Bugtraq mailing list archives

Re: Epic Games threatens to sue security researchers

From: <dave () immunitysec com>
Date: 11 Feb 2003 21:36:19 -0000

In-Reply-To: <20030211193135.12389.qmail () mail securityfocus com>

As a side note, the trojaned map vulnerability has been known to many 
people in the security industry for over a year, since certain members of 
us are avid UT players, and it came under some intense review. (After 
finding the Powerpoint 2000 vulnerability, which is very similar, I did a 
quick sweep of other interesting programs.) 

In fact, back in the day, I'd almost succeeded in getting a server to send 
out the modified map file and automatically exploit connecting clients. 

Dave Aitel
Immunity, Inc.

Subject: Re: Epic Games threatens to sue security researchers

In-Reply-To: <01ce01c2d1f1$1beebef0$858370d4 () wks jubii dk>

Thor,

I have sent your company an apology for those completely unfortunate 
comments that I sincerely regret. We did provide an official statement 
and I was not, at the time, aware that my verbal reaction, in a moment of 
shock and surprise, was being captured for the article. 

The comment was a complete over-reaction to seeing the list of games 
including future games that have not yet been published. It had nothing 
to do with the security issues themselves, the validity of the report, or 
the way Pivx presented it to us. Pivx gave us more than fair enough 
warning of the bugs and we simply failed to fix them in the allotted 
time. We released a statement last week to the Unreal community 
indicating that "we fucked up" in not addressing these concerns within 
the given time and that we were already testing a patch with the security 
issues corrected. In addition the official statement we gave pointed out 
that we were fixing the holes and that the Pivx report was fair and 
accurate. Licensees were already provided with the source code for the 
security fixes. 

Again this was a moment-of-stupidity reaction and I sincerely apologize 
to Pivx and the entire security community. Epic has already stated that 
we will take these matters far more seriously in the future. 


Mark Rein,
Epic Games Inc.

Visit us at http://www.epicgames.com

Current thread:

Epic Games threatens to sue security researchers Thor Larholm (Feb 11)
- <Possible follow-ups>
- Re: Epic Games threatens to sue security researchers Mark Rein (Feb 11)
- Re: Epic Games threatens to sue security researchers dave (Feb 11)