BugTraq
Back to list
|
Post reply
Re: Epic Games threatens to sue security researchers
Feb 11 2003 09:36PM
dave immunitysec com
In-Reply-To: <20030211193135.12389.qmail (at) mail.securityfocus (dot) com [email concealed]>
As a side note, the trojaned map vulnerability has been known to many
people in the security industry for over a year, since certain members of
us are avid UT players, and it came under some intense review. (After
finding the Powerpoint 2000 vulnerability, which is very similar, I did a
quick sweep of other interesting programs.)
In fact, back in the day, I'd almost succeeded in getting a server to send
out the modified map file and automatically exploit connecting clients.
Dave Aitel
Immunity, Inc.
>Subject: Re: Epic Games threatens to sue security researchers
>
>In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4 (at) wks.jubii (dot) dk [email concealed]>
>
>Thor,
>
>I have sent your company an apology for those completely unfortunate
>comments that I sincerely regret. We did provide an official statement
>and I was not, at the time, aware that my verbal reaction, in a moment of
>shock and surprise, was being captured for the article.
>
>The comment was a complete over-reaction to seeing the list of games
>including future games that have not yet been published. It had nothing
>to do with the security issues themselves, the validity of the report, or
>the way Pivx presented it to us. Pivx gave us more than fair enough
>warning of the bugs and we simply failed to fix them in the allotted
>time. We released a statement last week to the Unreal community
>indicating that "we fucked up" in not addressing these concerns within
>the given time and that we were already testing a patch with the security
>issues corrected. In addition the official statement we gave pointed out
>that we were fixing the holes and that the Pivx report was fair and
>accurate. Licensees were already provided with the source code for the
>security fixes.
>
>Again this was a moment-of-stupidity reaction and I sincerely apologize
>to Pivx and the entire security community. Epic has already stated that
>we will take these matters far more seriously in the future.
>
>
>Mark Rein,
>Epic Games Inc.
>
>Visit us at http://www.epicgames.com
>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
As a side note, the trojaned map vulnerability has been known to many
people in the security industry for over a year, since certain members of
us are avid UT players, and it came under some intense review. (After
finding the Powerpoint 2000 vulnerability, which is very similar, I did a
quick sweep of other interesting programs.)
In fact, back in the day, I'd almost succeeded in getting a server to send
out the modified map file and automatically exploit connecting clients.
Dave Aitel
Immunity, Inc.
>Subject: Re: Epic Games threatens to sue security researchers
>
>In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4 (at) wks.jubii (dot) dk [email concealed]>
>
>Thor,
>
>I have sent your company an apology for those completely unfortunate
>comments that I sincerely regret. We did provide an official statement
>and I was not, at the time, aware that my verbal reaction, in a moment of
>shock and surprise, was being captured for the article.
>
>The comment was a complete over-reaction to seeing the list of games
>including future games that have not yet been published. It had nothing
>to do with the security issues themselves, the validity of the report, or
>the way Pivx presented it to us. Pivx gave us more than fair enough
>warning of the bugs and we simply failed to fix them in the allotted
>time. We released a statement last week to the Unreal community
>indicating that "we fucked up" in not addressing these concerns within
>the given time and that we were already testing a patch with the security
>issues corrected. In addition the official statement we gave pointed out
>that we were fixing the holes and that the Pivx report was fair and
>accurate. Licensees were already provided with the source code for the
>security fixes.
>
>Again this was a moment-of-stupidity reaction and I sincerely apologize
>to Pivx and the entire security community. Epic has already stated that
>we will take these matters far more seriously in the future.
>
>
>Mark Rein,
>Epic Games Inc.
>
>Visit us at http://www.epicgames.com
>
[ reply ]