All Blizzard games (World of Warcraft, Overwatch, Diablo III, Starcraft II, etc.) were vulnerable to DNS rebinding vulnerability allowing any website to run arbitrary code.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1471 …
-
-
Game devs don’t weep when this happens. The security teams who work for those companies are happy because
@taviso can help make our players and our games more secure through his research. -
Honestly I never judge. I don’t know what technical constraints they are working under nor the complexity of the architecture. Blizzard has some top notch security people.
- 3 more replies
New conversation -
-
-
-
Hey, I forgot about that! I did look at that 6 or 7 years ago lol.https://www.theverge.com/2012/7/30/3201421/ubisoft-uplay-drm-security-hole-tavis-ormandy …
- 1 more reply
New conversation -
-
-
Coherent UI is probably a nice target as it is used by a lot of games. Not only is it based on an old WebKit fork, but also native bindings into the game... Found a XSS via steam name once.https://coherent-labs.com/
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
This Tweet is unavailable.
-
-
Please look at PUBG, the main menu is loaded from a webpage so it's dying to be exploited.
-
PUBG has barely any security, the main menu can be redirected to a different host using command line options. The master server is vulnerable to MITM and the networking code is the worst of its kind.
End of conversation
New conversation -
-
-
@0xGradius watch out ~ -
Happy and excited (and a tiny bit scared) to have Tavis consider checking us out. The risk makes sense to evaluate as online games have a huge install base and as a result make a nice target.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.