Results 1 to 5 of 5

Thread: Tera Disables Chat After Players Discover It Could Be Used To Send Malware

  1. #1
    Elder Arcanist
    Ackar's Avatar
    Join Date
    Jul 2003
    Posts
    10,797

    Tera Disables Chat After Players Discover It Could Be Used To Send Malware

    MMO Disables Chat After Players Discover It Could Be Used To Send Malware

    I think we can all agree that general chat in MMOs is usually not super great. Now imagine if those spam-slinging all-caps jerkholes could also force everyone to download computer viruses via that chat window.

    Yesterday, a member of the subreddit for the long-running action-MMO Tera posted about a potentially ruinous vulnerability in the game’s chat system. The poster, Gosukek, along with other players on Discord, claimed that Tera’s chat interface uses HTML, meaning that if unscrupulous types got creative, they could theoretically do everything from forcing everyone to look at nauseating imagery to collecting everybody’s IP address to remotely executing malware and viruses on people’s computers. This issue has seemingly been present for years.

    In response, Tera publisher En Masse quickly announced that the game’s chat services would be taken offline. It added, however, that it seems as though nobody’s taken advantage of the vulnerability so far.

    “There are very serious claims floating around of what this vulnerability potentially allows malicious users to do,” En Masse wrote in a forum post. “We are taking these claims very seriously but, as of this time, we have no evidence that the vulnerability is being exploited in these ways or that any player information has been compromised.”

    As of now, all chat except guild chat has been disabled while the game’s developers work on a fix. There is currently no ETA for when it’ll be re-enabled. Given that MMOs are kinda all about communicating with other players, probably go ahead and wait before jumping into this one—if, you know, you were suddenly planning to after five years.

  2. #2

    Re: Tera Disables Chat After Players Discover It Could Be Used To Send Malware

    Why the fuck would MMO chat channels need HTML?
    "When you name your baby Jeeves...you've pretty much set up his career for life. You don't see many Hit Men, for example, named Jeeves. "Pardon me sir, but I must wack you now."
    — Jerry Seinfeld

  3. #3
    No prison can hold me!
    Schezar's Avatar
    Join Date
    Jun 2003
    Posts
    10,029

    Re: Tera Disables Chat After Players Discover It Could Be Used To Send Malware

    Quote Originally Posted by FilanFyretracker View Post
    Why the fuck would MMO chat channels need HTML?
    So you can infect them with malware, duh.
    ------------------------------------------
    I *AM* the Chinpokomon master!

  4. #4
    Lost Bard
    Even More Lost Bard
    Ruldar's Avatar
    Join Date
    Jun 2003
    Posts
    3,847

    Re: Tera Disables Chat After Players Discover It Could Be Used To Send Malware

    They had to have been doing more than just HTML for their chat for malware to be a problem. In the end HTML is just text with no programming logic, you'd need javascript or some other sort of embedded executable content to deliver anything actively dangerous.

  5. #5
    #YesAllCats
    Goladus's Avatar
    Join Date
    Jun 2003
    Posts
    24,924
    Blog Entries
    1

    Re: Tera Disables Chat After Players Discover It Could Be Used To Send Malware

    In the end HTML is just text with no programming logic
    And even then, it's grown to be a rather large and complex standard. Saying that a chat client can render HTML doesn't really mean anything, by itself. You might, for example, use an HTML rendering library to enable hyperlinking to loot and spell descriptions from chat, for example. That doesn't necessarily mean that a malicious user could trivially troll and collect your IP by posting to chat something like <img src="http://mywebhost.anon/goatse.jpg">.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •