Slashdot Mirror

← Back to Stories (view on slashdot.org)

Exploit For Crashing Minecraft Servers Made Public

Posted by timothy on from the hey-fellas-door's-unlocked dept.

An anonymous reader writes "After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time. They have a responsibility to fix and properly work out problems like this," he noted." Here is Askar's own post on the exploit, and his frustration with the response he's gotten to disclosing it to the developers.

3 of 118 comments (clear)

  1. Re:Good by aardvarkjoe · · Score: 3, Insightful

    If you can think of a better program with which to spend three hours digging then I'd like to hear it.

    I'm going with Nethack. Although Dig Dug would be an obvious choice too.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  2. Re:May finally get servers updated... by PPalmgren · · Score: 4, Insightful

    Modders move quite slow due to the frustrating architecture. 1.6 required a major overhaul to most mods, and 1.8 is being avoided like the plague for the same reason. There's also little incentive to upgrade, since the amount of content in the mods is orders of magnitude higher than vanilla, no ones going to switch off 60 mods in a modpack to get some horses and a biome.

  3. Re:And it's already fixed in 1.8.4 by tlhIngan · · Score: 4, Insightful

    Yes, but it took two whole years before the fix came out. And the fix was made within a day of the exploit being released.

    Yes, I can understand 90 days being a bit tight if you're talking fundamental software like operating systems (which require a lot of testing, staging, and you lose some to Patch Tuesday), especially since root causing and fixing can require a bit of time. But two years is a bit on the long side.

    More like the guy got ignored and once he released the code, the "OH SH*T" came out.

    This is one of those struggles between what's right and what's reasonable... 90 days is a bit quick for something big like an operating system where a change can break everything, but it's also on the long side for something that only breaks something really minor, like Minecraft.