Connect with us

Gaming

Nintendo isn’t saying, so here’s how to fend off the account hijacking spree

Published

on

Nintendo

A wave of account takeovers hitting Nintendo users over the last few weeks continued largely unabated on Tuesday despite Ars’ coverage of the mass hijackings a day earlier. Nintendo isn’t saying why or how so many accounts continue to get compromised, often within hours of hacked users resetting passwords. A likely reason for the sustained hijacking spree: Nintendo’s failure to warn of the risks posed by legacy accounts.

Long before Nintendo introduced the current account system for Switch and other recent devices, the company used a Nintendo Network ID, or NNID, for the earlier Wii U and 3DS platforms. NNIDs had to be created using the notoriously bad resistive-screen keyboards available on these devices, a constraint that made it hard for users to choose strong passwords. The move to the current system was a vast improvement because accounts can be set up using a Web browser.

Error of omission

But there’s a key shortcoming: NNIDs never died, and despite many users forgetting they had ever set up one of these accounts, many continue to be linked to users’ new accounts. That means unauthorized access to an NNID is all it takes to hijack a new account and make off with any PayPal or Switch eShop funds tied to it. As recently as Tuesday, Nintendo emails warning users of potentially hijacked accounts didn’t mention this key detail.

The email instead said there had been a recent sign-in from a new device and that if users didn’t recognize it they should change their passwords using this link. The Web form changes only passwords for the new login system, not for the older NNID. The email and the page it links to make no mention that NNIDs can also be abused to give miscreants unauthorized access to Switch accounts.

Even when a user took it upon herself to close the NNID password hole, the task is unnecessarily painful and problematic. The process of actually changing the password requires accessing the account with a Wii U or 3DS, and there’s always the possibility that users no longer own those older systems. It’s still possible to use a browser to reset an NNID password, but in that case, the new password is limited to only eight characters of Nintendo’s choosing. Even worse, Nintendo emails the user the new password in plaintext.

2FA to the rescue

To Nintendo’s credit, the company on Tuesday issued a statement to reporters advising users of hijacked accounts to enable two-factor authentication on their accounts, and all available evidence suggests this protection will prevent unauthorized access both directly and through NNIDs. The company, it should also be noted, provides instructions here for unlinking an NNID to a current account, but those instructions are easy to find. Moreover, Nintendo continues to offer incentives to encourage keeping the accounts linked.

Nintendo’s statement to reporters recommending the use of 2FA is a step in the right direction, but from the start, emails notifying users of new sign-ins should have provided this advice. The emails also should have advised password resets not only for current accounts but also for NNIDs, as well as directions for unlinking the two. And in keeping with a concept known as defense in depth—which uses multiple layers of protection to secure systems—Nintendo should give users an easier and more secure way to change NNID passwords. Better yet, the game maker should make it easy to close NNIDs altogether. Last, Nintendo owes it to its customers to say if it knows of any breaches involving its network.

So there you have it. If you’re a Nintendo account holder, the first thing to do is set up 2FA and change the current account password. Out of an abundance of caution, users should also unlink the account from the NNID and change, or at least reset, the NNID password.

In the absence of useful advice from Nintendo, users will have to fend for themselves.

Continue Reading

Gaming

Judge’s order slaps Roblox player with permanent game ban

Published

on

Enlarge / A court order has led to a longtime Roblox player being banned from the popular game.

Aurich Lawson | Roblox | Shark Fin Studios

A lawsuit filed by the Roblox Corporation, the operator of one of the most popular online games in the West, concluded last week with a rare order from a US District Court—that a defendant must be permanently banned from an online video game and its associated services.

The dubious honor goes to Benjamin Robert Simon, better known to the Roblox community as Ruben Sim, who had previously received an IP-based Roblox ban after allegedly violating the game’s terms of service. Simon operates a Roblox gameplay and criticism YouTube channel, which currently has 849,000 subscribers.

$150,000, not $1.6 million

The judgment, which came as a stipulated order agreed upon by both the plaintiff and defendant, also requires Simon to pay $150,000 to Roblox. Exactly how that number breaks down based on the suit’s allegations is unclear, but the original suit says that Simon posted a threat in October 2021 that apparently targeted that year’s Roblox Developers Conference. The tweet included a threatening statement without a clear indication of either satire or comedy and said, “San Francisco Police are currently searching for notorious Islamic Extremist [name redacted]. If you see this individual at RDC please call 911 immediately.” The post included a hyperlink to a video titled “SOMEONE BLOW UP ROBLOX NOW,” which had been deleted from YouTube in 2015 but was temporarily re-uploaded, and that video (now once again offline) included direct threats to the Roblox Corporation.

The September 2021 lawsuit (PDF) alleges that this post—along with a follow-up post saying, “Don’t come to RDC tomorrow”—contributed to the company putting the event into “a temporary lockdown while local police and private security conducted a search to secure the facility.” The lawsuit also alleged that this disruption cost Roblox Corporation “over $50,000.”

The January 14 judgment (PDF), which Ars Technica has reviewed, does not include a line-by-line accounting of Roblox Corporation’s many allegations about Simon’s activities related to Roblox, and the only other claim with a firm number attached references Simon’s alleged repeated efforts to evade Roblox’s bans, use the service, and share videos of his exploits. Roblox Corporation says that it spent “over $100,000” to “investigate and block” Simon’s repeated ban evasions. The final judgment is far less than the $1.6 million Roblox Corporation originally sought.

No legal precedent established

The suit says that Simon “repeatedly posts libelous statements about Roblox’s founder and CEO, attributing false statements and conduct to the CEO that Defendant Simon knows to be false and which he makes with intent to cause injury to the reputation of the CEO and of Roblox.” This, among many other allegations, might have been explored further with screenshots or archived social media posts had the suit gone to trial, though in the end, both parties agreed to the terms of the US District Court’s judgment.

In the case of some allegations, Roblox Corporation’s lawsuit includes extensive chat logs that were hosted by Simon’s YouTube channel as proof of his history with ban evasion and violations of Roblox‘s terms of service. Other allegations, including the ones about Roblox‘s CEO and about graphic imagery allegedly uploaded by Simon to Roblox‘s servers, are not accompanied by text or image evidence in the suit’s initial filing. Simon has agreed to delete any social media content that violates the terms of the court order. The original lawsuit sought the total deletion of Simon’s social media accounts and presence, but the final court order includes no such demand.

As a stipulated order agreed upon by both parties, this lawsuit’s conclusion does not establish a legal precedent for users who violate an online service’s terms of service, get banned, and evade that ban in one way or another to return to the game or app in question.

Continue Reading

Gaming

Picard and Guinan have a warm reunion in S2 trailer for Star Trek: Picard

Published

on

The second season of Star Trek: Picard premieres March 3, 2022 on Paramount+.

It has been a long, pandemic-fueled wait, but the second season of Star Trek: Picard is almost here, and we now have an official trailer. In addition to seeing Jean-Luc Picard (Patrick Stewart) encounter his mischievous former frenemy, Q (John de Lancie), fans’ hearts will warm to see the retired Starfleet captain reunite with Guinan (Whoopi Goldberg), the El-Aurian bar hostess from Star Trek: The Next Generation.

As I wrote in my review last year, the series is set 20 years after the events of Star Trek: Nemesis. The first season opened with Jean-Luc Picard (Patrick Stewart) having retired to the family vineyard. His bucolic existence was interrupted by the arrival of a mysterious woman named Dahj (Isa Briones) who pleaded for his help. Alas, Picard failed to save her. She was killed in front of him by Romulan assassins belonging to a radical sect known as the Zhat Vash, who is dedicated to eradicating all artificial life forms. Picard discovered that Dahj was actually a synthetic—technically Data’s “daughter”—and she had a twin sister, Soji, who was also in danger.

Resolved to save Soji, Picard asked Starfleet for a ship, but he had been gone a long time, and his entreaties were rebuffed. Never one to admit defeat, Picard amassed his own scrappy crew over the next few episodes for his unauthorized rescue mission. The crew included Cristobal Rios (Santiago Cabrera), a skilled thief and pilot of the ship La Sirena; Raffi (Michelle Hurd), a former Starfleet intelligence officer and recovering addict; Dr. Agnes Jurati (Alison Pill); and a Romulan refugee, Elnor (Evan Evagora).

Enlarge / Seeing Guinan and Picard together again gives us some warm fuzzies.

YouTube/Paramount+

Some details about the second season have been trickling out over the last year. We know, for instance, that even though Picard’s consciousness is now in a synthetic body, the show will still explore themes of dealing with the last stage of one’s life, the nature of connectedness—hence the return of Q and Guinan—and Picard’s struggle with his own personal history, which will include time traveling to the past. Per the official synopsis:

Picard takes the legendary Jean-Luc Picard and his crew on a bold and exciting new journey: into the past. Picard must enlist friends both old and new to confront the perils of 21st century Earth in a desperate race against time to save the galaxy’s future—and face the ultimate trial from one of his greatest foes.

Patrick Stewart personally invited Whoopi Goldberg to reprise her role as Guinan in S2 during an appearance to promote S1 on The View in January 2020. Paramount dropped an initial S2 teaser in April last year, on First Contact Day, that strongly hinted that fan favorite Q—an extra-dimensional being with power over time, space, the laws of physics, and reality itself—would return and that the second season would play with time. A one-minute teaser dropped last July, giving us our first look at Q.

Q (John de Lancie) is up to his old tricks.
Enlarge / Q (John de Lancie) is up to his old tricks.

YouTube/Paramount+

That teaser also showed us that time has been broken in S2, with many significant changes. We saw Elnor and Raffi fleeing for their lives, Soji dressed all in white, Rios in a snazzy new Federation uniform with new insignia, and Agnes Jurati in civilian garb. Also, Seven of Nine awoke in an unfamiliar apartment, and when she looked in the mirror, her Borg implant was gone.

The full trailer has some of that same footage, and more. It opens with Picard ruminating on the moments that still haunt him, “moments upon which history turns.” Then, he wakes up in a different timeline, with Q welcoming Picard to the “road not taken.” The Federation doesn’t seem quite so noble as the version we’ve known in the past, and what is that mysterious blue substance in a vial that Q gives to Altan Inigo Soong (Brent Spiner)?

The Borg Queen (Annie Wersching) is also back and might be to blame for some time shenanigans that transport Picard and his crew back to 2024. Star Trek: Deep Space Nine fans will understand the significance of that year, detailed in the two-part episode “Past Tense.” It’s the year of the Bell Riots, a protest and crackdown that proved so violent that America embarked on a course of social and political reform that ultimately led to the formation of the Federation. So messing with that point in the timeline could have some serious repercussions.

Annie Wersching plays the Borg Queen this time around.
Enlarge / Annie Wersching plays the Borg Queen this time around.

YouTube/Paramount+

Desperate for someone who can help him understand what is going on with the divergence in time, Picard walks into a bar that just happens to be run by Guinan—perhaps a bit less posh than Ten Forward, but still plenty cozy. “I’m gonna need some tea. Earl Grey. Piping hot,” Guinan says, wearing a truly spectacular red hat. She warmly embraces her old friend, assuring him, “I believe you have one final frontier yet to come.”

The second season of Star Trek: Picard premiers on Paramount+ on March 3, 2022. A third season filmed concurrently, so we’ll be getting even more adventures from the crew of La Sirena.

Listing image by YouTube/Paramount+

Continue Reading

Gaming

Here’s why some games aren’t “verified” for Steam Deck compatibility

Published

on

Enlarge / The Steam Deck, from Valve.

Back in October, Valve laid out the specific review guidelines that a Steam game would have to follow to earn an optional “Deck Verified” badge on its Steam Store page. Now, the results of the first of those verification reviews are starting to leak out, and they’re showing some minor input and interface issues across a handful of games running on Steam Deck.

While the Deck Verified badges have yet to show up on the Steam Store itself, the metadata surrounding the program is already being added to the Steam backend for some titles ahead of the Steam Deck’s planned launch next month, as picked up by services like SteamDB. Of the 86 games with verification review results so far, 41 have at least one issue preventing them from receiving a full “Verified” badge.

First, the good news: Almost all of those un-verified games are still rated as “Playable” under Steam’s guidelines. Only five reviewed games so far have received the dreaded Steam Deck “Unsupported” badge from Valve. Four are virtual reality games, which fail for the simple listed reason that “Steam Deck Does Not Support VR Games.” The fifth, Persona 4 Golden, seems to fail because in-game videos use a problematic Windows Media Player codec that could be difficult to implement through Steam Deck’s Linux Proton compatibility layer. “Valve is still working on adding support for this game on Steam Deck,” the game’s metadata says.

Every single “Playable” or “Verified” game, on the other hand, has a “default graphics configuration [that] performs well on Steam Deck.” That lines up with Valve’s July promise that the Steam Deck will be able to run “really the entire Steam library” at 30 fps with the device’s native 800p resolution.

Not perfect, but still “playable”

The common issues that differentiate a “Verified” game from a merely “Playable” one on the Steam Deck often amount to input annoyances. In 15 of the 36 “Playable” titles identified so far, for instance, a launcher or setup tool “may require the touchscreen or virtual keyboard or have difficult-to-read text,” according to Steam.

There are also 14 games identified so far in which “entering some text requires manually invoking the on-screen keyboard” and 11 that “require use of the touchscreen or virtual keyboard or a community configuration.” A total of 13 games don’t support “external controllers for the primary player,” which could be a problem if you want to plug in your own device via USB.

For some Steam games, this kind of external input won't work for primary player control on the Steam Deck.
Enlarge / For some Steam games, this kind of external input won’t work for primary player control on the Steam Deck.

Visual interface problems are also relatively common in the first batch of Deck Verified reviews. Unreadably small text has been identified as a problem in nine titles, while 14 “sometimes show mouse, keyboard, or non-Steam-Deck controller icons” when played on the Deck.

The Deck Verified program also goes out of its way to identify games that require an Internet connection either for first-time setup (11 titles so far) or throughout single-player gameplay (nine titles). This is a notable issue for Electronic Arts games, which require the use of the third-party Origin client on top of Steam’s own DRM and could make playing on the go more difficult.

While this initial list of Steam Deck compatibility problems is far from a randomly chosen scientific survey, it’s still an interesting look at the small issues that are likely to affect some titles when the hardware launches. It will be interesting to see how many “Playable” titles issue updates to achieve full “Verified” status after the Steam Deck is in players’ hands.

Keep reading for details on the 86 games that have been reviewed for the Deck Verified program as of this writing.

Continue Reading

Trending