Bugtraq mailing list archives
Re: Epic Games threatens to sue security researchers
From: <dave () immunitysec com>
Date: 11 Feb 2003 21:36:19 -0000
In-Reply-To: <20030211193135.12389.qmail () mail securityfocus com> As a side note, the trojaned map vulnerability has been known to many people in the security industry for over a year, since certain members of us are avid UT players, and it came under some intense review. (After finding the Powerpoint 2000 vulnerability, which is very similar, I did a quick sweep of other interesting programs.) In fact, back in the day, I'd almost succeeded in getting a server to send out the modified map file and automatically exploit connecting clients. Dave Aitel Immunity, Inc.
Subject: Re: Epic Games threatens to sue security researchers In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4 () wks jubii dk> Thor, I have sent your company an apology for those completely unfortunate comments that I sincerely regret. We did provide an official statement and I was not, at the time, aware that my verbal reaction, in a moment of shock and surprise, was being captured for the article. The comment was a complete over-reaction to seeing the list of games including future games that have not yet been published. It had nothing to do with the security issues themselves, the validity of the report, or the way Pivx presented it to us. Pivx gave us more than fair enough warning of the bugs and we simply failed to fix them in the allotted time. We released a statement last week to the Unreal community indicating that "we fucked up" in not addressing these concerns within the given time and that we were already testing a patch with the security issues corrected. In addition the official statement we gave pointed out that we were fixing the holes and that the Pivx report was fair and accurate. Licensees were already provided with the source code for the security fixes. Again this was a moment-of-stupidity reaction and I sincerely apologize to Pivx and the entire security community. Epic has already stated that we will take these matters far more seriously in the future. Mark Rein, Epic Games Inc. Visit us at http://www.epicgames.com
Current thread:
- Epic Games threatens to sue security researchers Thor Larholm (Feb 11)
- <Possible follow-ups>
- Re: Epic Games threatens to sue security researchers Mark Rein (Feb 11)
- Re: Epic Games threatens to sue security researchers dave (Feb 11)