Register
Events
Popular
More
Post #1441
Coming back to this. What if I was on the same network as a player, sniffed his secret id, and then hijacked his port as soon as he disconnected and then kept going as if I was that player?
Is there a protection against this? I guess this is the setback of using UDP.
-
-
Get one of those male pin headers from ebay, and solder the wire to it. They'll be holding much tougher than bare wires.
-
Well you'd have to block his "I'm disconnecting now" packet.
To eliminate passive MiTM attacks you'll need to set up some kind of handshake encryption. For the only example I have to hand, see Minecraft 1.3's protocol which is designed to stop that.
That's vulnerable to an active MiTM attack where the attacker reroutes the user's packets their own attack server and do lots of spoofing, but to be honest that's pretty unlikely to happen, and if it is happening your user has more to worry about than someone pretending to be them in a game.
However, if you need to protect against it, look into SSL.
-
Now the fun begins.
-
Kablooey
-
I agree that he could have handled it better and just said "Thank you for notifying me of the problem. I have devised a fix and will implement it as soon as I fly home and can access the SMB code base." However, he did say that he was aware of the problem and that it wasn't a significant problem to him because he had the database backups. Facepunch took this as 'Oh he doesn't care' instead of 'He is aware of the issue and has backups to restore it if someone does mess with it.' - Since the data can be recovered, it's not the end all if someone gets in right this minute.
He knew the issue was there, and he didn't blow off attempts to notify. He didn't have his code with him and couldn't release a patch, and it was right around a holiday. What is he supposed to do, drop his entire life, fly home, fix the code on a holiday and release a patch and then fly back out? The issue had been there for months, another 3 or 4 days wouldn't have hurt.
-
Wasn't the conversation on Twitter public? That makes those days much more important since the public knew about the flaw.
-
No, he just didn't care.
-
Like I said, he could have handled it better. However, in the grand scheme of life if someone did decide to fuck with the database he could have just waited until he got home, wrote a patch, rolled that out and then rolled back the database, and life would have gone on.
Instead, it turned into a harassment game.
I'm still not seeing what you guys thought he should have done. I personally think he could have just acknowledged the problem and said he'd be on it as soon as he could and I think FP would have left it alone, had it been fixed relatively soon after.
It seems like you guys were more pissed about his reply of "It's fine" as a way of saying "I know, I have a plan" than anything else and FP used that as a basis for their actions.
-
"Trust me. It's fine." sounds more like "I'm not intending to change this I see no issue with it" than anything else.
-
Translates to "Too lazy, cba to fix"
-
all he had to say was one word; a simple one word reply: "Thanks". Hell, i'm always ecstatic when someone goes out of their way to find bugs in my software and then tells me about it. Even more so when they offer to help me fix it!
-
Ah, a good old-school page full of debate about TeamMeat, it's glorious.
-
Definitely. In fact, you could say that his reaction is a direct cause of the hacking.
"I knew what I was doing! I wrote an insecure system involving directly connecting to a MySQL database with built-in credentials because I naively assumed that every single person on the internet (especially kids) were motherfucking angels who would never think to hack me. I tend decided to blow them off because I'm a god damn genius when it comes to coding and anyway I had backups."
You're buying that excuse? No, sorry, people who know what they are doing do NOT do that mistake. It's simply PR and face saving. And you're falling for it.
-
I'm not saying that he shouldn't have written it better in the first place. However, I'm more interested in the fact that Facepunch claims that he's not the victim, and that apparently their actions are justified by his responses.
Just because someone leaves a door unlock doesn't mean they're specifically inviting people to rob them.
-
If you don't give people a swift kick in the ass on the small things, they go and fuck up where it actually matters.
Some Facepunchers poking around in Meatworld is considerably more benign than whatever might've occurred if he continued this carelessness elsewhere. Needless to say, he won't be making this mistake again. It's what he needed, even if he didn't appreciate it.
-
"@charliesome Currently away from the source, will fix when I get back."
ENTIRE SITUATION AVOIDED
Edited:
I really don't see how hard it'd be to secure. Give each user an account for the world when they buy the game, and use that to access the database through some serverside scripts.
-
Not bad from a single day of TheNewBoston C++ video tutorials.
My only previous knowledge was Game Maker Language, and I must say it has helped a lot knowing it.
Saves/Loads your monsters on a .txt file, and same with the highscore. Not suppose to be nice, just suppose to work.
Edited:
and I just realized the menu is messed up.... let's fix that.
-
What better way to spend friday night than particles and damage maps?
-
Pew Pew Pew Pew
-
I'm sorry, I'm still enjoying/caught up on the fact you can LASER AN ENTIRE SHIP IN HALF.
-
Extremely reminiscent of S.P.A.Z. Good job!
-
So I lost all my ambition to follow up on my curses roguelike and decided to use my little knowledge of lua from garrysmod in making a game with Löve.
So far there's no collision/animations/etc. but it's a start. Still haven't decided what to do with it, might just use it for learning experience.
-
Was going to say, he's a shitty psychologist.
-
Google's honoring Alan Turing's birthday with a set of Turing Machine puzzles
-
Progress on my artillery thingy. Splitscreen multiplayer and varying shot velocity :D
-
I've started to use CMake, and I agree; It feels much cleaner and easier to customize than autotools.
Plus who wouldn't love this adorable, clean, and colorful makefile?
-
But Mr. Charlie Somerville was going to basically fix it for them. Sounds like they've got some weird pride issue with their code, like "don't tell me it has any flaws, I'm the best coder la la la la la dee da"
-
Mr. Charlie Somerville is Swifty Shiftles
-
The exhalted creator of JSOS
-
Wow, I didn't read your post until now and that's exactly what I did an hour ago. It works great. Thanks.Get one of those male pin headers from ebay, and solder the wire to it. They'll be holding much tougher than bare wires.
-
Your typical dutch homosexual, lua hire scam artist, bf3 hacker. I love cock <3 !
February 2011
1,719 Posts
-
AKA The Turbulator
-
AKA Turbanasaurus Rex
-
Would anyone of you read a small devblog of my project if I were to make one? I want to document the progress of making it and a devblog feels like a good way. Maybe rate agree/disagree?
-
Place a message on my profile stating how you feel towards me. (obligatory: scriptkiddy destroyer)
March 2012
3,137 Posts
i just melted a metal nail with electricity.
it was cool.
-
Post pics
-
Yes. Well, it depends on what kind of project it is but I really like reading devlogs of games and applications, and anything really. Convinced a friend to start making a dedicated site to devlogs. Even has one of those hipstery r's at the end. http://devlogr.com/
By the way, if anyone wants to help me out with a problem concerning blending and framebuffers, I posted a question on StackOverflow some days ago. http://stackoverflow.com/questions/1...ar-transparent
-
Working on some third person camera and movement mechanics.
Also, pro animations.
-
You shouldn't completely disable blending when rendering to your frame buffer. You should enable or disable it when you need it just like you would when rendering straight to the back buffer.
Winner x 1
x 3
x 2
x 1
x 1
Friendly x 1
Disagree x 2
Zing x 4
Funny x 1
Artistic x 24
Useful x 1
Late x 1
x 1
