Unreal Security Hole
Screaming Lunatic writes "There seems to be a big security hole in the Unreal engine that has been around for about 5 years. It affects servers for a number of games and operating systems, including Linux (which accounts for about 40% of UT2003 servers). Epic has been working on a patch for about 3 months. Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created." A Bugtraq post from Thor Larholm of Pivx,
says that Marc Rein of Epic threatened PivX with "getting
our lawyers involved with this"; the TechTV article Larholm cites (the same one linked from this submission), however, contains no
mention of legal action. Rein nonetheless apologized for "those completely unfortunate comments" in a followup message to Bugtraq.
So, how long until we see the "Monster Kill" virus begin to make the rounds?
Slammer_Worm is on a killing spree!
Slammer_Worm is on rampage!
Slammer_Worm is dominating!
Slammer_Worm is unstoppable!
Slammer_Worm is Godlike!!!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
When you play CS, you're supporting terrorists!
"threatened PivX with "getting our lawyers involved with this""
No, let's not let the lawyers get involved. THey make enough per hour as it is - we don't need to pay anyone $250/hr to play Unreal Tournament for "case notes."
Wait.. then again, lawyers in Unreal Tournament games. Hrm. It could be an all-out fragfest on a level that nobody could have ever imagined before. I like that idea!
"I won't sugar coat this. We f***ed up on this. Yes this is real and yes this was brought to our attention and yes we should have fixed it by now."
:)
I get the feeling that I'll be in my cold, cold grave before Microsoft starts releasing statements like this
But seriously, it's nice to see a large company admitting it has "F***ed up".
that's why I've lost so many matches! Somebody is executing malicious code that screws up my aim and makes me play like crap.
GG
NEW MAP!!!!!!!!!!!!!!!!!!1111
GG EVARYBODY
ZEROSTUD IS A CHEATER
YEAH, I
OMFG UR TEH LAMER
SHUTUP, U CAMPING FAG
[FGP]-Killaz-X -0- LAG!
NO LAG U SUX
NO FUCK YOU
I GET 20 PING
U GUYS HERE ABOUT TEH SECURITY THING??!
GG
NEW MAP
LATZ, IM GONNA PLAY CS
FUCK YOU
KILLING SPREE
UR CHEATING
KICK HIM
STFU U LAMR, YUO SUK
VOTE ON NEW MAP
I heard of Blues Clues, but Blue's news?
To play Blues News you have to find a bug
Stick it in your notebook and describe the hole you've dug
Find another pawprint, thats the second bug
Stick it in your notebook and go catch the cyber-thug
Find the last pawprint, thats the third bug
Stick it in your notebook, get your coffee mug
Sit down in the thinking chair and think, think think.
Cos when we use our minds take a step at a time you can dooo anything, and on billable hours too.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
That's like Microsoft providing a web page showing which IIS servers are still affected by code red and showing their IP's.
Given how well they did with patching their network over Slammer, I think the list would start with:
127.0.0.1
Freedom Is Universal
Linux-Universe
Yeah, just think the Unreal worm hits, and suddenly office productivity increases all over the world.