PvP servers for Dark Souls series taken down following concerns over RCE exploit

ds333.png

All PvP servers for the Dark Souls games have been deactivated after Bandai Namco was made aware of a major exploit that can be performed. This was revealed by Twitch user The_Grim_Sleeper, as they were invaded by another player who then used a remote code execution exploit to open Narrator on the streamer's PC, using speech-to-text to read aloud a troll message. It looks like the "hacker" themselves was not a troll, though; according to The Verge, the person who pulled off the exploit was a concerned player who had discovered the RCE, and had attempted to contact the developers so they could fix it. However, they were reportedly ignored, so the person took to targetting a streamer so that news of the exploit would find its way to news outlets and social media after being showcased happening live.

Following the reports of the exploit and concerns from fans, the Twitter account for Dark Souls announced that the servers for Dark Souls: Prepare to Die, Remastered, 2, and 3 would all be taken down for a short time in order to investigate. This currently only affects the PC versions of the games, and servers for the console ports of the games are still online.

 

Zonark

Zonark - Noun - A God
Member
Joined
Jul 11, 2010
Messages
374
Trophies
0
XP
1,785
Country
United States
I agree fully I highly doubt it would just be narrator running is someone was really wanting to cause harm
 

diggeloid

Alex
Member
Joined
Apr 29, 2019
Messages
359
Trophies
0
Age
32
Location
gbatemp.net
XP
1,475
Country
United States
If anyone needed more proof that playing games on a work/personal PC with important stuff on it is a bad idea. Games are rarely written to be secure.

...although, if you're on Linux, you could throw all of your games into Docker/Podman containers and not worry about RCE exploits touching your system, and not lose any performance like you would with a VM.
 

AlexMCS

Human
Member
Joined
Jul 3, 2018
Messages
440
Trophies
0
Age
36
Location
Fortaleza
XP
1,830
Country
Brazil
If anyone needed more proof that playing games on a work/personal PC with important stuff on it is a bad idea. Games are rarely written to be secure.

...although, if you're on Linux, you could throw all of your games into Docker/Podman containers and not worry about RCE exploits touching your system, and not lose any performance like you would with a VM.

chroot jail would be enough on Linux

As for windows, running as an unprivileged user can solve security issues, if there isn't a privilege escalation exploit on the system as well.
 

N7Kopper

Proud lover of a three-inch girlfriend
Member
Joined
Aug 24, 2014
Messages
798
Trophies
0
Age
28
XP
1,011
Country
United Kingdom
chroot jail would be enough on Linux

As for windows, running as an unprivileged user can solve security issues, if there isn't a privilege escalation exploit on the system as well.
There's always a possibility of breaking through any software sandbox. Extra security layers are very helpful, but robust is not invincible. If you're THAT concerned, don't account on your gaming PC's network.
 

Tom Bombadildo

Dick, With Balls
Editorial Team
Joined
Jul 11, 2009
Messages
14,360
Trophies
1
Age
27
Location
I forgot
Website
POCKET.LIKEITS
XP
17,750
Country
United States
TBH I'm shocked they're bothering to do anything at all really, so good for them I guess. I don't expect they'll just shutdown the servers completely, they'll probably just actually implement an anti-cheat that should be able to detect shit like this and just kick players from sessions who are detected using cheats (ie like the Blue Sentinel mod for DS3).
 
  • Like
Reactions: Xzi

diggeloid

Alex
Member
Joined
Apr 29, 2019
Messages
359
Trophies
0
Age
32
Location
gbatemp.net
XP
1,475
Country
United States
chroot jail would be enough on Linux

As for windows, running as an unprivileged user can solve security issues, if there isn't a privilege escalation exploit on the system as well.
Nah, a simple chroot doesn't get you anywhere near the amount of security/isolation you'd get with something like Docker or Podman, which use kernel sandboxing features. Throw in some SELinux on top of it all, and you have some hardcore security.

As for Windows, an unprivileged process can still fuck your shit up. I haven't tried Windows 11, but I know that Win10 (and earlier) at least doesn't implement any kind of sandboxing. So a rogue process might not be able to delete your System32 folder, but it could definitely ransomware your files, steal your bitcoins, email your pron folder to grandma, etc.

On Windows the only reasonable thing to do is to not play games on a PC that has important stuff.
 

codezer0

Gaming keeps me sane
Member
Joined
Jul 14, 2009
Messages
3,228
Trophies
0
Location
The Magic School Bus
XP
3,291
Country
United States
I just hope they actually fix it rather than just killing off the servers for good.
Nintendo flat out banned all DS and Wii online access entirely because they refused to fix the endemic of impossible trades that flooded the Pokémon gts. And of course it just followed the new system, at the bonus of being required to pay for nso *and* Pokémon home to suffer through it.

Back on topic...

From software has a history of treating the PC platform like a fourth world nation. I don't think they'd even know how to fix it, much less are willing to do so.
 

tech3475

Well-Known Member
Member
Joined
Jun 12, 2009
Messages
2,807
Trophies
1
XP
3,869
Country
Their servers were under fire, much like Titanfall. I feel an exploit isn't reason enough to shut down servers. Guess we'll see?

I just used that as an example, particularly since the PS4 version was still being supported.

We don't know the exact cause nor potential solution to this problem, even something as simple as updating a library has given me problems in the past due to changes. Won't be surprised if some manager goes 'it's not worth the cost' or even just uses this as an excuse to shutdown the servers.

My post was just the worst case scenario and I hope it wont be the case.

As you say, we'll have to wait and see.

Nintendo flat out banned all DS and Wii online access entirely because they refused to fix the endemic of impossible trades that flooded the Pokémon gts. And of course it just followed the new system, at the bonus of being required to pay for nso *and* Pokémon home to suffer through it.

Back on topic...

From software has a history of treating the PC platform like a fourth world nation. I don't think they'd even know how to fix it, much less are willing to do so.

Reportedly, Gamespy's shutdown was the reason behind closing Nintendo Wi-Fi Connection.
 
General chit-chat
Help Users
  • No one is chatting at the moment.
    JuanBaNaNa @ JuanBaNaNa: @DinohScene asking about amongus...