The final fiction 14 has a major problem in its code. In January, it was discovered that efforts to improve Square Annx’s blacklist system have made it completely terrifying Various Method
Basically, the new system identified the account directly to other customers instead of the player ID. These IDs allow easily hollow actors, bad actors and stickers to achieve a complete list of their target Alts through basic software, which allows to easily be harassed. Although methods such as controversial playerscope helped to collect and submit this information, they were just an indicator of an iceberg that was slowly increasing after the release of the extension.
Square Enxes promised to deal with the problem, and it seems that things are looking at 7.2. After a day less than a day, discovered by her Coder neat That “deployment is at risk, and that account identities are actually reversed.”
notnite Isn’t just a random person, anyway – he took Gashid an amazingly popular adventure to work back in 2023. Gashid was a popular mode that allowed players to apply customs shaders and filters in the game for screenshots or just for simple beauty – it was not even open source. The Notorate provided an alternative gastroining in a tight for tet, which eventually saw that its original creator, Kunda, lost it and put a malware in it, and strengthened his exile from the editing community.
In the recent blog he has a little crowded about the whole matter he had made Playerscope situationBeing a drama in the society right now, “increasing enough conversation to create a PC gamer”. Rush
All that is to say, I’m ready to believe her skills when she says, “Account identities can be brought back to their unambiguous form and then used as usual. Practically, there is nothing for a plug -like plug -in, except that they need to work hard and work hard.”
It should be noted that Neverets have not shared any details of it How He broke the algorithm, because only the bad actors would find the key to the city of the idiom – even though they could do it, it is assumed that other people will be able to follow it, and this is just a matter of time.
This is a huge concern of safety And A great embarrassment for Square Enxes – and she surprised me. So much so, in fact, I reached a nausea about it, and it is as confused as I am.
‘SE probably want to get someone’s services’
“I can’t really say what they were thinking,” writes to me via the notion email, “but I don’t think the SE (at least the FFXIV team) has many employees who specialize in these security forms.
Final fantasy 14 is a bit of an old machine – which is more than 10 years old, and together in record time after 1.0 failures, I wonder if the Square Anxus is wrestling with his internal architecture. Based on what he has seen, though, notonite is not so sure:
“Parts of the blacklist/mute system are handled on the client, and that’s why they are sent to the client first. Moved it to the server will need to reorganize them how they work, which they want to avoid because it is much more trying to eliminate account identities.”
As far as this corruption is concerned, he is not really sure that it is the right tree to bark. “You theoretically controversial account identities that do not change in a way that does not change, but I do not think it will ‘work’. The current architecture of these malicious plugins,” referring to the methods of players, “each account identifies and uploads the current database, and the current database is uploaded.
So, is the solution to eliminate everything on the basis of every player? The Notorate says, it will make things a bit difficult, but still straight. “If an account identification is removed per player, you can’t compare account identities with other people’s recorded account identities, but you can compare them with you. You will have to step down to record everything locally, and then upload the match yourself in the main database.”
Finally, she says, “The real solution is to stop sending this data to the client, because the best security model is where sensitive information is transmitted.” Which is clearly known, but the scourge anxiety is not just learned.
The real solution is to stop sending this data to the client, as the best security model is where sensitive information is maximized. “
notnite
It has found some theories about how this disaster has been revealed, though: “I imagine that they are just running away to prepare everything for 7.2, applying the first thing about which they can think of ‘fixing’ account identities, and really did not revisit it and did not think about it.
He added, “They probably didn’t realize that it was exactly the opposite, and they probably wanted to refrain from rewriting the system, as it would take a lot of development time that they would rather want to allocate to make the game.” Nevertheless, the notion maintains “they should invest time to properly fix, designing your system safely takes a time but is very effective with sports and applications on the Internet.”
In the final fiction 14, the modes are somewhat strange. Their use is a hypocrisy of the terms of the service, but the square anxiety does not take action to ban you unless you are reported to anyone, or clearly and clearly and clearly. Is the official line Don’t use them, However, in practice, it is Don’t use them and be foolish about it.
However, Nugnets are keen to emphasize that “this is primarily a mistake to design such a system of square anxiety, not from a specific modification community like the Dalmud plugin framework.” For context, Dalmud is a popular launcher that helps players to collect, download and run – but despite being the central center, it does not have the power to stop methods like playerscope.
“I have received messages from people who are asking, ‘Why can’t Dalmud just ban the playerSmo?’
This is just a complete mess. The game is firmly firmly in the Square Anxin to design, which does not have such clear, clear security issues. It does not bring me a great pleasure to chew any of my favorite MMOs, especially since I’m enjoying the patch 7.2, but it is surprisingly poorly performed by the company, especially considering the lack of safety of survivors in the past.
That the FF14 has taken more than 10 years in a blacklist that protects people properly, only to weaken them in different ways of this change. This is totally unacceptable. It is hoped here that all of this will be resolved, and soon.
