad faith posters around any ND related discourse on Era has gotten. This is why I pretty instantly put most threads about them on ignore.
It's the good ol' "I need attention online" syndrome. And this was guaranteed to give it to them.
Sucks for all ND employees and those who have worked their butt off for the game.
Seems like Sony/ND found them pretty easy and are probably about to find them on the receiving end of the full extent of the law that a multibillion dollar corp can bring. Hope the reddit karma was worth it.
Seems like Sony/ND found them pretty easy and are probably about to find them on the receiving end of the full extent of the law that a multibillion dollar corp can bring. Hope the reddit karma was worth it.
OP
OP
HL2 was leaked before launch.
History here
https://www.eurogamer.net/articles/2011-02-21-the-boy-who-stole-half-life-2-article
This tweet has me confused a little bit. They say AWS Access Key and a Secret Bucket ID.....
S3 Buckets are uniquely named per region and are frequently enumerated - one of the hot new trends in security reporting is crawling for S3 buckets with open permissions and grabbing content from there. You can access the contents of this bucket through an AWS Access Key ID and Secret Key. which you generate as a pair....but you should never share the Secret Key.
So were they pushing an AWS Secret Key with each build/copy of the game? Were they not using IAM roles and policies to manage access, or just pre-signed URLs for a limited time?
According to the PixelButts tweets (which don't have any spoilers, by the way. Dunno about the replies to the tweets, though...), the hackers aren't the ones who leaked it. The hackers told select people about what they'd done and found and shared said info with them, and one of those select people is the one thought to have done the leaking. I think.
A bit embarrasing. It happens all the time, not sure why people don't learn.
Nothing. Nothing at all.
Do you know how many security patches are released regularly for Windows 10 and Windows Server? There are so many flaws in these systems that are found, exploited and patched on a routine basis. This is going to sound just as dumb but did Microsoft learn nothing from the PSN hack?
That sounds like quite inept security from Sony/ND, and not even anything to do with COVID-19, having to work from home or the delay in general, as was speculated from the moment it was delayed. Hopefully the hackers get what they deserve regardless.
You'll find vulnerabilities on almost every software produced, even Azure, IBM or Cisco get hacked.
And the challenge among hackers often leads to other means than frontal code deciphering.
It can be just ordering a pizza to the guy who is in charge of surveillance to distract him a moment.
Yeah, it's terrible that somebody felt the need to leak this, but there should definitely be some blame thrown at Naughty Dog and Sony for doing a terrible job with cloud security. If that story is true, that is incredibly embarrassing.
I agree with you, but this was a case of negligence, not a zero day.
I didn't read that thread cos it seemed like it'd be people shitting on ND based on internet rumours. I'm guessing I was right.
Look at his post History and you know why he bringed it up and started talking about Microsoft.
People don't give a shit about logic lads.
Yeah, I don't get the hack. Each ND game has a secret AWS bucket, and the access key for that bucket is included with the final patch? Why only the final patch? Why is this bucket needed? And is this bucket for TLoU 1, there were tons of TLOU 2 related media such as dev recorded gameplay? It doesn't make any sense, what is the purpose of the bucket to begin with?
I agree it doesn't make sense, I posted above stating that calling a bucket ID "secret" is humorous, given that its the secret key that is the real target here.
Would love to see more details, but my interpretation at this time is that they hardcoded keys into a build/patch.
I'm sorry for they guy who got a full time job at ND and was harassed, called a "damage control" and such.
It didn't take much to see that this leak was false, weeks prior we had news of Sony's doing about covid: paying extra for people to make their own home office, paying contractors, making funds, etc.
I hope we'll see a turnaround for crunch at ND just like Rockstar, but I wouldn't be surprised if this situation would get ND to be even more closed to people.
It didn't take much to see that this leak was false, weeks prior we had news of Sony's doing about covid: paying extra for people to make their own home office, paying contractors, making funds, etc.
I hope we'll see a turnaround for crunch at ND just like Rockstar, but I wouldn't be surprised if this situation would get ND to be even more closed to people.
I am wondering this myself. But it does sound like a DevOps IT security mess up though.
Yeah. That a AWS key somehow became part of a (final?) build I kind of can understand, but not what the purpose of the bucket was to begin with. Basically a cloud stored "scratch area" where developers put random stuff to ease sharing?
Welp I suspect if this hacker or hackers have associates who know what they have been up to already posting on twitter about this, than it's only a matter of time until they are caught. Sony did say they have been identified .
You missed a third and probably the smartest option. Keep the files to yourself. What is the real value of leaking it anonymously? Risking drawing attention to yourself and getting caught is the only thing I can think of.
You missed a third and probably the smartest option. Keep the files to yourself. What is the real value of leaking it anonymously? Risking drawing attention to yourself and getting caught is the only thing I can think of.
Failed blackmail maybe, the amount of ransomed companies have explode the last decade, though I am not sure it's valid regarding monsters like Sony. Also people who found the hack aren't necessarily those who exploited it. Hackers don't enjoy more a thing than hacking hackers.
