"Valve's response has been a complete disappointment right from the start. On Twitter, Carl Schou, the founder of Secret Club, a not-for-profit group of security researchers, highlighted two other vulnerabilities that he said were reported to Valve by members of his group. "When we posted that this exploit affects every source engine game one should understand this as 'every game might theoretically be affected as it is a bug in the engine and not something game specific.'" "We can't say in how many games it used to work and if/when things got patched," Florian said. The good news is that Valve appears to have patched the bug in other games other than CS:GO. "Once you infected somebody this person can be weaponized in order to infect their friends and so on," Florian said. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 9, lorenzofb on Wickr, OTR chat at or email to him, hackers could use this bug and make it automatically spread, almost as a worm. Another researcher also found the same bug months after Florian reported it, and their report was merged with the original one.ĭo you reverse engineer and research vulnerabilities in video games? Or do you work on anti-cheat engines? We’d love to hear from you. "I am honestly very disappointed because they straight up ignored me most of the time," Florian said in an online chat.Ī Valve spokesperson did not respond to a request for comment.įlorian said that he was able to code an exploit to take advantage of the bug that works 80 percent of the time, according to his estimate. ![]() Valve admitted that it was being slow to respond, even though it classified the bug as "critical" in the thread with the researchers, which Motherboard reviewed. ![]() Florian's correspondence with Valve occurred on HackerOne, the bug bounty platform used by the company to get reports about vulnerabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |