Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security Windows Games IT

Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3 77

Posted by Soulskill
from the can't-even-trust-games-anymore dept.
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."
This discussion has been archived. No new comments can be posted.

Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3

Comments Filter:
  • by Black LED (1957016) on Saturday November 10, 2012 @09:30PM (#41946825)
    They pretty much are. Some of these exploits have existed since the original id Tech 3 engine, from which Modern Warfare 3's engine is originally based. I've been using Luigi's proof of concept tools to do testing on old id Tech 3 engine games that I used to host servers on for years. With his advice I was able to work around certain problems, but not all of them.

    I am not sure how bad the vulnerabilities have become, but back then it was generally buffer overflow exploits that allowed player clients to be crashed, servers to be crashed or even the master server to be crashed. There weren't any exploits that I would consider critical, but they were highly annoying.

The tao that can be tar(1)ed is not the entire Tao. The path that can be specified is not the Full Path.