Comments for Scorptek • GMNews http://gmnews.scorptek.net powered by Scorptek Sat, 22 Nov 2008 13:28:33 +0000 http://wordpress.org/?v=MU hourly 1 Comment on InstantPlay Exploit Published by James Rhodes http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9142 James Rhodes Sat, 22 Nov 2008 10:37:26 +0000 http://gmnews.wordpress.com/?p=557#comment-9142 Maybe you don't understand. At no point did I give people the ability to recreate and execute the vunerability. I posted the proof of concept and created a discussion describing it. Maybe you don’t understand. At no point did I give people the ability to recreate and execute the vunerability. I posted the proof of concept and created a discussion describing it.

]]> Comment on InstantPlay Exploit Published by NakedPaulToast http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9141 NakedPaulToast Sat, 22 Nov 2008 03:42:11 +0000 http://gmnews.wordpress.com/?p=557#comment-9141 "The time they take to fix it will tell users how trustworthy they are as a company." How quickly they respond, has nothing to with trustworthiness. @James Rhodes First off, excellent work. I was thinking of tearing you a new one last night, but I thought the topic to important, and didn't want o hijack it. My issue was not that you discovered the vulnerability, but how you released it into the wild. I'm a firm believer in full disclosure, but not by actually creating and releasing an exploit. I think you should have created your proof of concept, even created a discussion describing it. But not actually provided the means to individuals recreate and execute the vulnerability to a partially unsuspecting public. Depending on the responsiveness of YYGs, then possibly release if they feel it is unimportant. When vulnerabilities are discovered, it's important that vendors have a chance to protect themselves and their customers first. Anyway, wonderful work. “The time they take to fix it will tell users how trustworthy they are as a company.”

How quickly they respond, has nothing to with trustworthiness.

@James Rhodes
First off, excellent work.

I was thinking of tearing you a new one last night, but I thought the topic to important, and didn’t want o hijack it.

My issue was not that you discovered the vulnerability, but how you released it into the wild. I’m a firm believer in full disclosure, but not by actually creating and releasing an exploit.

I think you should have created your proof of concept, even created a discussion describing it. But not actually provided the means to individuals recreate and execute the vulnerability to a partially unsuspecting public.

Depending on the responsiveness of YYGs, then possibly release if they feel it is unimportant. When vulnerabilities are discovered, it’s important that vendors have a chance to protect themselves and their customers first.

Anyway, wonderful work.

]]> Comment on InstantPlay Exploit Published by infinitously http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9140 infinitously Sat, 22 Nov 2008 02:08:43 +0000 http://gmnews.wordpress.com/?p=557#comment-9140 Can't you include any type of file- including a standard .exe file- in the program and run it when the games starts? Can’t you include any type of file- including a standard .exe file- in the program and run it when the games starts?

]]> Comment on InstantPlay Exploit Published by James Rhodes http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9139 James Rhodes Fri, 21 Nov 2008 23:24:23 +0000 http://gmnews.wordpress.com/?p=557#comment-9139 * Yes, but standard EXE files are not made instant playable. * Yes, but standard EXE files are not made instant playable.

]]> Comment on InstantPlay Exploit Published by James Rhodes http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9138 James Rhodes Fri, 21 Nov 2008 23:23:57 +0000 http://gmnews.wordpress.com/?p=557#comment-9138 Yes, but standard EXE files are made instant playable. Yes, but standard EXE files are made instant playable.

]]> Comment on InstantPlay Exploit Published by Blijbol http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9137 Blijbol Fri, 21 Nov 2008 21:42:52 +0000 http://gmnews.wordpress.com/?p=557#comment-9137 Can't an EXE file being executed do such things anyway? Can’t an EXE file being executed do such things anyway?

]]> Comment on InstantPlay Exploit Published by James Rhodes http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9136 James Rhodes Fri, 21 Nov 2008 21:38:21 +0000 http://gmnews.wordpress.com/?p=557#comment-9136 @Joerdgs, I was receiving harsh critism for finding the exploit at the GMC, so KC LC saved me from a bashing and hid the topic so that only the YoYoGames staff would see it. @Joerdgs,

I was receiving harsh critism for finding the exploit at the GMC, so KC LC saved me from a bashing and hid the topic so that only the YoYoGames staff would see it.

]]> Comment on InstantPlay Exploit Published by Luís Reis http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9135 Luís Reis Fri, 21 Nov 2008 20:11:52 +0000 http://gmnews.wordpress.com/?p=557#comment-9135 "It should be interesting to see how long YoyoGames takes to patch this, considering the seriousness of the vulnerability." Truly an opportunity to test YoYoGames. I don't think they have had such vulnerabilities in the past. The time they take to fix it will tell users how trustworthy they are as a company. “It should be interesting to see how long YoyoGames takes to patch this, considering the seriousness of the vulnerability.”

Truly an opportunity to test YoYoGames. I don’t think they have had such vulnerabilities in the past. The time they take to fix it will tell users how trustworthy they are as a company.

]]> Comment on InstantPlay Exploit Published by Caniac http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9134 Caniac Fri, 21 Nov 2008 18:00:02 +0000 http://gmnews.wordpress.com/?p=557#comment-9134 LOL, that is hilarious! its about time that somone showed yoyo just how insecure their instant play is. LOL, that is hilarious!
its about time that somone showed yoyo just how insecure their instant play is.

]]> Comment on InstantPlay Exploit Published by Rusky http://gmnews.scorptek.net/2008/11/21/instantplay-exploit-published/#comment-9133 Rusky Fri, 21 Nov 2008 12:24:53 +0000 http://gmnews.wordpress.com/?p=557#comment-9133 That's a stupid main reason. But anyway, post the explanation somewhere besides the GMC so I don't have to decompile it and figure it out :P That’s a stupid main reason.

But anyway, post the explanation somewhere besides the GMC so I don’t have to decompile it and figure it out :P

]]>