Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

User information for Mashiki Amiketo

Real Name Mashiki Amiketo   
Search for:
 
Sort results:   Ascending Descending
Limit results:
 
 
 
Nickname Mashiki Amiketo
Email Concealed by request - Send Mail
ICQ NO-441628*Spam
Description --
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Homepage None given.
Signed On Feb 8, 2000, 21:30
Total Comments 2980 (Senior)
User ID 2669
 
User comment history
< Newer [ 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 ] Older >


News Comments > Firm Says Steam URLs Exploitable
27. Re: This goes way beyond being a browser exploit. Oct 17, 2012, 18:27 Mashiki Amiketo
 
No, you don't because Windows environment variables will tell you that. Plus most users use default installation locations for Windows and Steam.

Well as stated in the article the Source engine will do that for the attacker if a Source engine game is installed. But, hardly anyone plays Source engine games, right?

In order to make this exploit work, you need to be able to cause something to create the file, in order to be able to execute it. The environment variable table will not give you a list of games installed to exploit. The link itself is only an arbitrary step in this process. If you don't know what's installed, you have no attack vector. No attack vector, no exploit. It's even in the paper itself. A link isn't enough, but it is the attack point. Now I suppose you could write something to hit the top 100 games.

Even their unreal engine exploit requires a upk file to exist already, in order to cause it to crash(integer overflow). But unless it's there already you can't do squat, and unless you've already written it, or planted it again you can't do squat.

If you run a formed steam URL without something to execute it, nothing happens. If you run something with the steam engine with specific commands, with a force dump you can make it dance. But in the latter case, you need to know "what" you're running into to make it do something.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
24. Re: This goes way beyond being a browser exploit. Oct 17, 2012, 17:55 Mashiki Amiketo
 
hb3d wrote on Oct 17, 2012, 17:07:
That is really, really bad. As bad or worse than that Uplay exploit everyone bashed Ubisoft over (but not the researcher who found the exploit, hypocrites), but was fixed in a day or less. At least that exploit only affected IE users. This attack affects all browsers and Steam client users and since it can be scripted with Javascript, it is relatively easy to implement and get past the user especially on some browsers and settings.
I ah...read the "research paper" and I use that term loosely. That Uplay exploit effected everyone too, and everyone that had the game plugin installed, not just IE.

You still need to be able to have knowledge of what's where, to be able to execute this exploit. And before that you need to be able to have access to something to be able to create the batch file, in order to create the exploit in order to be able to create the vulnerability.

The computerworld article is rather meh as it stands anyway. I liked the TF2 exploit, that was rather funny. Because what they did was tell the game to create a specific file with a specific filename, thus creating the batch file from the console. But you see the problem here?
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Project Eternity Kickstarter Concludes
14. Re: Project Eternity Kickstarter Concludes Oct 17, 2012, 14:48 Mashiki Amiketo
 
nin wrote on Oct 17, 2012, 13:42:
I'm going into withdrawal w/o a recent update here...

It's the hangovers man...you saw the party, they were sloshing it out in the office then I think it was Tim was taking everyone out with the booze on him.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
15. Re: Firm Says Steam URLs Exploitable Oct 17, 2012, 13:24 Mashiki Amiketo
 
Looking at this a bit more, it appears that unless you've been able to compromise the machine before hand and lay a batch file(and know what games are installed). This is pretty much useless, so if someone has already compromised the machine that far. You've got other things to worry about than steam urls.

Though I might have missed something.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Firm Says Steam URLs Exploitable
9. Re: Firm Says Steam URLs Exploitable Oct 17, 2012, 12:10 Mashiki Amiketo
 
Jivaro wrote on Oct 17, 2012, 11:50:
Am I the only one that thinks it is bad form to go public with this before telling Valve? Seems odd to me. I am not talking about the website, I am talking about the folks that discovered the vulnerability.
Not these days. Security is through obscurity in 99% of all cases, which means the only way to get a company to patch a vulnerability is to go public and scream loudly. This isn't really the industry of 10 years ago, where you could even get a hold of someone in production and say "hey, I found this bug and it causes x,y,z to happen and when I do that I've got root." They just kinda shuffle you around until you give up.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
113. Re: Final Project Eternity Stretch Goal Oct 17, 2012, 08:31 Mashiki Amiketo
 
Lorcin wrote on Oct 16, 2012, 22:05:
Really polite and not drunk 21 units of alcohol version of saying it. Kickstarter needs to massively improve it's international appeal - there has been a LOT of games I would have supported aside from the fact I couldn't work out couldn't be bothered to find out what they wanted in my monetary terms.
Beh. Just do the conversion yourself, and stop complaining. Welcome to Canada or something, you know we're right next door to the US and have been doing it for decades. Where the currency can flux as much as a nickle or more in a day. Since there are sites like xe.com, it's not exactly difficult, you can plug in the entire amount and it'll tell you the market value--not the bank value of the transaction. Usually that's another 3-8%.

And up until the last 5 years or so, the difference between our two currencies has been at least 30-40c/dollar or more.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
72. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 20:55 Mashiki Amiketo
 
Someone just dropped $10k  
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
57. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 20:01 Mashiki Amiketo
 
ASeven wrote on Oct 16, 2012, 19:56:

Yeah, just counting the KS funds only.

Which are at $3.9M as of now.
Gotcha. They said they'd have to double check but it was 4.3 or 4.35m in total, it was kinda noisy when they said it.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
53. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 19:43 Mashiki Amiketo
 
ASeven wrote on Oct 16, 2012, 19:29:
$3.87M. 90m to go.
It's apparently past $4m now according to the livestream on twitch.

Q was asked: Will they consider doing more kickstarters after this?
Obsidian: Yes.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
29. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 17:46 Mashiki Amiketo
 
John wrote on Oct 16, 2012, 17:29:
No, it's 12 levels at least! Where you see only 8?
About half way down the page. They've got both still up, 8 and 12. Though I'd say 12 sounds aoout right.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Final Project Eternity Stretch Goal
21. Re: Final Project Eternity Stretch Goal Oct 16, 2012, 17:22 Mashiki Amiketo
 
eRe4s3r wrote on Oct 16, 2012, 17:18:
That's really pretty damn awesome. The sad thing is I am hyped for a game that doesn't come out for 2 years, at least.
You're not the only one. I think a *squeee* is worth it no matter what.

The dungeon is 8 levels now...that's just full of awesome.

bah stupid phone
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Morning Consolidation
4. Re: Morning Consolidation Oct 16, 2012, 15:49 Mashiki Amiketo
 
Wookiestick wrote on Oct 16, 2012, 13:50:
Oh "it's not 'metro' [anymore], it's the 'Windows 8' interface."
--Microsoft

Ah that's only because they didn't think of using Fabulous first.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Out of the Blue
6. Re: Out of the Blue Oct 16, 2012, 14:43 Mashiki Amiketo
 
NegaDeath wrote on Oct 16, 2012, 14:16:
That's the Elite Soldier preorder bonus, I had that at launch. They might be making it available to everyone.
I had it at launch too, but it didn't show up under the DLC thing until today though the elite soldiers were in the game.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Out of the Blue
4. Re: Out of the Blue Oct 16, 2012, 13:50 Mashiki Amiketo
 
Looks like X-Com has some DLC coming down the pipe "soon"
http://i47.tinypic.com/2gx1yk0.png

This wasn't showing up on release day at least for me, maybe someone can try digging and seeing if there's something else coming down the pipe.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Project Eternity Q&A; $3M Goal Reached
26. Re: Project Eternity Q&A; $3M Goal Reached Oct 14, 2012, 23:01 Mashiki Amiketo
 
"There's no demand for classic isometric RPG's"

Bwhwhaha...
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Get a Free Origin Game?
20. Re: Get a Free Origin Game? Oct 13, 2012, 17:28 Mashiki Amiketo
 
MoreLuckThanSkill wrote on Oct 13, 2012, 17:26:

For free digital copies? Somebody somewhere is getting a promotion, if not a few turns at the blowjob machine as well. For the cost of bandwidth they are getting potentially millions of people to get suckered in to Origin. Now those people might never use Origin again, but of course they MIGHT go back and buy some games in the future...

This is a classic marketing strategy. The only free games are arguably the poor performing games, etc.

*EDIT* Typo.

Yeah but that's believing that EA has someone who can see "classic marketing strategy" instead of "OMG WE LOST MONIES!!!eleventyone!"
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Get a Free Origin Game?
16. Re: Get a Free Origin Game? Oct 13, 2012, 16:47 Mashiki Amiketo
 
Man lot of people are gonna get free games, wonder who's gonna get canned over this one. Now, since they gave the code away and people used it. Think they'll try to revoke people who got their game via this method now? That could cause a real shit storm.  
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > Get a Free Origin Game?
13. Re: Get a Free Origin Game? Oct 13, 2012, 16:24 Mashiki Amiketo
 
Well I knew if I waited long enough, I'd get EA to give me DA2 for nothing. HAHAHA!  
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > No Adult Games on Windows 8 Marketplace
30. Re: No Adult Games on Windows 8 Marketplace Oct 11, 2012, 14:32 Mashiki Amiketo
 
Cutter wrote on Oct 11, 2012, 13:34:
Smoking bothers you more than cars and factories does it?
That one was always my favorite.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
News Comments > No Adult Games on Windows 8 Marketplace
24. Re: No Adult Games on Windows 8 Marketplace Oct 11, 2012, 13:33 Mashiki Amiketo
 
Killing a marketplace before it starts huh? Well good job there MS. Carry on.  
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
2980 Comments. 149 pages. Viewing page 45.
< Newer [ 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 ] Older >


footer

.. .. ..

Blue's News logo