Stories
Slash Boxes
Comments

SoylentNews is people

posted by CoolHand on Monday February 06 2017, @10:59PM   Printer-friendly
from the couldn't-happen-to-a-nicer-product dept.

The developers at Denuvo have been in the news thanks to cracks against their notoriously tough digital rights management (DRM) tools, which are normally used to lock down video games from leaking online. On Sunday, the company faced a different kind of crack—not against a high-profile video game, however, but of its depository of private web-form messages. A significant number of these appear to come from game makers, with many requesting information about applying Denuvo's DRM to upcoming games.

The first proof of this leak appears to come from imageboard site 4chan, where an anonymous user posted a link to a log file hosted at the denuvo.com domain. This 11MB file (still online as of press time) apparently contains messages submitted via Denuvo's public contact form dating back to April 25, 2014. In fact, much of Denuvo's web database content appears to be entirely unsecured, with root directories for "fileadmin" and "logs" sitting in the open right now.

Combing the log file brings up countless spam messages, along with complaints, confused "why won't this game work" queries from apparent pirates, and even threats (an example: "for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm"). But since Denuvo's contact page does not contain a link to a private e-mail address—only a contact form and a phone number to the company's Austrian headquarters—the form appears to also have been used by many game developers and publishers.

The log, as hosted at Denuvo.com, contains queries with legitimate reply addresses at current game studios. Those include a requests from the following: 343 Industries, about applying Denuvo to upcoming Halo Wars games on PC; Microsoft, in a 2015 message describing Denuvo as something that would fit with "an upcoming initiative"; TaleWorlds, about adding DRM to the sequel to its Mount & Blade franchise; Harmonix Games, about scheduling an in-person meeting at this March's Game Developers Conference to talk DRM; Capcom, with multiple requests—one of which is described as a Windows 10 UWP release for 2016 (which could mean this past December's Dead Rising 4, which indeed shipped on UWP with Denuvo DRM); Ninja Theory, who sent a query about DRM for its upcoming adventure game Hellblade: Senua's Sacrifice; and many more.

Source:

https://arstechnica.com/security/2017/02/denuvo-forgets-to-secure-server-leaks-years-of-messages-from-game-makers/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bob_super on Tuesday February 07 2017, @12:00AM

    by bob_super (1357) on Tuesday February 07 2017, @12:00AM (#463803)

    "Hey, those DRM makers can't secure their web page" - news.
    "Hey, let's read every message in this stolen database from a non-scumbagish private company" - not ethical.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Tuesday February 07 2017, @12:13AM

    by Anonymous Coward on Tuesday February 07 2017, @12:13AM (#463807)

    https://wikileaks.org/podesta-emails/emailid/23561 [wikileaks.org]

    The good thing is we know we do not need to worry about those pizza related maps!

  • (Score: 0, Disagree) by Anonymous Coward on Tuesday February 07 2017, @12:42AM

    by Anonymous Coward on Tuesday February 07 2017, @12:42AM (#463819)

    What are you talking about? And did someone break into a building and physically steal a database?

    • (Score: 1, Touché) by Anonymous Coward on Tuesday February 07 2017, @05:39AM

      by Anonymous Coward on Tuesday February 07 2017, @05:39AM (#463908)

      Glad to know you feel that way. I bet you wouldn't mind me releasing the nude pics of your teenage daughter for the Internet to gawk over.

      • (Score: 0) by Anonymous Coward on Tuesday February 07 2017, @01:56PM

        by Anonymous Coward on Tuesday February 07 2017, @01:56PM (#464033)

        I bet you wouldn't mind me releasing the nude pics of your teenage daughter for the Internet to gawk over.

        She beat you to the punch years ago.
        But that's okay, me and my sister-wives support her budding polygamist ambitions.

  • (Score: 0) by Anonymous Coward on Tuesday February 07 2017, @05:37AM

    by Anonymous Coward on Tuesday February 07 2017, @05:37AM (#463907)

    "Hey, let's read every message in this stolen database from a non-scumbagish private company" - not ethical.

    I would disagree with that. It's not ethical to publicly release this database, whether you personally choose to read it or not once it has been made public will not incur any additional harm to the company. It's the act of releasing previously protected information that is unethical, be it to yourself by reading someone's mail or by publishing it online like in this instance.

    Not that I'll cry over a DRM manifacturer's woes, nor over the woes of people who put such cancer into their product.

  • (Score: 2) by Bogsnoticus on Tuesday February 07 2017, @06:47AM

    by Bogsnoticus (3982) on Tuesday February 07 2017, @06:47AM (#463927)

    > "non-scumbagish private company"

    DRM only effectively punishes legitimate owners for being honest. Denuvo, being creators of a system designed to punish the honest, so not fall into the category of "non-scumbagish"

    --
    Genius by birth. Evil by choice.
  • (Score: -1, Troll) by Anonymous Coward on Tuesday February 07 2017, @07:30AM

    by Anonymous Coward on Tuesday February 07 2017, @07:30AM (#463940)

    stolen database from a non-scumbagish private company" - not ethical.

    But, oh, they are a scum-baggish company, if all they do is Denial of Rights Mischief. So stealing their database (security is their main job, right?) and publishing it for all and sundry to laugh at? Does it ever get better than this? Petards and hoisting? Irony meter broken beyond repair again! And as for those of you who want to suck up to "private property" or "Peter Thiel", do recognize you will have to leave your balls at the door. You can keep your gats, but, you know, just leave your balls. We want not assertion of rights here! Hey, look! Tons of money! Who needs balls when you could have tons of money! And all you have to do is leave your balls at the door, and . .. . . OH Shit!! tHE DNA Agreement kicked in! Holey shit, since I have no balls, any more, I am not able to resist a DNA! Peter Thiel is my friend! Every thing I do with him is completely consensual, since he as soooooo much money.

    (/alt-definition: "non-scumbagish private company" = cumsucking whore. Glad we cleared that up!)

    • (Score: 1) by AssCork on Tuesday February 07 2017, @01:59PM

      by AssCork (6255) on Tuesday February 07 2017, @01:59PM (#464034) Journal

      Your post is spectacularly hilarious when read as Robin Williams.

      --
      Just popped-out of a tight spot. Came out mostly clean, too.