Horizons’ former consultant explains game’s loophole

HorizonsEverybody knows that MMO title Horizons: Empire of Istaria was purchased by EI Interactive from Tulga earlier this year. However, the ramifications of this takeover have been bleak even until today. It would also be remembered that after the said acquisition, clients of the game suddenly became vulnerable to intruders.

To finally put an end to these hullabaloos, gaming site MMORPG spoke with Bernd Kilga, former security consultant for Horizons from Tulga Games. According to them, the said problem is categorized under SOAP or Simple Object Access Protocol. It is actually a a protocol for accessing a web service that allowed the read out of any userdata by providing a fake HTTP request.

Furthermore, Kilga mentioned that while the problem has been isolated, it is still not yet fully contained. He explained:

Not exactly. First off, there is no real danger for the customers of Horizons. It’s not possible to retrieve any userdata without any brute force attacks However, since SOAP allows interaction by any client, it’s very possible to write simple scripts which performs brute force attacks and tries to guess passwords of users and the master password which protects the moderation commands.

After that, the security consultant expressed some disappointments with the game’s new management. He revealed that he tried contacting them immediately about the said loophole. One representative from EI Interactive apparently told him that the executive general manager will contact him immediately. Unfortunately, this did not transpire.

HorizonsEverybody knows that MMO title Horizons: Empire of Istaria was purchased by EI Interactive from Tulga earlier this year. However, the ramifications of this takeover have been bleak even until today. It would also be remembered that after the said acquisition, clients of the game suddenly became vulnerable to intruders.

To finally put an end to these hullabaloos, gaming site MMORPG spoke with Bernd Kilga, former security consultant for Horizons from Tulga Games. According to them, the said problem is categorized under SOAP or Simple Object Access Protocol. It is actually a a protocol for accessing a web service that allowed the read out of any userdata by providing a fake HTTP request.

Furthermore, Kilga mentioned that while the problem has been isolated, it is still not yet fully contained. He explained:

Not exactly. First off, there is no real danger for the customers of Horizons. It’s not possible to retrieve any userdata without any brute force attacks However, since SOAP allows interaction by any client, it’s very possible to write simple scripts which performs brute force attacks and tries to guess passwords of users and the master password which protects the moderation commands.

After that, the security consultant expressed some disappointments with the game’s new management. He revealed that he tried contacting them immediately about the said loophole. One representative from EI Interactive apparently told him that the executive general manager will contact him immediately. Unfortunately, this did not transpire.

Add a Comment

Your email address will not be published. Required fields are marked *