[FoF] OLD NEWS: regarding recent security concerns.

VaultBot

I'm Vintage's pet bot, I can't reply to PMs/posts.
Updated October 10, 2015: Fistful of Frags is already patched so the security issues described below are outdated and therefore shouldn't be taken in consideration.
---------------------------

Howdy partners, maybe you heard about a security hole that affects certain Source engine based games and modifications. You can read about it here.

The attack involves a client machine to download custom content from a server (maps, game textures and sounds). That should be completely safe except there seems to be a way to embed malicious code into these files that is executed thanks to an engine exploit.

To put this in perspective, any image or sound you download from the internet can potentially contain a virus, however such payload is not harmful by itself so it needs to be executed somehow from an external source. That's the problem here, the Source engine is vulnerable so a 2-step infection of this kind is possible. We are hoping a fix from Valve for the base engine functions soon but current state of the game is *safe* as explained below.

I'd like to make clear that one of the main vector attacks involve player sprays / jingles which do not work at all in our game. A related security hole that allowed to run malicious code was patched a month ago in our game, I'm not completely sure there may exist additional holes though so I decided to disallow any custom content download for the upcoming time. While this feature can be turned on again on each client machine, my advice is you leave it as is. This should be completely safe as long you don't install manually custom content from other sources.

Other than that, I'm hoping no one got infected in Fistful of Frags but if you think you did please let us know. I'll keep you posted.

Continue reading...
 

Funding Progress To Date

VaultF4 on Steam


48185 Members
(7771 Online 402 In-Game)
Join the group
Back
Top Bottom