The UpStream (Page 92)

ASA Investigation Into No Man's Sky Ends in Success for Developer

posted Saturday Dec 3, 2016 by Scott Ertz

ASA Investigation Into No Man's Sky Ends in Success for Developer

Hello Games' No Man's Sky appears to be a rollercoaster whose breaks have failed. When it was first announced, the game had the promise to be both a market success and a fan favorite. The visuals were stunning and the gameplay looked beyond fun. With so much promise, it seemed like there no way the company could screw it up.

As if taking that as a challenge instead of confidence in the company, Hello Games began a spiral down the drain just as the game came out. The game that was released did not resemble the game that was first shown off. The visuals were stunning, but stunningly bad. The gameplay appeared to be that of an unrelated game. Unfortunately, the photos and videos shown on the game's Steam page were from the original presentation and not from the final game.

This move attracted the attention of gamers and regulators alike. People who purchased the game and then played it, resulting in widespread disappointment, responded by complaining. These complaints could be found on the game's Steam listing, social media and, more importantly, in the inbox of the Advertising Standards Authority. The organization, which is responsible for investigating false advertising in the UK, decided to look into the complaints.

While it looked like the developer was going to be held accountable for their actions, this week the ASA ended the investigation, finding the company had not falsely advertised their game.

Hello Games said that, as each user's experience would be very different, it would be difficult to recreate the exact scenes from the ad. However, they believed it was fairly straightforward to locate content of the type shown in the ad and to demonstrate that such content was commonly experienced by all users who played NMS for an average period of time.

They stated that all material features from the ad that had been challenged by complainants appeared in the NMS universe in abundance. While each player experienced different parts of the NMS universe, there was a low probability that anyone playing the game as intended would fail to encounter all these features in some form within an average play-through.

So, because the game changes as a user plays, that justified the fact that the game looked like it was modeled off of a 6-year-old's drawings, and that the game turned out to be no fun at all. While the developer will obviously not be held accountable for this particular game, it does seem guaranteed that any future product of the company, and possibly any future product from any of the individual developers, who appear to be jumping ship, will have any commercial success. You can't violate the trust of gamers and expect future successes.

A Week of Android Vulnerabilities

posted Saturday Dec 3, 2016 by Scott Ertz

A Week of Android Vulnerabilities

While Google's mobile operating system, Android, may be popular, it has one glaring problem: security. More often than not in a week, we hear about some problem that leaves Android users vulnerable to attack. Sometimes it comes from downloading apps outside of the Google Play Store and sometimes it comes from within. This week, we have one of each.


Gooligan, named by the security firm Check Point, is malware that closely resembles another recent issue: HummingBad. Found in apps downloaded through 3rd party stores, this malware roots your device, giving the software direct access to all of your data. The important data that this software is looking for is your Google security token. This is a small piece of text that allows applications on your phone, including malicious apps, to connect to the Google Play Store and download new apps in your name. It also gives the software the ability to write reviews about those apps, also in your name.

While it may seem odd to write software to download other software. There's a lot of financial gain to be had. Some apps offer affiliate programs, paying the refer to encourage new downloads. If the apps that are downloaded through Gooligan participate in the affiliate program, then the creator can get paid for every device that they infect.

As of right now nearly 1,000,000 accounts have been breached using this process. If each device generated only a single dollar in revenue, that's a million dollars in revenue for very little work. The real potential for harm, however, comes in the future. The security token gives access to more than just your Google Play account. In fact, it gives the developer access to anything Google related. This means that they could theoretically read your email, get your credit card information and anything else you store in Google. If the affiliate programs can generate this kind of revenue, imagine what they could make on your contact list or search history. Your Google account is a veritable treasure trove of information.

It's difficult to recover an infected device but it's even more difficult to recover a compromised account. Luckily Google is prepared for such an eventuality having a dedicated page for fixing this type of problem. If you believe that your account has been compromised, change your password, remove the device from your authorized devices and enable Verified Boot on the device..


Another problem that persists on Android and other operating systems is insecure communication. This happens when the application developer sends important information over insecure channels. Normally, this kind of mistake results in the compromise of an account. In the case of the popular Android app AirDroid, it can result in the compromise of your device.

Here's what they're doing: After you log in securely the same information is then sent to a statistics server over insecure communication. This means that another device on the same network could get in-between your phone and the router and steal the information as it's being sent. Since the data is not encrypted, it means that anybody could read it and get your username and password. Under normal circumstances this would allow them to just log into your account, but because of the nature of AirDroid, it gives the hacker the ability to take over your device and install malicious code without your knowledge. Once that code is on there, it could act similarly to Gooligan.

The researchers that discovered this problem, Zimperium, have been in communication with the developers, Sand Studio, since May, but they have not acted upon the information until now. Sand Studio's Chief Marketing Officer Betty Chen claims that the problem should be solved within the next 2 weeks.

As more advanced methods of security are developed, these types of problems should become more rare. Unfortunately, in the past couple of years, these types of problems have become more common. The idea that anybody can code and the hiring of untrained and untested developers for high-level positions often leads to these types of mistakes. Not everybody is able to code and even fewer are capable of architecting a full solution. These types of violations of trust should bring attention to the problem, but somehow they continue to persist.

Select Windows 10 PCs Get 4K Netflix

posted Sunday Nov 27, 2016 by Scott Ertz

Select Windows 10 PCs Get 4K Netflix

In July of this year, we tested 1080p Netflix streaming in-browser, confirming that only Microsoft browsers were capable of doing it. Both Microsoft Edge and Internet Explorer were capable of streaming from the service in 1080p, while Google Chrome, Mozilla Firefox and Opera all were limited to 720p. As it turns out, that is not the only limitation that those browsers will face.

Starting this week, Windows 10 PCs will get the ability to stream full UHD, or 4K, video. There are some limitations, however. First, you must be using Microsoft Edge - none of the other browsers, including Internet Explorer, will be able to support UHD streaming. Second, you must have an uber-modern computer. In fact, you must be using an Intel Kaby Lake processor, known to the world as 7th Generation Core CPUs, which have only recently been made available. You will also need a UHD-compatible screen.

Obviously, just like when HD came to market, most content is not currently UHD-compatible. For content that is still in HD, that content will continue to stream normally (as mentioned earlier). However, for newer content, like Daredevil, Jessica Jones and Fuller House, Intel and Edge are ready to bring you the ultra high-resolution picture quality now.

Check out Microsoft's list of compatible devices in the store.

Reddit CEO Admits to Editing Unflattering Posts, Community Freaks

posted Sunday Nov 27, 2016 by Scott Ertz

Reddit CEO Admits to Editing Unflattering Posts, Community Freaks

If you are anything like me, Reddit is a bit of a mystery to you. The online community is known for both their open exchange of ideas and their complete hatred of those who disagree with them, and no one on the site seems to see the irony in that. One thing that you can be sure of, though, is that everyone will band together when the upper management makes any moves, positive or negative. You can also be sure that management's response to their actions will be glib and dismissive.

This week proved to be no different, with CEO Steve Huffman making a bad move and dismissing his own actions. Here's what happened: In the pro-Trump community, /r/The_Donald, comments were made that mentioned Huffman's community handle, /u/spez, and these comments were not flattering. As someone who has run several online communities, sometimes comments can be negative, but all you can do is either wear them as a badge of honor, as does Avram Piltch, or you can fold into a heap and cry in the corner. Huffman chose the latter.

Rather than accepting the negative comments gracefully, or addressing any concerns that the community might have with him, his performance or him personally, the CEO of the online community decided to deflect the criticism to others. In fact, he manually edited the posts in the subreddit, changing his own handle to those of the moderators of the /r/The_Donald instead. When called out for the actions, he addressed the accusations saying,

Hey Everyone,

Yep. I messed with the "f**k u/spez" comments, replacing "spez" with r/the_donald mods for about an hour. It's been a long week here trying to unwind the r/pizzagate stuff. As much as we try to maintain a good relationship with you all, it does get old getting called a pedophile constantly. As the CEO, I shouldn't play such games, and it's all fixed now. Our community team is pretty pissed at me, so I most assuredly won't do this again. F**k u/spez.

He had a hard week, and it made him sad, so he made it look like people were mad at a group that had nothing to do with anything instead of him. While members of the community were discussing the possibility that administrators were editing user posts without any notification or marking, the CEO of the company was editing user posts without any warning or marking. At least it validated some of the concerns of the now-banned /r/pizzagate community, so glass half full, right?

It is going to take some time for the admins to get any form of credibility back after this, if it is possible at all. The good news for members of the community is that there are alternatives, so if you decide to jump ship, finding a new home should be fairly easy. It seems like the new platform of choice is Voat, a similar platform that is having trouble staying afloat with all of the new user load.

Xbox One Streaming Coming Soon to Oculus Rift

posted Sunday Nov 27, 2016 by Scott Ertz

Xbox One Streaming Coming Soon to Oculus Rift

One of the most exciting additions to Windows 10 was the ability to stream games and content from an Xbox One to your PC. When this feature was announced, most of the industry had hoped that this would be a sign of things to come, and Microsoft has not disappointed. Expanding on their partnership with Facebook's Oculus VR division, in December, Microsoft will bring this feature to the Oculus Rift.

Just like on Windows 10 PCs and compatible mobiles, the game streaming is made possible care of a connector app. The new app, Xbox One Streaming to Oculus Rift, will be available in the Oculus Store starting December 12th. Using the same technology, the console's output is routed over your home network to the Oculus hardware instead of your traditional television. From there, it is projected onto a virtual screen within the Oculus environment.

This will be yet another great reason why Oculus has been including an Xbox Wireless Controller with their headsets. Using the play-and-charge cable, an Xbox Wireless Adapter or one of the preconfigured PCs, you can play your Xbox One games on the Rift with a native Xbox controller, in most cases wirelessly.

While it might initially seem counter-intuitive for Microsoft to be working with Oculus to make Xbox One streaming available, while the company is working with their own partners to build Windows-powered VR hardware, you would be mistaken. What they have done is ensured that, almost no matter what VR hardware you decide to purchase, the best accessory you can have to play games is an Xbox One.

Symantec to Add LifeLock to Security Offerings

posted Sunday Nov 27, 2016 by Scott Ertz

Symantec to Add LifeLock to Security Offerings

In a deal valued at $2.3 billion, Symantec has agreed to purchase personal identity protection service LifeLock, Inc. The service rose to fame when, in 2007, they began traveling the country with a large vehicle on which was printed the social security number of co-founder, Todd Davis. The stunt was done to demonstrate Davis's confidence in his company's service, which promises to protect people from identity theft, even if all of the information is made public. As a result of the campaign, Davis was the victim of 13 cases of identity theft.

In 2010, the company was fined $12 million by the US Federal Trade Commission for false advertising. The chiefest among their complaints was the 100% protection promised by the television ad featuring the SSN truck. In fact, then FTC Chairman Jon Leibowitz had one of the greatest quotes in all of federal law history, stating,

The protection they provided left such a large hole... that you could drive that truck through it.

Since settling that case, the company was cited to be in contempt of thee agreement in 2015. A new $100 million fine was assessed, with much of the money being earmarked for a class action settlement against the company.

If this seems like a strange company for Symantec to acquire, you're right - in the midst of such a lack of consumer confidence, why would Symantec possibly be interested in purchasing them? It is likely that Symantec wants to add the technology and assurance behind LifeLock, without actually maintaining the brand. A new name will almost certainly be on the horizon for the service under its new owners, potentially even under their already well-known and respected Norton brand. Without the drag of the LifeLock name, and a boost from the Norton name, it is possible that Symantec could revive this once promising consumer protection service.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats