[Ars] Security firms demonstrate subdomain hijack exploit vs. EA/Origin - Overclock.net - An Overclocking Community

Forum Jump: 

[Ars] Security firms demonstrate subdomain hijack exploit vs. EA/Origin

 
Thread Tools
post #1 of 8 (permalink) Old 06-28-2019, 12:43 AM - Thread Starter
New to Overclock.net
 
Imouto's Avatar
 
Join Date: Mar 2012
Posts: 1,910
Rep: 215 (Unique: 100)
[Ars] Security firms demonstrate subdomain hijack exploit vs. EA/Origin

Quote:
Israeli security firms Check Point and CyberInt partnered up this week to find, exploit, and demonstrate a nasty security flaw that allows attackers to hijack player accounts in EA/Origin's online games. The exploit chains together several classic types of attacks—phishing, session hijacking, and cross-site scripting—but the key flaw that makes the entire attack work is poorly maintained DNS.

According to Alex and Oded, the kind of oversight made here by EA/Origin is depressingly common in large companies.
https://arstechnica.com/information-...t-vs-eaorigin/

My last EA game was BF3 and I only used Origin to activate a physical copy. So I think I'm clear from this.

#EnthusiastLivesMatter
Imouto is offline  
Sponsored Links
Advertisement
 
post #2 of 8 (permalink) Old 06-28-2019, 01:16 AM
New to Overclock.net
 
Join Date: Nov 2008
Location: Sevilla, Spain.
Posts: 2,816
Rep: 101 (Unique: 89)
Quote: Originally Posted by Imouto View Post
So I think I'm clear from this.
Quote:
According to Alex and Oded, the kind of oversight made here by EA/Origin is depressingly common in large companies.
Ah right, forgot I was in OCN. Bring back games in tapes.



Eastrider is offline  
post #3 of 8 (permalink) Old 06-28-2019, 01:37 AM
New to Overclock.net
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Fort Lauderdale
Posts: 18,096
Rep: 535 (Unique: 304)
i'm now curious how much of their revenue is generated from hijacked accounts?

lucky me, I haven't touched EA stuff since 2 weeks into the last dragon age. what a disappointment. They could've made that game so much better by doing one little thing. Giving us ACTUAL control over our party members, like in the others... but no, instead they programmed some suicidal AI to do it for you, that then overrides your command every time you tell it to stop trying to kill itself!!! uhg, i hope EA goes up in smoke, and forced to sell all vaulted IP as a result.

jesus, they were using an actual dev team sub domain. hahahahahahaahahahahaaaaaaaaaaaaaaaaaaaaaaaaaa. I mean, it was in the title, but it didn't hit me until I read the break down. That's flipping hilarious. That VM manager & security team should be roasted like chestnuts in an open fire.

"devops teams don't talk to infosec teams, neither of them talks to more traditional ops teams that manage core services like company-wide DNS, and mistakes get made. "

^^^ meetings suck, but one every once in awhile is necessary. Specially with the network admins & CSC plebs.

R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.

Last edited by skupples; 06-28-2019 at 01:56 AM.
skupples is offline  
Sponsored Links
Advertisement
 
post #4 of 8 (permalink) Old 06-28-2019, 08:57 AM
I <3 narcissists
 
bigjdubb's Avatar
 
Join Date: Feb 2008
Location: Houston, TX
Posts: 5,578
Rep: 219 (Unique: 136)
Quote: Originally Posted by Imouto View Post
https://arstechnica.com/information-...t-vs-eaorigin/

My last EA game was BF3 and I only used Origin to activate a physical copy. So I think I'm clear from this.
It's a phishing scam so it's pretty easy to tell if you're safe or not.

Gaming Rig
(12 items)
Couch Gaming Rig
(10 items)
Work rig
(11 items)
CPU
Ryzen 7 3700x
Motherboard
Gigabyte X570 Master
GPU
EVGA RTX 2080ti FTW3
RAM
G.Skill TridentZ RGB
Hard Drive
HP EX920 m.2
Hard Drive
Intel SSD6 m.2
Hard Drive
Intel SSD6 m.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
LianLi PC-O11 Dynamic
Operating System
Win 10 Home
Monitor
LG 32GK650G
CPU
Ryzen 5 3600
Motherboard
Asus x470i
GPU
Radeon VII
RAM
G.Skill TridentZ RGB
Hard Drive
Samsung 970 evo
Power Supply
InWin A1
Cooling
NZXT M22
Case
InWin A1
Operating System
Win10 Home
Monitor
Vizio 4k TV
CPU
AMD Ryzen 7 2700X
Motherboard
Asrock X470 Taichi Ultimate
GPU
GTX 750
RAM
Patriot Viper
Hard Drive
HP EX920 M.2
Power Supply
EVGA G3
Cooling
CORSAIR H150I PRO
Case
NZXT Source 210
Operating System
Windows 10 Pro
Monitor
BenQ PD3200Q
Monitor
LG 32UD59
▲ hide details ▲


bigjdubb is offline  
post #5 of 8 (permalink) Old 06-28-2019, 12:17 PM
Old to Overclock.net
 
Join Date: Jan 2008
Posts: 2,042
Rep: 111 (Unique: 98)
Pretty sure this attack would not work if you have first party isolation enabled in FF or are running a content blocker like uBlock in default deny or noscript.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #6 of 8 (permalink) Old 06-28-2019, 12:31 PM
New to Overclock.net
 
Join Date: Dec 2018
Posts: 71
Rep: 1 (Unique: 1)
Do not get fooled by stupid links, do not get account hacked, seems simple enough.
agatong55 is offline  
post #7 of 8 (permalink) Old 06-28-2019, 10:16 PM
New to Overclock.net
 
m4fox90's Avatar
 
Join Date: Sep 2017
Posts: 378
Rep: 5 (Unique: 5)
Quote: Originally Posted by Eastrider View Post
Ah right, forgot I was in OCN. Bring back games in tapes.
Floppy disks in an airgapped system streamed from virtual machines on linux to a virtual machine on another virtual machine on another air gapped system

Silence in the Snow
(13 items)
CPU
Ryzen 1600X
Motherboard
ASRock X370 Taichi
GPU
RTX 2080Ti Black Edition
RAM
G.Skill RipJaws V 16 GB @3466
Hard Drive
Samsung 960 EVO 500GB
Hard Drive
Seagate Barracuda 3TB
Hard Drive
Seagate FireCuda 2TB
Power Supply
Seasonic SnowSilent
Cooling
EK Coolstream PE 360
Cooling
EK Supremacy EVO
Case
Lian Li PC-O11 Dynamic
Operating System
Windows 10 Home
Monitor
Predator XB271HU
▲ hide details ▲
m4fox90 is offline  
post #8 of 8 (permalink) Old 06-29-2019, 12:08 PM
New to Overclock.net
 
NihilOC's Avatar
 
Join Date: Aug 2012
Posts: 587
Rep: 18 (Unique: 17)
Quote: Originally Posted by skupples View Post
i'm now curious how much of their revenue is generated from hijacked accounts?
What aspect of this makes you think that this is being exploited in the wild?

Given the lack of any real way to monetise this exploit, and the reliance on phishing, I doubt it will utilised before the vulnerability is patched.

And most people on sites like this don't buy EA games, it's no biggie there's no need to advertise. Still clearly doesn't put a dent in their revenue, what with them pulling $5.150B last year.

NihilOC is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off