doubt. could there be bugs in the cnetchan sendfile implementation? Definitely. Could there be bugs in one of the many scary parsers that run on untrusted code? Yes.
I should know. "And old school knowledge of how to inject image files with malicious code (NetSec/ITSec)" this is not a meaningful sentence. if you want to spread fud, at least say, idk, "there's another buffer overflow in the .mdl code". There probably is, honestly. that would be convincing. On Oct 9, 2017 3:46 PM, "Stealth Mode" <stealthmode1...@gmail.com> wrote: Yes, IT skills. Electronics skills. And old school knowledge of how to inject image files with malicious code (NetSec/ITSec). This is an older style of "hacking". Remember those warnings about clicking download attachments from the 90s onward? Same thing still applies. Except, there is no detection for any hlds/go server, so an injected image can contaminate a server cache. Which in turn will infect clients. Any image file, any data file really, can be modified like this. Willing to bet good money those $500. go weapon skins have hack code scripted and injected into the image. On Mon, Oct 9, 2017 at 11:59 AM, iNilo <inilo.in...@gmail.com> wrote: > Sure, > > But you have anything to back this up? (don't take it the wrong way) > > Nilo. > > 2017-10-09 16:54 GMT+02:00 Stealth Mode <stealthmode1...@gmail.com>: > >> Headsup admins/owners. Might want to disable custom files till valve >> addresses this issue brought to their attention a month ago. >> There is an exploit where any client with minor skill can inject custom >> files with all types of malicious code. From hacks in weapon skins, to >> ransomware in custom .bsp, to remote backdoors in custom spray paints. >> >> The exploit is injecting code into any image, sound, or data file. You >> can take weapon skins (csgo), sound files, spray paint image files, even >> .bsp/etc. and inject hack code, or actual ransomware, viruses, or >> Trojans/rootkits directly into a server cache, or client cache via the >> custom file. >> >> Might want to disable custom files till valve decides to correct this >> issue. >> >> -StealthMode >> >> _______________________________________________ >> Csgo_servers mailing list >> Csgo_servers@list.valvesoftware.com >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >> > > > _______________________________________________ > Csgo_servers mailing list > Csgo_servers@list.valvesoftware.com > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > _______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
_______________________________________________ Csgo_servers mailing list Csgo_servers@list.valvesoftware.com https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
