DCEmu Featured News Articles

Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the DOJ and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. The remote wipe move will require consent, and the action does does come with warnings from the court that provided the injunction against the botnet, however. 'While the 'uninstall' command has been tested by the FBI and appears to work, it is nevertheless possible that the execution of the 'uninstall' command may produce unanticipated consequences, including damage to the infected computers,' the authorization form reads. FBI Special Agent Briana Neumiller said, 'The process does not affect any user files on an infected computer, nor does it ... access any data on the infected computer.' The DOJ and FBI did not say how many machines it has identified as candidates for its uninstall strategy, but told the judge that FBI field offices would be notifying affected people, companies and organizationshttp://it.slashdot.org/story/11/04/2...-From-Some-PCs ...

The recent attacks and subsequent user information breach is evidence that internet fraudsters are now increasingly targeting social and other such networks because of their softer security measures compared to banks and online retailers.

That's according to data protection expert and Open University lecturer Blaine Price, who told BBC that networks such as Sony's PSN are forced to sacrifice security in favour of usability.




"Any lock can be picked," said Price, adding, "There's always a trade off in security between usability - being able to get at what you want, and making it secure.

"Your online banking site is much more sophisticated," he went on to explain, making it a more strenuous process for users to get their details, but is more secure because of it.

"A bank would usually use two-factor authentication, where you've not just got a password. It would be a real pain if every time you want to start up a game you had to scan your thumb, type in 15 digits and pull out a card reader.

"Any time you're just using a user ID and password, it's going to be a risk," said Price.

David Emm, a senior security researcher for Kaspersky Labs, chimed in with age-old advice - don't use the same passwords for all your site/network accounts. "The weakest link is always the individual," said Emm, noting peoples' tendency to use the same password across the internet to make logins easier to remember.

"Clearly, trying to undermine a bank's security is a lot of effort. Whereas if you go after an individual, it's not going to be noticed, it's going to be easier to do."

Meanwhile, the Information Commissioner's Office's (ICO) David Smith questions companies need to collect such extensive amounts of personal data. "It's a very important data protection principle that you shouldn't collect excessive information or keep it longer than is necessary.

"The question about, for example, why an organisation asks for a specific date of birth, as opposed to an age band, is at the centre of our work," he said.

http://www.computerandvideogames.com...VG-General-RSS ...

Anyone else wake up this morning with an icky feeling in their stomach?

Stupid, really. No-one died, there was no physical damage. I'm still here, you're still here. I'm sure your mum's fine.

And yet such a wave of immediate vulnerability, combined with a crash of breathtaking, stomach-crippling naivety... it was almost bleak.

The non-gaming world still hasn't fully grasped it yet, but it's one hell of a scary day to be a tech-savvy citizen. Our very way of life has been attacked, and consciously acknowledged or not, we are reeling.




The immediate and vicious communal ire, unsurprisingly and to a large degree deservedly, has been directed at Sony. These are, after all, the personal and financial details with which over 70 million consumers - roughly the population of the entire UK - confidently entrusted the platform holder.

It seemed a simple deal: we'll give you oodles of cash for brilliant content, you take our money with a grin. Oh, and don't be frivolous with our entire online identity. Cool?

Overnight, that unspoken contract (or, indeed, that contracted contract, depending on the inevitable litigious tussle) has been eroded with a single, crushing phrase: "An unauthorized person has obtained the following information." I still feel slightly winded after reading it.

Sony may tell us that it's received no reports of credit card fraud from PSN users, but that will be shallow comfort to an uneasy, woozy consumer base. Under its guard, the safety apparatus has been ripped off our personal wealth - in some cases, the very funds that will bedrock our future livelihood. Some degree of inflated panic is entirely condonable.

But to lay the blame solely at Sony's feet is to do injustice to the guile, deviousness and frightening perspicacity with which the PlayStation Network has been invaded. And, moreover, to the rabid motivation that has driven it.

It is a fact that there may have been vulnerabilities in Sony's security that were overlooked. They should be independently investigated - and Sony fully held to account for any proven wisp of negligence.

But in fairness, the platform holder has been doing battle with a far greater force than a mere deficiency-seeking drone, out to wheedle its weak spots; it has been dealing with the rapacious human will of a fanatical foe.

It has, to all intents and purposes, been turned on by a technological terrorist - one without the malevolence for bloodshed or tragedy, but a terrorist nonetheless. Our cosy reliance on Sony's steel walls has been splintered; our trust in the system spooked.




Thankfully - and I'm typing with fingers crossed and rabbit foot firmly attached - the perpetrator who shattered PSN's previously impenetrable digital fortress is more likely to be a spliff-in-mum's-garage nerd than a hardened, profit-seeking criminal. A nerd like the unfortunate Gary McKinnon, who - perspective alert! - allegedly snuck behind the digital perimeters of NASA and the US Navy, Army and Air Force in 2001. From his mum's computer. Just to check on UFOs.

Like McKinnon, PSN's nemesis is likely hyper-intelligent and, no doubt, not exactly a darling of high society.

The fact that a full week has passed since the PSN attack without any reported credit card fraud is reason for us all to relax at least a little - and to suggest that the end-game for Sony's public enemy no.1 was to expose, rather than embezzle; to win, rather than wound.

But what kept them ticking? Whoever successfully 'intruded' (Sony's Carry On euphemism does bring some light relief to proceedings, don't you think?) PSN last week was a demonstrable zealot; fixated on leaving Sony red-faced, and bringing its establishment crashing down.

If I were a betting man, and I'm not (or at least, I can't afford to be whilst my VISA lies legs akimbo to the criminal underworld), I'd put 50,000 MS Points on why I think PS3 was targeted in such a furious manner: Simply, because Sony beat the hackers.

Not only did its console lay non-moddable for years - the Batmobile of gaming next to Nintendo and Microsoft's relative Robin Reliants - but when Sony's Blu-ray beast was finally jailbroken, the company hit back. Hard.

It took the livewire king of the community, one George Hotz, and neutered him explicitly and unrelentingly, right in front of his acolytes. 'GeoHot' and Sony may have settled out of court, but Hotz's passive-aggressive, tail-whipped final rallying whispers to his fans were an embarrassment; a lobotomised whimper compared to the "fudge-packer" grandstanding heentertained us with at his height.




One Flew Over The Cuckoo's Nest analogies rush into view: The establishment had won, and made a clear example of the rebels' bloodied hero - all the while sending out a very clear message: 'Do not f*ck with us. Do not try and outwit us. Do not challenge our rule." So that's exactly what somebody in the hacking community decided to do, bigger and bolder than ever before.

Now it is Sony, not Hotz, which finds itself with its pants around its ankles; whilst a rebelliously-minded networking genius probably sits shaking, stunned at his own lawlessness ...

The devastating attack on the PlayStation Network (PSN) is yet another illustration of how technology-savvy criminals are determined to get their hands on our personal information.
As gamers rued the missed opportunity for online play over the holiday weekend, hackers were able to embark on an Easter hunt around the PSN, picking up small clues which could lead to a bigger prize: card fraud and identity theft.
The hack, which has led to the network being unavailable for over a week, has left observers wondering if a company as vast and seemingly advanced as Sony can get hit, who out there is safe?
The answer, according to experts, is no-one - and something similar will almost certainly happen again.
"We're moving into an era of 'steal everything'," said David Emm, a senior security researcher for Kaspersky Labs.
Continue reading the main story “Start Quote
End Quote Blaine Price Open University
He believes that cyber criminals are now no longer just targeting banks or retailers in the search for financial details, but instead going after social and other networks which encourage the sharing of vast amounts of personal information.
Soft targets
Because of the need to be widely accessible and easy-to-use, networks like PSN are seen as being more vulnerable to attack than banks or big retailers.
"Any lock can be picked," said Blaine Price, senior lecturer in computing at the Open University and an expert in data protection.
"The reason is that there's always a trade off in security between usability - being able to get at what you want to get at, and making it secure.
"Your online banking site is much more sophisticated."
Setting up a PSN account involves a lengthy and sometimes frustrating process of entering personal data - usually on a games controller. But this is a one time inconvenience, as data is saved by the network so that next time around it only takes a few steps.
A more secure option would seriously hinder this process, Mr Price argues.
"A bank would usually use two-factor authentication, where you've not just got a password.
Other gaming networks, such as Microsoft's Xbox Live, could be vulnerable, experts claim.
"It would be a real pain if every time you want to start up a game you had to scan your thumb, type in 15 digits and pull out a card reader.
"Any time you're just using a user ID and password, it's going to be a risk."
For networks like the PSN, or indeed, any system which encourages its users to share lots of data, this poses a massive problem.
Bombarded with countless passwords for a multitude of web services, users are prone to keeping the same or similar details for all.
Discovering the password on one account can often lead to clues about someone's online banking credentials, a far less difficult approach than attempting to hack the bank itself.
"The weakest link is always the individual," said David Emm.
"Clearly, trying to undermine a bank's security is a lot of effort. Whereas if you go after an individual, it's not going to be noticed, it's going to be easier to do."
Data minimisation
As news of the PSN breach emerged, the list of exposed details proved as serious as it was lengthy. Customers' names, date-of-birth, addresses and, Sony fears, their financial details were all compromised.
A more cautious observer would argue that an obvious method of preventing personal information from being taken is to simply never share it, but this is unworkable for people wanting to make use of the latest technology.
There is an on-going debate over how just how much information is necessary for the safe and secure running of a service, and how much simply bolsters the company's marketing opportunities.
At the forefront of this debate is the Information Commissioner's Office (ICO), which said that as well as investigating whether Sony has adequate security measures in place, it will be taking a close look at exactly what data the company collected and why.
"Data minimisation is a security measure in itself," deputy information commissioner David Smith told the BBC.
"It's a very important data protection principle that you shouldn't collect excessive information or keep it longer than is necessary.
"The question about, for example, why an organisation asks for a specific date of birth, as opposed to an age band, is at the centre of our work."
In the mean time, Sony will be working to rebuild its network as securely as possible. For consumers however, worries will remain over the vulnerability of a system that they had previously trusted.
Other services too will be reviewing their own arrangements and seeking to assure customers that their details are safe.
Mr Price from the OU believes that networks must take a more open, transparent approach to security, sharing details about methods used so they can be peer-tested.
"The best thing for security is openness, believe it or not," ...

Sony has vowed to "proceed aggressively" in its attempts to track down hackers responsible for the PlayStation Network security breach, although customer anger at the incursion is already beginning to mount.
Although the basic PSN service is free to use some users are already demanding refunds for PlayStation Plus, music and video service Qriocity, and downloadable games - many of which do not work without a connection to PSN.
As a result Sony has updated its FAQ on the incident, but has so far made no promises regarding compensation: "When the full services are restored and the length of the outage is known, we will assess the correct course of action."
As the FAQ points out some games, mainly downloadable PSN titles, require PSN access for Trophy syncs and security checks.
Speaking to website IGN indie developers Mad Block Alpha and Open Emotion have indicated that Sony has already offered to help overcome problems from the outage. Both studios were due to see new content added to PSN last week, with Open Emotion CEO Paddy Murphy commenting:
"Sony will be helping us retain key focus [prominent placement on the PSN Store] for an extra few weeks as they understand how something like this can affect a small dev studio like ours."
"As it's our first week in the US, I'm sure it will affect sales, but we have to understand that Sony wouldn't take down the entire PSN on a whim. As long as they can give us some marketing assistance when the PSN is back up, we are sure we will be able to recoup our potential losses," he added.
Ordinary users though have not been so understanding, with the official PlayStation websites now filed with angry and concerned comments.
"What makes Sony look so bad is the silent treatment you have been giving us from day one. Facts are you knew that your system was compromised, you did [not] say a thing about it till days later and even then didn't tell us you suspected personal information might have been compromised," said user 'Agriel'.
"Sony you dropped the ball big time on this, you should fire your PR department because they don't have a [DELETED] clue what they are doing, and totally screwed you in this," he continued.
"I loved this set up on PSN and now I'm so [DELETED] off with what has happened I shall never trust Sony again ever. Looks like I'm going to be getting a [DELETED]box," added user 'Sutman'.
Some customers have been more understanding though, with 'Carnivius_Prime' commenting: "I can understand the frustrations but if anything it should be the hacker getting all the blame here. Why these guys can't simply just leave things alone. I'm sure Microsoft and Nintendo would have reacted the same way as Sony if it had happened to their services. I hope the hackers are tracked down and jailed."

http://www.gamesindustry.biz/article...sers-vent-rage
...

As expected Nintendo has revealed that the 3DS portable has missed its initial sales targets worldwide, with the company planning to reposition its marketing approach as a result.
Prior to the launch of the 3DS, Nintendo predicted 4 million sales by the end of the year. Although the portable console saw strong first week sales in all territories these quickly tailed off in subsequent weeks - as initially reported by third party analysts.
As a result the shipped total reached only 3.61 million by the end of the month.
Although the shortfall does not appear to be as large as some feared, assuming the sales total is similar to the shipped figure, Nintendo president Satoru Iwata has been quick to acknowledge the problems.
It has become clear that we need to do a lot more to convey the value to consumers.

Satoru Iwata, Nintendo

Speaking at an investor presentation following the company's recent financial results, Iwata claimed that the earthquake disaster in Japan had been a primary cause of low sales but that it could not explain similar drop-offs in Europe and North America.
"The initial sales were healthy," said Iwata of the Japanese launch in February. "However, the sales speed slowed down from the third week after its launch which is not what we had expected for the start-up transition."
"We originally expected that the value of 3D images without the need for special glasses would be automatically spread to some extent by many consumers experiencing the device by themselves and then playing with the pre-installed software like Nintendo 3DS Camera, AR Games and Face Raiders together with people around them," he continued.
"However, as a result of analysis of the situation after the launch, it has become clear that we need to do a lot more to convey the value to consumers," admitted Iwata.
Iwata highlighted that even shop demonstrations of the 3D effect were proving ineffective, where users did not adjust the 3D Slider to suit their eyes. He also suggested that new marketing efforts needed to be concentrated on emphasising the StreetPass and SpotPass features, as well as built-in software such as Face Raiders and AR Games.
The upcoming May firmware update, which will include the eShop and other online features, was also described as a key focus for future marketing.
A lack of choice amongst the initial line-up of games, which has suffered particular criticism in the West, was also identified as a key issue - with Iwata highlighting the upcoming release of titles such as Steel Diver, Zelda: Ocarina Of Time, and Resident Evil: The Mercenaries 3D in Japan.
"Nintendo will be working with our full strength in order to spread Nintendo 3DS as a mainstream handheld device, along with the third party developers and with our sales partners," he concluded.

http://www.gamesindustry.biz/article...disappointment
...

The Information Commissioner's Office (ICO) is to investigate Sony over the ongoing hacking scandal on PlayStation Network, it has been confirmed.
ICO is a non-departmental public body reporting directly to Parliament and deals primarily with the Data Protection Act and other related legislation.
Speaking to sister siteEurogamer, officials have confirmed that it will investigate Sony in order to discover whether proper security safeguards were taken.
"The Information Commissioner's Office takes data protection breaches extremely seriously," said a representative. "Any business or organisation that is processing personal information in the UK must ensure they comply with the law, including the need to keep data secure.
"We have recently been informed of an incident which appears to involve Sony. We are contacting Sony and will be making further enquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office."
Although the exact nature and sophistication of the hacker attack is not clear the fact that Sony has already confirmed that passwords, and user data such as names and addresses, have been obtained implies that they were not properly encrypted - or not encrypted at all.
The latter in particular could cause Sony considerable legal and publicity problems if true, although currently much of customer's anger is directed at the perceived slowness of the company's approach to the problem and the lack of information on the breach.

http://www.gamesindustry.biz/article...ver-psn-breach
...

A service alert for Xbox Live has been issued, warning of "potential phishing attempts" in Call Of Duty: Modern Warfare 2 - although currently there is no interruption to services.
At time of press the service alert warns that: "Users may receive potential phishing attempts via title specific messaging while playing Modern Warfare 2.
We are aware of the problem and are working to resolve the issue. We apologise for any inconvenience this may cause and thank you for your patience."
The alert is only for the matchmaking element of Xbox Live, with no reported problems for the general service, Marketplace or accounts.
This may imply that attempts are being made to trick users into revealing personal or password information in-game, as part of the matchmaking process.
No further information is currently available from Microsoft or publisher Activision, but the alert comes as Sony is embroiled in the worst online security scandal so far experienced by the home console market.
http://www.gamesindustry.biz/article...dern-warfare-2
...

Users told: We believe your details have been taken

PlayStation Network customers are beginning to receive email warnings regarding the service's extraordinary security threat.
In a mass-email the PlayStation firm writes:

“We believe that an unauthorized person has obtained the following information that you provided: name, address, country, email address, birth-date, PlayStation Network/Qriocity password and login, and handle/PSN online ID.”
It is likely that the email was sent to every single active PSN user.
Sony announced in January this year that over 69 million people have registered a PlayStation Network account.
Yesterday Sony revealed that the data of "possibly all" PSN users had got into the hands of an unauthorised individual.
So far the stolen information has not led to reports of illicit credit card activity or identity theft, Sony claims.
“Not at this point in time,” the firm said yesterday.
It cannot be ruled out that credit card data was taken as part of the hack, Sony added, and judging by the perceived scale of the security alert, the likelihood of PSN credit card fraud is high.
In the mass-email, the company continued:
“It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
“If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility”.
Since the announcement last night, a flood of PSN users have asked their banks to change their credit card details.
Passwords have been wiped and some credit ratings have been put on 'fraud alert'
http://www.develop-online.net/news/3...-for-PSN-users
...