The Other Kind of Hacker: Video Game Developers and Cybersecurity

A few days ago, it was announced that action RPG and multiplatform Korean gacha Genshin Impact had had its anti-cheat driver weaponized by ransomware developers, thanks to a vulnerability that had been discovered back in October of 2020.

Which, I should point out, isn’t an entirely new phenomenon. There’s literally a Metsploit module designed to take advantage of a vulnerability in an anti-cheat driver Capcom used for the Street Fighter V on PC. All this has happened before, all this will happen again. (Hopefully with a better ending, though.)

Continue reading “The Other Kind of Hacker: Video Game Developers and Cybersecurity”

Pandora’s SOC: Analyzing 2019’s Borderlands 3 DRM Scare

I’m going to try and bring this blog back to life because the things I’ve been Going Through over the last year are finally starting to let up. And let’s start with a trip back to the forgotten year of 2019. Russia’s invasion of Ukraine was still limited to Crimea, Donald Trump was still tweeting whatever weird bullshit came to mind, and nobody could imagine the CDC fucking up its response to a disease that affected cishet white dudes.

More relevant to this post, though, 2019 was the year that Gearbox Software’s Borderlands 3 came out. This addition to the long-running series of “looter shooter” video games, despite generally good critical reviews, met with significant backlash from potential customers for two reasons: it used the controversial Denuvo DRM (which has since been removed), and it was being released on PC as an Epic Games Store exclusive.

Continue reading “Pandora’s SOC: Analyzing 2019’s Borderlands 3 DRM Scare”

Rehost: A day in the life of Stuart Hoegner, General Counsel for Tether

Apparently some dipshit or dipshits who may or may not be associated with Tether decided that it’s a great idea to abuse copyright law in an attempt to make others stop mocking them.

Fortunately, my hosting provider has a pretty strong “eat farts” policy towards spurious claims of defamation. So here’s a rehost of the original blog post by one Trolly McTrollface.

Continue reading “Rehost: A day in the life of Stuart Hoegner, General Counsel for Tether”

Wheel of Discourse, Turn, Turn, Turn / Tell Us Today’s Reason Why Twitter Should Burn

(this is what the refrance)

One of the more “fun” parts of being Extremely Online is the drama. Which isn’t really the best word for a lot of it, admittedly: the word can be used to downplay some very serious issues. Stuff like Richard M. Stallman being a serial sex pest who somehow get reinstated to the Free Software Foundation’s board of directors is not “drama”. The inevitable result of Graham Linehan being allowed access to a keyboard is not “drama”. A YouTuber getting subjected to accusations of pedophilia because a pack of bitter “how dare you stop having a white nationalist as a cohost” motherfuckers thought it’d be funny is not “drama”.

But when someone who’s literally 15 years old decides they have The Solution to the problem of NSFW content on Twitter? Yeah, I’m thinking “drama” might be a fitting word.

Continue reading “Wheel of Discourse, Turn, Turn, Turn / Tell Us Today’s Reason Why Twitter Should Burn”

My Dick Is Non-Fungible Too, and It’s a Hell of a Lot More Useful Than This Shit: A Rant About Cryptoart

UPDATE: Someone on Reddit pointed out that I had gotten the rules to Bitcoin Numberwang wrong in this rant. That has now been corrected. I apologize for overestimating the incompetence of the Bitcoin community. (Which is not a sentence I ever expected to have cause to type, but here we are.)

Some of you who’ve been exposed to social media in the last week or so may have noticed a new trend where the usual cryptocurrency assholes are trying to recruit artists into their bullshit. And, tragically, a lot are falling for it…including some who should really know better.

Of course, if you have no idea what an NFT is, you might not understand why this is such a unique waste of everything. So let’s dive in and piece together what the fuck happening this time in the world of coinasses. (There’s a tl;dr at the end of the post, don’t worry.)

Continue reading “My Dick Is Non-Fungible Too, and It’s a Hell of a Lot More Useful Than This Shit: A Rant About Cryptoart”

LastPass, You’re Still Making Security Worse

The thing about password managers is that a security issue there tends to be significantly more severe than with most another applications on a device. Even if you all you get is data exfiltration…well, you’re still exfiltrating some pretty fucking important data.

Which is why this story about trackers in LastPass for Android…is less than encouraging.

Continue reading “LastPass, You’re Still Making Security Worse”

Notification Qverload

(No, that’s not a typo.)

There’s an infamous notification box from the dark days of Internet Explorer 6 that “warns” the user that they are “about to view pages over a secure connection” — in other words, they get a big security alert when they were about to do something secure.

The IE6 "you are about to view pages over a secure connection" alert, placed next to a screen from The Simpsons showing Homer demonstrating his "Everything's Okay" alarm.
“Corporate needs you to find the differences between this picture and this picture.”

The problem with this sort of thing should be obvious: it’s training people to either ignore alerts and notifications entirely, or overreact to each one they see. And while that’s more of a UI/UX problem, it’s one with some pretty major implications…both security and otherwise.

Continue reading “Notification Qverload”

Random Code: Pokémon of the Day Python script

Wrote this while bored, figured I’d toss it out there for anyone who cares. Gives you a different Pokemon, and its Pokedex entry, each day. The specific Pokemon is randomly chosen, with the current date as the seed value.

There are probably ways to make it better, but I’m heavily constrained by the JSON that I’m retrieving from pokeapi.co on this one and I don’t feel like putting in the effort.

Continue reading “Random Code: Pokémon of the Day Python script”

LastPass, You’re Making Security Worse

Apparently the free tier for the LastPass password manager is taking away the ability to use both the desktop and mobile apps. If you want your passwords to be available on both your phone and your computer, you’ll have to start paying. Which I don’t think is a good thing overall. So, I’m going to use this opportunity to scream into the void at LastPass* and pretend they’ll notice, let alone care.

Look, LastPass, I get it. Until we finally usher in the glory that is Fully Automated Luxury Gay Space Communism, you’ll still need to pay your employees so that they can keep themselves in craft beer and fancy pizza. But yanking away features like that unless people pay you isn’t good for anyone long-term. Not if you’re removing those features from a password manager.

Continue reading “LastPass, You’re Making Security Worse”