"Yes Gamespy, the people who say to "welcome any and all help" and then send me an useless Cease&Desist and DEFAME me and moreover my hobby, the same people who say to "protect gamers rights and provide security" and then leave RogerWilco and Gamespy3d vulnerables to highly critical and pubblic old bugs (still now), the same "trusted people" who claim "Gamers trust us" and at the same time insert hidden functions in third party games.
The code now object of this research is just the SDK that Gamespy gives/sells to games developers to implement the online management and validation of games cd-keys.
The worst thing of this SDK is that it uses simples "security through obscurity" methods to hide informations to the same users who use these vulnerable games (any existent type of demo, retail and dedicated server) so this advisory will also clarify these shameful methods avoiding that these users like me continue to be joked.
The bugs I want to analyze are essentially the following:
A] security bug/programming error: crash in the games servers
B] security through obscurity bug: possible privacy problems
Fortunally the developers have the source code of the bugged SDK so all the people I have personally contacted a lot of weeks ago have had the possibility to fix the first bug without problems.
Then some weeks ago Gamespy has also released a patched SDK to the developers of the vulnerable games, in fact they have been contacted just by one of the developers I have talked with... in fact as everybody knows for me is impossible to directly contact Gamespy because they are incapable to understand and manage my bugs signalations.
However I have also provided some unofficial fixes for the games that have no official patches at the moment or that are no more supported."
Du kan læse meget mere om det hos SecurityFocus.
Del med dine venner