We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows from websites that have nothing to do with Ubisoft. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more.

...

PSA: Possible Security Risk In Some Ubisoft PC Games (http://www.rockpapershotgun.com/2012/07/30/psa-possible-security-risk-in-some-ubisoft-pc-games/)

I just posted the same thing up in the Silent Hunter 5 forums. :yep: Hopefully we can spread the word before someone uses this to their advantage.

Hopefully Orpheus is correct in that it only affects people that use the plugin. Makes dealing with the problem easier at least.

Worth noting (at least as I understand it) that you don't need to delete uplay/SH5 - just go into your web browser (all of them if you use more than one), find 'addons' (IE) or 'Extensions' (Chrome) and disable the Uplay addon, if it's there.

AFAIK, if it's not there, and it isn't for me, then there should be no problem. :up:

EDIT: Clearer methods courtesy of RPS forums:

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable

To check the vulnerability, visit this page
http://pastehtml.com/view/c6gxl1a79.html

If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
I have just invented cross-quoting. Think I can patent it and make millions? :hmmm:

* seems they updated the article as well:

The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I***8217;m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with.

Hopefully Orpheus is correct in that it only affects people that use the plugin. Makes dealing with the problem easier at least.


I have just invented cross-quoting. Think I can patent it and make millions? :hmmm:


Nah, there are several GT visitors who already use cross quotes. :O:

I have just invented cross-quoting. Think I can patent it and make millions? :hmmm:

You wish :O:

Anyway goes to show why I keep my system clear of this kind of junk.

HunterICX

See, GT ruins everything. This is why we can't have nice things. :shifty:

How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins

In Opera:
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete

In Chrome:
Visit about:plugins and disable


Any thoughts on where to find this in IE?


Tools - Manage Add-ons - doesn't seem to list 'plug-ins'

Tools - internet options > "programs" tab - "manage addons" button

Seems to be the exact same thing actually. Should be under "toolbars and extensions" I guess.

Updated the other thread with this but can't hurt here as well:

Chrome lists the offending file as the following:
C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

Easy to find/wipe, just in case anyone has trouble removing the browser plugins.