EA Origin 취약점으로 3 억 명의 사용자가 위험에 처했었을 수도

ment 6/27 '19 posted 뉴스 IT

• 이 취약점은 온라인 및 클라우드 플랫폼이 얼마나 침해를 받기 쉬운 지 생각나게 합니다.

• " 점점 더 많은 수의 중요한 고객 데이터가 있기 때문에 이러한 플랫폼은 해커들에 의해 점점 더 공격 대상이되고 있습니다"라고 Check Point의 Oded Vanunu는 말했습니다.

• Check Point와 Cyber Int는 2 단계 인증을 활성화하고 게임의 다운로드 또는 구매에 공식 Web 사이트만을 사용하도록 게이머에게 조언합니다.

• 대신 해커가 버려진 하위 도메인을 사용하여 인증 토큰을 훔쳐 가지고 OAuth 싱글 사인온과 EA의 로그인 시스템에 내장된 TRUST 메커니즘을 이용하여 이러한 계정에 대한 액세스를 얻을 수 있었습니다.

• 좋은 소식은 Check Point와 CyberInt가 실제 악의적인 행위자가 이를 활용하기 전에 Electronic Arts에 취약점에 대해 경고했다는 것입니다. EA가 두 회사가 제공한 정보를 사용하여 그것을 폐쇄 할 수 있었습니다.

The vulnerabilities took advantage of abandoned subdomains,…

EA patched Origin security flaws that put millions of users at risk [www.engadget.com]

Security breaches and vulnerabilities in gaming…

EA Origin vulnerability could have risked 300 million users [www.slashgear.com]

Israeli security firms Check Point and CyberInt partnered up this week to find,…

Security firms demonstrate subdomain hijack exploit vs. EA/Origin [arstechnica.com]

EA…

EA Origin had a vulnerability that left 300 million players potentially exposed [www.cnet.com]

Researchers at Check Point working with CyberInt have…

Major vulnerability found in EA's Origin gaming client [betanews.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

6/27 '19 answered

EA patched Origin security flaws that put millions of users at risk https://t.co/Cye2XTaDmm pic.twitter.com/JdS7PFrCK3
— Engadget Gaming (@engadgetgaming) June 26, 2019

Wowie zowie! This should have some admins and webmasters to see if they have any no longer being used CNAMEs: Security firms demonstrate subdomain hijack exploit vs. EA/Origin @arstechnica https://t.co/nFXkc1gmG8
— Christine Hall (@BrideOfLinux) June 26, 2019

Security firms demonstrate subdomain hijack exploit vs. EA/Origin - From Discover on Google https://t.co/iLKwULOm46
— Martin McKeay (@mckeay) June 26, 2019

EA patched Origin #security flaws that put millions of users at riskhttps://t.co/PDP3fRR0dP #EA #Games #DataLeak #cloud #CloudSecurity #SecurityIssues
— William Harvey (@williamharvey07) June 26, 2019

As long as vulnerabilities remain, proactive detection and prevention strategies are the only way to prevent damage before it happens. https://t.co/XmFgfedZ6Q
— DataVisor (@DataVisor) June 26, 2019

permanent link

Open Wiki - Feel free to edit it. -

6/27 '19 answered

【自分用メモ】Security firms demonstrate subdomain hijack exploit vs. EA/Origin | Ars Technica https://t.co/HTdMaDBkY3
— Yasuhiro Morishita (@OrangeMorishita) June 27, 2019

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured