Anarchy Online and AoC Vulnerabilities Fixed
Date: 09-04-2008 Views:
KeyWord: Age of Conan, Anarchy Online, AoC
Summary: The Baltimore Sun reports that security firm Independent Security Evaluators has disclosed vulnerabilities in the popular MMORPGs Age of Conan and Anarchy Online.

The Baltimore Sun reports that security firm Independent Security Evaluators has disclosed vulnerabilities in the popular MMORPGs Age of Conan and Anarchy Online. The flaws (which have since been patched) allowed a malicious user to read files from and take control of another player's computer.

Using flaws discovered in the games' coding, Independent Security Evaluators said it was able to read confidential files on massive multiplayer online (MMO) games Anarchy Online and its best-selling successor, Age of Conan. ISE, which will reveal the research today on its Web site (securityevaluators.com), said it was also able to take control of a player's computer in the older game.

The vulnerabilities, ISE says, expose a growing concern among industry experts. Many say players of such games should start worrying more about malicious attacks that can endanger confidential and financial data than the virtual battles that revolve around crushing demon skulls and laying siege to ancient towns.

Continue to read: Here

The full details of the attack are available, including a video (hi-res MOV) showing how the targeted player's client can be crashed.

First, the victim is instructed to "view" our attack web page. The cookie payload is then secretly delivered to the victim's computer. As the page reads "under construction" the user is encouraged to try the second link. This time, the payload delivered in the original cookie is loaded and overflows a buffer within the game's memory. Our exploit code then uses the game's internal functions to make the victim's avatar start dancing uncontrollably and equip an item (in this case, a bathing suit) as though the victim were doing these things him/herself. Once in control of the computer, our exploit downloads a second program from our server and executes it. This program reads the victim's Anarchy Online account user name and password from the game's memory and uploads it to our FTP server. Finally, it opens a web browser pointing to a website of our choice.

View the movie and continue to read: Here

News Original From: slashdot

click here for full image

Editor's Recommendation:  
1. The Best New Products at GC 2008 2. Gold Farming, A Big Business!
3. AoC Expansion Coming In 2009 4. WAR Gameplay Video From GC 2008
5.Top Memorable Events in MMORPG History 6. Who Can Beat WoW? ( Part II)

[Editor:Stella]
Relevant News
  • Hellgate's Failure and AoC's Success(09-03)
  • Age of Conan: A Post Mortem Analysis (09-01)
  • Exploration in AoC (08-29)
  • GC 2008: AoC: Hyborian Adventures Updates Impressions(08-26)
  • Age of Conan Expansion Coming In 2009 (08-26)
  • GC 2008: Comparative Screens of DX9 versus DX10 in AoC(08-23)
  • WAR kills AoC, not WoW (08-23)
  • WoW Kills Another WoW Killer (08-22)
  • AoC to Tie In With New Conan Movie(08-22)
  • AoC Database & New Look of AoC Vault (08-21)
    • Player Comments ( comments)
    Comments
    NickName:
    Remember my nickname.
    Content:
    Total comments [ More Comments ]
    Use powerful commenter with smileies and quote function here.
    Hot News Daily
    German Questioned Over Gamer's Murder
    WAR: We Are Harder, Darker and Heavier
    Korean Gamer's StarCraft Faction in Spore
    Why Always Fantasy?
    Make Crafting Better
    Crazy People, Crazy WAR!
    Ensemble And An Abortive Halo MMO
    Official Blog Updates
    Screens Of The Day
    News Of The Day
    Orinial Arts Vetoed by PW's New MMO - Pr
    Play MMO on iPhone - Fallen Earth Annouc
    HEVA Online Goes to Taiwan and SEA Versi
    What's New in Fantasy Tennis Season 2
    MMO Griefers: Internet Haters' Evolution
    Videos Of The Day