Question: MA Developers can answer if CE2 is also affected?

[Danton]

Can someone of Developers please tell if Cryengine 2 (and so EU) is also affected by the following problem:


[...]
The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

In the demonstration, Auriemma caused a graphic of cat riding a rocket to be displayed on the victim's computer.

"Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server," Ferrante said.
[...]

Link to original article:
http://www.computerworld.com/s/arti...ability_in_i_Call_of_Duty_Modern_Warfare_3_i_

Thx
-Ron

 

[AxeMurderer]

"Once you get access to the server, .....

I guess you don't need anything more to become rich

 

[-Archangel-]

The post above tell why MA would have more important things to be worried about.

at the server level, enabled him to create a remote shell on a game-player's computer.

If MA wishes to something very naughy to you (lets say to format some of your disks) it already has full control on a program that can do arbitrary changes to your computer.(formating C: is also possible since for some things MA could demand administrator previleges).

And besides having a safety image set asside there isn't much you can do about that.

 

[-Archangel-]

Anyway thank you for sharing the link.

 

[Danton]

....
If MA wishes to something very naughy to you (lets say to format some of your disks) it already has full control on a program that can do arbitrary changes to your computer.(formating C: is also possible since for some things MA could demand administrator previleges).
......

Knowing that. The article is not detailed enough about how the vulnerability can be used. If there is a security problem at the server part of CE that can be used to intrude the servers, that would be a real problem. That's why I asked. I am sure if MA knows about a problem they will not make it public, but a word from them that they are watching this would be nice.

Cu
-Ron

 

[-Archangel-]

a word from them that they are watching this would be nice.

I gave up having such kind of hopes many years ago.


But to be fair they seem to be improving on giving the general user with useful information.

 

[Luckycharm]

I read that article a few days ago and decided not to bring it up here.

The impression I had was also that you need some kind of access from the client to the server where you can type commands etc, which does not seem available in this environment. Like you find in some games a key that allows you to chat but also perform special operations in a separate window, unlike the switches we can type in chat only such as /em /pos /f /t /s /tr etc where special symbols such as the "[" are blocked.

Aside from that I have to say I found years back a way to have a certain influence on the client's ability to show text in the chatwindow, as in create a situation where it seemed unable to show up any text after. Guess it's a vulnerability too.