With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm that says the bug is now fixed.
Researchers at Check Point say the three vulnerabilities chained together could have affected any of its 200 million players. The flaws, if exploited, would have stolen the account access token set on the gamer’s device once they entered their password.
Once stolen, that token could be used to impersonate the gamer and log in as if they were the account holder, without needing their password.
The researchers say that the flaw lies in how Epic Games, the maker of Fortnite, handles login requests. Researchers said they could send any user a crafted link that appears to come from Epic Games’ own domain and steal an access token needed to break into an account.
Check Point’s Oded Vanunu explains how the bug works. (Image: supplied)
“It’s important to remember that the URL is coming from an Epic Games domain, so it’s transparent to the user and any security filter will not suspect anything,” said Oded Vanunu, Check Point’s head of products vulnerability research, in an email to TechCrunch.
Here’s how it works: The user clicks on a link, which points to an epicgames.com subdomain, which the hacker embeds a link to malicious code on their own server by exploiting a cross-site weakness in the subdomain. Once the malicious script loads, unbeknownst to the Fortnite player, it steals their account token and sends it back to the hacker.
“If the victim user is not logged into the game, he or she would have to log in first,” said Vanunu. “Once that person is logged in, the account can be stolen.”
Epic Games has since fixed the vulnerability.
“We were made aware of the vulnerabilities and they were soon addressed,” said Nick Chester, a spokesperson for Epic Games. “We thank Check Point for bringing this to our attention.”
“As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account information with others,” he said.
When asked, Epic Games would not say if user data or accounts were compromised as a result of this vulnerability.
David Prowse, who played Darth Vader in the first three Star Wars films, has died at the age of 85. Prowse’s agent confirmed the news to the Hollywood Reporter on Saturday evening.
Prowse was a body builder who stood six feet, seven inches tall when he won the Vader role for the original 1977 Star Wars. Prowse also played Vader in The Empire Strikes Back and Return of the Jedi.
In 2016 interview, Prowse said that George Lucas offered him a choice between playing Darth Vader or Chewbacca. Prowse chose Vader, and the Chewbacca role went to Peter Mayhew, who died last year.
But while Prowse supplied Vader’s body, George Lucas decided not to use the Brit’s voice. He dubbed in lines by the baritone James Earl Jones instead.
When Darth Vader next appeared in a Star Wars feature film, in 2005’s Revenge of the Sith, he was played by Hayden Christensen, the actor who played Annakin Skywalker in the prequels.
The Hollywood Reporter described Prowse’s early life:
Born on July 1, 1935, in Bristol, England, Prowse was misdiagnosed with tuberculosis of the knee and forced to wear a leg splint for four years as a youngster (it turned out he actually had osteoarthritis). Yet he went on to compete for the Mr. Universe bodybuilding title in 1960 before capturing the British weightlifting championship three straight years running, from 1962-64. (At age 50, he was still able to dead-lift 700 pounds.)
Prowse played a bodyguard in the 1971 film A Clockwork Orange. He also appeared in a number of lesser-known films. He played Frankenstein’s Monster in three different films in the late 1960s and early 1970s. Around the same time, he became known in the UK for playing “Green Cross Code Man” in traffic safety commercials.
Prowse’s agent told CNN that he died after a short illness. Prowse had previously been diagnosed with prostate cancer.
Listing image by Sunset Boulevard/Corbis via Getty Images
At this point, it’s practically mandatory for any show set in New York to open with shots of landmarks like the Empire State Building, Central Park, or a row of honking yellow taxis in rush hour traffic. Anything quickly recognizable will suffice, as long as it represents life in the big city. (Looking for arty vibes? Search no further than Washington Square Park.) HBO’s docuseries How to With John Wilson doesn’t break from this tradition. In addition to a montage of New Yorkers on the street scored to tinkling jazz, How to gives us a shot of the World Trade Center, gleaming upwards from Lower Manhattan. There’s a key difference in how creator John Wilson shoots this image, though, one that reveals his off-kilter perspective. Instead of zooming overhead, he positions the World Trade Center in the background. Front and center instead: a grungy dumpster.
An opening that juxtaposes New York’s iconography with its garbage could look a tad obvious, like knockoff Banksy. But How to With John Wilson is one of the most consistently surprising shows on TV—original, not derivative. That early shot is as close to an easily-digestible statement of purpose as the show makes. Its brisk 25-minute installments are framed as tutorials, with the Queens-based Wilson carting his camera around the city attempting to learn how to accomplish various tasks by talking to people he encounters. (“How to Put up Scaffolding” and “How to Cover Your Furniture” are two episode titles.) These episodes aren’t instructive as much as wildly digressive; Wilson allows his chance encounters to unspool into intimate connections with strangers, often venturing into their homes as they divulge their pet projects, theories, and passions. The point is that no one ever knows what they’ll discover when they start asking questions. When he was younger, Wilson worked as a private investigator, and his output has a voyeuristic undercurrent. He’s brilliant at capturing public glimpses of private lives.
The elevator pitch for How to With John Wilson could’ve been something like “Nathan for You meets Humans of New York,” especially since Nathan Fielder serves as an executive producer and the show’s most high-profile champion. Nathan for You, which ran for four increasingly artful seasons on Comedy Central, was also hard to explain—it was a prank show, sort of, that satirized reality television and American business ethics. Fielder hosted in character, convincing real entrepreneurs to carry out ridiculous stunts meant to attract new customers.
There is a kinship between Fielder’s and Wilson’s work. Both of their projects hinge on coaxing real people into revealing themselves. They are both deliberately subdued hosts, all the better to make the chaos they cultivate look organic; Wilson doesn’t even appear on-camera in his show, preferring to remain as the unseen narrator steering the action. A key distinction, though: Nathan for You had a harder-nosed approach to its ordinary-people subjects, who often wound up uncomfortable and embarrassed because of their participation. How to With John Wilson is a far more tender endeavor. Its storylines are fueled by Wilson’s leaps into intimacy with strangers. One episode features startlingly prolonged full-frontal male nudity, the result of one such stranger feeling comfortable enough to Donald Duck his way through Wilson’s interview, curling up into a ball on his bed without pants or underwear. Even when the people he meets behave in objectively bizarre ways, Wilson documents the absurdity without mocking it.
In the third episode, “How to Improve Your Memory,” Wilson enters a grocery store looking for a specific brand of candy he remembers from his childhood. When he asks for help, he meets a man who built software for stocking the store’s shelves. The man can’t help him with the candy, but as it turns out, he has a lot to say about memory. He invites Wilson back to his office, where they discuss the “Mandela effect,” a phenomenon where a group of people remember something differently than how the historical record indicates it occurred. By the end of the installment, the pair are in a Best Western in Ketchum, Idaho, together, contemplating the nature of reality.
Wilson began his film career by posting documentary shorts directly to Vimeo, including videos using the same “How to” framework. They took years to complete, as he shot footage and stitched it together into narratives in his free time while working odd jobs. Their viewership was small but enthusiastic, and when Fielder saw Wilson’s work, he reached out to collaborate. The Nathan for Youcreator helped the resolutely DIY director come up with the project’s real elevator pitch, telling networks the premise was “Planet Earth, but for New York.” By evoking the famously well-made nature documentary series, Fielder nailed down Wilson’s central achievement. Just as Planet Earth captured animal behavior rarely seen on film with unprecedented clarity, How to With John Wilson is a collage of real human behavior that is rarely, if ever, seen so clearly.
In an interview with The New York Times, Wilson described his approach as “letting the story come to you.” He walks around with his camera and interviews people about the subject, collecting hours and hours of on-the-streets footage. He then collages together a narrative from what he finds, using voice-over to tie it together. It’s a method that yields incredible results, but there’s a downside: It took two years to gather enough footage for this six-episode first season, which clocks in at less than three hours total. It’s not a scalable project, which is key to its idiosyncratic charms. To create an observational achievement of this caliber requires patience. Despite its title, Wilson’s show isn’t really a lesson. It’s a reminder of how rowdy ordinary life can be, if you know how to pay attention.
Update: Fifteen years ago around Thanksgiving, legendary film critic Roger Ebert set off a mini-storm in video game journalism circles by taking to his column and poo-pooing the medium. And with Ars staff off for the holiday weekend, we thought it’d be interesting to resurface this analysis of Ebert’s critiques from Ars contributor Jeremy Reimer. While there have definitely been a few game-to-film duds in the intervening years (ahem, Assassin’s Creed), there’s been no shortage of breathtaking video game storytelling (Her Story) or Hollywood looking to new titles (Last of Us on HBO, either. This piece originally ran on November 30, 2005 and appears unchanged below.
Roger Ebert, the famed movie critic for the Chicago Sun-Times and co-host of the syndicated TV show Ebert and Roper at the Movies has thrown down the gauntlet on his website by stating that video games will never be as artistically worthy as movies and literature. Ebert does not believe that this quality gap can ever be crossed, as he feels it is a fundamental limitation of the medium itself:
There is a structural reason for that: Video games by their nature require player choices, which is the opposite of the strategy of serious film and literature, which requires authorial control.
Whether or not interactive art can still be art is an interesting question. Modern artists such as Chin Chih Yang, who design interactive multimedia projects as well as creating “traditional” art, would probably tell you that whether something is “art” depends on only the artist and the audience, and not the medium itself. However, there are undoubtedly more conservative artists who would dismiss “interactive multimedia projects” as not being worthy of the term art. Of course this debate is not a new one, nor has it been confined to video games. Movies and comic books both struggled (and still struggle) to receive the same level of respect as traditional media, such as literature and dramatic plays.
But is it really the “interactive” part of video games that Ebert is criticizing? To me, it seems like a convenient excuse to dismiss for all time a new form of entertainment that has not only influenced movies (with endless releases of video-game-themed movies such as Tomb Raider,Mortal Kombat, Resident Evil, etc.) but at times even seems to be in competition with cinema itself. Every time movie sales go down, some pundits start looking to the video game industry as being the source of the problem.
I don’t believe the “interactive” nature of video games is what Ebert is really railing against here. While he gave a poor review to the movie Clue, which featured multiple endings, he admitted in his review that it would have been more fun for viewers to see all three endings. He seemed to be indicating that if the movie itself was of higher quality, being given a choice of endings would have made it even more entertaining. Like Clue, video games can feature multiple endings or storylines, but all of them have been written by the writer ahead of time. The fact that the player can choose between them does not make any of the choices less of a creation by the game developers.
A closer examination of Ebert’s comments seems to indicate that he is critical of the artistic value of the games themselves, not their structure:
I am prepared to believe that video games can be elegant, subtle, sophisticated, challenging and visually wonderful. But I believe the nature of the medium prevents it from moving beyond craftsmanship to the stature of art. To my knowledge, no one in or out of the field has ever been able to cite a game worthy of comparison with the great dramatists, poets, filmmakers, novelists and composers. That a game can aspire to artistic importance as a visual experience, I accept. But for most gamers, video games represent a loss of those precious hours we have available to make ourselves more cultured, civilized and empathetic.
Some might be eager to tell Ebert about games that he may not have ever seen or played, such as Star Control II, or Planescape Torment, where the story is given higher focus than the graphics and is at least comparable to literary fiction. Or games such as ICO, where the atmosphere and feel of the environment and characters is on par with any “serious” art film. But perhaps Ebert hasn’t heard of these titles because video games in general have been deluged with an endless parade of flashy sequels and movie tie-ins that favor graphics over gameplay. Perhaps if a viable analog to the independent movie industry emerged for video games, Ebert might change his tune. But is this likely to happen?