These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

Rubicon successfully deployed but the IGB is still chrome version 3!?

Author
xarjin
Galactic Deep Space Industries
Brave Collective
#1 - 2013-11-19 20:53:04 UTC
I posted about this issue 6 roughly six months ago that the IGB badly needed a version upgrade because of critical security vulnerabilities and it still hasn't been addressed.

https://forums.eveonline.com/default.aspx?g=posts&t=245325

CCP when if ever can we expect to have the IGB not be vulnerable to remove web exploits? I'm really not trying to be a buzzkill here but taking the security of your subscriber's computers more seriously would be very positively received.

If the Hypothetical reverse scenario ever happened where every CCP subscriber 's computer of eve online was infected with a trojan virus because websites can detect browser versions the fallout could be catastrophic.

If you dont think this is a serious problem or your a subscriber check for yourself.

http://www.whatismybrowser.com

Google chrome version 3 is a serious security risk.
Landrae
The Scope
Gallente Federation
#2 - 2013-11-19 20:54:43 UTC
Does anyone really use the IGB for anything but funny pictures? Or am I alone in that?
Dixie Branda
I blow myself up
#3 - 2013-11-19 20:55:40 UTC
Agreed I would actually like to see this updated
Unsuccessful At Everything
The Troll Bridge
#4 - 2013-11-19 21:00:55 UTC
Landrae wrote:
Does anyone really use the IGB for anything but funny pictures? Or am I alone in that?



There was another guy in another thread who was using it for Redtube... but he didn't want to admit that.

Since the cessation of their usefulness is imminent, may I appropriate your belongings?

Landrae
The Scope
Gallente Federation
#5 - 2013-11-19 21:05:26 UTC
Unsuccessful At Everything wrote:
Landrae wrote:
Does anyone really use the IGB for anything but funny pictures? Or am I alone in that?



There was another guy in another thread who was using it for Redtube... but he didn't want to admit that.


Do videos even run on the IGB?
Batelle
Federal Navy Academy
#6 - 2013-11-19 21:06:37 UTC  |  Edited by: Batelle
Landrae wrote:
Does anyone really use the IGB for anything but funny pictures? Or am I alone in that?


There's also porn, because sometimes you have downtime in fleet and someone is usually nice enough to provide links (without prompting).

Occasionally I'll open up dotlan or eve-kill using the IGB, but more typically I'll just use use an out of game browser and juggle 2 clients and a browser between 2 screens. Adding more clutter to my eve clients isn't that helpful

"**CCP is changing policy, and has asked that we discontinue the bonus credit program after November 7th. So until then, enjoy a super-bonus of 1B Blink Credit for each 60-day GTC you buy!"**

Never forget.

xarjin
Galactic Deep Space Industries
Brave Collective
#7 - 2013-11-19 21:10:06 UTC
A friend in game mentioned CCP Stillman would be the guy to inquire with specifically about this issue. Perhaps he would be willing to comment on this.

I messaged CCP Manifest about this last June just assuming he might be able to aid with this gaining some traction.

The thing here with this being the IGB is so far out of date and insecure it really wouldn't matter what type of web content you only used the IGB to view.

If someone wanted to go to the trouble of using social engineering to popularize a malicious website for the eve community to consume they would have very little resistance potentially creating a botnet of infected computers from eve subscribers computer systems.
Batelle
Federal Navy Academy
#8 - 2013-11-19 21:13:55 UTC
xarjin wrote:
If someone wanted to go to the trouble of using social engineering to popularize a malicious website for the eve community to consume they would have very little resistance potentially creating a botnet of infected computers from eve subscribers computer systems.


Pretty sure this would be the kind of player ingenuity that leads to bad press instead of good press.

"**CCP is changing policy, and has asked that we discontinue the bonus credit program after November 7th. So until then, enjoy a super-bonus of 1B Blink Credit for each 60-day GTC you buy!"**

Never forget.

Messoroz
AQUILA INC
#9 - 2013-11-19 23:44:53 UTC  |  Edited by: Messoroz
The only way to get CCP to update it is to exploit it.

Which is incredibly simple because you jsut have to search for CVE's for Chrome for the last 4 years, pick any.

The best part is, the work is so easy for CCP, they use a framework called Awesomium to embed it. It has an API and everything, they jsut need to update the package and potentially some API calls.

http://www.awesomium.com/
xarjin
Galactic Deep Space Industries
Brave Collective
#10 - 2013-11-20 09:05:01 UTC
Just bumping this for some visibility since i did post this after office hours icelandic time yesterday and by my watch it should be around 9am Wednesday morning in Reykjavik.

Hoping some dev's or CCP Stillman will see this topic. this has been an ongoing concern for several years and remains unresolved with no comment from any CCP staff.

When the eve subscribers have already been able to test and confirm the the IGB can be remotely exploited i find myself more persistent to continue trying to help get this issue fixed.

Not commenting on this doesn't help the issue. No amount of Obscurity can help with security in this scenario.

CCP Stillman your our only hope!
Kaarous Aldurald
Black Hydra Consortium.
#11 - 2013-11-20 09:06:48 UTC
I use the IGB for FleetUp.com (Best fleet planner. ever.) and when I feel like getting trolled and clicking on links to potentially (potentially, who am I kidding) offensive links in local.

That's it. Otherwise, I quite simply don't care.

"Verily, I have often laughed at the weaklings who thought themselves good because they had no claws."

One of ours, ten of theirs.

Best Meltdown Ever.

xarjin
Galactic Deep Space Industries
Brave Collective
#12 - 2013-11-20 09:18:15 UTC
Kaarous Aldurald wrote:
I use the IGB for FleetUp.com (Best fleet planner. ever.) and when I feel like getting trolled and clicking on links to potentially (potentially, who am I kidding) offensive links in local.

That's it. Otherwise, I quite simply don't care.



The people that dont care tend to be the ones most at risk. I agree you shouldn't have to be concerned at all but even the image renderer in chrome versions as old as this are vulnerable to exploits.
SpaceSaft
Almost Dangerous
Wolves Amongst Strangers
#13 - 2013-11-20 11:15:58 UTC  |  Edited by: SpaceSaft
Batelle wrote:
xarjin wrote:
If someone wanted to go to the trouble of using social engineering to popularize a malicious website for the eve community to consume they would have very little resistance potentially creating a botnet of infected computers from eve subscribers computer systems.


Pretty sure this would be the kind of player ingenuity that leads to bad press instead of good press.


What?! RL EWAR! You're in a fleet about to engage the enemy, start attacking and YOUR WHOLE FLEETS' EVE SHUTS DOWN. Shut down by a program a spy in the enemy alliance that volunteered for their website team and used an exploit there. All he would have to do is occasionally link something unsuspicious in alliance chat.

That would be hillarious. And probably illegal.
marVLs
#14 - 2013-11-20 11:43:53 UTC
I think they're waiting for WiS to implement better web browsing into UI
James Amril-Kesh
Viziam
Amarr Empire
#15 - 2013-11-20 11:50:10 UTC
Messoroz wrote:
The only way to get CCP to update it is to exploit it.

Which is illegal in most countries.

Enjoying the rain today? ;)

xarjin
Galactic Deep Space Industries
Brave Collective
#16 - 2013-11-20 17:39:05 UTC
9 hours later and Eve online is still the most insecure software program installed on my computer with no hope of a remedy and no replies from the developers Roll
Captain Tardbar
Deep Core Mining Inc.
Caldari State
#17 - 2013-11-20 18:24:45 UTC
I would like to also point out that viewing Slashdot usually crashes the in game browser.

Looking to talk on VOIP with other EVE players? Are you new and need help with EVE (welfare) or looking for advice? Looking for adversarial debate with angry people?

Captain Tardbar's Voice Discord Server

Messoroz
AQUILA INC
#18 - 2013-11-21 04:59:11 UTC
James Amril-Kesh wrote:
Messoroz wrote:
The only way to get CCP to update it is to exploit it.

Which is illegal in most countries.


Welcome to the internet, nobody gives a fudge.
Pak Narhoo
Splinter Foundation
#19 - 2013-11-21 08:24:30 UTC
Somehow I'm not surprised not seeing any dev response on this topic which, one way or the other, affects us all.

Come on guys, not that hard to type: "we're aware of it" or "we're working on it".


Anyway, not going to let this one die like the OP's first post which went down without any reply.
Ben Scavng
Not Fear Know
Shadow Ultimatum
#20 - 2013-11-21 08:38:56 UTC
I was not aware of this problem and I really think they should work on that.
12Next page