Anarchy Online and Age of Conan Vulnerabilities Fixed

dachshund writes "The Baltimore Sun reports that security firm Independent Security Evaluators has disclosed vulnerabilities in the popular MMORPGs Age of Conan and Anarchy Online. The flaws (which have since been patched) allowed a malicious user to read files from and take control of another player's computer. The full details of the attack are available, including a video (hi-res MOV) showing how the targeted player's client can be crashed, and how an attacker can save and run scripts on the victim's computer."

why isn't security a priority?

[smartaleq]

It doesn't surprise me. With the exception maybe of blizzard, it seems most MMO games are wholly focused on preventing cheating and entirely disregard client security as a result. I would bet that many chat interfaces have gaping holes since they aren't "core" to the gameplay - plus it gives the attacker simultaneous access to the maximum number of players.

Imagine if someone nefarious had (or did) find this exploit first. Account stealing of even 10% of an MMO's playerbase would immediately compromise any financial viability of the publisher/developer. With such a high risk, why is so little time/money spent on finding these exploits?

I don't want to start running my games in a sandbox because I can't trust the industry to take care of itself.