Language Selection

English French German Italian Portuguese Spanish

M$ Battles Halo 2 Holes

Filed under

Microsoft is once again locked in a battle of wills with hackers determined to find and exploit security holes in the company's software. But this time the buggy code isn't endangering users' PCs -- just their otherworldly alien fortresses.

The vulnerabilities are in Microsoft's enormously popular Xbox game Halo 2. Last month, the company's Bungie Studios games division pushed out a 2-MB software patch for the sci-fi shooter in response to months of complaints from Xbox Live gamers about "glitchers" who'd learned to exploit programming errors in the game to their advantage in competitive play. The phenomenon launched cheaters to high positions in the Halo 2 global leader board, where players are ranked like chess masters according to their online wins and losses.

The most severe of the holes was a meta-bug triggered when black hats interfered with their cable modem links, buying them up to eight seconds of invisible movement while the game server struggled to reconnect -- just the ticket to sneak into the enemy's fort and steal their colors in a hotly contested capture-the-flag game. Other glitches were errors in the game's physics engine that gave practiced players Neo-like mastery of the Halo 2 multiverse: the power to fly through the air, grab objects through solid walls or create a tactically useful double of their avatar.

"You have a huge number of people intentionally trying to find stuff to essentially break, or mess around with, the game," said Halo expert Jeremy Hunt. "Trying to make a game work with that kind of crowd is pretty tough."

The bugs have been a chink in the armor of the otherwise bulletproof Halo franchise. The original Halo was the flagship title for the Xbox, and Halo 2, released last November, sold 6.4 million copies in its first three months on the market. The game's vigorous online component helped boost Xbox Live's user base to 1.4 million players in January. A Halo movie is now reportedly in the works, and rumors abound that a next-generation Halo update is planned as a launch title for the upcoming Xbox 360 console.

Microsoft responded to the glitches quickly and characteristically: In mid-January, the company launched a ruthless wave of anti-hacking enforcement that's seen, by Microsoft's count, thousands of players banned from online play for allegedly exploiting the vulnerabilities. Some gamers are complaining in message forums that they were targeted unjustly, but they have no recourse under Xbox Live's terms-of-service agreement, which lets the company exile anyone for any reason.

Full Story.

More in Tux Machines

Security: Dropbox, FUD, CNCF, 'Cloud'

  • Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

    Dropbox's position, however reasonable in many of its aspects, is woefully deficient, because the company reserves the right to invoke DMCA 1201 and/or CFAA and other tools that give companies the power to choose who can say true things abour mistakes they've made.

    This is not normal. Before DRM in embedded software and cloud connectivity, became routine there were no restrictions on who could utter true words about defects in a product. [...]

  • Hackers Infect Linux Servers With Monero Miner via 5-Year-Old Vulnerability [Ed: A five-year-old vulnerability implies total neglect by sysadmins, not a GNU/Linux weakness]
    Attackers also modified the local cron jobs to trigger a "watchd0g" Bash script every three minutes, a script that checked to see if the Monero miner was still active and restarted XMRig's process whenever it was down.
  • GitHub: Our dependency scan has found four million security flaws in public repos [Ed: No, GitHub just ran a scan for old versions being used and reused. It cannot do this for proprietary software, but the issues are there and the risks are no better.]
    GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.
  • Envoy CNCF Project Completes Security Audit, Delivers New Release
    The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project. The Envoy proxy project was created by ride-sharing company Lyft and officially joined the CNCF in September 2017. Envoy is a service mesh reverse proxy technology that is used to help scale micro-services data traffic.
  • Hybrid cloud security: Emerging lessons [Ed: 'Cloud' and security do not belong in the same headline because 'cloud' is a data breach, typically involving a company giving all its (and customers') data to some spying giant abroad]

A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

The latest in our Windows versus Linux benchmarking is looking at the relative performance impact on both Linux and Windows of their Spectre and Meltdown mitigation techniques. This round of tests were done on Windows 10 Pro, Ubuntu 18.04 LTS, and Clear Linux when having an up-to-date system on each OS where there is Spectre/Meltdown protection and then repeating the same benchmarks after reverting/disabling the security functionality. Read more

Raspberry Pi atmospheric sensor HAT can detect distant explosions

OSOP’s $179 and up “Raspberry Boom” Raspberry Pi HAT add-on detects infrasound from volcanoes, explosions, and rockets. A $299 and up Shake and Boom HAT adds a seismograph. Panama-based OSOP, which found Kickstarter success with its Raspberry Shake seismograph add-on board for the Raspberry Pi, has now returned with a Raspberry Boom add-on board and infrasound sensor that detects inaudible sound. The same Kickstarter campaign is also selling a new Raspberry Shake and Boom product that combines the Boom with the seismograph capabilities of the Shake. Both products can tap into OSOPs large citizen science network to detect real-time events around the world. Read more

Wireless crazed Orange Pi boasts 4G LTE, WiFi, BT, FM, and GPS

The “Orange Pi 4G-IOT” SBC that runs Android 6.0 on a quad -A53 MediaTek MT6737 SoC, and offers a 40-pin header, WiFi, Bluetooth, FM, GPS, a 4G LTE radio, and fingerprint sensor support. Shenzhen Xunlong open spec Orange Pi 4G-IOT SBC, which just launched for $45 on AliExpress, is the most wireless savvy Orange Pi to date. The open-spec SBC includes an unnamed, 4G LTE radio module with mini-SIM card slot, as well as a combo module that includes WiFi, Bluetooth, FM, and GPS. There is also support for a fingerprint sensor. Read more