Connect with us


Fortnite bugs put accounts at risk of takeover – TechCrunch



With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm that says the bug is now fixed.

Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token set on the gamer’s device once they entered their password.

Once stolen, that token could be used to impersonate the gamer and log in as if they were the account holder, without needing their password.

The researchers say that the flaw lies in how Epic Games, the maker of Fortnite, handles login requests. Researchers said they could send any user a crafted link that appears to come from Epic Games’ own domain and steal an access token needed to break into an account.

Check Point’s Oded Vanunu explains how the bug works. (Image: supplied)

“It’s important to remember that the URL is coming from an Epic Games domain, so it’s transparent to the user and any security filter will not suspect anything,” said Oded Vanunu, Check Point’s head of products vulnerability research, in an email to TechCrunch.

Here’s how it works: The user clicks on a link, which points to an subdomain, which the hacker embeds a link to malicious code on their own server by exploiting a cross-site weakness in the subdomain. Once the malicious script loads, unbeknownst to the Fortnite player, it steals their account token and sends it back to the hacker.

“If the victim user is not logged into the game, he or she would have to log in first,” said Vanunu. “Once that person is logged in, the account can be stolen.”

Epic Games has since fixed the vulnerability.

“We were made aware of the vulnerabilities and they were soon addressed,” said Nick Chester, a spokesperson for Epic Games. “We thank Check Point for bringing this to our attention.”

“As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,” he said.

When asked, Epic Games would not say if user data or accounts were compromised as a result of this vulnerability.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Review: The Green Knight weaves a compelling coming-of-age fantasy quest



Enlarge / Dev Patel stars as Gawain—nephew to King Arthur and an aspiring knight—in The Green Knight, filmmaker David Lowery’s mesmerizing adaptation of the 14th-century anonymous poem, Sir Gawain and the Green Knight.

The tale of Sir Gawain and the Green Knight, immortalized in a 14th-century anonymous poem, is among the most popular of the Arthurian legends, second only to the quest for the Holy Grail. Yet I would argue that it has never been successfully adapted to film—until now. Director David Lowery’s new film, The Green Knight, takes some necessary liberties with the source material. But he also artfully weaves in elements and symbols from that source material to create a darkly brooding fantasy quest that is just as richly textured and layered as the medieval poem on which it is based.

(Major spoilers for the 14th-century medieval poem below; some additional spoilers for the film are below the gallery.)

Let’s lay out the basics of the original poem before discussing the clever ways in which Lowery (A Ghost Story, Pete’s Dragon) has reimagined it. As I’ve written previously, Sir Gawain and the Green Knight falls into the chivalric romance genre, relating a well-known story from Arthurian legend in distinctively alliterative verse. (Alliteration was all the rage at the time. I highly recommend J.R.R. Tolkien’s translation from 1925 or Simon Armitage’s 2008 translation, recently revised.)

On New Year’s Day, King Arthur and the knights of the Round Table gather at Camelot to feast and exchange gifts. A mysterious Green Knight disrupts the festivities and proposes a different kind of exchange: any one of the knights may strike him with one blow with his axe; in return, the Green Knight will come back in a year to return the blow. Sir Gawain, the youngest of the knights and nephew to Arthur, accepts the challenge and beheads the Green Knight. Everyone is shocked when the Green Knight picks up his severed head. He says Gawain must meet him at the Green Chapel one year hence to receive a similar blow, per their bargain.

As the deadline approaches, Gawain embarks on a quest to find the Green Chapel, having plenty of adventures and battles along the way. Finally, he arrives at a castle, and the lord and lady invite him to stay as their guest. The lord, Bertilak de Hautdesert, proposes another bargain: he will go out hunting every day and give Gawain whatever he catches, provided Gawain gives the lord anything he gains during the same day. And every day, the lady of the castle attempts to seduce the young knight while her husband is away. Gawain is caught between two competing codes: the code of chivalry demands that he not betray his host’s trust by sleeping with his wife, but the code of courtly love demands that he do whatever a damsel requests.

He manages to courteously fend off the lady’s advances for two days, granting her only one and two kisses, respectively, which Gawain then passes on to the lord when he brings back a deer and a boar. On the third day, when Gawain once again spurns her advances, the lady tries to give him a gold ring. He declines the gift. But when she next offers him a green and gold silk sash that she swears will protect him from physical harm, Gawain—knowing his rendezvous with the Green Knight approaches—accepts in a moment of weakness. Then they exchange three kisses. He passes the three kisses on to the host when the lord returns with a fox, but Gawain doesn’t tell his host about the lady’s sash.

The next day, Gawain rides off to meet the Green Knight, who delivers the return blow. Gawain, who is wearing the sash, only suffers a minor nick on the neck. Technically, he “wins” their game, but the Green Knight reveals himself to be none other than Lord de Hautdesert—transformed by the magic of Morgan Le Fay—and says that the entire yearlong scheme was meant to be a test of the Arthurian knights. Had Gawain told the lord about the sash, he would not have even suffered a slight wound on his neck. So Gawain’s “victory” is also a source of personal shame.

A knight comes of age

Lowery’s challenge was to remain true to the original text’s major themes and rich symbolism, while making the character of Gawain and the story of his quest more relatable and resonant for modern audiences. Most notably, Lowery opted to make Gawain a callow young man who aspires to earn the right to join the Knights of the Round Table by proving his honor and bravery—confronting some hard truths about himself along his journey. (In the poem, Gawain is already a distinguished knight.)

When we first meet young Gawain (Dev Patel, Slumdog Millionaire), he is waking up in a brothel on Christmas Day, where he has spent the night carousing with his lover, Essel (Alicia Vikander, Ex Machina, Man from U.N.C.L.E.). He returns home to his disapproving mother (Sarita Choudhury, Lady in the Water)—yep, he still lives with his mom—before heading off to King Arthur’s court for the holiday festivities.

(WARNING: Some spoilers for the film, below.)

Invited to sit beside Arthur (Sean Harris, Prometheus, Mission: Impossible – Fallout) and Queen Guinevere (Katie Dickie, Game of Thrones, Prometheus), Gawain is asked to regale the group with a tale of his heroic adventures—and realizes he has no such stories to tell. Meanwhile, his mother is seen casting a mysterious spell, which might be related to the sudden appearance of the Green Knight (Ralph Ineson, Game of Thrones, Absentia, The VVitch) at court.

The beheading game plays out pretty much like it does in the poem, and a year later, Gawain embarks on his journey to the Green Chapel to keep his end of the bargain—and most likely lose his head. His mother gives him a green and gold belt (girdle) that she swears will keep him safe from harm. The film also hews reasonably close to the original tale when Gawain takes refuge in the castle of a Lord (Joel Edgerton, Midnight Special, Star Wars Episodes II and III) and Lady (also played by Vikander). Lowery has added a mysterious, blindfolded old dowager who lurks in the background as the two play their own little game of gift exchange and seduction with Gawain.

The middle act is when The Green Knight really diverges from the source material. Gawain’s harrowing journey to find the Green Chapel and fulfill his promise is referenced only in vague terms in the poem: there is a passing mention of skirmishes and giants, and the harsh weather he endures, for instance. Lowery has fleshed out this part of Gawain’s story to create a more traditional three-act structure of the protagonist’s journey.

First, Gawain is waylaid by a forest scavenger (Barry Keoghan, Dunkirk) who robs him, binds him, and leaves him for dead. After freeing himself, Gawain befriends a little fox and asks a tribe of giants to point him north. Later, he meets a ghostly woman identified onscreen as Saint Winifred (Erin Kellyman, Falcon and the Winter Soldier). She entreats him to retrieve her severed head from a lake and, in exchange, tells him the Green Knight is someone he knows. This is not in the original poem at all—although there is passing mention of St. Winifred’s Well—but thematically, it’s a fitting addition, since the legend of Saint Winifred holds that she was beheaded by a suitor for refusing his advances and a spring formed where her head fell. (She came back to life when her head was rejoined with her body.)

A rich tapestry

Patel is an inspired choice to play Gawain. He has the charisma to make a flawed, spoiled young man likable enough that we empathize with his struggles and humiliations. That’s a crucial factor in how Gawain’s final encounter with the Green Knight in the chapel plays out—another example of how Lowery’s thoughtful embellishments on the poem both underscore and enhance its themes and emotional power. In this case, we keenly feel Gawain’s sense of crushing shame over failing to live up to the impossible ideals of the Arthurian codes as he struggles to overcome his fear of death. It’s an open question how everything he has experienced will influence the kind of man he chooses to become.

The character of the Green Knight has been interpreted by some scholars as representing the Green Man from pagan folklore, and that’s how the character is depicted in Lowery’s film: a greenish face with the texture of wood, peering out through thick foliage. The Green Chapel is a ruin overgrown with vines, moss, and other plants—the wild chaos of nature encroaching on the crumbling remnants of civilization’s attempts to tame it. And there are strong hints that Gawain’s mother is Morgan Le Fay, whose magic may have set the film’s events in motion—although Lowery is wise enough to leave her true identity ambiguous. (She is not Gawain’s mother in the poem; that would be Arthur’s other half-sister, Morgause).

Lowery has cited multiple films that influenced him over the years as he worked to bring The Green Knight to life onscreen: Willow, Bram Stoker’s Dracula, The Dark Crystal, Marie Antoinette, and The Passion of Joan of Arc, a 1928 French silent film by Carl Dreyer. (See the embedded video at the end of this review for Lowery’s take on each of them.) Excalibur is another obvious influence, particularly since Lowery shot his film in many of the same locations in Ireland.

One can definitely see elements from all those sources in The Green Knight, but the tapestry Lowery has woven out of so many disparate threads is every inch an original vision. There are no quick cuts or frenetic action sequences. Lowery takes the time to let the story unfold at a leisurely pace, drawing the viewer into the Arthurian world he has created, as seen through the eyes of young Gawain. At times, the film takes on a hallucinatory quality. Just as the 14th-century poem continues to fascinate us some 700 years later, this strange, powerfully evocative film will have you mulling over everything you’ve just seen, pondering various interpretations, long after you’ve left the theater.

The Green Knight is now playing in theaters. We strongly recommend only watching movies in theaters if you have been fully vaccinated.

Filmmaker David Lowery on the “shared DNA” between The Green Knight, Willow, The Dark Crystal, Marie Antoinette, The Passion of Joan of Arc, and Bram Stoker’s Dracula.

Continue Reading


Valve issues scathing reply over the facts behind a Steam antitrust case



Getty / Aurich Lawson

Valve has issued a scathing response to Wolfire’s April lawsuit alleging anticompetitive monopoly practices on the Steam storefront. In that response, Valve argues that the suit should be dismissed because it “fails to allege the most basic elements of an antitrust case.”

There’s no right to free Steam keys

Wolfire’s case centers in part on the fact that Valve requires free Steam Keys generated by developers using Valve’s platform to be sold on other platforms at prices no lower than those offered on Steam. But Valve argues multiple times in its filing that it has “no obligation to distribute Steam Keys, let alone to allow developers to use Steam Keys to undercut their Steam prices in other stores.”

The free key system, Valve says, is intended as a way to “[give] developers a free way to sell (or give away) a reasonable number of copies of their Steam-enabled games.” With that in mind, restrictions on off-Steam pricing for those keys “prevents developers from free-riding on Valve’s investment in Steam.” The pricing and quantity guidelines “prevent developers from eroding large quantities of sales on Steam, which Valve bears 100% of the expense of creating and maintaining, yet provides to users for free.”

Valve goes on to say that the antitrust laws impose “no obligation on Valve to facilitate competition with itself” and points to supporting case-law to that effect. “Nor does Valve have a duty to continue offering [free keys], to grant them in unlimited numbers, or allow developers to use them to sell Steam-enabled games in other stores cheaper than on Steam,” Valve argues.

Wolfire’s lawsuit also alleges that Valve tries to enforce pricing parity not just for generated Steam keys but for non-Steam versions sold on other platforms. Valve, in its response, is not impressed with the factual basis for this allegation, which it says is tied to “a single anecdote of Valve allegedly telling one unnamed developer it shouldn’t give a non-Steam-enabled game free on Discord’s competing platform if it charges Steam users $5 for the Steam-enabled version of that game on Steam.” That narrow anecdote, Valve argues, “fails to allege market-wide enforcement or plausibly lead to any effect on competition.”

Wolfire’s suit does present evidence that many games are priced at the same level on Steam and other storefronts that charge lower fees. But Valve argues that this kind of pricing parity across storefronts is commonplace. Even if it wasn’t, Valve says, the lawsuit is missing “any factual allegation that Valve… did anything at all to affect, let alone coerce, the developers to sell at the same prices in two stores.”

Competitive rates

Valve also takes Wolfire to task for not presenting any facts to back up its assertion that Steam’s 30 percent base cut for game sales is higher than what would be available in a more “competitive” market. Instead, Valve says, “Plaintiffs can muster only a generalization that economics predicts Valve’s 30 percent commission should have decreased over time.”

Valve points out that it hasn’t increased its base fee since “Steam’s beginning when it had zero market share, and hence no power to charge anything but a competitive price.” On the contrary, in 2018, Steam reduced its fees for high-earning games, a move the company suggests “lay[s] out the opposite of a supracompetitive commission.”

Here, Valve points to a 2008 antitrust case against Apple and its iPod/iTunes markets for music. In that case, Apple successfully pointed out that it had maintained the same 99 cent cost per song “both before and after it obtained a monopoly—and never changed that price, even after a large seller (Amazon) entered the market.”

The fact that Steam’s 30 percent fee is higher than that of competitors like the Epic Games Store is a reflection that “the market allegedly regards Steam as superior… which is consistent with Valve’s ability to fairly command higher prices,” Valve says. In support of this, Valve cites lines from Wolfire’s own suit describing consumer backlash when Borderlands 3 was not available on Steam.

“The Steam platform is far more than a middleman but offers real value to gamers and developers,” Valve writes. “Indeed, gamers allegedly prize Steam so much that Epic’s offering popular games exclusively on its Epic Games Store platform ’caused backlash’ and ‘calls for boycotts’ from gamers forced to ‘wait for a Steam-enabled release or use a PC Desktop Gaming Platform they do not prefer.'”

Continue Reading


This 3D-printed soft robotic hand beat the first level of Super Mario Bros.



A team led by University of Maryland mechanical engineering Professor Ryan Sochol has created a soft robotic hand agile enough to manipulate a game controller.

A team of engineers at the University of Maryland has built a three-fingered soft robotic hand that is sufficiently agile to be able to manipulate the buttons and directional pad on a Nintendo controller—even managing to beat the first level of Super Mario Bros. as proof of concept, according to a recent paper published in the journal Science Advances. The same team also built two soft robotic turtles (the terrapin turtle is UMD’s official mascot) using the same multimaterial 3D-printing process that produced the robotic hand.

We traditionally think of robots as being manufactured out of hard, rigid materials, but the subfield of soft robotics takes a different approach. It seeks to build robotic devices out of more flexible materials that mimic the properties of those found in living animals. There are huge advantages to be gained by making the entire body of a robot out of soft materials, such as being flexible enough to squeeze through tight spaces to hunt for survivors after a disaster. Soft robots also hold strong potential as prosthetics or biomedical devices. Even rigid robots rely on some soft components, such as foot pads that serve as shock absorbers or flexible springs to store and release energy.

Harvard researchers built an octopus-inspired soft robot in 2016 that was constructed entirely out of flexible materials. But soft robots are more difficult to control precisely because they are so flexible. In the case of the “octobot,” the researchers replaced the rigid electronic circuits with microfluidic circuits. Such circuits involve regulating the flow of water (hydraulics) or air (pneumatics), rather than electricity, through the circuit’s microchannels, enabling the robot to bend and move.

Although this solution is ingenious, it brings its own set of challenges. These include the high cost (clean room facilities are required) and time necessary to fabricate those microfluidic systems and then integrate them with the system as a whole. “Recently, several groups have tried to harness fluidic circuits to enhance the autonomy of soft robots,” said co-author Ruben Acevedo. “But the methods for building and integrating those fluidic circuits with the robots can take days to weeks, with a high degree of manual labor and technical skill.”

As an undergraduate, Acevedo worked in the lab of University of Maryland mechanical engineer Ryan D. Sochol, who was interested in moving beyond having to manually connect fluidic circuitry components to soft robots in favor of embedding these functions directly in the soft robotic systems. His team found the answer in PolyJet 3D printing, in which several different layers of materials are stacked on top of each other. The printer sets down one liquid layer, lets it solidify, then sets down the next layer, and so on.

Enlarge / University of Maryland mechanical engineer Ryan D. Sochol shows off his team’s soft robotic hand.

YouTube/UMD A. James Clark School of Engineering

“The incorporation of materials that differ in rigidity serves to enhance performance by allowing the material properties of specific features to be tailored to complement desired functionalities,” Sochol et al. wrote in their paper. Components like diaphragms and O-rings must be able to deform during operation, so a soft rubber-like material was used to make them, while a more rigid, plastic-like material was chosen to make components that need to be stable (fluidic channels, access ports, and structural casings, for instance). Finally, the team used a water-soluble material to serve as scaffolding during the printing process, which was then removed from both the exterior and internal voids and channels—first by dissolving the stuff with water, then manually removing whatever scaffolding material remained.

Microfluidically controlled soft robots typically require distinct control inputs for every independently operated soft actuator. By integrating the fluidic circuit, the UMD team could operate the hand by varying the pressure strength between low, medium, and high. In other words, a single source of fluid could send different signals just by changing the pressure, so that each finger could move independently. Even better, the one-step 3D-printing process for the hand and the two turtle-bots—encompassing soft actuators (moving parts), the fluidic circuits, and robot body—took a matter of hours, not days or weeks.

The team tested the performance of the robotic hand by having it play Super Mario Bros. To make Mario walk, the team used a low pressure, so only the first finger pressed the controller. The researchers used a medium pressure to make Mario run and a high pressure to make the hand press the correct button on the controller to get Mario to jump.

The soft robotic hand plays a round of <em>Super Mario Bros.</em>
Enlarge / The soft robotic hand plays a round of Super Mario Bros.

YouTube/UMD A. James Clark School of Engineering

As for why they chose Super Mario Bros., Sochol told Scientific American that it was the very first Nintendo game he had played as a child. But the choice wasn’t just a matter of nostalgia. The timing and specifics of the game are well-established; the robot hand simply needed to time its responses in accordance with the preprogrammed moves. And there are actual consequences for failure: a single mistake will cost Mario a life. The hand performed so well, it was able to successfully beat the first level of the game in less than 90 seconds.

“We are freely sharing all of our design files so that anyone can readily download, modify on demand, and 3D print—whether with their own printer or through a printing service like us— all of the soft robots and fluidic circuit elements from our work,” said Sochol, who estimates that printing one’s own soft robots would cost about $100 using the team’s software on GitHub. “It is our hope that this open-source 3D printing strategy will broaden accessibility, dissemination, reproducibility, and adoption of soft robots with integrated fluidic circuits and, in turn, accelerate advancement in the field.”

DOI: Science Advances, 2021. 10.1126/sciadv.abe5257  (About DOIs).

Listing image by University of Maryland

Continue Reading