[cod] CoD exploit...

Doctor Who pjankovic at hotmail.com
Sun Jul 25 16:40:12 EDT 2004


Yes i agree...Luigi is da man and tx for spoting the exploit,and tx Ryan for 
helping the linux comunity,but i must agree with chris that some info must 
be hold back until fixes for all parties is in the makeing. and for 
godsake....it was a joke..chill

My opinion is that...if like u not...care i dont :D  Strong the force in you 
is!



>From: "Chris Adams" <chris at fragzzhost.com>
>To: <cod at icculus.org>
>Subject: Re: [cod] CoD exploit...
>Date: Sun, 25 Jul 2004 21:19:54 +0100
>
>Don't get me wrong, I think that it has to be done, yes, just Luigi should
>withhold it as long as it takes. I believe he was the guy who found the 
>HLDS
>BOF last year? Really when there are no/few known hack attempts, and he has
>worked it out, he should wait, even if it's a month, until the appropriate
>fixes can be made. Because he let it out before the fixes were done, scores
>of GSPs had to shut down all HL-based servers to avoid the enslaught of
>script-kiddies who had just seen it on a security site. It was total chaos.
>Valve were pretty slow to react, so the disruption was huge. He should have
>made sure that the fix was out before he made it public. I believe that
>Valve were hardly given any notice about the bug's release to the public
>though.
>
>Same with this MOHAA fix recently. He did make a Win32 fix, so I'll give 
>him
>credit there, but I think it's totally irresponsible to make something like
>that public until the fixes had been done for Linux. I know he did at least
>try, but he should have waited in my opinion until it was fixed. Until Ryan
>managed to get the fix done, Linux users were no better off - in fact they
>were worse off with the information about the hack being out. Before we 
>were
>vulnerable, but no-one knew, but afterwards we were vulnerable with the
>whole hacker community being aware of it.
>
>"People who think non-disclosure is a viable security concept should
>be locked up". Those who think that disclosure without any fix is better
>than non-disclosure should be locked up :-)
>
>Anyway my comment was only meant to be a light-hearted comment with a slant
>of frustration. There is a core of GSP owners from whom this fix is
>confronted with the thought, "Not another bloody fix to test and roll
>out..." rather than "Oh brilliant someone's put a stop to this
>previously-unknown bug", who I think would agree. Sadly people seem to take
>everything on mailing lists as blunt, matter-of-fact, accurate
>representations of the author's exact truthful thoughts, without satire,
>sarcasm or humour. :-(
>
>Chris
>
>----- Original Message -----
>From: "Christopher Kunz" <chrislist at de-punkt.de>
>To: <cod at icculus.org>
>Sent: Sunday, July 25, 2004 8:42 PM
>Subject: Re: [cod] CoD exploit...
>
>
> > Josh Wright wrote:
> >
> > > Agreed.
> > >
> > > -jdwright
> >
> > To clarify this, I'm not attacking Ryan for his decision not to publish
> > the details of the CoD exploit on this list.
> >
> > I'm attacking the opinion that Luigi, who has done very, very precious
> > work for security in game servers, is doing something wrong where in
> > contrary we can't thank him enough for seriously pentesting game 
>servers.
> >
> > --ck
> >

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus




More information about the Cod mailing list