From mrein@epicgames.com Tue Feb 11 15:27:22 2003 Received: from neuman.westga.edu (neuman.cc.westga.edu [160.10.7.12]) by bilbo.westga.edu (8.11.6+Sun/8.9.2/TSS-usg.m4_1.17-x[29Jan1999]) with SMTP id h1BKRMS11822 for ; Tue, 11 Feb 2003 15:27:22 -0500 (EST) Received: through eSafe SMTP Relay 1044902538; Tue Feb 11 15:16:43 2003 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) by outgoing3.securityfocus.com (Postfix) with QMQP id 618B6A30F9; Tue, 11 Feb 2003 13:22:08 -0700 (MST) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 1631 invoked from network); 11 Feb 2003 19:28:33 -0000 Date: 11 Feb 2003 19:31:35 -0000 Message-ID: <20030211193135.12389.qmail@mail.securityfocus.com> Content-Disposition: inline MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: Mark Rein To: bugtraq@securityfocus.com Subject: Re: Epic Games threatens to sue security researchers X-MIME-Autoconverted: from quoted-printable to 8bit by bilbo.westga.edu id h1BKRMS11822 Content-Type: text/plain Content-Length: 1420 X-Evolution-Source: imap://stu7440@sun.cc.westga.edu:143 Content-Transfer-Encoding: 8bit In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4@wks.jubii.dk> Thor, I have sent your company an apology for those completely unfortunate comments that I sincerely regret. We did provide an official statement and I was not, at the time, aware that my verbal reaction, in a moment of shock and surprise, was being captured for the article. The comment was a complete over-reaction to seeing the list of games including future games that have not yet been published. It had nothing to do with the security issues themselves, the validity of the report, or the way Pivx presented it to us. Pivx gave us more than fair enough warning of the bugs and we simply failed to fix them in the allotted time. We released a statement last week to the Unreal community indicating that "we fucked up" in not addressing these concerns within the given time and that we were already testing a patch with the security issues corrected. In addition the official statement we gave pointed out that we were fixing the holes and that the Pivx report was fair and accurate. Licensees were already provided with the source code for the security fixes. Again this was a moment-of-stupidity reaction and I sincerely apologize to Pivx and the entire security community. Epic has already stated that we will take these matters far more seriously in the future. Mark Rein, Epic Games Inc. Visit us at http://www.epicgames.com