Announcements

Join the ongoing conversation on Discord: https://discord.gg/znVSmnjJ

the 2024 End of the year development summary is live below. Watch the video and let us know on the comment page.

To purchase your copy of the City of Titans Launcher, visit our store at https://store.missingworldsmedia.com/ A purchase of $50 or more will give you a link to download the Launcher for Windows or Mac based machines.

Kinda nifty security vulnerability.

2 posts / 0 new
Log in or register to post comments
Last post
Sat, 07/22/2017 - 00:52
#1
blacke4dawn
blacke4dawn's picture
Offline
Last seen: 1 year 10 months ago
Joined: 03/28/2015 - 03:02
Kinda nifty security vulnerability.

Just ran across an article on Tom's Hardware about [url=http://www.tomshardware.com/news/valve-patches-source-sdk-vulnerability,35052.html]remote code execution in Source SDK[/url] when killing someone. It started sounding really nifty when they said it needed a "specially crafted ragdoll" to do it but reading further in the linked [url=https://oneupsecurity.com/research/remote-code-execution-in-source-games?t=r]One Up Security blog post[/url] it actually is a fairly standard buffer overrun exploit since the "ragdoll" is actually just a text string of rules (which I'll assume is behavioral). Just thought is was kinda nifty to deliver it through a game and killing someone being the trigger giving "pwning them" a whole new meaning.

Though on a more serious note it just shows that nothing is really safe and we need to be ever vigilant, especially in bounds checking.

Top
Fri, 07/28/2017 - 17:47
Lin Chiao Feng
Lin Chiao Feng's picture
Offline
Last seen: 2 weeks 5 days ago
Developerkickstarter11th Anniversary Badge
Joined: 11/02/2013 - 09:27
NEVER TRUST RAW USER INPUT!

[b][size=48][color=#800]NEVER TRUST RAW USER INPUT![/color][/size][/b]

[i]Has anyone seen my mind? It was right here...[/i]

Top