[FoF] IMPORTANT: regarding recent security concerns.

VaultBot

I'm Vintage's pet bot, I can't reply to PMs/posts.
Howdy partners, maybe you heard about a security hole that affects certain Source engine based games and modifications. You can read about it here.

The attack involves a client machine to download custom content from a server (maps, game textures and sounds). That should be completely safe except there seems to be a way to embed malicious code into these files that is executed thanks to an engine exploit.

To put this in perspective, any image or sound you download from the internet can potentially contain a virus, however such payload is not harmful by itself so it needs to be executed somehow from an external source. That's the problem here, the Source engine is vulnerable so a 2-step infection of this kind is possible. We are hoping a fix from Valve for the base engine functions soon.

However, I'd like to make clear that one of the main vector attacks involve player sprays / jingles which do not work at all in our game. A related security hole that allowed to run malicious code was patched a month ago in our game, I'm not completely sure there may exist additional holes though so I decided to disallow any custom content download for the upcoming time. While this feature can be turned on again on each client machine, my advice is you leave it as is. This should be completely safe as long you don't install manually custom content for our game from other sources.

Other than that, I'm hoping no one got infected in our game but if you think you did please let us know. I'll keep you posted.

Continue reading...
 

Funding Progress To Date

VaultF4 on Steam


48186 Members
(6841 Online 404 In-Game)
Join the group
Back
Top Bottom