Well, the leaderboards were fun while they lasted...

2006-09-18 08:16:11 pm

Apparently the hackers who did this are registered on Nsiders and they claim to have done it so Nintendo will up their security on the leaderboards.

EDIT: Also:

http://www.nintendowifi.com/gaminghub/MetroidHuntersLeaders.jsp

Apparently, the hackers say that the leaderboards are stupid and display HTML in peoples' names.

Thread title:

nate

2006-09-18 08:55:31 pm

cool.

DJGrenola

2006-09-18 09:33:49 pm

there is no better way to get a bug fixed than to exploit it in the most public manner possible.

shame on nintendo for being vulnerable.

Chanoire

2006-09-18 10:55:38 pm

And no better justification for vandalism?

DJGrenola

2006-09-18 11:37:59 pm

I'm afraid this isn't as black and white as you seem to think it is, so I guess I'll have to enlighten you. It goes a little something like this.

1. Bedroom coders find security vulnerability in public website / widely deployed software application. Bedroom coders are alarmed by this and, in the interests of improving the security of the internet, want it fixing.
2. Bedroom coders privately contact large company with explicit details of exploit.
3. Company does nothing.
4. Bedroom coders contact large company again with explicit details of exploit, thinking that initial correspondence may have been overlooked or lost in transit.
5. Company does nothing.
6. Bedroom coders become frustrated and post about exploit on messageboards / public mailing lists in the hope that going public will shock large company into action.
7. Company does nothing.
8. Coders reach point of desperation and have no choice but to exploit the hole themselves and humiliate the company publically in order to actually make stupid executives take their collective heads out of their backsides and do something about their site's shambolic security.

This is a pattern that those of us who closely follow the ins and outs of the politics of information security see reported on public mailing lists hundreds of times a year. The hacker in this position has two options. She can either suffer a less secure internet, knowing that application X is effectively swiss cheese to anyone capable of writing three lines of code, or she can take the vigilante option of vandalising a site because it is the only way of actually getting the problem fixed.

If you would prefer your credit card information being lifted silently from a database by persons unknown to a mildly annoying act of vandalism, then fair enough. I do not share this view, and I have not one iota of sympathy here.

I'm afraid this isn't as black and white as you seem to think it is, so I guess I'll have to enlighten you. It goes a little something like this.

1. Bedroom coders find security vulnerability in public website / widely deployed software application. Bedroom coders are alarmed by this and, in the interests of improving the security of the internet, want it fixing.
2. Bedroom coders privately contact large company with explicit details of exploit.
3. Company does nothing.
4. Bedroom coders contact large company again with explicit details of exploit, thinking that initial correspondence may have been overlooked or lost in transit.
5. Company does nothing.
6. Bedroom coders become frustrated and post about exploit on messageboards / public mailing lists in the hope that going public will shock large company into action.
7. Company does nothing.
8. Coders reach point of desperation and have no choice but to exploit the hole themselves and humiliate the company publically in order to actually make stupid executives take their collective heads out of their backsides and do something about their site's shambolic security.

This is a pattern that those of us who closely follow the ins and outs of the politics of information security see reported on public mailing lists hundreds of times a year. The hacker in this position has two options. She can either suffer a less secure internet, knowing that application X is effectively swiss cheese to anyone capable of writing three lines of code, or she can take the vigilante option of vandalising a site because it is the only way of actually getting the problem fixed.

If you would prefer your credit card information being lifted silently from a database by persons unknown to a mildly annoying act of vandalism, then fair enough. I do not share this view, and I have not one iota of sympathy here.

Chanoire

2006-09-18 11:46:25 pm

Um, no, I'm not treating it as black and white. That's why it was a question. I'd hope you know me better than that. I understand the rationale (as distinct from rationalization) you post, and don't even disagree with it; however, I'd imagine that there are also people who like showing off that they can break into systems and then use this as an excuse. I don't know how common that attitude might be (or if it exists at all, but it seems very likely to), which is why I asked.

nate

2006-09-18 11:49:35 pm

i would also think that if it exists, nintendo.com would be a great place to find it.

DJGrenola

2006-09-18 11:59:49 pm

Quote from Chanoire:

I'd imagine that there are also people who like showing off that they can break into systems and then use this as an excuse. I don't know how common that attitude might be (or if it exists at all, but it seems very likely to), which is why I asked.

you are of course correct, but the reported claim that it was done in the interests of improving security makes me suspect that this case falls into the category I described. At any rate, when you have studied these cases for any length of time, you very quickly learn to stop placing blame at the feet of the intruder and start placing it at the feet of the host. Any other attitude is, if you will excuse this dumb analogy, rather like blaming the weather for ruining your plasterboard ceiling when you couldn't be bothered getting your roof fixed.

trh

2006-09-19 07:39:39 pm

Quote from Chanoire:

Um, no, I'm not treating it as black and white. That's why it was a question. I'd hope you know me better than that. I understand the rationale (as distinct from rationalization) you post, and don't even disagree with it; however, I'd imagine that there are also people who like showing off that they can break into systems and then use this as an excuse. I don't know how common that attitude might be (or if it exists at all, but it seems very likely to), which is why I asked.

The hackers are remaining anonymous afaik.

Mr Potter

2006-09-19 07:42:31 pm

No, actually the hackers posted a topic on Nsiders board. They posted something like "Pro's tip: Check the leaderboards at about 7:48PM EST tonight." And they're saying why they hacked it. So no, they aren't being anonymous.

EDIT: And also, I <3 u is someone on GameFAQs named SoulUnison2 who used an AR code titled "take over the Nintendo Wifi leaderboards" or something like that. He made a topic over there titled "Sorry for screwing up the leaderboards". Dunno who GLITCH is, though.

trh

2006-09-19 07:52:35 pm

Quote from Mr Potter:

No, actually the hackers posted a topic on Nsiders board. They posted something like "Pro's tip: Check the leaderboards at about 7:48PM EST tonight." And they're saying why they hacked it. So no, they aren't being anonymous.

They can still be anonymous.

Lazylen

(user is banned)

2006-09-19 09:32:31 pm

Too bad i got IP banned and cant see the action from the inside... -_-

Tahngarthor

2006-09-21 01:27:14 am

Bangaa Bishop

I wish I had a 101% win rate.

iamthejackie

2006-09-21 09:57:35 pm

I've heard that if you put "/root" (disregard the quotes) as your username, your stats will jump significantly on the NWiFi site. I havent tried it yet for fear of being banned from hooking back onto WiFi but if any of you are tired of MPH or have a spare DS/MPH card try this.

primetime

2006-09-21 10:17:09 pm

i might try it with my brothers game, but I really don't wanna go through the process of registering his ds to nintendo wifi. >_>

edit: ok I did it and it doesn't appear to do anything.

primetime

2006-09-25 12:26:16 am

it turns out that /root is just the term for hackin the leaderboards. Its an ar code that does it. I did it with my bro's file, and now his rank is 3. :P

there's also another code to un /root your game, but it doesn't seem to work completely.

oh, and I heard from a friend that Nintendo stopped banning people who were hacking, but that doesn't make much sense.

Super metroid fan

2006-09-25 06:40:50 pm

I think it got hacked again right now they're all timmy except 1.

primetime

2006-09-26 12:38:14 am

it did get hacked again. as I said, I was one of them.

rainintheface5

2006-10-16 06:49:47 pm

here's timmy!

Mr Potter

2006-10-16 08:11:21 pm

Well, Nintendo can't ban these people. Sort of. They CAN ban them, but there's supposedly an "Unban yourself from Wi-Fi" code that actually works, so there's nothing Nintendo can do about it.

primetime

2006-10-18 09:46:17 pm

Actually, Nintendo isn't even bothering to ban people anymore. With all the hackers its pointless.