- last post: 01.01.0001 12:00 AM PDT
some random quotes:
Example: We created knives to cut foods. Fools may use them to kill people
perfect example
You claim that thousands of players play Halo, so why would Bungie back out on support when the majority demand it?
lazyness, time, desire, contract... anything not technically related.
as stated by Roger, he simply got the machine on which was located the Halo source code, applied the fix, compiled and distribuited it.
as you can see the operation looks nothing hard or long (nothing which can take months or years to do) and this is the same for any other game or software which is affected by vulnerabilities, but for some reasons sometimes or often these vulnerabilities remain there without a technical reason.
I'm fairly sure knives are useful tools, whereas a working example of an exploit for an unsupported game is, well, not useful.
what is useful for you can't be useful for me and viceversa.
it's only your personal point of view.
but he basically loaded, cocked, and handed the gun to a lot of immature kids
the "gun" (as you drammatically call it) has been placed on public security websites only (I have already stated that I don't play Halo and so I have never been in this community).
immature people have found it and have spread the word to other immature people about how to use it maliciously and versus who.
that's why on Halo has happened all this chaos which, as far as I remember, has never happened for any other vulnerability I have found... for sure NEVER the same day of the releasing of my advisory.
I underline the "I" since when similar situations happened on other games was because the people who found the bugs intentionally released them to other people privately (if this happens you can declare the death of Halo or any other game because there is no way to know what causes the bug and so cannot be fixed) or with the intention of making damage posting them on game or clan related websites.
Is the primary job of any admin and user on the earth to check if the own software is at risk or not because bugs exist and will ever exist, so probably if instead of generating useless panic you followed some security news and informed the other players you could limit the problems caused by these "immature people".
for sure this was better than genereting the panic has happened in these days
Did someone pay you to find this bug?
I'm an indipendent researcher, I do all for free.
such information is public in my About section... it's stupid to talk with someone without having searched informations about him:
http://aluigi.org/about.htm
You have breached security for the purpose of attention
just as I stated before... seriously, avoid to talk about what you don't know and you will avoid to be ridiculous.
If you think these bugs are so important
I have never said that they are vital or important, but if many people open useless threads about something related to my research you already have the answer
you can seek employment with Bungie and get paid to fix them
another children who has "experience" in how to find jobs.
I want to see your face when you go to Bungie and say "pay me for these bugs!"... blackmailer.
or you can send them your documentation out of the goodness of your heart
ehmmm, seriously, if I need to lost time with idiots who don't read my posts is better if you tell me it now so I close this account and avoid to continue this useless and uninteresting discussion.
I don't want to repeat what I have already said and which is already confirmed in documents and informations publics from many years ago and (yes, read the changelogs) confirmed also in the same patches relased by Bungie in the past.
Anyway words, words and words but still no facts.
Then I still don't know what's the problem since the 615 hotfix fixes the haloloop2 vulnerability and the new vulnerability I have found will be disclosed only after the next patch.
If you refer to the "fake players bug" it makes me laugh a bit for the following reasons: first for what I said before (gives you the possibility of easily tracking and banning the attackers), then because doesn't have effects on the server (a server can't crash for having players in it, so I suggest you to check your configuration if something similar happens), can't be used in master server based mass attacks (who wants to fill your server do it versus you for personal reasons with you) and many others.
The design bugs in Halo which allow the "fake players bug" are the following:
- lack of an option to limit the number of players from the same IP (for example a sv_maxip set to 2)
- as I wrote in my first post must be not possible that the players slots are filled before cdkey authentication (where available naturally, so not in cracked servers), but this is exactly what happens in Halo and is wrong
naturally the sv_maxip idea is ever the most simple and best idea and in fact it's the only way to stop or limit the "fake players bug".
the discussion can continue from this point, any other comment about my research or why and how I did it will be just ignored since already discussed (I know that the majority of people here are kids since Halo is a game but at least I have tried it, then who wants to understand understands)
[Edited on 07.06.2008 7:11 AM PDT]