Luigi Auriemma

me@aluigi.org [PGP]


News QuickBMS Research MyToolz Advisories Proof-of-concepts Fake players bug Patches Password recovery MyMusic TestingToolz About... RSS feeds
aluigi.org zenhax old forum mirror   Twitter LinkedIn
Mindlog

a blog? a diary? an abort of my mind? nobody knows...


15 Nov 2005
Undead bugs and people ignorance
It's not a secret that two of the most attended games of the year
(F.E.A.R. and Call of Duty 2) are affected by public bugs found and
published by me almost one year ago.
The shame is moreover in the fact that tons of people were and are
aware of these bugs (sure, they are publics!) except the same
developers (or must I say PUBLISHERS???).
Another shameful thing, worst than the previous, is the usual attitude
that server admins and players have versus the security bugs.
It's not rare to surf over a forum and seeing "edited" (aka
censored) posts of people that linked to the advisory or a
proof-of-concept or also a patch/work-around (yes incredibly) on my
website.
Seems that the history is not enough for ignorant people which not
only allow that old bugs remain unpatched for years (exist so much
examples that I avoid to waste space here) but still continue with
their censored and obtuse attitude.
For them is not important if games have a short life and so if you
find or are aware of a problem you must force the developers to fix it
as soon as possible, is not important if what they call "bad"
people (script kiddies and crackers) are already aware of these bugs
although they remove a stupid link and any security website and search
engine points to the source of the information so their useless
censorship affects only the victims of a bug, is not important if they
try to infect other people with their bigot mentality and moreover is
not important if then they use my patches but don't want links to my
website (respect, what a beautiful word)...
The only way to fix a problem is making the biggest number of people
aware of it, that's the truth and most logical and tested conclusion.
If exists a problem in my bike that makes it to explode (wow!) I WANT
to be aware of it so I can make pressure to who has produced it or
trying to find a solution myself.
That's why script kiddies are (indirectly) the pillar of computer
security and do the real job since they force people to be aware of
the problems that affect the stuff they use and, therefore, repair
them before is too late.
So send a big ironic THANX to the people which allow bugs to stay
unpatched forever due to their "head under the sand"
philosophy...
Last thing, developers make errors but usually the support of a game
is not decided by them so if you want to protest for an unfixed bug
remember to contact also and morever the publisher of the vulnerable
game!


news: ...6 7 8...