For everyone with single user PCs, by the time the locally running malware is ready to exploit GOG, they already have most of the data they could possibly want.

There was a salient XKCD comic several years ago on the security benefits of exploiting elevated privileges.

More a concern for shared PCs, and probably for removing the infection afterwards.

I really thought this was the day when GOG CEG was being activated :o). Anyways, just uninstall galaxy and win all round!

Isn't this sort of a non-issue? I feel like gog is to hackers what canada is to the US. They may have heard of it, possibly, but they're not really sure where it is, what it is, or if there are even people there.

I actually had to laugh after reading this :D

But yeah, you are pretty much spot on.

An attack like this is a big target. We will need a fix.


Especially with so many working from home right now.

>make a client that allows you to log in to multiple services
>leave an exploit in by not double checking your programming.

yeah who thought this was a good idea again?
oh right. No one.
this shit is why I refuse to support or use "multi-service" log in systems.

Ignorance is strength, Orwell famously wrote.

War is Peace, Freedom is slavery.

1984 isnt a guidebook its a warning.

Of course it's a guidebook. It's a guidebook for all aspiring politicians who seeks to twist information to suit their own ends and we've even seen it employed recently for beneficial use (but ill advised neverheless) in the admonition: Distancing is Unity here in Scandinavia during the Covid 19 spike. It is a fitting irony for a dystopian novel.

But then again, as you have demonstrated, irony is a slippery fish.

Aye.

I have been on PC for more than 30 years now. In all that time I've only ONCE been affected by a virus, and that was during the floppy disk trading days, when I got new games/software from friends, who got them from who knows were.

Yes, this is a non-issue for 99.99% of the people. Having said that, I hope GOG will patch this flaw, because this article will serve as a dinner bell for all the "leet hackers" looking for their 15 minutes of fame.

In my opinion, this is a little overblown but the researcher was the right to make this known after giving GOG a notice and time to fix it and GOG has to be much better at responding to security issues. GOG needs improvement when it comes to communication and fixing serious issues in a timely manner. It's one of their greatest weaknesses and going to hurt them this time I think. Hopefully they learn from it.

Is this a concern... sure. But if you practice even the most basic of concept of keeping your system secure by only installing trusted programs and only installing what is needed the risk here is very very low. If you grab random stuff of the internet well then the risk is much higher, but that risk was always much higher to begin with.

It's not worth uninstalling Galaxy, again in my opinion, unless you fall in the latter group, and now unfortunately those that dislike Galaxy have found new ammo for why it should be avoided.

It's ridiculous, but very unsurprising. It would be nice if GOG actually learned a lesson from this, but I don't hold much hope.
I wonder what it's like to work for GOG? The corporate culture seems really weird from the outside, I can only assume it's weirder on the inside.

It from the read of an outsider has a feel of someplace like Nintendo. They're doing things. Even good things. But otherwise it's so bizarrely out there.