Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Game Servers Vulnerable?

Computerworld notes a recent presentation (Adobe Acrobat format) from ReVuln, a security firm based in Malta, outlining vulnerabilities in several game engines. According to ReVuln, they have identified client and/or server vulnerabilities in CryENGINE 3, Unreal Engine 3, id Tech 4, and more, which can be used to launch remote code execution or denial-of-service attacks. The CW article notes that the developers of these engines, which power a significant number of games, were not informed of these issues in advance of this release, saying: "ReVuln doesn't report vulnerabilities to affected vendors. The company sells information about newly discovered vulnerabilities to third-party companies and government agencies as part of a subscription-based service." Thanks Ant.

View
8 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

8. Re: Game Servers Vulnerable? May 23, 2013, 19:11 Crustacean Soup
 
BobBob wrote on May 23, 2013, 13:38:
Crustacean Soup wrote on May 22, 2013, 19:06:
BobBob wrote on May 22, 2013, 09:35:
Firewall settings can typically prevent this.
Not unless you want to stop clients from even connecting to the server in question.

You can control packets, search strings, etc. I'm talking Linux not Windows.
You could do DPI. It's expensive to do so, and you'd have to specifically tailor it towards each exploit (there's no "anti-exploit" setting you can turn on in your firewall to do this). No firewall vendor is going to do it automatically for you, it's unlikely any actually server operators would end up doing it, and it's pretty much certain no consumers will (should an vulnerability be exploited by a server against clients instead of the other way around). So okay, hypothetically it's possible.
 
Reply Quote Edit Delete Report
 
7. Re: Game Servers Vulnerable? May 23, 2013, 13:38 BobBob
 
Crustacean Soup wrote on May 22, 2013, 19:06:
BobBob wrote on May 22, 2013, 09:35:
Firewall settings can typically prevent this.
Not unless you want to stop clients from even connecting to the server in question.

You can control packets, search strings, etc. I'm talking Linux not Windows.
 
http://tinyurl.com/WeatherImmunity Whew
Reply Quote Edit Delete Report
 
6. Re: Game Servers Vulnerable? May 22, 2013, 19:06 Crustacean Soup
 
BobBob wrote on May 22, 2013, 09:35:
Firewall settings can typically prevent this.
Not unless you want to stop clients from even connecting to the server in question.
 
Reply Quote Edit Delete Report
 
5. Re: Game Servers Vulnerable? May 22, 2013, 16:30 eRe4s3r
 
But you are assuming they are only selling to legitimate companies.. Notice they don't disclose who is subscribed to their service, which means they got something to hide.

I guess I am just automatically paranoid nowadays

This comment was edited on May 22, 2013, 16:37.
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
4. Re: Game Servers Vulnerable? May 22, 2013, 15:33 Mashiki Amiketo
 
eRe4s3r wrote on May 22, 2013, 09:35:
And this is not black mail and illegal because....?
They're not extorting. Rather they're selling information which they've discovered, which while not illegal in this case is by and far a grey area in most places. Especially since many companies put app security at a low priority or no priorty. Which means that there's a market for said information.
 
--
"For every human problem,
there is a neat, simple solution;
and it is always wrong."
--H.L. Mencken
Reply Quote Edit Delete Report
 
3. Re: Game Servers Vulnerable? May 22, 2013, 09:35 eRe4s3r
 
And this is not black mail and illegal because....? Actually, You could probably sue them to disclose the information if you are a company with seat the EU.  
Avatar 54727
 
Reply Quote Edit Delete Report
 
2. Re: Game Servers Vulnerable? May 22, 2013, 09:35 BobBob
 
If I recall this has been around for a long time with various game engines over the years. Firewall settings can typically prevent this. Once the engine goes open source, the vulnerabilities are squashed - like ioQuake3. This is why PC gamers should support open source gaming.

Also, support companies like Valve that make constant updates and care about the product and gaming community.

This comment was edited on May 22, 2013, 13:21.
 
http://tinyurl.com/WeatherImmunity Whew
Reply Quote Edit Delete Report
 
1. Re: Game Servers Vulnerable? May 22, 2013, 09:20 necrosis
 
"ReVuln doesn't report vulnerabilities to affected vendors. The company sells information about newly discovered vulnerabilities to third-party companies and government agencies as part of a subscription-based service."

Wow this sounds like a fantastic company. Rolleyes
 
Avatar 16007
 
Reply Quote Edit Delete Report
 
8 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

Blue's News logo