Joseph Bonneau, a PhD candidate at the Security Group, University of Cambridge Computer Laboratory, contacted us to report a problem he found with non-Latin character passwords (Unicode) on Gawker Media sites:

I discovered that, after creating an account with the password 'ДДДДДДДД', I was able to successfully log in by typing '簡簡簡簡簡簡簡簡,' as well as 'ႤႤႤႤႤႤႤႤ', '©©©©©©©©'. It turns out that any string of exactly 8 characters whose unicode code point is >= 128 will be accepted. I've looked carefully at the implementation of crypt in PHP and across several platforms I tried, this is not a library problem-somehow your server is converting all of the non-ASCII characters to some fixed value prior to calling crypt() with them. It is worth noting that 'ДДДДДДДx' is not accepted when 'ДДДДДДДД' is the registered password-so a check is still being done. However, if 'ДДДДДДДx' is the registered password then '©©©©©©©x' is accepted. The most plausible explanation I can come up with is that your code is mapping all non-ASCII characters onto some canonical character (maybe �), and thus ignoring the actual character value in the hash. I'd be
curious to see exactly how/where in your stack this occurs.

The issue was in jBCrypt, a library we use for password hashing, and is outlined here. The non-technical explanation is that this issue (outlined by Joe above) affects non-Latin characters (e.g Korean word for 'password': 비밀 번호), Latin characters with accent marks, and other characters that are not in standard English usage (e.g German: Füße).

How does this affect you? It does not affect most of our users — If you are not using non-Latin characters for your password, there is nothing to do (see wikipedia for more information on the characters that are not affected — US-ASCII). If you do use characters that are non-Latin, you should reset your password to ensure it is updated to fully support these special characters.

Joe did add one more comment: "I do think users are best to avoid non-ASCII though, since it's less portable." While is it not required, I do agree with him on this point. You can still create a very secure password using the US-ASCII character set.

As a side note, you should know that we do welcome suggestions to improve our platform. Joe is one of several to do so, and the suggestions are both taken seriously and much appreciated. Send your security related comments to security at gawker dot com.

Thanks, Joe.

Battlefield: Bad Company 2 wanted to see a team spirit on its new Vietnam DLC package before unlocking a remastered Operation: Hastings map. PC players have answered the call first, passing the 69 million "team action" threshold required earlier today.

By comparison, the Xbox 360 community is about halfway there (37 million team actions), and the PS3 community trails that total by 10 million. What's a team action? It's the three Rs and an H. And an S. Resupply, revive, repair, heal and spot. Any of those carried out in BFBC2 Vietnam, retroactive to its release date, counts toward the unlock total.

The glorious PC community's triumph could be attributed to any number of factors. Maybe it has more players, or more players putting in more time. Or maybe they are more selfless and public-spirited.

Naaaaah.

Battle for Hastings [Battlefield: Bad Company 2 official site, via The Escapist]

One of your resolutions for 2011 should probably be "play more Rock Band 3." Harmonix is encouraging that kind of behavior with a long list of new additions to its full band music game, including an injection of Johnny Cash.

The Man In Black will lead off Rock Band 3's list of downloadable songs with an eight pack of Cash classics charted for the full band. Looks like two of the eight can be upgraded to Pro Bass and Pro Guitar difficulty for a buck.

On top of that, Harmonix will throw in a nonet of freebies for Rock Band 3 owners comprised of previously released tracks. The full list of songs coming to your console of choice on January 4 are as follows.

Johnny Cash Pack 01 (Xbox 360, Wii, PS3)

• "Cry, Cry, Cry"
• "Don't Take Your Guns to Town"
• "Five Feet High and Rising"
• "Folsom Prison Blues"
• "I Got Stripes"
• "I Walk the Line" (Pro Upgrade Available)
• "Tennessee Flat Top Box" (Pro Upgrade Available)
• "The Ballad of Ira Hayes"

Rock Band Free Pack 01 (Xbox 360, PS3)

• Abnormality – "Visions"
• Anarchy Club – "Get Clean"
• Bang Camaro – "Night Lies"
• Breaking Wheel – "Shoulder to the Plow"
• Libyans – "Welcome to the Neighborhood"
• The Main Drag – "A Jagged Gorgeous Winter"
• Speck – "Conventional Lover"
• The Sterns – "Supreme Girl"
• That Handsome Devil – "Rob the Prez-O-Dent"

When the mainstream debate turns to violent video games, it's inevitable that someone will dredge up Postal. It's like the triple dog dare, or comparing someone to Hitler, a completely bogus trump card with no real argumentative value.

George Rose, the chief public policy officer for Activision Blizzard, finally called bullshit today in a guest editorial appearing in the San Francisco Chronicle. Postal, of course, was released 13 years ago on PC and neither it nor its sequel appeared on any games console. Rose calls it a "video game dinosaur" and "a commercial flop dropped by mainstream retailers long ago.

"To whip up drama and hysteria where none justifiably exists, zealots supporting this movement cite the worst of the worst," Rose wrote. "No single movie, television program or video game defines an industry and justifies sweeping regulation, which is why the anecdotal example of Postal is disingenuous."

This isn't so much red meat for the video games base as it is getting something on the record for the mainstream public. Not that Postal won't continue to be invoked, and that larger media outfits won't continue to take the bait. But it's good to hear a senior executive call it out, all the same.

That said, Postal may have been a 1997 release and Postal 2 came out in 2003. But Postal 3 is said to be due for a release sometime in the first three months of 2011, sure to make that series current again in some folks minds. Rose's larger point is against the California law against violent video games, which the Supreme Court will rule on sometime next year. I'm sure Running With Scissors would time Postal 3's release the day of the Court's decision if it could.

California Ban of Violent Video Games Must Go [San Francisco Chronicle, via MTV Multiplayer]

The rebirth of Lara Croft, simply known as Tomb Raider, may be the prettiest entry yet—even if Lara herself looks like she's gone through hell.

If you haven't already seen what the new Tomb Raider looks like in the pages of Game Informer magazine, the outlet has published a big gallery of screen shots, concept art and renders of Crystal Dynamics' next game. They're worth ogling, especially if you like your Lara Croft muddied, beat up and/or tied up.

There's no date yet for the forthcoming action adventure for the PlayStation 3, Xbox 360 and PC.

Tomb Raider Bonus Gallery [Game Informer]

Sony's six-year-old PSP may feel in need of an update, but the portable PlayStation managed to still be the bestselling platform in Japan this year, where Monster Hunter (and its clones) made 2010 great for the PSP.

That's according to a report from ASCII Media Works, publisher of Dengeki game magazines, which pegs the PSP as the number one platform in Japan for 2010. It was something of a close race, though, with the Nintendo DS in all of its flavors lagging just behind. The better news for Sony was that PSP sales were up (way up) in 2010 over 2009. The inverse was true for Nintendo, which saw big declines in DS sales year-over-year in Japan.

This is how the hardware battle went down in Japan, with 2009 sales figures in parenthesis.

• PSP - 2,729,718 (2,125,519)
• Nintendo DS - 2,719,544 (3,773,898)
• Wii - 1,592,563 (1,747,961)
• PlayStation 3 - 1,542,258 (1,668,938)
• Xbox 360 - 231,258 (349,663)
• PlayStation 2 - 83,030 (197,146)

ASCII also does its version of the top ten bestselling video games in Japan, with Pokemon Black/White (DS), Monster Hunter Portable 3rd (PSP) and New Super Mario Bros. Wii (Wii) taking first, second and third place respectively. It's a more accurate representation of the top ten, thanks to Monster Hunter 3rd's inclusion, than Media Create's list.

2010年で最も売れたゲームはポケモン黒・白！ [ASCII via 1UP]

Check out the Amazeing Sunset / Pac-Man artwork by Phil Jones! This shirt design will be up for vote at Threadless very soon. Enjoy the view until then.

Amazeing Sunset by Phil Jones (Tumblr) (Flickr) (Twitter)

Need your daily fill of geek eye candy? If so, head over to Justin Page's Rampaged Reality and get your fix. Republished with permission.

For a game that's not even officially out yet, LittleBigPlanet 2 has already impressed us with its game-making capabilities. User ingenuity, as seen in this "Windows LBP" creation, is just as impressive.

This Windows XP homage, built in the LittleBigPlanet 2 beta, won't run a copy of Excel or PowerPoint, but it does do a reasonably good impersonation of the operating system's desktop, start menu, built-in timewaster games and, naturally, a blue screen of death.

We can't wait to see what the retail release of LBP2 brings when the game hits PlayStation 3's in January.

LittleBigPlanet 2 BETA - Windows: LBP Edition [via PlayStation Lifestyle]

It was a controversial year for gaming. The past 12 months saw the in-game assassination of Castro, playable Taliban, a Freedom of Speech shaking Supreme Court case and the call for a ban on Blood Minerals in gaming consoles.

From a "fun" concentration camp game, to a lawsuit packed with accusations of intrigue, backstabbing, secret messages and double agents, these are some of the stories of 2010 that generated the most fervor, the headlines that pushed gaming into the mainstream.

---

January

The Tenth Circle of Hell
I was a big fan of the video game remake of Dante's Inferno. The marketing for the game? Not so much. Last year's push for the game included fake protesters at E3, calls to "commit an act of lust" with Comic Con booth babes, and bribes sent to game reviewers. But Dante's marketing team continued their push straight into 2010 with a slew of fake Dante's Inferno news in January tied to the circle of hell dedicated to fraud. They wrapped up their nine-month campaign with treachery, running fake TV ads for a site that teaches you how to steal a friend's girlfriend or wife.

---

February

Nintendo's $1.5M Pirate Lawsuit
Australia's James Burt was obviously in the wrong when he decided to upload a copy of New Super Mario Bros on to the Internet for anyone to grab for free in hopes of impressing a "game hacking group." But Nintendo's decision to go after the part-time freight worker in court for $1.5 million AUD seems a bit excessive. Since the still-living-with-his-parents 24-year-old and the multinational corporation settled out of court, there's no way of knowing if Burt will actually have to pay up. I seriously doubt it though.


Ubisoft's Draconian Anti-Piracy Measures
We first heard about Ubisoft's range of "new anti-piracy measures" in late January. But it wasn't until February that we discovered just how bad they would be. Assassin's Creed II on the PC, for instance, booted players out of the game if they lost their Internet connection. A month later Ubisoft's servers went down, making it impossible for some people to play a game or two they purchased. Ubi did apologize to gamers impacted with some free games, but stubbornly refused to change their DRM policies.

---

March

The Day The Playstation 3s Stood Still
On March 1, Playstation 3s around the world simply, inexplicably stopped working correctly. Some consoles worked offline, some didn't work at all but everyone, from Europe and Australia, to the Americas, seemed confused. Almost exactly 24 hours later the consoles returned to fully-functioning life with Sony blaming the issue on a fault in the PS3's clock functionality.


Adult Australians Still Wanting Adult Video Games
Australia doesn't allow the sale of games rated 18 and older. This was mostly due to a decade's old-decision and one man: trouble-plagued South Australian Attorney General Michael Atkinson.

Atkinson was the politician must vocally standing in the way of a law change that would allow games rated 18 or older to hit Australia's shores. And then in late March, on the heels of a string of embarrassments, the politician stepped down.

And there was great rejoicing among Australian gamers who saw a change in that absurd classification law. But too many politicians ruined the soup, and the decision on whether to change the law has been delayed until 2011.


An End to Xbox 360 Don't Ask, Don't Tell
One of 2009's big controversies, Microsoft's bizarre take on Gamertag names and sexual orientation, finally came to an end in March of 2010 with an official Xbox Live policy change. Prior to the change Xbox Live's official policy was not to allow any references to sexual preference in Gamertag names or descriptions. This led to an array of often bizarre, sometimes sad, sometimes funny, bannings on Live.

In February, Xbox Live head of enforcement Stephen Toulouse said he was looking into how Microsoft could change their official policy. In March, they finally did, creating a new policy that allows gamers to use the following terms to express their relationship orientation in a profile or Gamertag: "Lesbian, Gay, Bi, Transgender, Straight"

---

April

Call of Duty: Legal Warfare
April saw the kick off of what would become the biggest controversy of 2010: The break up of the makers of Call of Duty: Modern Warfare with the publishers of the game.

What started out as an already fantastical tale of intrigue, backstabbing, secret messages and double agents, blossomed into a yarn of Orwellian bosses, a police state and secret flights on private jets. Over the course of eight months, the bubbling legal warfare expanded to include Electronic Arts, accused by publishing rival Activision of trying to hijack the game makers and being instrumental in the break up.

The suits, counter-suits and updated accusations somehow also managed to drag in references to the Black Eyed Peas, EA President John Riccitiello's barbecuing skills and the Internet's ability to turn anything into a song.

Check out our complete guide for all of the accusations, cross-accusations and an explanation of what it all means.

---

June

Electronic Arts' Online Pass
What started out in February as a relatively positive thing - giving folks who buy a game new, extra, free stuff, took a dark turn in the summer.

Project Ten Dollar started out as a system that delivered free downloadable content to games like Mass Effect 2, but charging folks who bough the game used $10 for the same content. In June publisher EA extended their scheme to all EA Sports games, adding a new online pass. The online pass allowed people to play games like Tiger Woods and Madden online for free, but only if the purchased the game new. If you bought the game used, you had to pay an extra fee for the online pass.

The online pass than jumped over to non-sports games with EA's release of Need for Speed Hot Pursuit and Medal of Honor, both of which require the pass to play online.

While Ubisoft, THQ and even Sony have all talked about or played around with something similar, EA seems to be the only publisher so fully embracing the concept.


PlayStation Flirts With Online Subscription Fees
While the core Playstation Network experience, playing online and chatting with friends, remains free, during E3 Sony introduced a second level of service for their network that comes with a $50 annual fee.

While the Playstation Plus plan includes "hundreds of dollars in free content", according to Sony, it still seems like what could be the start of slide toward Xbox Live's pay-to-play service.


Blinded by the 3DS
Nintendo's unveiling of the 3DS at E3 this year was one of the pivotal moments of the show. It proved that Nintendo can still surprise and delight us, but it also came with a shocking warning.

Speaking with Stephen Totilo at the show, Reggie Fils-Aime broke the news to Kotaku that the 3DS may not be a great gaming choice for children.

"We will recommend that very young children not look at 3D images," he told Kotaku in June. "That's because, [in] young children, the muscles for the eyes are not fully formed... This is the same messaging that the industry is putting out with 3D movies, so it is a standard protocol. We have the same type of messaging for the [1990s Nintendo virtual reality machine] Virtual Boy, as an example."

Six months later, Nintendo reiterated the caveat, this time with a specific warning to children under 6.

---

July

Blood Consoles
The notion of Blood Minerals, the precious minerals used to create a slew of electronics including video games and arguably fund war in the Congo, has been around since the days of the Playstation 2. But it came to the surface again over the summer with a push by Enough: The Project to End Genocide and Crimes Against Humanity.

The organization rated Microsoft, Sony and Nintendo, saying that of the three only Nintendo seemed unwilling to make changes in the way they track the minerals used in their consoles and portables. The story touches on the broader notion of ethical consumerism, the idea that people may shop as much with their heart as they do with their mind.


Blizzard's Real iD
It was perhaps the shortest controversy of 2010, lasting just three days.

On July 6, the folks behind StarCraft II and World of Warcraft announced plans to tie gamers' real names to the posts they write in the forums for Blizzard's popular games. Blizzard said it was a last ditch effort to stem the tide of flame wars, trolling and general unpleasantness that can often creep into anonymous forum sites.

The reaction was immediate and vitriolic. Three days later Blizzard scrapped the concept.

---

September

Taliban Invade Medal of Honor
On September 2, Kotaku broke the news that all stores located on Army and Air Force bases would not be allowed to sell Electronic Arts' upcoming military shooter Medal of Honor because an aspect of the game includes playable Taliban characters.

The commanding general of the Army and Air Force Exchange Services told Kotaku that his decision was spurred by "well-documented reports of depictions of Taliban fighters engaging American troops" in the game.

The decision drew a mixed, but vocal response from gamers and those serving in the military.

Then about a month after defending their right to allow gamers to play as both the U.S. military and the Taliban in Medal of Honor's online mode, EA inexplicably changed the name of the Taliban to Opfor.

U.S. military officials later told Kotaku that the game could have lost its official U.S. Army support over the inclusion of Taliban fighters as playable characters in the game's online mode.

---

October

Zynga Breaks Facebook Privacy Rules
October saw a Wall Street Journal investigation that found that dozens of Facebook applications, including Zynga's wildly popular casual games FarmVille, Mafia Wars and FrontierVille, transmit user data in violation of the social network's privacy settings.

Zynga told the Journal that they have a "strict policy of not passing personally identifiable information to any third parties." Adding that the company will be working with Facebook to improve privacy.

---

November

The Supreme Court Weighs in on Violent Video Games
After five years of court battles, the decision of whether a law should be passed to enforce the ratings of violent video games now rests with the U.S. Supreme Court.

Our own Stephen Totilo attended the landmark case, sitting in on the arguments in Washington, D.C. in November. The Supreme Court justices appeared highly skeptical, he wrote, of the State of California's arguments that certain violent video games should be illegal to buy, questioning whether such exceptions would need to be applied to rap music and even Grimm's fairy tales.

The case could have a massive impact on the industry and future of gaming depending on which way the Justices decide next year.

Fortunately, it sounds like the justices are leaning toward gaming.


NBA Elite 11 Killed
NBA Elite 11 was initially seen as a bold attempt by Electronic Arts to reinvigorate the NBA Live series. But one notorious bug and a disastrous delay eventually killed the game.

On Nov. 2, EA's chief financial officer announced the game's death during an investor call.

Kill Castro
While Call of Duty: Black Ops didn't court controversy with an airport terrorist attack No Russians level, that doesn't mean it didn't raise some ire.

Cuba's state-run-media blasted Activision as "doubly perverse" after discovering that one mission in the game has you putting a bullet in the head of a man you think is Fidel Castro.

---

December

The "Fun" Concentration Camp Game
An Israeli modder turned a 1992 first-person shooter into a bloody tale of revenge set in a Nazi concentration camp with Sonderkommando Revolt, putting players in the role of an Auschwitz death camp prisoner on a killing rampage.

Developer Maxim Genis told Kotaku the team behind the first-person shooter makes no political statement and has no agenda. The game was meant to deliver "blast the Nazis fun."

While the game may have meant to be played as a violent revenge fantasy, the sensitive nature of Sonderkommando Revolt's setting resulted in mixed reaction outside of Wolfenstein modding circles. Rabbi Abraham Cooper of the Simon Wiesenthal Center, a museum focusing on the Holocaust, worried that games like Sonderkommando Revolt can be harmful to people's understanding of history. And the Anti-Defamation League slammed the game as horrific and inappropriate, telling Kotaku that the Holocaust should be off-limits for video games.

Weeks later, Genis said that he was canceling the project because he could not stand media exposure of any kind. "I have no internal emotional powers to deal with the press, the violation of my personal privacy and life," he said.

Earlier this year World of Warcraft player Unwelcome suffered an accident that permanently robbed him of his hearing. Feeling alienated and shunned by his real life friends, he returned to World of Warcraft for some online alienation and shunning.

The loss of one's hearing is a tragic and traumatic event, but it doesn't necessarily mean an end to gaming. Many popular games offer subtitle options for the hearing impaired. World of Warcraft itself is quite deaf-friendly on a basic level, overflowing with text-filled quests that don't require aural cues to complete.

It gets a bit more complicated when you're in a raiding guild, however. Unwelcome found himself living up to his name when he recently returned to his raiding guild of four years. He detailed his experience in a post on the World of Warcraft forums.

So i came back to wow. Now I've been playing with my guild for about 4 years. We have all become close friends. We have even done some rl guild parties. I explained why i have been off for so long to the guild. I explained my condition. Everyone was pretty supportive for about 5 minutes.

Do you know what the first question i got from my guild leader was? He asked me if i could still use (popular voice chat program) vent (Ventrilo). I told him no, but tried to assure him it wouldn't be a problem as i usually research the fights beforehand and use dbm.

He tells me that i can't raid unless i have vent. Guild rules and all. I was pissed. After a huge blow out between us i get removed from the guild and put on ignore.

Before we condemn the guild leader for throwing Unwelcome out of his guild, he did mention there was a major fight between the two of them, and we aren't privy to what was said during that fight that resulted in him being guild removed and ignored.

Keeping a deaf player from raiding with the guild because he can't hear spoken raid commands doesn't strike me as intolerance so much as laziness and complacency on the part of an organization that is used to performing tasks in a certain way.

As the many respondents to Unwelcome's original post have made clear there are plenty of ways to get around having a deaf raiding party member. Text-based macros containing instructions are easy enough to set up, and with proper study of the raid encounters instructions almost become unnecessary.

But when you've spent years getting used to doing things a certain way, throwing a wrench into the works can be very disruptive. Some rise to the challenge and adjust; others don't.

Unwelcome was quite despondent, but the World of Warcraft community at large rallied behind him. A community not exactly known for its sense of community were quick to fill his forum thread with supportive words, and while some argued that his guild leader was well within his rights to ban Unwelcome from raiding, the arguments are generally well-spoken and without malice.

Originally putting the call out for a deaf-friendly guild to join, Unwelcome has decided to make something of That Canadian Guild, formed with his brother on the Llane server in the aftermath of the incident.

As for the World of Warcraft community, I wouldn't worry; I'm sure they'll get back to calling each other names as we move into the new year.

Kicked for being Deaf [World of Warcraft Forums - Thanks Trakata!]