-
-
Last edited by php; 19th March 2021 at 13:37.
smect@ (4th April 2014)
Closed source: unsecure as fuck, Company gives no fuck.
timescale 0.01
-
Last edited by php; 19th March 2021 at 13:38.
BurntToast (4th April 2014)
Honestly though why did you post this? You didn't even propose a useful method of protecting against it, instead choosing to release this "big security breach" to the public.
-
Last edited by php; 19th March 2021 at 13:38.
smect@ (4th April 2014)
Your fears in honor, but this "possibility" exists for a long time and not only CoD1, also CoD2 and CoD4. Is something more secure, because less people know about it, though others exploit it already?
I don't have Facebook, maybe somebody wants to inform Infinity Ward.
Probably it wouldn't even be allowed to patch those security errors, since Reverse Engineering is not allowed.
Just asked php to test this in Sandboxie, the download and execution still works, but it might give more security, because it prevents total access on the filesystem.
Sandboxie is able to whitelist processes, this may help (please try php and tell us ):
All big Companies start seeing the value of Open Source, Google with Android, Microsoft is open sourcing C# etc... I hope IW will release the source code of Call Of Duty 1, 2, 4... otherwise there is nobody fixing their bugs.
timescale 0.01
smect@ (4th April 2014)
-
Last edited by php; 19th March 2021 at 13:38.
OK, I am a little confused. Perhaps some clarification would help:
You can spoof an executable and make it look like an IWD/PK3 file. And this can be downloaded to the client as if it were a mod file. How is the executable started once its in the client's PC? Is it self-executing? I was under the impression that it is very difficult to make a self-executing executable. Even viruses need you to execute them before they can do any damage.
Or, does the fake-IWD/PK3 file sit there and wait/hope that the client gets curious and double-clicks it to see what it is?
Last edited by Tally; 4th April 2014 at 17:35.
-
Last edited by php; 19th March 2021 at 13:39.
BurntToast (5th April 2014)