Ubisoft "Uplay" fail?

**batto** · Aug 6 2012, 23:57

Originally Posted by Sniperwolf572

Shitty and shifty as Uplay is, it's funny how conspiracy theories are formed over even the stupidest things.

What happened is that the browser plugin was naively coded and a developer at Ubi thought "Yup, Base64, nobody will ever break that!" and nobody noticed it.
No amount of regular QA testing would've caught this, because, the feature it was made for worked as expected. Unless of course they have QA that focuses on security issues like this. What would've probably caught it in a blink of an eye is a peer review of the code written from someone who understands the implications of not filtering any user input.

The stupid thing is that their browser plugin allow execution of local programs from JavaScript (eg. from anywhere). If they are TAHT stupid (as in "why on earth are such people allowed to code?") to think that no one will notice it from base64 (very easy to recognise) argument to option that is named orbit_exe_path, then, well, there'll be probably much more going on in the wild =).

**RangerPL** · Aug 7 2012, 03:51

Chrome opened the link but didn't open Calculator.

Good on you, Chrome.

Thread: Ubisoft "Uplay" fail?

Thread Tools

Display

Similar Threads

CfgVehicles: overriding "accuracy", "camuflage" and "sensitivity"

Can't open base-Arma 2 missions. "Error" message claiming that it is "Read Only" up.

Veteran difficulty - Tips for playing without "TAG's" and "Extened Map Info"

Add "LAND", "Up" and "Down" actions to command menu

Different units for "Driver", "Gunner", "Comm

Posting Permissions