RebirthRO: Invasion of Privacy

[Peeping Tom]

Hello everyone, I bring news from Rebirth RO.

As some may know, the Loki server has been moved to a new client lately and there have been a lot of bugs and stuff with it. But that is fine, I still play the server (have done since '07). But something happened yesterday which will make me stop playing the server forever.

http://forums.rebirthro.com/topic/88577-client-updated/
http://forums.rebirthro.com/topic/88578-internal-guard-taking-screenshots/

Yesterday, Big Dumb Object (Ancyker) updated the client, which is cool. But it now comes with an updated version of something called internal Guard, whch is a program that not only doesn't work (look at the forums, many people cannt log in) but actively allows the admins of the server to snoop on your desktop and take screenshots of it.

Here is a picture of the agreement when logging in
http://imgur.com/YlCOWgg

And a link to their features page:
http://internalguard.ro-services.com/features/

It only only scans your background processes which could have nothing to do with RO, but also allows the admins to basically view your screen and what you're doing. This tool of total snooping is now in the hands of Ancyker... possibly the corruptest admin of RO?

There are already people quitting the game for good now and a friend of mine has even wiped his hard drive out of paranoia. I soon predict the end of Rebirth and hope anyone new to the server does not join it.

[Bue]

Internal guard looks weak.

Unless they got a kernel mode driver that allows raw memory access and does the equivalent of Volatility or YARA for detection with a well-researched database of cheat signatures, they can go fuck off. This is nothing but malware.

If you register with your real email address and use your regular password, then I suggest you start changing your password for everything associated with that email address, including your PayPal. It is very likely your password is store in plain text or using a weak hash function.

[yC]

I can see the fear in this, it is understandable.  The only other way to "disagree" with the "agreement" is to not install it which means stop playing the server.  Well, there should be a better solution implemented as soon as possible before more damage is done.  What's the point of having an improved security system if nobody is going to use it due to fear of the system's ability.

[Yuzo]

That's one of the more stupid ideas I've heard of.

[Triper]

I'm pretty sure that rRO isn't the only server using this.

[Noble]

O.o this is kind of scary indeed, but thanks for letting us know 

[Kokkuban]

The problem with agreeing/disagreeing is that the program still runs, regardless of your choice.

[Playtester]

First of all, this seems more an issue you have with IG than with RebirthRO.

Also, RebirthRO removed IG now.

[RebirthOfficial]

Hello,

We added IG as a test to see how well it performed. While the security concerns are a matter of debate, (we did disable the screenshot feature) the other issues with IG are not. IG was very unstable, frequently crashing for no apparent reason. It had both file handle and memory leaks, quickly consuming gigabytes of RAM for no apparent reason. I myself found a bypass for the security within hours after adding it. In addition, when we stopped using it, we didn't even have to restart the map server.

After hearing player concerns and seeing the instability of the program, we decided to remove it. We saw many reasons to get rid of it and none to keep it. I also would like to take this opportunity to let other server owners know that Internal Guard (IG) should in no way be considered the much needed replacement for Harmony. It's very unstable, unsecure, and invasive.

Some highlights on IG internals:

• All server side enforcement is present at the login server level only.
• All settings and communication are sent over HTTP, it does not support HTTPS.
• The included PHP files contain many exploits, including the ability to ban any player at will without any authentication.
• Login server is easily tricked into thinking you are using IG.
• You can easily spoof the origin server and make it think it's talking to the actual server. This lets you set any settings you want.
• You can easily spoof IG and make the web server think it's talking to IG. This lets you ban any MAC you want to.

I highly advise no server use IG, and any players on servers which use IG to tell them they need to get rid of it immediately. We are sorry that our players had to deal with this monstrosity for the short time (< 24 hours) that they did, and we will not be trying IG again.