In the recent patch they added difficulty levels to the custom game AI. Make it as hard as you want (although honestly it wasn't that difficult unless it was a 2v2 or 3v3 against the cpu, 1v1 they sucked).
Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backside components through a web application.
2) Broken Access Control
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users' accounts, view sensitive files, or use unauthorized functions.
If this came out several months earlier maybe the RIAA would have checked their robots.txt and *secured* the folders they didn't want people to mucking around.
Story being referenced
We've already had at least one dupe story this week, and now slashdot is posting hoaxes / rumors from other sites. It's not that hard to check business sites (hell, with google it's trivial) to see if the story is true, instead of blindly posting it because it sounds cool. 2.3 Billion dollar settlements aren't made without the knowledge of the business world and/or shareholders.
Slashdot Mirror
In the recent patch they added difficulty levels to the custom game AI. Make it as hard as you want (although honestly it wasn't that difficult unless it was a 2v2 or 3v3 against the cpu, 1v1 they sucked).
It says that -are- calling it a beta for now.
1) Unvalidated Parameters
Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backside components through a web application.
2) Broken Access Control
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users' accounts, view sensitive files, or use unauthorized functions.
If this came out several months earlier maybe the RIAA would have checked their robots.txt and *secured* the folders they didn't want people to mucking around. Story being referenced
Well according to the faq they don't check stories unless they're outrageous, so that's my mistake. -Chris
We've already had at least one dupe story this week, and now slashdot is posting hoaxes / rumors from other sites. It's not that hard to check business sites (hell, with google it's trivial) to see if the story is true, instead of blindly posting it because it sounds cool. 2.3 Billion dollar settlements aren't made without the knowledge of the business world and/or shareholders.
-Chris