Slashdot Mirror
Denial of Service bounty hunters
lightPhoenix writes "Get this, John Carmack, god of id & quake 3 arena, is offering a bounty for exposure of game server exploits. Check it out. " It's down the page a bit-but it's there. That's a cool idea.
← Back to Stories (view on slashdot.org)
The default ports are:
Quake: 26000
QuakeWorld: 27500
Quake2: 27800(?)
Quake3: 27960
-Yarn - Rio Karma: Excellent
Donald Knuth has been paying people to find bugs in his software and books for a long time now. As the software matures and most bugs are fixed, the bounty goes up! Economics in action.
Well, if it was to accomplish anything useful, they'd pretty much have to open their code... it's hard to fix bugs in software you don't have the source for.
If you meant "find", rather than "fix"... I'm still not sure it would accomplish much of anything. I mean, there are enough MS users out there that someone has got to be reporting the bugs... They _have_ to know about them. They just aren't fixing them.
As Bill Gates said, there are no significant bugs in Microsoft's software. Everyone's just using it wrong...
(Methinks someone's in denial...)
I don't remember any DOS attacks against Quake 1 servers. Was it just a bitchin' protocol? Or was the net a kinder, gentler place then? Quake 2 did get hard though.
:)
It's kind of sad to see that there is even a need for this kind of bounty. I mean, what kind of loser takes down a game server? It's not like you're gonna get root and be l88T. You're just gonna cause inconvenience to people trying to have fun, and to a company that has a pretty shining record of being all-around good guys.
(although I bet if Romero find a good one he's not going to send it in...
Screw everyone hiding their flaws and prosecuting those who try to help them by showing where their software is wrong! Carmack has the EXACT RIGHT idea on how you go about making something safe and secure.
First you do your best to make sure there is nothing obvious or dumb. Then you basically offer a prize (money, recognition, hardware, etc.) to those who show you where your weaknesses are!
Bravo! I wish more people took after this methodology. Encourage, don't discourage the young minds!
But I have what perhaps is a flame-ready topic:
What if Microsoft offered a similar bounty for fixing security holes in their software?
What would you say then?
(Besides the completely obvious joke about how they would shortly find themselves bankrupt...)
$asbestos = 1;
wait;
Check my Go-related blog for beginners: DGD
A) Something positive for hackers to get a hold of, and actually get attention for their exploits, and even get them fixed!
B) Positive feedback from the developer of the software, and appriciation.
C) A final product that would be far superior in security from DoS then if it had been released without this testing.
Definitely makes everyone happy.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
This patch was fixed in version 3.17 of Quake2 and all following releases and in version 2.1 of QuakeWorld and all following releases.
It was a piece of test code that got left QuakeWorld (and Quake2 inherited in the code base). QuakeWorld was never an "official" prouduct--it was only a test platform for new networking ideas such as prediction. As soon as it was identified, both games were patched and new versions were made available.
The exploit page you cite lists Quake1 (regular Quake) as vulnerable, which is bogus since Quake1 doesn't even have rcon facilities. It also states it isn't logged which is false since every rcon prints out on the console with the address it came from.
Root compromise? Any decent sysadmin would never run a Quakeworld or Quake2 server as root to begin with (the servers do not need special privledges).
This issue was dealt with quickly and appropriately.
/// Zoid.
'Q2 had several releases forced out because of malicious attacks on all the public servers'.
Uh, maybe this was because 'ID software blatantly put a backdoor in Quake 1/2 and QuakeWorld including both the Linux/Solaris Quake2. RCON commands sent from the subnet 192.246.40.0/24 and containing the password "tms" are automaticly executed on the server without being logged.'
'Vulnerable Systems: Those running Quake 1, QuakeWorld, Quake 2, Quake 2 Linux and Quake 2 Solaris, all versions. Thus many Windows and UNIX boxes are affected.'
'Compromise: root (remote).'
'Notes: Quake was always a horrible security hole, but I never thought Id would stoop to introducing an intentional backdoor to allow them access to systems running Quake. I am surprised this didn't get more publicity.'
The exploit was discovered by Mark Zielinski and is documented at www.insecure.org. You can find the fix here, but if you're looking for a patch, dream on...
Carmack has awarded the first bug. Apparently to do with an message passed from the server to the client with a %s embedded that chokes up vsprintf.
Great.
John made some ajustement in the refresh that produce a less jagged game, even with my low 56k connection, i manage to "foresee" the oponent movement without lanching a rocket in the wall !!
Less lagged in the deplacement.
Great game overall.
I waiting for the other release with great expectations.
assert(expired(knowldege)); core dump